Security for underage users

I’m excited about your take on forums structure and organization of online communities.

I’m considering using it in the near future for an educational community for children, where children aged 6-17 would be the main users, perhaps a few thousand of them.
Naturally I worry about their online safety, and how Discourse could be used to an advantage over existing forums.
For simplicity considering an all-private discourse forum, what security features are there to keep dangerous people away? Such as requiring an approval or invitation from X number of people before signing in, or the absence of private messages all-around.

I know about the 4 levels of trust already, but this is not enough to protect children, I think.

Thanks

Firstly, IANAL. This is solely based on what I’ve heard and what I could find in the last n minutes.

If you’re doing anything with children under the age of 13, you need to read up on and comply with COPPA.

http://www.coppa.org/

From reading this page, here are some first steps: http://www.coppa.org/comply.htm

• Make a custom Privacy Policy page at /admin/site_contents/privacy_policy
• Place it somewhere prominent with /admin/site_contents/top and CSS
• You also need to obtain ‘parental consent’. Consider making that part of your membership approval process.
• Consider forgoing advertising and GA, as that will make compliance easier

I would also consult with a lawyer, as this stuff may be hard to get right.

This is not feasible, the flagging dialogue automatically creates PMs.

We did add a “agreed to the terms and conditions” checkbox to new signups for a customer. You would definitely want that here – @neil how can they turn it on?

http://forum.example.com/admin/site_settings/category/legal

Pasted image699×281 9.6 KB

What @riking said. tos_accept_required is one thing you’ll want to turn on.

Having some parents as moderators, or at least trusted members of the forum, could help too (unless it would stifle conversation to know that parents are reading everything). Education about flagging and how to spot suspicious activity can go a long way.

Are there any updates on this issue?
Any new features?

Is it possible to block all private messaging among a certain class of users?

This would be really good.
Just messages to and from Admins and Mods.
One less thing to worry about if your forum’s a little wild and free to sign up.

I’m also very uncomfortable about the messages being read by admins. The topic was closed I wish it could be reopened.
A Boolean to salt and obfuscate?

As I understand it, mods, and definitely administrators have the means to view private messages between other users. Coupled with some sort of homegrown reporting tool using the API, it should at least be easy to monitor for suspicious activity, particularly if PMs are expected to be a rarity.

Making it clear that you are doing this, or have the ability to do this may very well be enough to make troublemakers reconsider.

Mods can view flagged PMs only. Admins can view all PMs.

I’m not seeing this in my setup. I’m on version 2.7.0.beta5. How do I enable this?

Hi,

This isn’t a setting anymore AFAIK

You can create a user field for this by going to admin > Customise > User Fields

Result:

image991×1266 80.9 KB

There is also a notice at the bottom reminding users about ToS and privacy etc.

Noted with many thanks.

Hola, ¿encontraste una respuesta a esto? Estamos considerando deshabilitar los mensajes privados entre nuestros menores de 18 años, pero permitiendo que nuestros mayores de 18 años se envíen mensajes privados.

Por el momento, a menos que alguien me corrija, es establecer U18 en TL1, por ejemplo. Establecerlo de manera que TL1 no pueda enviar mensajes y TL2 (mayores de 18) pueda enviar mensajes. Sin embargo, la gente podría mentir. En mi ejemplo, ¿qué impide que alguien simplemente marque una casilla?

Me gusta la idea de permitir / desautorizar PM a nivel de usuario individual.

Gracias a @martin hace un tiempo introdujimos los “grupos con mensajes personales habilitados” y los “grupos con mensajes directos habilitados”. ¡Esto debería servir a tu propósito! Puedes crear un grupo “mayores de 18” y usarlo aquí.

IMG_60931170×1444 227 KB

Lo mismo que les impide hacer literalmente cualquier verificación a cualquier nivel que estés haciendo, simplemente diciendo “sí, tengo 18 años”.

Literalmente no hay nada que puedas hacer para probar que alguien es un niño que no requiera una cantidad extraordinaria de esfuerzo y que deba ser utilizado en todas y cada una de las personas. Incluso eso es simplista de evitar a menos que utilices un nivel de intrusividad tal que nadie se molestará en hacerlo para tu foro web.

Tus únicas opciones reales son ser increíblemente intrusivo con toda la comunidad (por ejemplo, revisamos aleatoriamente todos los mensajes privados y bloqueamos cualquier referencia a comunicación externa) o confiar en que la gente no mentirá y seguirá tus entornos de la manera ideal.