Attachment System Improvements in 1.1 - Privacy concerns

[Shelley]

Okay, I'm a little confused here.

Lets say I get PC by a member, and they post an attachment (image) can an admin, all admins of that forum only see the attachments only? or can they see attachments and the contents (text) of that PC?

 

[ENF]

Okay, I'm a little confused here.

Lets say I get PC by a member, and they post an attachment (image) can an admin, all admins of that forum only see the attachments only? or can they see attachments and the contents (text) of that PC?

From a technical understanding, it's the attachment information only.

 

[Daniel Thomann]

The very existence of the feature will be enough for our users, regardless of admin willpower.

EDIT: enough to cause an almighty argument

But as server admin, you can do that anyway... This is a discussion about a tool, that a server database admin has anyway...
So IMO it's ok... but a workaround would be, to have no attachment preview / thumbnail... but users have to be aware that if an admin wants some data... he can get them... e.g. reset password, log-in, and get the files...
Edit: To the workaround: of course, a mod or admin should not be allowed to download specific attachments..

 

[MGSteve]

Personally, I can't see the problem here.

Firstly, you can't read the conversation where the image was posted to, so no privacy is being broken
Secondly, when someone uploads a picture to a conversation, all you need is a little notice that tells then that attachments to conversations will be visible to admins, so if they don't want this, don't upload it.

Its not like admins and mods can snoop around reading the conversations themselves.

 

[qpa]

all you need is a little notice that tells then that attachments to conversations will be visible to admins, so if they don't want this, don't upload it.

 

[akia]

Per design, a forum is a data controller and processor -- and has to protect the data of its users in either case, this includes protection of that data from its own employees unless their investigation is warranted.

The point I've put in bold is the key fact here, It is warranted, If people are able to share attachments via the conversation feature, I as the server owner need to have processes in place to ensure that the files stored on my server comply with the law.

I work for a vary large company in the UK and have access to much more personal, sensitive and private information about people than would ever be available via my forum, and the company's legal team or the industry regulator doesn't seem to have a problem with it (and its a highly regulated sector, to the point where we have Data Protection Act related training each year). People here seem to be getting their knickers in a twist over something that really isn't a issue at all. I know I trust expertise of my companies legal team over my access to more private data that the company holds than some joe blogs opinion of what they think the law says.

 

[jwiechers]

The point I've put in bold is the key fact here, It is warranted, If people are able to share attachments via the conversation feature, I as the server owner need to have processes in place to ensure that the files stored on my server comply with the law.

You misunderstood what I wrote (or I didn't make that clear) -- and perhaps that's actually the issue with Slavik as well.
Yes, you need to have those in place, monitor things, etc. My point was, that you're not allowed to just go through those files because you have nothing better to do. If you access those private files, you have to have a reason for doing that.
I've never said it's illegal to have this functionality per se, what I said, or meant to say, was that the use of this function *without proper grounds* may conflict with data privacy law, which is why I tought it unwise to include it in a way that makes an admin see those things whenever he checks on regular attachments.

 

[akia]

And I agree with what you say about snooping just for the sake of snooping. If people wanted to do that then they could just look at the raw data. This new feature is a legitimate tool for admins to use, in ensuring that there isn't any attachments on there that shouldnt be. And that's one of the reason I said about people getting their knicker in a twist over something that isn't a issue at all. Yes some admins will abuse it, but that's down to them, it dosnt mean that xenforo shouldnt provide a legitimate tool for monitoring file attachments.

 

[jwiechers]

Yes, no doubt about that. As said, I like the general feature as well. ;-)

 

[Deebs]

From a technical understanding, it's the attachment information only.

If they use the GUI, if they access the database directly then they can see the text message the attachment is attached to as well. The only way to stop admins from using direct database access to read "private" conservations is to use encryption but that then creates a shedload of problems with where is the private key stored, what happens if the private key is lost, symetric encryption is not really an option and neither is asymetric, especially if you are trying to avoid the issue of lost private keys.