When you see “last post: x hours”, it considers private messages, too, which is pretty creepy and surely unintended.
So you think it should mean “Last Public Post”?
I am not opposed, but it hasn’t been much of a concern to date. Would also change long term historical semantics.
(Also LOL bug. Does this prevent typical use of Discourse, which is the definition of the bug category? No sir, I don’t think so. )
Well, it is, by definition, a bug: It’s unintended. You are exposing private information to the public by accident.
We do forum games (with millions of posts) – this allows people to metagame since private messaging exposes information that should be private (eg, if you’re a bad guy, you’d whisper).
Yes, this was intended. It’s always been date of last post, of any kind.
I am open to re-interpreting that in different ways, however.
Another major low in Facebook’s privacy record came in 2016, when its subsidiary company, messaging giant WhatsApp, announced a privacy U-turn — saying it would begin sharing user data with Facebook for ad-targeting purposes, including users’ phone numbers and their last seen status on the app.
This hugely controversial anti-privacy move quickly attracted the ire of European privacy regulators — forcing Facebook to partially suspend data-sharing in the region.
There are numerous GDPR mentions about “last seen” information that falls within the GDPR scope. WhatsApp has been under pressure from this, recently. If this is a concern with major companies like this, it should be interpreted as a privacy bug.
I won’t push it any further, but I’ll leave this saying that this is a GDPR-recognized privacy issue, whether it’s interpreted that way or not. Whether person A can think of a way it can be exploited, person B will always find a way to do so (such as our forum games as a minor example, but a major example is out there, somewhere).
There are trivial ways to mask this, such as sending a PM to yourself, if you’re that worried about the integrity of your forum game.
Something is not sitting right for me cause
last_posted_at already ignores whispers.
last_posted_at = Y.last_posted_at,
Y denotes posts that are not post_type 4 … aka whispers.
I am fine with changing it if the change is easy. I am not attached to the current definition.
(whispers are kind of a different case as they are staff exclusive, off by default, and never visible to anyone)
I am not following what there is to change. It is working as designed. Aka. hiding the whisper time from the public.
No, PM time. Not just whisper. PMs as well.
Wait … the complaint is about the user profile page here, so this is a giant pickle.
If we amend the definition of
last_posted there to:
Date the user last posted on a public topic (one that is not in a secure category)
Then forums that heavily rely on secure categories will no longer have sane “last post at” dates on users.
Having this “work as expected” would require keeping a big bunch of dates in a table and then picking the one that matches the right visibility.
I guess we can amend this, it is a reasonably simple change, but forums with secure categories only are in for a big surprise.
Nahhh I only think we need to look at disallowing PMs from counting for this field, not category permissions. So I don’t agree with your assessment.
Why, if it says “last posted” Jan 22, and that is actually the last time I posted in #staff and last public post I made was at Jan 10. This is the exact same issue.
UI says I posted on Jan 22, but after crawling the forum as the current user viewing user page I can only find Jan 10.
I would say not addressing both actually makes a date you can not find on the site reveal more information.
I’m not talking about the staff category. I’m talking about PMs class posts being excluded, like whispers are.
I understand, but the gist of the request is “do not expose information users are not privy to in the last post date”, if we do not exclude posts in private categories this concern is only partially addresses
Right but who cares, this is the actual request.
And you bring up a good point, if we are conceptually ignoring whispers for this stat, that’s quite similar to ignoring PMs…
Was not aware whispers are a feature, but +1 to this request, for similar reasons.
The request is fundamentally flawed. They aren’t called Private Messages, they’re not Personal Messages either, just Messages.
They can be viewed by admins, no expectation of privacy is given, any assumption of such is a mistake.
The ICO classifies a privacy breach as the disclosure of personally-identifying information. The time a Message was sent doesn’t constitute PII. How is WhatsApp trying to make privacy changes so that Facebook could target adverts remotely related to this?
In any community with layers of permissions there’s always going to be disparity between the last posted date, and the latest visible post. Seeing a date which differs from the last public post doesn’t imply that a message has been sent either. The ‘last posted’ date also applies to reports.