Attachment System Improvements in 1.1 - Privacy concerns

Digital Doctor said:
We are talking about basic respect.
If Facebook did this .... There would be Hell to pay.
Click to expand...
Facebook DBA's can look at any image posted to their database, it's in their terms of service.

One additional thought about admins having the ability to see attachments. I think admins need the ability to see all attachments to their forum. If member A attaches a photo of child pornography and sends it member B, the potential culpable members are member A, member B and the admin of the website.

If the feature wasn't built in to XF I would have it as an add-on for sure.
 
Digital Doctor said:
I'm posting the image to another user ... not the admin.
If the admin has access to everything.
They should be listed as the first member of EVERY conversation.
View attachment 19410

We are talking about basic respect.
If Facebook did this .... There would be Hell to pay.
Click to expand...
Doesn't posting that pic violate the privacy of those in the conversation? :)
 
I for one am happy that I will be able to manage attachments of various types, be it post type, conversation type, blog type, third party plugin type, etc. Not to mention when people are abusing the service we're providing via personal conversations and I can remove offensive data from the site when reported. Without having to inject myself inside the conversation.
 
For the avoidance of doubt, XenForo does not allow anyone except conversation recipients to view the textual content of those conversations.

The attachment browser is designed as a file manager, to enable admins to manage disk space on their servers, to identify and remove objectionable attachments, and to enforce quota policies if they have one.

I see no privacy conflict at all. If you don't want a site owner to be able to view your files, don't upload them to that person's site. Very simple really.
 
kyrgyz said:
The question is not about the intentions behind this feature, but the access to personal data. BTW, you can't guarantee members that admins are 100% snoop-free. Which makes your argument void.
Click to expand...
So what are you doing here, you can't guarantee the admins won't read your conversions. Right?
 
We have a policy that explicitly states that any content posted on any of our domain properties is not considered private and therefore the end-user should have ZERO expectation of privacy.

Our primary reason: The database fields for 'private messages' or 'personal conversations' is stored in plain text. We're not offering any type of encryption or security beyond a user's password and therefore we won't be held liable for any personal information that could potentially released as a result of any sort of data hijack. We say: Don't post any information anywhere on our site that you don't mind sharing with millions of other people.

Sadly, we have already been down a similar road where someone posted personal details in a 'private message' to another user. Then, that other user lost control of their account, thus releasing the original person's personal information to a 3rd party. In the end, from that point onward, we made explicit statements to the fact that no privacy is to be expected, offered or otherwise implied. (despite any label saying 'private message')

Lastly: Administrators, Moderators, Super Admin Types, DBA's: We don't go reading people's 'conversations' out of the database at random. There are rare cases where there is harassment or abuse present, that we'll pull data from those tables to review.

If people want to talk about private stuff that they don't want the world to see; meet face to face, use a telephone or at the very least, use email.

Wow, wrote way too much. This is just our way of doing things.
 
Kier said:
For the avoidance of doubt, XenForo does not allow anyone except conversation recipients to view the textual content of those conversations.
Click to expand...

I'm certain of that, and never wanted to imply anything remotely like it.

You know, I've been administering forums for over a decade, and I know that in the day-to-day affairs, you do a lot of things that, strictly speaking, would require legal counsel -- but if you really took things seriously, only major companies could even afford fora.
So, you delete users posts and say hello to Freedom of Speech suits that have been filed and won against forum providers, both major (ISP fora) and minor (companies)), but if you don't, hey, you're sued for publishing and/or tolerating the publishing of libelous statements. Endless fun.

Your users have avatars, some of them may violate copyright and you notice and ask them to stop, others, well, you don't notice and a DMCA cease & desist comes knocking... I have received cease & desist letters from photographers because users used *their own portrait* as an avatar, which was in breach of the licence granted by the photographers -- only just about no person would ever think that this may be the case), etc.

All these cases are edge cases, they are rare, but the thing is: they wouldn't have to be rare. The law is actually pretty clear (and completely unfitting for the digital age), and we (forum providers) are just incredibly lucky there aren't that many unreasonable and litigious nutcases out there.

