Admin reading PM's? Is this possible?

[TMS]

A friend of mine runs a board using Invision Power Board v2.0.4.

Is it possible that he or the other admins can access & read private messages sent between users?

Certain questions posed to me lately have made me a wee bit paranoid.

Thanks for your help!

[Jorrit787]

Most forum systems make that possible through the Admin interface, sure. I'm not sure if IPB has this feature, but if your friend has access to the database he can certainly read them.

[The Kingpin]

I didn't actual realise that this was possible, but I think that this is any awful invasion of privacy. Someone is sending something privately yet somene is snooping through it.

[Oldiesmann]

With most forum systems you can only do it if you have database access, and it's not that easy to get that information. In SMF for example, only the member IDs are stored with the message, so you have to know the member ID of the user whose PMs you want to view before you can view them. Also, PMs are stored in two tables - one table for PMs that have been sent by someone and one table for PMs that have been received by someone. This way both the sender and the recipient(s) have to delete the message before it's actually gone.

[Scribbller]

Quote:

Originally Posted by The Kingpin I didn't actual realise that this was possible, but I think that this is any awful invasion of privacy. Someone is sending something privately yet somene is snooping through it.

I dont find anything wrong with it, if it is so private them email him. Most admins read them to check wether spamming is going on or not.

[michaelbenson]

I know that reading PMs in vBulletin has been released in numerous plugins and extentions for 3.5.X

[Lightning]

When I had IPB, I used to read PMs all of the time in phpMyAdmin. I do the same in vBulletin. Most of the time I'm looking for PM spam.

My members are fine with this because I added it to my TOS. I would suggest anyone who reads their member's PMs does something similar.

[NexopiaRob]

I would strongly advise against anyone actively reading Users messages. If it gets out that you do that, you could have a mini-revolt on your hands.

Only one of our staff can read messages, and even then it's via the Database and is only ever done when the police request messages.

[Jagg]

I think there was a modification for IPB 1.3 that allowed admins to read private messages, I have no idea if the 2.0.x series has such a feature of modification available.

Personally I would only do that only if a member asked me to after a spam report using the PM system.

[Oldiesmann]

SMF 1.1 has an optional "Report PM" feature (the admin can choose whether or not to enable it) that works pretty much the same way as the report post feature on most systems. That way if there's a problem, the admin can be notified about it without having to invade their users' privacy.

[Wayne Luke]

Quote:

Originally Posted by NexopiaRob I would strongly advise against anyone actively reading Users messages. If it gets out that you do that, you could have a mini-revolt on your hands.

I don't have private messages on my site. That feature has been renamed "Shadow Mail". In the Privacy Policy it states:

Quote:

Shadow Mail This site has a feature called Shadow Mail. Within this feature you can send personal messages to other members. This feature is monitored and individual messages can be viewed by administration if complaints or other factors warrant it.

If you are up front about monitoring it and rename it something other than Private, you shouldn't have many if any issues with it.

[NexopiaRob]

I think the difference might be that our Users use our Messages as a main feature of the site (only 7% use the Forums) so us reading their Messages is a much bigger deal

[Kathy]

If you re-read the TOS of TAZ you will find it is mentioned.In my own website privacy policy, I mention it. Private messages are private but not secret.

[NexopiaRob]

Ours also says we can read them, and we do, if there's a major need to do it (like a crime has been commited).

What we don't do is read random messages or go looking for messages to read. That's what I'd advise against

[Renae]

Heh, never knew you could read them. I just looked to see if I could figure it out, and I did. But I don't think that I would ever read them unless I needed to for legal, spam or some other important issue.

[Ian Griffiths]

They're stored in the db as plain text and even if the table structure means that you don't have username next to the message etc., a query to read is only a simple join or something to get the full message and names. Very easy.

However some of these posts absolutely shock me!

"I used to read PMs all of the time in phpMyAdmin. I do the same in vBulletin."

Please tell me why?! Please tell me are your users aware and happy?! You have this access to this data for your own use on reasonable grounds, basically abuse and not much else. You can't just 'monitor' now and again when it interests you!!

Legalities aside this is very bad ethically!!

[Shawna]

Quote:

Originally Posted by NexopiaRob I would strongly advise against anyone actively reading Users messages. If it gets out that you do that, you could have a mini-revolt on your hands.

I agree.The reading of members pm's in unforgivable and reading the number of admins who cliam to do it to catch spam is a joke.Most admins do it cause they are just nosy as hell and want to know the personal business of their members.And just as NexopiaRob said, if your members find they will most definitely revolt and leave your board.Not only that they will let others know what you do and then your board is doomed.I have seen boards totally shut down over this issue.

[Julia]

I know there is an IPB hack but I'm not sure if it's applicable to the latest version or not.

It does seem to be a popular hack, looking at the amount of people who have downloaded it compared to other hacks. It's not something I personally would do without informing my members in my TOS. I'm just not comfortable with it myself. We've only had one spammer & as soon as they started spamming members they notified me via PM & I banned the person immediately.

I did once download the database & then opened it up & saw a lot of plain text, I realised that I was reading somebody's PM. It would be near impossible for me to work out who it was by/to & I just wouldn't want to go there. I'd be terribly upset if I read people were talking about me or my site behind my back & would rather not know. If something happened & I felt my members were in danger (ie: I suspected somebody was a paedophile & using PM's to contact members) then I would probably change their password & log in as them to read their PM's. So, I'm not above doing it, but it would have to be extremely special circumstances for me to do so.

However, as I do know that some admin read PM's I don't treat them as private. Anything I say on any forum via PM is something I'd be okay with being published on the www.

[Tigercraze]

Not all are insecure but some of the Admins I know are plain insecure to go to this extent of prying into their members' business. Best thing is he uses this double nick to post and he can tell other members what is the content of their private messages.

[Julia]

Wow, I just followed what somebody had said in this thread & found the private messages. I can't believe it's so easy to get to them. Oops.