Admins can clearly see all private messages of all users

downey · March 26, 2015, 1:46am

Reproduce steps:

As an admin, view a user’s profile page, e.g., Profile - downey - Discourse Meta
Scroll down on the left column to the “Messages” heading and click the “All (N)” tab.

Expected results:

Admins can not see personal messages from users.

Actual results:

Admins can see all content of all private messages. Yikes!

Rationale:

In email systems, even system administrators can’t easily view the content of regular users’ email accounts without invoking some type of auditable (e.g., “Staff Actions” log) activity. This is related to the trust that users place in the system that private messages are indeed private (at least from casual/easy viewing). There should be a bona fide reason for admins to need to view private messages that they aren’t involved in. In Discourse, that would (should!) be the “impersonate user” function. In a trustworthy Discourse design, this action would be logged to prevent abuse by a sketchy admin. (Or moderator too? I didn’t check.)

sam · March 26, 2015, 1:54am

This has been covered before quite a few times afaik, its by design not a bug.

sam · March 26, 2015, 1:55am

https://meta.discourse.org/t/restrict-moderators-from-reading-all-pms/8618

https://meta.discourse.org/t/impersonation-and-reading-private-messages/8485

Topic		Replies	Views
Can admins see all Personal Chat messages? support chat	6	484	November 29, 2022
Admins can see private messages in user's profiles? site feedback	9	21363	December 24, 2021
Does the owner of a discourse forum have the ability to read my forum private message? support	9	891	August 24, 2019
Admins can still read anyone's PM's by downloading the database feature privacy	19	5536	March 26, 2015
Is it possible to moderate all personal messages sent between users? support moderation , personal-messages	4	154	March 27, 2024

Admins can clearly see all private messages of all users

Related Topics