Possible privacy flaw with DMs

I’d like to point out an issue regarding privacy and DMs. I’ll explain the situation that happened, to illustrate what I mean:

I had sent a friendly DM to a moderator, to clarify my intentions behind some recent posts. Nothing serious, but the message was still personal.

The next day, I notice that an invite to all moderators had been made 10 hours before.

It turns out that, without asking for my permission, it was deemed justified to share one of my DMs—because a community member had flagged one of my posts.

I was never asked if I agreed to share the content of that DM. I just logged into my account the next day to see the DM had been shared with others.

Now, the community this happened in is normally very respectful and rational. So it’s surprising something like this happened. However, if it can happen in such a community, I’d imagine this might happen in others.

I understand that this is partly a community and moderation issue, which I have brought up with them. However, this is also partly a privacy issue, with how DMs are built, and privacy in general, so I thought it best to mention it here.

(I don’t really intend to participate in the discussion.)

So what do you propose that should be different or fixed?

To me this sounds like a policy issue, not a privacy issue and certainly not a bug - and even then: I don’t see any harm when a moderator shares something with their co-moderators?


I’m not sure why you’ve mentioned it then :thinking:

1 Like

The exact same thing happened to me last week. I didn’t realize what would happen. There should at least be a disclaimer or maybe consider an alternative solution.

No electronic mail gives absolute privacy. As ss etc can share content of a DM. If you send me an email I can forward it to others

Any member can iirc in a DM can invite others; not just the Op.

Being a moderation issue as you mentioned imho would be quite normal to invite other moderators. Though if the issue is with one of the mods than imo that mod team should exclude said mod to investigate ie a complaint.


Yeah this is largely the nature of needing to moderate PMs. The same person could have simply shared a screenshot if we somehow attempted to block this behavior.

We have a plugin for encrypted PMs that can provide more privacy, Discourse Encrypt (for Private Messages), but because an admin can access the database there’s never a 100% guarantee of privacy when you send a message to someone else.


I’m not sure how people consider this, but to me, a phrase like “moderating DMs” sounds a bit intense. However, at least users should be made fully aware that their DMs can be moderated and shared without their permission, no?

Personally, a simple message like “This message was considered as going against the community guidelines, and is therefore being moderated” (the reason why could also be mentioned).

It would maybe reduce abuse of sharing DMs, especially when there is no valid reason to do so (like what happened in my case). Not being asked for permission to share your DM is already frustrating. At least this message would make things slightly better and more formal.

Either I misunderstood your previous post, or that is not what happened.

You said you sent a friendly DM to a moderator, to clarify my intentions behind some recent posts. I.e. you had a message exchange with a moderator about your posts. You were addressing that moderator not as a regular user, but in their role as a moderator. They shared that DM, they did not moderate it.

When you address someone from a forum’s staff about something policy related, it’s perfectly reasonable that they share and discuss that with other staff members. There is no privacy, the message exchange was in the light of the user - staff relation. Under the GDPR this is allowed in article 6.1.b “processing is necessary for the performance of a contract to which the data subject is party”.

One way or another this is not a problem of the software, IMHO.


(I was addressing the moderator as a normal member (she had created a topic, and this is what the DM was about). However, this community has many members who report posts, simply because they don’t agree with something, and one of my posts was flagged (and cleared). Even though the DM I had sent didn’t have anything to do with the flagged post, the moderator said it was shared to other moderators, without my permission, to clear that flag.)

Like I said, this was partly a community issue, and I’ve brought up the issue with them. However, personally, if I had at least known that moderators can and do share DMs like that, it wouldn’t have been as bad as simply logging into my account 10 hours later, and seeing one of my DMs had been shared to multiple people without my permission.

Everybody can share DM’s. That’s why it is called a D(irect) M(essage) and not a P(rivate) M(essage).

This goes for every social platform or communication technology. One can share messages on Signal, Whatsapp, Facebook, email. People can record phone calls, connect the call to a third party or have someone sit next to them and listen in. Encrypted messages can be copy/pasted or a screenshot can be shared. Someone can listen into your conversation when you’re in public.

Long story short: You should be prepared that anything you share with someone can be (re)shared by them, and if someone does so without your consent, your only option is to bring it up to them.

I think it’s a pretty bad idea to try to move that responsibility to the software.


There is a difference between a friend sharing a message to someone without your permission, and a moderator of a community formally sharing a DM, shared without your permission, to formally moderate you.

And I’m not saying this shouldn’t be allowed, I’m saying:

Users should at least be made fully aware that DMs can be moderated—or that DMs can used as a formal means to moderate you—all done without your permission.

They have the flag icon on them? That suggests to me that those posts have the potential to be moderated. If the recipient flags a post (pm or otherwise) then it’ll go to the Review queue to be moderated, and thereby be visible to moderators for moderation.

I don’t know the specifics of your issue, but it’s clear you’re not happy with what happened on your forum. I think it does come down to a ‘people’ decision, and not a software oversight. Perhaps you could ask your forum admin to include something extra in their site’s T&Cs or rules to make it clearer what their particular policies are regarding this?

Same as on Twitter. I wonder how people would think if Twitter staff could share your DMs to other Twitter staff, without your consent?

Or how that would look from a privacy perspective?

Anyway, I’ve already used up over an hour replying here. Make use of what I’ve said how you see it.

If it’s a message that I actually sent to Twitter staff, I would fully understand that.

1 Like

I sent a friendly DM to a moderator as a normal member, about a topic she had created. And a similar situation can happen between two normal members.

Either way, I don’t care anymore.

You built of tool, and expect moderators in all communities to use it without privacy issues. When a member of a community brings up such an issue that happened, you blame it on him.


And, without members actually knowing their DMs can be used in such a way, it is a privacy issue.

twitter employees can read your dms without your consent

1 Like

Can it be used against you? Is it legal? That’s still a privacy issue.

yes, they ban people based on dm content quite often


So because Twitter does it, it’s not a privacy issue?

Twitter response

Unsurprisingly, Twitter denies the claims. “We believe these claims are meritless and we intend to fight them,” the company said in a statement.

As to the likelihood of success, there is already precedent in a similar lawsuit brought against Google for “reading” Gmail messages. In that case, the judge refused to allow the class action lawsuit to proceed, meaning that it falls to individual users to sue the search giant. But she also denied Google’s efforts to dismiss the lawsuits altogether.

A month after that ruling, Google changed both its practices and its terms and conditions and reached a private settlement with the litigants.

Either way, I don’t care anymore.

I think another way to think about it is that if some content that needs to be flagged to be moderated can’t be seen by moderators, how could the moderators moderate it? (if they don’t have access)

Think about some criminal content sent using that platform, if some user flags it, shouldn’t a moderator have access to it? Or should flag be disabled if i’ts a DM?

As a side note, keep in mind that every post is stored in the database, so admins have access to it, unless the content is encrypted (I think the encryption discourse plugin does that) or some end-to-end message (like Whatsapp), but that will depend on the platform. The most common case is for posts to be stored as plain text in the database, which is what happens in Discourse by default.

Futhermore, the user that receive the message can sent it to someone else, like @RGJ said previously, even if it’s not an “official” way to moderate. If the issue is sharing the content (that is, privacy), it doesn’t matter if it’s an official or unofficial way, the content was shared either way.