Security for underage users

I’m excited about your take on forums structure and organization of online communities.

I’m considering using it in the near future for an educational community for children, where children aged 6-17 would be the main users, perhaps a few thousand of them.
Naturally I worry about their online safety, and how Discourse could be used to an advantage over existing forums.
For simplicity considering an all-private discourse forum, what security features are there to keep dangerous people away? Such as requiring an approval or invitation from X number of people before signing in, or the absence of private messages all-around.

I know about the 4 levels of trust already, but this is not enough to protect children, I think.

Thanks

Firstly, IANAL. This is solely based on what I’ve heard and what I could find in the last n minutes.

If you’re doing anything with children under the age of 13, you need to read up on and comply with COPPA.

http://www.coppa.org/

From reading this page, here are some first steps: http://www.coppa.org/comply.htm

• Make a custom Privacy Policy page at /admin/site_contents/privacy_policy
• Place it somewhere prominent with /admin/site_contents/top and CSS
• You also need to obtain ‘parental consent’. Consider making that part of your membership approval process.
• Consider forgoing advertising and GA, as that will make compliance easier

I would also consult with a lawyer, as this stuff may be hard to get right.

This is not feasible, the flagging dialogue automatically creates PMs.

We did add a “agreed to the terms and conditions” checkbox to new signups for a customer. You would definitely want that here – @neil how can they turn it on?

http://forum.example.com/admin/site_settings/category/legal

Pasted image699×281 9.6 KB

What @riking said. tos_accept_required is one thing you’ll want to turn on.

Having some parents as moderators, or at least trusted members of the forum, could help too (unless it would stifle conversation to know that parents are reading everything). Education about flagging and how to spot suspicious activity can go a long way.

Are there any updates on this issue?
Any new features?

Is it possible to block all private messaging among a certain class of users?

This would be really good.
Just messages to and from Admins and Mods.
One less thing to worry about if your forum’s a little wild and free to sign up.

I’m also very uncomfortable about the messages being read by admins. The topic was closed I wish it could be reopened.
A Boolean to salt and obfuscate?

As I understand it, mods, and definitely administrators have the means to view private messages between other users. Coupled with some sort of homegrown reporting tool using the API, it should at least be easy to monitor for suspicious activity, particularly if PMs are expected to be a rarity.

Making it clear that you are doing this, or have the ability to do this may very well be enough to make troublemakers reconsider.

Mods can view flagged PMs only. Admins can view all PMs.

I’m not seeing this in my setup. I’m on version 2.7.0.beta5. How do I enable this?

Hi,

This isn’t a setting anymore AFAIK

You can create a user field for this by going to admin > Customise > User Fields

Result:

image991×1266 80.9 KB

There is also a notice at the bottom reminding users about ToS and privacy etc.

Noted with many thanks.

Olá, você encontrou uma resposta para isso? Estamos pensando em desativar mensagens privadas entre nossos menores de 18 anos, mas ainda permitindo que nossos maiores de 18 anos enviem mensagens privadas.

No momento, a menos que alguém me corrija, é definir U18 em TL1, por exemplo. Definir de forma que TL1 não possa enviar mensagens e TL2 (maiores de 18 anos) possa enviar mensagens. No entanto, as pessoas poderiam mentir. No meu exemplo, o que impede alguém de simplesmente marcar uma caixa?

Gosto da ideia de permitir/desautorizar MPs em um nível de usuário individual.

Graças ao @martin, há algum tempo, introduzimos “grupos com mensagens pessoais ativadas” e “grupos com mensagens diretas ativadas”. Isso deve atender ao seu propósito! Você pode criar um grupo “acima de 18 anos” e usá-lo aqui.

IMG_60931170×1444 227 KB

A mesma coisa que os impede de literalmente qualquer verificação em qualquer nível que você esteja fazendo de simplesmente dizer “sim, eu tenho 18 anos”.

Não há literalmente nada que você possa fazer para provar que alguém é uma criança que não exigiria um esforço extraordinário e que precisaria ser utilizado em todas as pessoas. Mesmo isso é simplista de contornar, a menos que você utilize um nível de intromissão tal que ninguém se incomode em fazê-lo para o seu fórum online.

Suas únicas opções reais são ser incrivelmente intrometido com toda a comunidade (por exemplo, verificamos aleatoriamente todas as mensagens privadas e bloqueamos quaisquer referências à comunicação externa) ou confiar que as pessoas não mentirão e seguirão seus ambientes da maneira ideal.