I see no privacy conflict at all. If you don't want a site owner to be able to view your files, don't upload them to that person's site. Very simple really
Click to expand...

I hear you, and I generally think the same way, it's the digital native's view of thinking about these things.
I have no issue with facebook privacy, or lack thereof, because I am fully conscious that *everything* I post there is out of my hands, no matter how tightly I control it; ditto the internet as a whole. The problem is: the law (SCA, DPA, what have you) doesn't see it that way. As a forum provider, you instantly become a legal entity which, depending on jurisdiction, is more or less similar to a newspaper publishing company (Germany, Italy and France are probably the most severe cases because even a private blog is held to the same standards, Japan is slightly saner), and held to similar standards if someone sues you -- which, thank goodness, isn't all that often...

As previously stated, I'm not sure myself how it would go if someone sued a forum admin, but wanted to voice this concern just so people could think about it or look into it.
 
ENF said:
In the end, from that point onward, we made explicit statements to the fact that no privacy is to be expected, offered or otherwise implied. (despite any label saying 'private message')
Click to expand...

I've done the same for the same reasons; someone shared "private message" data and the person who'd sent it was upset because they had assumed that because of the wording of the feature/function (Private Message) that it implied a level of privacy that just isn't there (admin's can't control the external sharing that their members do).

Our site rules and guidelines were then adjusted to explain that we can't control what people do with information you willingly give them, so if you don't want something seen or known, don't post it on any part of the site (including the message system). [NB: There's also a caveat that we will reveal such personal conversation details if required to do so by law.]

I hope my membership takes note of the guideline when we do convert - I don't want to see pictures of them "hopping on the good foot and doing the bad thing" when I use the new attachment browser!! :eek: [reference]

Cheers,
Shaun :ROFLMAO:
 
kyrgyz said:
Interesting read on the subject:
How much access to 'private' data do message board/website staff have?
Click to expand...
Without reading that thread I can tell you:

Nothing is encrypted, everything is stored plain text, except your password - which by default is not visible to the admin unless they customize the source code to store them plaintext. Ergo: The users that have access to the database, have access to everything YOU as the user submit to the site.

You can explain that to users, you can't make them understand that.

Users that whine about potential security issues are the same users that never read the privacy policy on the site anyway.
 
  • Like
Reactions: ENF
The reality of a situation is that when you sign up, you don't have freedom of speech - you entered someone their house, you agreed to their rules. You're freedom is limited to the board rules. Anything you create within the visit to the house, that you contribute, becomes part of that house. Whatever you share you grant usage rights to. Whatever you provide as information can be logged to help you better use the house, or offer services (room service for example). This means that whatever is submitted is accessible by the host - one way or the other.

They can invite you in, kick you out, read your public post, check your private post. They can delete your attachment, or promote your contribution to the frontpage. They can like your post, or ban you from coming back in again.

Without any notice, at their discretion. Plain and simple.

That there are admins that misuse this status by having less morals and read everything you say and do, distribute whatever you contribute as their own work without credit, or ban users 'because they dont like them', etc ..

That will always happen.

Users have expectations of service provided, hopefully matching the intentions of the site - without being misled.
Admins have the intention of doing good, providing a service (free or not).

And everybody wants to apply opinion, common sense and logic.

None of those three have anything to do with the law. But both user and admin have to act within the law, obviously.

This whole conversation about how intrusive this feature is, completely ridiculous.
It's not against the law, and it's only meant to have a GUI to content submitted by the user in the first place.
And they could do so because they can register for free, post for free, and contact others publicly and directly via personal conversation.

Don't want "secret" files or files that are breaking the law being shared beyond the person it's meant for to be visible to the eye of the person that moderates the site? Either encrypt the file and add a pass to the .zip before sharing it, or don't share it.

I am glad this feature exists, an admin shouldn't care about these conversations, or their attachments, but they do care about illegal content being shared - they're after all being stored/hosted on your web server without your knowledge. No thanks. Glad I can spot a trend and prevent it from spreading any further - such as a virus, illegal software, or cp, etc.
 
