In the spirit of transparency and protecting users communications, I, in my opinion, think that it should be made known to all users of this community that private/direct messages sent/received on this platform are not actually private.
Now, I make no accusations, I am just suggesting precautions, communicating concerns that if a mod position was to be had by an unfriendly, they would have access to all communications on this forum. I know also that IP addresses can also been seen by all mods quite easily, perhaps this should also be made transparent and recommendations of using a VPN should be suggested.
We collect data about private messages that you send through the forum. We make private messages available to senders and their recipients, and also to forum administrators.
No, we stopped doing this a while ago (we only did it for a few months IIRC) because it was a bit tedious (it was a manual process and there was no way to automate it). The Discourse team (who is responsible for hosting this forum) already takes care of creating off-site backups every 12 hours.
“to maintain logs for security reasons and for legal documentation”.
Is that the case?
Also, why do forum administrators need access to private messages anyways? What is this, facebook?
I agree that it’s a surprise to find that admins can read PMs, and that is an issue because the name does imply privacy. But this is a general issue and a feature of almost every online service, web hosting, email service, social network (including things like Mastodon), you name it, unless it explicitly goes out of its way to provide and market an end to end secure service.
People here make a mistake if we assume that because we want privacy, it will already be naked in to whatever we use. That a forum for SAFE Network can provide this before the forum is on SAFE Network.
That is after all why we’re here helping those build it, were here because such privacy is generally not available elsewhere and very hard to provide or procure.
I remember being quite shocked to find that government officers up to Prime Ministers and Presidents were using the same leaky, vulnerable apps, services and phones as everyone else. But that’s how it is apparently!
I think the time to be surprised about this has passed!
Absolutely, i agree with everthing you say, for now , i mean I reflect on things and sometimes change my viewpoint. I was really just curious as it was something I remember being discussed.
The only thing I don’t agree with is
A lot of people aren’t even aware, or cant be bothered to check, such policy even exists. It also says the policy can be changed from time to time which puts a tiresome boring burden on the user to check here and there. Perhaps it is put in the “forum usage stats”, which I haven’t seen in a while , which would make such changes more apparent. Really, how many people read the fine print. The statement imo is really a “buyers beware” comment which as we know exists because there are those that don’t have time nor desire to read what they assume to be legal jargon that they wouldnt understand anyways.
Again, was just curious, don’t really send pm’s regularly anyways. I do know, please don’t check admin , that users can share ideas they have for the SAFE platform with other trusted users as they don’t want to make them public in fear of them getting “stolen”. Not saying admin reading them makes them public, i seem to trust the current admin, but if the admin changes I would have my doubts about sharing such things through private messages.
I would think that changing the wording would be key but assume this is on a Discourse level and not something individual forums can change. I will find out.
Edited to add, i am happy to hear mods no longer have access, not because I don’t trust them but just because it opens up vulnerabilities.
Personally, I consider the fact that private messages on this forum are not end-to-end encrypted to be a current limitation of Discourse. The Discourse Encrypt plugin would allow for private, encrypted messaging between end-users but it’s not available for forums hosted with discourse.org yet (it’s still a work in progress)