Are Private Conversations Accessible to Admins?

Divinum Fiat

Divinum Fiat

Well-known member
One of our members asked if private conversations between members are readable by the admin or if records are kept. Does anyone know if, where and for how long private conversations between members are accessible?

Thank you. :)
 
Sort by date Sort by votes
erich37 said:
Maybe another solution to this issue is to have only "trusted members" being allowed to send a "Private Conversation" ?
Not sure yet how to set this in "ACP-options" ?
Click to expand...
You'd have to make up a usergroup that can be allowed to send PC's and set all others to be not able to.
 

Attachments

  • pc usergroup.webp
    pc usergroup.webp
    14.5 KB · Views: 17
Upvote 0 Downvote
I agree on the non-reading of PMs. Quite apart from how you would have the time to do so on a busy community, members have an expectation of privacy. However I would always reserve the right of admins and site owners to read PMs if investigating a serious complaint which cannot be resolved from the PM being "reported", for example, a criminal activity, a reported PM that suggests continual abuse of the PM system and so on, but never pro-actively, only in response to a complaint. Sometimes you need to access PMs from a member and record them as evidence, in case of a complaint that escalates to involving the police.

I also wouldn't browse for spam, you don't need to, if you have proper registration controls in place you should not get spammers, but if you do I agree with DRE you can resolve it via member reports.

It has been many, many years on my community since I've had to access someone's PM records and even that was because it was a harassment case which was being dealt with by the police.
 
Upvote 0 Downvote
DRE said:
When it gets serious such as people threatening to sue the site or serious harassing, stalking, predator, hacking, child pornography and spam type issues then it's your responsibility to gain full control of your site to find out what's going on and handle the situation before it spirals out of control and you no longer have a site.
Click to expand...

And in order to have control over your site, you need to be able to view all aspects of it when necessary.

I hear this all the time, especially with mail server admins. "What??!!! The Admin can read my emails?!! That's not right!!"

Phooey. The majority of administrators are too bloody busy to concern themselves with your petty discussions. However, admins DO need tools to be able to immediately investigate any issues that are detrimental to the site. I make it known up front that I can view ALL aspects of the site, including emails, PMs, etc. This is true for ANY server admin. So for the ones who jump up and start screaming about privacy and how wrong it is for a server admin to have that ability, I usually tell them to send their computer back to the manufacturer because they're too stupid to use the Internet. Because obviously, they haven't thought much to what being a server administrator is really like.

And if you have admins who regularly snoop on their members, they shouldn't be an admin.
 
Upvote 0 Downvote
DRE said:
When it gets serious such as people threatening to sue the site or serious harassing, stalking, predator, hacking, child pornography and spam type issues then it's your responsibility to gain full control of your site to find out what's going on and handle the situation before it spirals out of control and you no longer have a site.
Click to expand...

EXACTLY.
I am responsible for the welfare of my students and their parents expect me to investigate any reports of bullying or distress.
Nor would I take anyone's word for what went on. Getting a record avoids any she said he said muddle which increases tension.

We have done surveys where the students can answer anonymously as ID numbers. As I said they 100% without exception welcome our protective management.
Intervention occurs about twice a year and we are always thanked for it.

[EDIT] Naturally this is all in the open and stated in our terms that we have this ability.
 
Upvote 0 Downvote
Kim said:
WHAT????

I was saying reading PM's was despicable, not bullying... or whatever context is used to justify it.

Regardless of WHY an Admin reads PM's I find it disgusting, and it should require people being notified that PM's will be read up front.
Click to expand...
Just wait until you are in the middle of a lawsuit because of something that happened in the PM system. You will be happy to be able to dig this stuff out without having to dig through the DB.

Russ
 
Upvote 0 Downvote
wrx1 said:
Just wait until you are in the middle of a lawsuit because of something that happened in the PM system. You will be happy to be able to dig this stuff out without having to dig through the DB.

Russ
Click to expand...


Of course if there is a legal situation the material in question should be handed over to any official investigator, but you are not such a person. You are not responsible for what occurs in the private corners of your forum, no more than Facebook or anyone else is. Cyber bullying and other unpleasant behaviours can be reported, and actioned at that stage.

In the event of any theoretical legal action, all you have to do is hand over the material to the authorities, yes it is there and can be accessed if needed to be, but that is very different from knowingly installing a modification to read PM's or worse logging in as them.. what a horrible thing to do!

