Hi Guys
I received some malicious PM’s on this platform last night but the user involved deleted each message as soon as she saw that I was reading it, to prevent me being able to screenshot.
Her profile also now seems to have been deleted.
Is there a way that you can retrieve these posts so that I can save them?
Thanks for any help
I have the first message as it was sent to my emails
Hi there,
Are you talking about Amazon Sellers? While they are using Discourse, we have no control over their data as we don’t host them. You’ll need to contact the admins of that community directly.
Many many things don’t make sense about this:
-
Users can’t delete their own accounts after they have more than 2 posts
-
New users can’t send PMs at all, until they reach trust level 0
-
Users can’t delete topics, and a PM is a topic.
-
Users can’t really delete posts… they can trigger deletion on a post, which takes effect in 24 hours if the post is not flagged. So if you think something is about to be deleted by a user that should not be, flag it, and it literally can’t be deleted by that user
A staff member could kinda do what you describe but that’d … surprising … behavior from a staff member.
Hi Guys,
They messaged me too and the following morning no trace of PM even though it showed as a notification on Discourse in my account.
Ps They were not a new user here on Discourse. I shall PM you screenshots of their message and Discourse account opened in February so you can investigate.
Upon looking I can see they have removed the topic about editing and a pencil and icon not showing.
Coding horror you replied to them would you still see be able to see your reply.
She bragged about being able to edit without a pencil Icon showing that an edit had been made. However in the View page source the Update still showed time and details and I reported it to the Amazon Moderators what was happening.
Thanks for your help
EDIT - PS Re-screenshots, I live in France so the time shown is 1 hour in advance of the UK if that helps.
Hi Hawk
I’m referring to a number of PM’s sent to this discourse platform by a user,.
They were from a person who also uses the Amazon forum and was threatening to get me thrown off that platform.
She is manipulative and clever and deleted her posts the second she saw that I had read them, except the original one which was sent to my asociated email address.
The topic has been deleted, unless you can see it anywhere?
See my screenshot in the opening post , which captured the thread details.
If the messages can be retrieved, as Jeff mentions in his post then I could show those messages to the Moderators on the Amazon forum to help protect myself from this rogue user.
As Tracey says, I am not the only one she has messaged and then been able to delete the thread [Tracey is also another Amazon forum user who has already managed to get a months ban for.]
This user has found a way
Hi @Brixey
Update, another Discourse team member has confirmed how this is possible. For a PM/topic,notifications and user to disappear from the discourse forum. I shall PM copy you in. The team are working on it for you.
It is possible to do this
- Create a new account
- Read just enough to reach trust level 1 (you need that to earn the ability to send a PM)
- Send one PM and one reply max – because accounts can’t self delete with more than 2 posts
- Do this all within 2 days – because accounts can’t self delete more than 2 days after account creation
- Trigger account self-deletion
Pretty hard to do all that, but it could be done, so we’ll have to think about the ramifications here.
Hi Jeff
Number 3
You’ll have to up that number of posts to at least 4 because that’s how many she sent me, all but the opening post being deleted within seconds as soon as the “views” showed I was reading it
Thanks for the help here btw
It’s possible there is a bug that is not counting PMs in there @gerhard? We should definitely make sure that’s working as designed in terms of allowed user self-deletes.
Don’t know if it’s at all relevant, as all this is way above me, but the person concerned uses Ipads for her internet use.
We’ll get to the bottom of it for sure, we take abuse very seriously and we want everyone to be safe by default!
We did find a bug here where PMs were not counted towards the max 2 posts limit that prevents new account self deletion. That’s … pretty bad, my apologies. Hopefully @gerhard can get that fixed and backported lickety split!
It looks like it’s a 1 post limit where posts in PMs aren’t counted at all. First posts in topics don’t seem to count as well.
So, what should the new rule be? Count every post unless the post belongs to a PM with a system user (e.g. discobot)?
Yes, count almost everything, exceptions should be super rare.
Hi Guys,
Just wanted to say thank you all, for taking this seriously and looking into it so quickly and thoroughly
I have to say, I really appreciate this entire discussion. You show your commitment to open source ideals by not only reproducing the problem, but sharing steps on how it can be reproduced publicly, and working on a solution where we can see it. That’s impressive.
If the offending user also resides in the EU then restoring messages they explicitly deleted (without consideration as to whether they can or not) would likely be in violation of the GDPR.
Just to clarify
I didn’t request the messages be publicly restored simply retrieved to my PM’s as they were originally sent so that the user concerned canot send a threatening message and then delete it once read.
I can’t see that breaching GDPR?