If you search for a specific user and reveal their email address, it shows just their email address and mentions this in the logs. That’s fine.
Now, if you need to lookup another user and use the search box on the same screen, if multiple users are in the results, they all appear with their personal email address showing. And the logs mention that multiple email addresses were looked up.
Intention - Look up two individual email addresses.
Logs show that many addresses were looked up.
Multiple users had their personal emails displayed unnecessarily.
Searching for user(s) should turn off “show email address” before completing the search.
“Check email” in the logs should say “Check email address” as it currently incorrectly implies reading of PMs. This was raised by someone in an earlier thread, but it’s still misleading.
Yes, if you click the ‘show emails’ button on an admin/users/list tab (active, new, etc.) after entering a username in the search box, email address will continue to be shown and logged on subsequent searches.
You can show email address for the entire list with Show Emails. I think the concern was about filtering to a single account expecting it to be a one-time single account reveal rather than a page level toggle that persisted. Going away from the list to look at a single email address does not do this
The problem I see with the button is that it doesn’t give you an indication of its state after you have clicked it. There is no clear option for undoing the ‘show email’ state. And while you are searching it keeps logging that you are viewing email addresses. A Show Emails checkbox would be a lot clearer.
Agree - a checkbox would be an improvement. But even this could be overlooked as people (like myself) may be expecting a single user to appear in the results - and be surprised when a page of email addresses appears.
My preference is to error on the side of (a) respecting people’s privacy & (b) not logging the moderator as an email snoop. Therefore, I’d rather see the results and then choose whether to display the personal / private email addresses.
My ideal outcome would be:
Have a checkbox to show/hide email addresses &
Don’t show email addresses automatically after a search.
The button is labelled “Show Emails”. It shows the emails for the (possibly filtered) users. It records this fact in the “Staff Actions” log with details about which users were shown.
The log entries don’t suggest anything about snooping - they are neutral and convey only the facts of what happened.
That’s the nature of an audit trail, it gives the facts around what happened, not why the actions were taken. Audit trails are (usually) examined after an incident occurs to determine the exposure (e.g. whose email addresses did the rogue admin see?).
Whereas if the audit trail is being proactively examined and reported on in a more tightly controlled environment (where staff must justify their actions), then I would certainly expect there to be formal training for the moderation staff on correct processes to follow to ensure that more information is not exposed than intended when an action is taken.
That won’t always provide a solution because there is often good reason to use the search box.
My situation: I had just suspended a troll who had one common IP address across several accounts.
I entered the IP address in Admin > Users search box and hit Show Emails to check whether there were any common points between email addresses, to help ID him next time by checking any suspicious new signups (he switches naming style & IP pretty effectively, but only when he realises it’s necessary).
I then went to backspace the IP from the search box in order to enter the other last-known membername he had, because this:
Clearing the search box showed emails for all currently active users, just like the full list sorted by Last Seen at Admin > Users and illustrated here.
Began typing in name of one of his earlier accounts, call it Troll-1.
While typing that, all members who share T and Tr and Tro and Trol (etcetera) in their Name, Username, and email addresses, a largish number on the forum, were also being updated with each character typed.
Like a lot of forums (example posted by someone here) many of our users have certain common words significant to the forum’s topic within their Name, Username, or email.
Sometimes there is a case for running searches on a name liked by the troll to see how many members share them, before hitting Show Emails - but without wishing to go in and out of that page to clear it.
For a moderator who’s attempting to eradicate a troll but otherwise pressed for time (many of us are volunteers), having to go in and out of the same page just to close the displaying of emails, when they otherwise need to check several accounts with a common link, that is not ideal.
This would solve the problem and remove the need to spend time going in and out of the same page whilst investigating the same person.