The reality of a situation is that when you sign up, you don't have freedom of speech - you entered someone their house, you agreed to their rules. [...]
Without any notice, at their discretion. Plain and simple.
Click to expand...

Sorry, but: No. It'd be great if it was like that in some cases, terrible in others, but it isn't.
As I said, most legal systems treat you like a full blown (publishing) company as soon as you host a forum, some do so even if you have just a blog and a couple of 100 visitors.
There are some exceptions, like fora where only registered users can post and where you have certain authentication mechanisms in place, but even then, the "my house" analogy is legally questionable.

You can do a lot with properly worded ToS, but it *is* a very complex topic.
Why do you think that Google Mail, almost everywhere in the world, had *huge* issues getting their webmail interface past data privacy laws?
They only got it to work because they ensure that no human ever has access to the context-analysis; why do you think Google Analytics is being questioned all over the EU, even after Google added certain features that allow some anonymization?
Simple, most countries agree that, on the web, you're *not* allowed to track what your users do (staying with your analogy) *in your own house*, unless you have *very*, *very* good reasons to do so. You have to have the ability in order to help law enforcement or prevent fraud, but you face six-figure fines if you *ever* use that ability without proper grounds.

N. B. I simplify things a bit, but in essence, this *is* the situation.
 
Ok, rephrase: Reality of the situation is that the law firm with the most money seems to win in any case. When some dumb American decides their 'rights' are violated, and financially drain a hobby site into the ground and ruin someone's life because they were too kind to let them use their service at no cost.
 
I think this is a very good thread, and I'm sorry some members are so dismissive of the OP as getting worked up over nothing. This is the kind of important scenario we need to collectively thrash out because sooner or later, one of us will "browse" an objectionable attachment then we'll need to do something about it.

I have always assumed that a personal conversation is PRIVATE and taken it for granted they would not be monitored or browsed by moderators or admin, except in the event of a dispute, abuse, or other rule breaking exception. And with so many people coming from other forum platforms where the member/member messages are referred to as private, it is reasonable to assume that many other of our members will take them as being private too, regardless of what they are called, "conversations" or otherwise.

I think what I will do when I convert over is change my forum rules just to make it clear that the forum grants members privacy with personal conversations but retains the rights of the site admin or moderators to access these in the event of reported abuse or any activity that breaks the forum rules, or any situations where we believe that to be the case. And, to reserve the right to access, read or divulge PM contents if required to by law.

Plus, to make it clear, attachments are allowed on PMs as a courtesy to members but attachments have to be viewable by admin for the purposes of server maintenance; large attachments may be removed or old attachments pruned; whilst admin and moderators will treat all attachments with respect for privacy, it may be necessary to access or view these as part of routine forum and server maintenance and members should therefore NOT use the forum to exchange attachments which are considered confidential.
 
Ingenious said:
I think what I will do when I convert over is change my forum rules just to make it clear that the forum grants members privacy with personal conversations but retains the rights of the site admin or moderators to access these in the event of reported abuse or any activity that breaks the forum rules, or any situations where we believe that to be the case. And, to reserve the right to access, read or divulge PM contents if required to by law.
Click to expand...
Don't forget to add a clause that any participant of a conversation can invite other participants.

Also, any participant can copy and paste the content anywhere else.
 
Brogan said:
Don't forget to add a clause that any participant of a conversation can invite other participants.

Also, any participant can copy and paste the content anywhere else.
Click to expand...
Yes, that's a big problem with "VERY STUPID USERS"

I have 3 forums where 70% of members are older then 50 and have no IT background. (lesson learned => NEVER ever start a forum for this audience:D )

Some day i got a mail where somebody asked, why a user without permissions know what was written in a not public thread... we had then an extremely drama queen fight...

Because of the move to xf in some weeks/months/years..:D i have doubts, how to explain them the conversation feature (specially because of the invite feature..)
 
You must log in or register to reply here.
Top Bottom