I am wondering how this complies with Human Rights to privacy and uninterruptedness (?) of private communication.
What’cha thinking?
Are you saying all an admin has to do is to navigate to a user’s profile, and they can see that user’s private messages?
I am not sure if it’s as easy as Bill is suggesting, but it would be easy enough to look at PMs via the database anyway.
I think they should be called conversations or personal or direct messages rather than private, because saying they are private leaves a user with an expectation of privacy where measures are put in place so the messages are indeed private.
2 Likes
Yes all an admin has to do is go to a user’s profile page and browse away at their private messages.
This should be fixed, there’s no reason it needs to be that easy for an admin to view supposedly private messages.
4 Likes
Not all admins have direct database access.
Seconded. Or at least a toaster that warns that private messages are not that private really and people shouldn’t post sensitive data there (with a “don’t show this again” checkbox, of course).
1 Like
You shouldn’t have lots of admins or even moderators. My community of 1000 members has 1 admin (me) and 1 highly trusted moderator.
You should be using the Leader and Elder trust levels for everything else. Those people can help with pinning posts, cleaning up the forum, and making sure things are nice and tidy. This comes without any access to private user data which only I have (the same person that could simply query the database).
2 Likes
Agreed. PMs should only be visible to an admin if that admin is impersonating the user. Oh wait, I feel like we’ve had that discussion before, too…
https://meta.discourse.org/t/impersonation-and-reading-private-messages/8485
3 Likes
Then why would they want to be members there?
IMHO if you can’t trust the Admin - don’t join the site.
I agree that personal messages should not be visible to others except the Admin (NOT Moderators) on a need to know basis.
There may be times when an Admin needs to check PMs to resolve an issue.
Moderators can see Personal Messages only if they are added as recipients or if a PM is flagged and ends up in the review queue.
Admins have full access to the site, including PMs. However, there is a special setting that, if activated, records in the logs when an admin accesses the PM of others.
For those admins who want to guarantee the absolute privacy of PMs, I recommend installing the Discourse Encrypt (for Private Messages) plugin.
7 Likes