If you search for a specific user and reveal their email address, it shows just their email address and mentions this in the logs. That’s fine.
Now, if you need to lookup another user and use the search box on the same screen, if multiple users are in the results, they all appear with their personal email address showing. And the logs mention that multiple email addresses were looked up.
In summary:
Intention - Look up two individual email addresses.
Actual Results
Logs show that many addresses were looked up.
Multiple users had their personal emails displayed unnecessarily.
Suggestions
Searching for user(s) should turn off “show email address” before completing the search.
“Check email” in the logs should say “Check email address” as it currently incorrectly implies reading of PMs. This was raised by someone in an earlier thread, but it’s still misleading.
Yes, if you click the ‘show emails’ button on an admin/users/list tab (active, new, etc.) after entering a username in the search box, email address will continue to be shown and logged on subsequent searches.
You can show email address for the entire list with Show Emails. I think the concern was about filtering to a single account expecting it to be a one-time single account reveal rather than a page level toggle that persisted. Going away from the list to look at a single email address does not do this
The problem I see with the button is that it doesn’t give you an indication of its state after you have clicked it. There is no clear option for undoing the ‘show email’ state. And while you are searching it keeps logging that you are viewing email addresses. A Show Emails checkbox would be a lot clearer.
Agree - a checkbox would be an improvement. But even this could be overlooked as people (like myself) may be expecting a single user to appear in the results - and be surprised when a page of email addresses appears.
My preference is to error on the side of (a) respecting people’s privacy & (b) not logging the moderator as an email snoop. Therefore, I’d rather see the results and then choose whether to display the personal / private email addresses.
My ideal outcome would be:
Have a checkbox to show/hide email addresses &
Don’t show email addresses automatically after a search.
This is currently possible with extra clicks. Instead of clicking Show Emails from the list, click the avatar or membername, show the email address, then go back to the list.
Or make it a toggle button - “Showing Emails” with another press to disable. With that setup, it should be obvious what’s happening after a single mistake.
Staff needs to understand “Show Emails” adds the email addresses to the user list display. Maybe we could leave it onscreen and changed to “Emails Visible” so it could potentially be changed back.
But the biggest thing is the staff needs to understand that to see a single user’s email thats best done from the user card or user info page. That’s a process training issue.
This probably sounds pedantic, but I view it as a “privacy” and “incorrect auditing” issue.
I use those words, because calling it a “process” issue doesn’t fully convey what’s happening. I felt quite uncomfortable about entries in the log suggesting email snooping.
The button is labelled “Show Emails”. It shows the emails for the (possibly filtered) users. It records this fact in the “Staff Actions” log with details about which users were shown.
The log entries don’t suggest anything about snooping - they are neutral and convey only the facts of what happened.
That’s the nature of an audit trail, it gives the facts around what happened, not why the actions were taken. Audit trails are (usually) examined after an incident occurs to determine the exposure (e.g. whose email addresses did the rogue admin see?).
Whereas if the audit trail is being proactively examined and reported on in a more tightly controlled environment (where staff must justify their actions), then I would certainly expect there to be formal training for the moderation staff on correct processes to follow to ensure that more information is not exposed than intended when an action is taken.
Going back and re-reading the earlier posts you made on this in context of the further discussion, does the following change reflect what you’re asking for?
Modify the Show Emails behaviour such that emails are ONLY shown until the search changes, then they become hidden again.
When I start a new search, it feels like starting over. That’s what I’m used to from other sites.
Background info - I can’t hide the button, as I’m a moderator (not an admin), which is also the reason I didn’t like the logs showing checking of multiple emails, when that wasn’t my intention.
Noone’s mentioned the “show emails” Vs “Show email address” point in the replies, but I think that would be an easy change to clarify.
That won’t always provide a solution because there is often good reason to use the search box.
My situation: I had just suspended a troll who had one common IP address across several accounts.
I entered the IP address in Admin > Users search box and hit Show Emails to check whether there were any common points between email addresses, to help ID him next time by checking any suspicious new signups (he switches naming style & IP pretty effectively, but only when he realises it’s necessary).
I then went to backspace the IP from the search box in order to enter the other last-known membername he had, because this:
Clearing the search box showed emails for all currently active users, just like the full list sorted by Last Seen at Admin > Users and illustrated here.
Began typing in name of one of his earlier accounts, call it Troll-1.
While typing that, all members who share T and Tr and Tro and Trol (etcetera) in their Name, Username, and email addresses, a largish number on the forum, were also being updated with each character typed.
Like a lot of forums (example posted by someone here) many of our users have certain common words significant to the forum’s topic within their Name, Username, or email.
Sometimes there is a case for running searches on a name liked by the troll to see how many members share them, before hitting Show Emails - but without wishing to go in and out of that page to clear it.
For a moderator who’s attempting to eradicate a troll but otherwise pressed for time (many of us are volunteers), having to go in and out of the same page just to close the displaying of emails, when they otherwise need to check several accounts with a common link, that is not ideal.
This would solve the problem and remove the need to spend time going in and out of the same page whilst investigating the same person.
