Moderators can view emails and export user lists


#1

This is… insane.

In any forum, moderators can see the emails of users and even less the possibility of exporting them and downloading them to a csv file.

This is a huge security hole. While promoting someone as a moderator means that you have confidence in that person, but it is crazy to think that that person can have access to a list of users with data and even that you can download them.


Moderators Viewing Email Addresses
(Jeff Atwood) #2

Viewing emails is logged and requires a click on a button to display. Similarly export is logged.

If you don’t trust your moderators, demote them to trust level 4 users.


#3

That worked, thanks.

It is not a question of trust, it is that a moderator should not have those privileges. A moderator is a person who helps in a forum, editing, editing, moderating.

But that does not mean that you can have full access to download user listings. Even if you trust someone, they can deceive you.


(Jeff Atwood) #4

Yep, turns out, nobody can be trusted. Including yourself.


#5


(Neil Lalonde) #6

Moderators need to investigate possible spammers, duplicate accounts, forgot my login/password, etc. Checking email addresses is important for many of those tasks.


#7

There seem to be varying definitions of moderators. As far as I know:

  • In Discourse, trust level 4 is what most people call moderators. They moderate the discussion in the forum.
  • What Discourse calls moderators are people, who have nearly administator rights. They are staff of the forum. They have rights to flags, they can ban, they can suspend, they can almost everything, except change the basic structure of the forum (which is up to admin). In short, Discourse’s moderators are moderators of the site, not the discussion.

(Geoff Bowers) #8

I can see where email inspection is logged… but for the life of me I can’t seem to find where exports are logged.

Wouldn’t it make sense to be under Logs > Staff Actions?

I exported the entire user base but I can’t see an entry in Staff Actions and I don’t see anything that looks like Export in the filter.

Any help much appreciated.


(Geoff Bowers) #9

While I can’t find an evidence trail in logs, I have found a work around.

As System sends an export email, you can locate the user and review the Sent archive for Data export complete.

Hope that helps someone :wink: