Attachment System Improvements in 1.1 - Privacy concerns

Again, this functionality in the ACP doesn't introduce anything which can't be done via alternative means.

So if (as you claim) it's illegal to do it in the ACP, then it's also illegal to do it directly via the DB.
 
Simple: Because it is, in almost all cases, *illegal* to do that. Just because you can, doesn't mean you're allowed to; just because no one sues doesn't mean it's fair game.
Analogy: just because a SysAdmin has full access to a company server, he's generally *not* at liberty to snoop around in the accounting files or the files of the employees. Nor is the *owner* of the company.

It's not like I'm incredibly happy with that situation, but that's the state of the data privacy laws in all major legal domains around the world.

The attachment browser is cool and I'm incredibly grateful for that feature, but extended to the attachments of ostensibly private conversations, this is likely (in the case of the EU and UK: definitely) a legal hotbed for the forum hoster -- especially since attachments don't have to be just images, what about pdfs, it could be a contract, a private letter, doesn't really matter.

Im sorry to say it, but I just think your arguements are stupid. I live in the UK and am up to date on the laws you mention, and I can tell you, how they apply to forums is unique and site owners pretty much have full range to do anything they want on their site. That includes reading PC's if the site owner is so inclined.

Likewise, if people are sending these "contracts" or "private letters" via a PC system on a third party forum... they are just stupid. If I was going to send a contract to someone I would get their email and email it them directly, I wouldnt do it via a message system on a forum.

As I said earlier, if you have THAT much of a problem with the system, just don't allow users to attach files to PC's. Let them send files the old fassioned way of hosting elsewhere and pasting links in text.

This is a GREAT feature and has the REQUIRED admin backend to handle it also.
 
Im sorry to say it, but I just think your arguements are stupid. I live in the UK and am up to date on the laws you mention, and I can tell you, how they apply to forums is unique and site owners pretty much have full range to do anything they want on their site. That includes reading PC's if the site owner is so inclined.

Likewise, if people are sending these "contracts" or "private letters" via a PC system on a third party forum... they are just stupid. If I was going to send a contract to someone I would get their email and email it them directly, I wouldnt do it via a message system on a forum.

The DPA *has* certain categories that provide leeway with regard to non-profits and other small projects, but any half-way serious forum processes a boatload of private user data on a regular basis -- and thereby is going to be bound by it.
But if you think it's different, well, okay, I acknowledge that I'm only noddingly acquainted with the UK data privacy laws, but my interpretation of those is rather different -- and I do know that the EU directives tend towards my interpretation. It hasn't been tested in courts, and I'm grateful if it never comes to that, but trust me, neither a German, nor a French, court would share your view -- and with regard to the few cases that are even comparable, they haven't, thus far (there was a case in Germany relating to on-site messages on an eCommerce website, I'm trying to dig it up).

Your argument with regard to the stupidity of exchanging confidential data via PMs is pretty short-sighted and arrogant, by the way. People do that all the time, even on facebook -- and facebook has to protect that private information, whether it likes to or not. In the eyes of the DPA, unless you meet *very specific* criteria, it is irrelevant whether you're facebook (actually, no, it's not, because facebook isn't British, so Safe Harbor gets added to the mess, but let's pretend facebook was British), Google (ditto) or Mom & Pops Cooking Board.
Let's forget contracts, just consider a forum where users buy and sell stuff to each other? You think bank account details aren't transmitted in PMs in those cases?
Yeah, maybe that is stupid, but the privacy laws specifically protect people who cannot reasonably be expected to know better -- and if someone directs a message at some specific other person, I find it very hard to argue that they can reasonably be expected to comprehend that some admin could read through them at his leisure. A normal person has next to zero knowledge of how these things work and could well argue that they may assume that a private conversation is as good as an email.

Anyway, I doubt we'll get any further with this, we both like this feature (if, in my case, I see a potential issue with it) and neither of us would like to see this tested in a court of law.
 

Again, this functionality in the ACP doesn't introduce anything which can't be done via alternative means.
So if (as you claim) it's illegal to do it in the ACP, then it's also illegal to do it directly via the DB.
If you make the attachment snooping easier ... as xenforo has done ... you are just encouraging admins to get themselves into trouble.
I think it is totally acceptable to allow admins to view the attachments in many situations.
I just think that there is an expectation it is private ... so a small disclaimer saying that every admin can see all attachments ... EVEN accidentally ... is fine. There just needs to be a warning.
 
Any concerns should be noted in each forums privacy policy and/or signup forms. Basically, tell people that's the deal, there's no need for xF to have something "built" in, when all you're really saying is "We do this thing here, suck it up or don't use our forum". At that point, you should be covered. If you're not, don't enable/use the functionality if it violates your local laws.
 
The DPA does not apply to this feature. End of.
I agree, seems like people don't really have a understanding of what the DAta protection act is about. I mean Im not sure why as really the name says it all. The dpa laws in the uk are there to stop 3rd party's getting unauthorised access to data, and to stop companies building vast databases of unnesssesary personal data.

All these people that are saying it's agasnt the law plese provide specific example of which?
 
If it is going to be an issue for some and not others for various reasons then would enabling this feature from within config.php be something worth looking at ?
 
