Admins can still read anyone's PM's by downloading the database

I’m not a developer, but you’re now saying the following is impossible?

  1. Don’t allow admins to view PM’s through the user profile page
  2. Log all impersonation activity in the “Staff Action” log

The notion of requiring necessary friction required to view PM’s was already discussed in Impersonation and reading private messages:

If it’s changed from “fairly complex” to “impossible” that’s something to work with … but is that really the case?

1 Like