Sorry but I find it totally unnecessary and a violation of people's expected privacy. Snooping around "just in case" such things MIGHT be happening sounds to me like a pretty shallow excuse to go on a voyeuristic mission into your members private discussions.

Any admin who engages in this should implicitly state that Private Conversations are NOT private and will be read by Admins, in the T & C's that members agree to.

I know it is a divisive personal opinion, but I would NEVER be a member on your site, or any of those others here who believe it is OK. I would imagine that 99% of people would not be either if the knew you were doing it.
 
Upvote 0 Downvote
Kim said:
Any admin who engages in this should implicitly state that Private Conversations are NOT private and will be read by Admins, in the T & C's that members agree to.
Click to expand...
Isn't this covered by the default XenForo terms & rules?
You are granting us with a non-exclusive, permanent, irrevocable, unlimited license to use, publish, or re-publish your Content in connection with the Service. You retain copyright over the Content.
All Content you submit or upload may be reviewed by staff members. Do not submit any Content that you consider to be private or confidential.
Click to expand...
However, I think most users would be very upset if they found you snooping in their private conversations. I have never done it and don't plan to, I've never seen any reason to even if users are suspected of shady business within them. It's probably not worth alienating your users to do so.
 
Upvote 0 Downvote
mistypants said:
Isn't this covered by the default XenForo terms & rules?

However, I think most users would be very upset if they found you snooping in their private conversations. I have never done it and don't plan to, I've never seen any reason to even if users are suspected of shady business within them. It's probably not worth alienating your users to do so.
Click to expand...


I don't believe those general terms are implicit enough... it says nothing about Private Conversations, and you have to interpret that it might relate to Private Conversations.

It should be spelt out very clearly that "private" conversations are not private at all - on those sites which engage in snooping.
 
Upvote 0 Downvote
Kim said:
I don't believe those general terms are implicit enough... it says nothing about Private Conversations, and you have to interpret that it might relate to Private Conversations.

It should be spelt out very clearly that "private" conversations are not private at all - on those sites which engage in snooping.
Click to expand...
Understandable, it's a generic terms and any website should probably revise it according to their own needs--if you're going to give anyone access to private conversations, you should probably at least let people know, I agree.
 
Upvote 0 Downvote
mistypants said:
Understandable, it's a generic terms and any website should probably revise it according to their own needs--if you're going to give anyone access to private conversations, you should probably at least let people know, I agree.
Click to expand...


Yeah, it wouldn't take much to re word it so it was clear. Those sites might also have a pinned topic/notice or something as many people don't actually read the T&C's.
 
Upvote 0 Downvote
Normally such a Mod is unwarranted. However, there are cases where it is needed. Of course, trust is key.

When my forum was on VB, My users knew that PMs were not 100% private. - It helps in cases where there are fake members and "wrong doing" occurring.

- Sometimes people register simply to troll and cause havoc. - Or we get bombarded by Middle Eastern/North African men who want to find a wife from the West.. Our female members (especially married ones) do not tolerate strangers PMing them and announcing their undying love, in the very first message they receive. - People CAN ignore, but the issue is of the website being used for the wrong reasons and annoying the members.

So, there needs to be a way to investigate if members complain. It is also why a lot of our members are still with us, even after 7 years. They did join other forums, but the "safe" atmosphere our site had - they appreciate.
 
Upvote 0 Downvote
Do you think that Google administrators cannot read your gmail emails?
Do you think that Dropbox administrators cannot view your files stored online?
Do you think that Facebook administrators cannot read your private messages?

Of course they can - if the data is not encrypted, any administrator of an online service can access the data and view it.

If you are using shared hosting, their administrators can most likely access all your site data too, including your files and databases and any emails stored in the mailboxes on their servers.

Do you think they have the time or inclination to do so? No.

It's about trust - by using these online services, you are implicitly trusting the administrators to "do the right thing" and not abuse the powers they have. If you cannot bring yourself to trust them, then simply don't use the service.

It's the same with online communities - as administrators you have the technical ability to view everything in the database - if the members don't feel they can trust you to not abuse that ability, then they should not be a member of your community.

I don't think there is ever a reason to casually browse through the private conversations on your forums - as administrators we do need to respect the privacy of our members. However, I do think there is every justification for accessing specific private conversations to investigate technical issues or complaints from users (whether it be spam, bullying, or any other type of conflict).

If you absolutely need your information to be kept private - don't post it online in a format which can be accessed.

