There is, of course, also the fact that TL0 members may have the same legitimate reasons for wanting to contact a staff member as TL1, TL2 or TL3 members - all of whom can do so with no problem. Just because they’re new members doesn’t necessarily mean their issue is covered in the FAQs.
Or what if they receive an offensive or Spam PM from another member? How do they report that?
Are there plans to make the trust levels more configurable? This seems like it calls for a setting (“Enable PM feature at TL …” for example).
Makes no sense either. Newbie questions should be public to guide other newbies.
But there are still legit reasons to allow ANY member to be able to easily PM staff.
If you go to a busy airport in a country where you don’t speak the language, even with lots of signs there are still times when you just want to talk to a person.
In the meantime, I added this text to the bottom of all welcome PMs:
(If you need to privately communicate with staff members as a new user, just reply to this private message.)
I am open to making the PM trust level configurable, right now you must hold TL 1 to PM, I personally think it’s a massive griefing hole / vector to set that to zero, but as long as that’s not the default probably fine.
It seems like it shouldn’t be a huge problem if TL0 could PM staff but not others, since a staff member could quickly stop the problem.
Depends; if every new user can pm any staff member they could pile up hundreds of pms from a bunch of new accounts before the staff member is aware (or even around).
How would I know if some other Staff member is getting PM griefed? PMs are basically invisible unless we explicitly browse the profile of a random new user and look for them.
technically you could grief the account that sends the welcome PM already today, so this would slightly widen the potential havoc but not introduce something radically different.
Perhaps I am missing something…
Does anybody actually receive email notifications for the system user other than system.
Perhaps I missed a setup step - but for me system doesn’t have an email address:
And as such you wouldn’t ever know if a user has replied to the welcome email.
I’m guessing this might be the case with a lot of installations?
I have not tried this, but I’m sure you can change the system account email by going to its public profile and changing its preferences. (/users/system/preferences/email)
I am aware of the ability to set the email address…
But for me the question is if it is not a required setup - then perhaps the welcome message shouldn’t indicate users can message system.
I was wondering how many installations really have this set.
The admin page nags you if you don’t have this set to an actual user.
Won’t happen, at least on any forum that truly is active. Any active forum will have mods in place and likely have mods that span timezones, so the chances that this occurs is negligible. Plus with how easy it is to ban a user, I, as a mod, wouldn’t care. I’ll have that user knocked out and blacklisted pretty darn quick!
Assuming the nags are in the usual place - I don’t see any.
The average Discourse instance is not very active to put it mildly. It would be a massive increase in attack surface area on every Discourse instance in the whole world. And one that is very difficult to see.
@DeanMarkTaylor I will have to check to make sure that is part of the default setup nags, I could have sworn it was. The idea is that the “welcome to the site!” message ideally comes from a staff member so it is more personal. Regardless, if you read the text of what was added, it points to /about so you can even figure out who the moderators are.
I don’t agree with you at all on this, but that’s how it goes when you don’t actually run or moderate a forum…
Spamming mods is idiotic and they’ll get banned quickly (as I previously stated and you know that process is dead simple). The fact they can technically do this to a single member now anyway, makes your point irrelevant.
You aren’t really making it any harder for them to do this today, you are simply permitting the scope of their target to be a bit wider (which actually makes it easier to catch, as more people will likely get the PM and act on it). If they aren’t doing it today, why do you assume opening the scope wider will make it happen with such a frequency that it becomes a massive problem?
Ninja’d
We seem to be dancing around in circles here and sorry, I’ve never been much of a dancer.
Allowing anyone regardless of Trust Level or even if unregistered, to contact Staff is important.
By PM is the logical method. Somewhere visible while on the site is the logical place.
Sigh, but that doesn’t help them if they can’t connect anyone but the sender of the Welcome message… Why point them to a page where the workflow would be:
It just seems silly to me that there is such a reservation to allowing members to be able to contact staff, yet all signals say: “contact staff”.
Plus, it is a tad bit silly to say, “they can spam via PM” when they could theoretically do that now with the welcome PM.
Ideally the PM button for TL 0 would only show up on Staff Profiles and User Cards. It gives any user a way to reach them (via the about page, a post, a topic, topic list, etc.) but doesn’t publicize PM in an outrageous way.
If you have ever ran a normal website with a “Contact Us” form you will find that SPAM directed specifically at the owners / website developers is normal. “Get your website to the top spot on Google” etc.
I would imagine that forum moderators / admins would be similarly targeted with SPAM as @codinghorror mentions.
Personally as a web developer I see my customers receive over 30 a day - these are mostly filtered or managed via Akismet etc.
Maybe so, but wouldn’t you deal with it? Or is it more "I don’t want to be bothered, whether it results in collateral damage or not?
In my experience Contact form SPAM isn’t so much about SPAMming the site Admin as it is header injection. A PM to Staff is a different thing.
I don’t think you are actually thinking this through @cpradio … I have visibility and admin/mod into hundreds of Discourse instances. There is a reason we sandbox new users.
Consider if user X just gets pissed off at user Y. User Y happens to be an admin or moderator – and remember admin state isn’t even visible in the UI any more. Heck, even if they know that person’s a moderator, now they can individually PM every single staff member to tell them how much they hate that other staff member. Now they have a very good griefing tool in private messaging that’s not gated by anything other than how fast they can sign up new accounts.
They can create tons of new sockpuppet accounts and PM all the staff they want seconds after creating the new account (subject to standard new user rate limits, and other existing rate limits, of course).
I guarantee you the first thing a suspended user is thinking is, how can I create a new account and create as much havoc as possible? Well, with "let all new users PM staff’, they now have a much more powerful weapon at their disposal. The complaining will be endless and it will go directly via PM to every staff member. That makes it personal.
Besides, the deeper problem you’re looking at is confused newbies – these users won’t even know how to PM! I don’t feel that the tradeoff of
is a better solution than
Something like:
Confused? Don’t understand? Can’t figure out what’s going on? Need special help? Visit our FAQ, try posting in our member help category and if that doesn’t help, try our email contact form.
… perhaps as a banner, part of the welcome message, etcetera.
And I want to reiterate users this confused won’t even know how to PM! So if you gave them this PM staff as TL0 ability, I sincerely doubt they would even be able to figure out how to use it.
I just fundamentally disagree that this is the right way to solve the problem that you’re seeing. I think a) there are better solutions to the problem you have and b) the specific proposed solution is rather risky and opens the door to a lot of griefing and other problems from new users, worldwide, on every Discourse instance there ever is, or ever will be.