PMs are accesible by admins if the admin has the link

I just found out that if someone sends a PM to other person. Let’s say from account joe to jane, and for some reason someone (logged in) finds out the right “topic ID” it can read the PM.

I know is kinda a edge-case and is rather difficult to find out, but automating some kind of scraper to cicle trough all the topics ID anyone could read all the PMs.

I found out because a user replied to the notification email, and I was able to click the link and read the PM in question.

I’m assuming you are a staff member on the forum? You should only be able to do this if you are staff. Staff should have the ability to audit PMs by default, and admins and those with access to the DB would have access to the raw messages anyway.

If you’re needing to provide a truly private system, there is the discourse-encrypt plugin which provides end-to-end encryption of messages.

6 Likes

It’s not a necessity, just didn’t got a thought in that one.

I’ll test with a normal account and update this, just in case.

1 Like

This is only true for admins, not moderators, so I am editing your title which is incorrect. Moderators also only have access to PMs when they are flagged.

If this is a concern, demote yourself to moderator (by logging in under a different account to taste), or enable logging of PM visits by admins in your site settings.

4 Likes