If it is going to be an issue for some and not others for various reasons then would enabling this feature from within config.php be something worth looking at ?
Adding some sort of option doesn't make a difference in trying to protect user "privacy" because even if you can't view data via the ACP or front-end, there's still other ways to get to that same data if someone really wants to. It comes down to the conscience of the administrator and how comfortable the users are in trusting the site staff won't dig into "private" data. It makes no difference that XenForo makes it easier to view it or not; if someone wants to do it, they can.

In the end this is strictly just attachments. If an administrator wants to see what attachments are taking up the most space because they're noticing disk space filling up, they're going to dig and find out anyway. Actual conversations are still not viewable by the admin in the ACP, and it's up to the user's judgement to decide whether or not they want to upload attachments to the PC. If an admin/user is that worried, they can use the options that Slavik mentioned.
 
New Feature: Attachment Filtering.

screen-shot-2011-10-03-at-16-40-50-png.19420


Obviously this will help for those whom don't want to accidentally look at Personal Conversation images.
It is still easy to snoop.
 
Which has always been there. You can see it in the attachment browser video.

In fairness though Kier you don't actually demonstrate the drop-down to select content types in the video ... ;)

But as they are selectable it does give Admin's the choice so there isn't an issue if you don't want to view PC attachments. Job done. (y)

Cheers,
Shaun :D
 
The DPA does not apply to this feature. End of.

Okay, I'll bite.
Why not?

Your argument rests squarely on that assertion and I don't see why it's warranted. The law doesn't specify a list of services protected but vaguely defines principles applicable when data of a subject is processed or controlled by a third party. The entire 1998 DPA was necessary, because UK privacy law fell short of EU law in the respect that it gave data controllers and processors too much leeway and the 1998 DPA was created to rectify this.
Per design, a forum is a data controller and processor -- and has to protect the data of its users in either case, this includes protection of that data from its own employees unless their investigation is warranted.
You may be exempt from notifying the ICO and you can create a lot of consent via good ToS, but that is not quite the same -- and quite different from what you're arguing.
 
Okay, I'll bite.
Why not?

Per design, a forum is a data controller and processor

The DPA applies to the processing of Data, to simplify it down, basically that data (which to be classed has personal data must be able to identify a living invidual (of which, most forums do not meet this level of expectation, forums which do ask for information able to do this are most often already ico registered and aware of this requirement )) has to be inserted and organised into a filing system. (Also note, despite people claiming otherwise, an email address attached to an internet handle does not qualify personal data, as unless the email address or internet handle specifically contains that persons name, it is not identifiable to a living person)

For all intents and purposes, unless you are doing something specific with the user registrations, again, in which case you will already be ICO registered, the insertation of an email address and an internet handle to a sql database does not fall under the processing requirements.
To link more specifically to this feature, the only act of processing that would apply of the dpa to this feature is the deletion or destruction of data. However, it would not apply to the forums because, if an attached file on the forums contained personal data covered by the dpa, the user who uploaded it would be the data controller responsible for that data, not the forum or its owner.
 
Adding some sort of option doesn't make a difference in trying to protect user "privacy" because even if you can't view data via the ACP or front-end, there's still other ways to get to that same data if someone really wants to. It comes down to the conscience of the administrator and how comfortable the users are in trusting the site staff won't dig into "private" data. It makes no difference that XenForo makes it easier to view it or not; if someone wants to do it, they can.

In the end this is strictly just attachments. If an administrator wants to see what attachments are taking up the most space because they're noticing disk space filling up, they're going to dig and find out anyway. Actual conversations are still not viewable by the admin in the ACP, and it's up to the user's judgement to decide whether or not they want to upload attachments to the PC. If an admin/user is that worried, they can use the options that Slavik mentioned.

From what I was reading, seems to be concerns about allowing all admins and in some cases anyone to view conversation attachments as well as possible legal concerns, Although I asked a question you seem to have made your reply more complicated than it needs to be without answering the question. :confused: (no disrespect intended)

The option that Slavik proposed would be to disable a very nice new feature that some forum owners might want to offer attachments in conversations to their members but might also want to opt out of the admin viewing which currently does not seem to be an option, others might like attachments to be viewed by one person and someone else might like a different set up.

I am not sure how or even if it can be done but turning off/on the admin view function through config.php I would have thought it may have been a solution but then again I may be wrong :p
 
It's quite simple and comes down to each individual; if you don't want to read conversation messages, don't.

The very existence of the feature will be enough for our users, regardless of admin willpower.

EDIT: enough to cause an almighty argument
 
So presumably your users also don't accept the fact that conversations can be read via phpMyAdmin?
 
So presumably your users also don't accept the fact that conversations can be read via phpMyAdmin?
They accept that because it's difficult to do (ie requires technical knowledge which most of our mods/admins lack), and that only the site owner has full access to the server, we don't read people's PC's. Having everybody's attachments a handful of clicks away will not be as comforting for them.

It's not the end of the world, because we will lust leave Conversation attachments turned off and they won't miss what they never had :)
 
They accept that because it's difficult to do (ie requires technical knowledge which most of our mods/admins lack), and that only the site owner has full access to the server, we don't read people's PC's. Having everybody's attachments a handful of clicks away will not be as comforting for them.
It requires a bloody login and clicking of 'browse' on the table to do it. Not very difficult. My 6-year-old could figure it out.
 
Like I said, only the site owner has that login, and trust me, phpmyadmin would scare the bejesus out of most of our mods/admins!
 
Top Bottom