I feel uncomfortable activating the new_event webhook because it sends the complete text of every private messages in plaintext, which then shows up in server logs and so on. Could the webhook payload maybe be encrypted, like Viber does? Or maybe private message would only show up with their title or “You received a new message” rather than the full text?
The communication between Discourse and the webhook receiver is encrypted using TLS, so only the receiving end can see the message. It is not plaintext.
The cooked element of the new_post webhook goes in the body of the request, which does not appear in your typical server logs.
Overall, you should not send webhooks to servers you don’t trust, but they should be useful for integrating Discourse between systems you control/trust.
Thank you for the quick reply. I’m thinking of integrations like webhook → Zapier → Twitter, in order to send a tweet for every new topic. However, due to the lack of distinction between topics and private messages, there is afaik no way to do this kind of integration without also sharing the content of every single private message (between any two users) with Zapier/Twitter. This seems quite a harsh price for being able to do webhooks and I’d like to invite the team to think about ways to protect privacy.