"Last Post" stat exposes private message dates (privacy bug)

(dh) #1

When you see “last post: x hours”, it considers private messages, too, which is pretty creepy and surely unintended.

1 Like
How to add an id/class to something so I can modify it?
(Jeff Atwood) #2

So you think it should mean “Last Public Post”?

I am not opposed, but it hasn’t been much of a concern to date. Would also change long term historical semantics.

(Also LOL bug. Does this prevent typical use of Discourse, which is the definition of the bug category? No sir, I don’t think so. )

2 Likes
(dh) #3

Well, it is, by definition, a bug: It’s unintended. You are exposing private information to the public by accident.

We do forum games (with millions of posts) – this allows people to metagame since private messaging exposes information that should be private (eg, if you’re a bad guy, you’d whisper).

While the part above is unique to our case, the public exposure of private information is surely not intended and can be abused in unique ways. Please change this back to bug from feature, unless it can honestly be said that this was intended and it’s already somewhere in the default privacy policy.

(Jeff Atwood) #4

Yes, this was intended. It’s always been date of last post, of any kind.

I am open to re-interpreting that in different ways, however.

3 Likes
(dh) #5

Another major low in Facebook’s privacy record came in 2016, when its subsidiary company, messaging giant WhatsApp, announced a privacy U-turn — saying it would begin sharing user data with Facebook for ad-targeting purposes, including users’ phone numbers and their last seen status on the app.
This hugely controversial anti-privacy move quickly attracted the ire of European privacy regulators — forcing Facebook to partially suspend data-sharing in the region.

There are numerous GDPR mentions about “last seen” information that falls within the GDPR scope. WhatsApp has been under pressure from this, recently. If this is a concern with major companies like this, it should be interpreted as a privacy bug.

I won’t push it any further, but I’ll leave this saying that this is a GDPR-recognized privacy issue, whether it’s interpreted that way or not. Whether person A can think of a way it can be exploited, person B will always find a way to do so (such as our forum games as a minor example, but a major example is out there, somewhere).

(Jeff Atwood) #6

There are trivial ways to mask this, such as sending a PM to yourself, if you’re that worried about the integrity of your forum game.

(Sam Saffron) #7

Something is not sitting right for me cause last_posted_at already ignores whispers.

last_posted_at = Y.last_posted_at,

Y denotes posts that are not post_type 4 … aka whispers.

1 Like
(Jeff Atwood) #8

I am fine with changing it if the change is easy. I am not attached to the current definition.

(whispers are kind of a different case as they are staff exclusive, off by default, and never visible to anyone)

1 Like
(Sam Saffron) #9

I am not following what there is to change. It is working as designed. Aka. hiding the whisper time from the public.

(Jeff Atwood) #10

No, PM time. Not just whisper. PMs as well.

1 Like
(Sam Saffron) #11

Wait … the complaint is about the user profile page here, so this is a giant pickle.

If we amend the definition of last_posted there to:

Date the user last posted on a public topic (one that is not in a secure category)

Then forums that heavily rely on secure categories will no longer have sane “last post at” dates on users.

Having this “work as expected” would require keeping a big bunch of dates in a table and then picking the one that matches the right visibility.

I guess we can amend this, it is a reasonably simple change, but forums with secure categories only are in for a big surprise.

3 Likes
(Jeff Atwood) #12

Nahhh I only think we need to look at disallowing PMs from counting for this field, not category permissions. So I don’t agree with your assessment.

(Sam Saffron) #13

Why, if it says “last posted” Jan 22, and that is actually the last time I posted in #staff and last public post I made was at Jan 10. This is the exact same issue.

UI says I posted on Jan 22, but after crawling the forum as the current user viewing user page I can only find Jan 10.

I would say not addressing both actually makes a date you can not find on the site reveal more information.

1 Like
(Jeff Atwood) #14

I’m not talking about the staff category. I’m talking about PMs class posts being excluded, like whispers are.

(Sam Saffron) #15

I understand, but the gist of the request is “do not expose information users are not privy to in the last post date”, if we do not exclude posts in private categories this concern is only partially addresses

1 Like
(Jeff Atwood) #16

Right but who cares, this is the actual request.

And you bring up a good point, if we are conceptually ignoring whispers for this stat, that’s quite similar to ignoring PMs…

2 Likes
#17

Was not aware whispers are a feature, but +1 to this request, for similar reasons.

(Stephen) #18

The request is fundamentally flawed. They aren’t called Private Messages, they’re not Personal Messages either, just Messages.

They can be viewed by admins, no expectation of privacy is given, any assumption of such is a mistake.

The ICO classifies a privacy breach as the disclosure of personally-identifying information. The time a Message was sent doesn’t constitute PII. How is WhatsApp trying to make privacy changes so that Facebook could target adverts remotely related to this?

In any community with layers of permissions there’s always going to be disparity between the last posted date, and the latest visible post. Seeing a date which differs from the last public post doesn’t imply that a message has been sent either. The ‘last posted’ date also applies to reports.

3 Likes