There is a reason why I don't email my personal financial details to people, there is a reason why I don't store my (unencrypted) passwords or sensitive personal information in Dropbox, there is a reason I don't publish photos of my children on Facebook - it's because I absolutely do NOT trust these services to keep my personal data safe.

However, I do use all of these services for stuff which really won't matter if it does happen to get accessed by someone I don't know - and I do so with a full understanding of the risks.

It might be necessary occasionally to do a bit of education for your community members about the realities of online privacy and make sure their expectations are set appropriately. Make sure they know that you do have the technical ability to access private conversations - but assure them that you won't do so unless you absolutely need to.
 
Upvote 0 Downvote
Sim said:
Do you think that Google administrators cannot read your gmail emails?
Click to expand...
If a Google administrator was found to be reading emails without explicit authorized access ... they would be terminated. Not sure a Google admin would risk it. I'm sure Google's Terms of Service would state what access they have.
 
Upvote 0 Downvote
Sim said:
It might be necessary occasionally to do a bit of education for your community members about the realities of online privacy and make sure their expectations are set appropriately. Make sure they know that you do have the technical ability to access private conversations - but assure them that you won't do so unless you absolutely need to.
Click to expand...
How exactly is that going to work ?
I'd love to hear how you introduce that to a community.
Got a URL ?
People will be outraged.

forum.admins.may.have.access.to.this.conversation.webp
You probably need a disclaimer right in the participants area.
Maybe to a link elsewhere in the Help Menu explaining what access the admins and mods have.
 
  • Like
Reactions: Kim
Upvote 0 Downvote
Kim said:
In the event of any theoretical legal action, all you have to do is hand over the material to the authorities, yes it is there and can be accessed if needed to be, but that is very different from knowingly installing a modification to read PM's or worse logging in as them.. what a horrible thing to do!

Sorry but I find it totally unnecessary and a violation of people's expected privacy. Snooping around "just in case" such things MIGHT be happening sounds to me like a pretty shallow excuse to go on a voyeuristic mission into your members private discussions.
Click to expand...

I don't think anyon suggested here that admins are justified in going into Personal Conversations "just in case things MIGHT be happening." It just hasn't been mentioned. Or perhaps I have missed something.

When I have gone into a Personal Conversation it is because a participant has deliberately reported to me that something has gone on which has caused unacceptable distress, or downright misleading and destructive information; or other indications of bullying.
Alternatively it has happened that someone has mentioned something to me without it meaning to be a "report." I find the reference to be unacceptable in the same terms - unacceptable distress, or downright misleading and destructive information; or other indications of bullying. I check and if all is well no one is upset. So far in all cases I found something of concern, except once.

In all cases I "own up" to what I have done. In the great majority of cases it is handled as an educational situation. The Conversation is placed in a document and the offensive parts highlighted.
There is also comment added to show that I understand why heated language or clumsy language was used, or whatever. In that way I get the offender to listen to me because they can see their position is respected as well as the other participant.
My comments explain exactly why there is a problem, and suggest a different way to express things without giving offence. (I am an experienced mediator)
I have found this approach is well received. On my more adult site I have only twice in 7 years had to exclude a member for persistently disregarding this kind of guidance (given 3 times in each case). On the younger community only one has been excluded.

A statement on Privacy is listed in the site Library, in our A-Z of guides. It clearly states that Personal Conversations are not 100% private but may be checked by me, and only by me, if I have reason to believe that someone is being rude, aggressive or misleading someone in a significant way. I add that I am far too busy to read PCs for fun and have plenty of ways to have fun in my precious spare time!

I have never had a single complaint about any of this. On the contrary I have been thanked for protecting a remarkably peaceful and courteous community by doing this kind of guidance.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

C
  • Question Question
How Private Are Private Messages
Replies
11
Views
3K
Mr Lucky
Mr Lucky
NealC
  • Suggestion Suggestion
Lack of interest Refine name of Conversations so people know they are Private
Replies
14
Views
833
Mendalla
Mendalla
Sim
PSA: check your ElasticSearch server port is not accessible to the outside world
Replies
6
Views
1K
duderuud
duderuud
RobinHood
Sax Bandits - Case study using XenForo to create a private membership only community
2
Replies
23
Views
4K
RobinHood
RobinHood
Vigilance
  • Question Question
XF 1.5 Trying to create a section accessible to users by password only
Replies
5
Views
426
Vigilance
Vigilance
Top Bottom