Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options
Are private messages viewable by admins?
zak833
New
In a regular Vanilla install, can an admin view private messages sent between members?
I think this may be possible in their activity feeds, but I'm not sure...
0
Comments
You mean admins and not site owner? Don't know, but site owner could see it because they can see the database entries.
Admins can't see private messages in another users inbox (in a normal setup). A spoof user plugin could conceivably do this. Aside from the obvious already mentioned (anyone with read permission to database with phpmyadmin could do this).
It's pretty much frowned upon to look at private messages of other users whether you are the owner admin or whatever, unless you feel there is some illegal activity going on. Because you lose the trust of "privacy". Don't tell the NSA
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
As @R_J said, anyone with access to the underlying database can read the messages.
Vanilla doesn't provide this functionality out of the box.
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
Thanks guys. I'm just part of a forum and slightly paranoid the owner/admin might be snooping. OK, so essentially this would require the developer to access the messages via the database, but it would need to be done by a technical person, right?
The messages are stored in plain text in the db. Anyone who can create a database (which is required to install Vanilla) has the basic skills necessary to snoop.
I would say most people wouldn't do this, even if they could.
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
There's a config var to enable Conversation moderation in 2.0.
There's a config setting you can toggle to enable admins to read other folks' private messages. There's no way to do this in the Dashboard; they'd have to look it up and manually edit their config on the server.
So, there's a real possibility they are. I recommend just asking them what their privacy policy is on that.
For my sites, I tell members unequivocally I do not read private messages unless abuse is reported. No site I manage (including this one) has that config setting toggled on.
"So, there's a real possibility they are. I recommend just asking them what their privacy policy is on that.
For my sites, I tell members unequivocally I do not read private messages unless abuse is reported. No site I manage (including this one) has that config setting toggled on."
^^ This. I manage a number of sites, some Vanilla and some not, and this is my policy on all of them. I am of the opinion that the site belongs to me, as does responsibility of preventing that site from being used for evil. So I try to Not Be Evil by never snooping, unless reports of serious harassment, illegal activities, or something else occur that make ignoring the behavior the greater evil. Users must have some protection in their own inbox, and if a user is willing to abuse one person, it is a good indication they will abuse others.
A good admin will be very happy to address this concern if you ask them. It does, of course, require that they "feel" trustworthy to you.
Hello all, I've been biting my tongue, but I feel that it should be pointed out that assuming/wanting guaranteed privacy for anything posted into a web form is really at odds with how this whole thing (database-backed websites) works.
I'm running VF 2.1b2 and don't think I've seen the phrase "private message" anywhere in the interface. I think this is a good thing, because they really aren't - that is, can't be guaranteed to be - "private". With a VF conversation, AFAICT anyone can add anyone else, who can add anyone else... you never know who is going to see what you wrote. I'm sure many of us been added at some time to an email thread that we were "never meant to see"... same thing. I really like this feature BTW and think it's the right way to go, and move away from any pretence of privacy.
The long and short is, never put anything into a web form that would be terribly bad for you if posted in public.
Exactly http isn't a protocol that you should use to transfer sensitive information without additional encryption, and authentication.
The simple fact that this information is held on a server, mostly by amateurs. I seen people leave database dumps that have been indexed by google, I bet they weren't even aware.
grep is your friend.
I know that everyone is concerned about "privacy" here, but my client has another concern. She doesn't want anyone using her university forum on university servers for sending private messages on unapproved subjects. The university's regulations make her responsible for any illegal things they might be up to. So she would like to be able to review "private" messages if she is so inclined.
Regardless of the privacy concerns that anyone might have, how would that be possible? Is there a plugin?
Of course, in the Terms of Service, it will be made clear to the users that their "private" messages may be read by the administrator.
Thanks for your help.
Why not just disable the conversations application entirely?
grep is your friend.
@aldorr
As @x00 says, don't use that feature.
People can leave messages on a user's 'wall' which are visible to other members.
Separately why 'privacy' in inverted commas?
Root Administrators can view private conversations. and other Admin roles can be set to read private conversations.
If you make it perfectly clear to all users of your forum that private messages may be viewed by administrator in TOS, And add a message or pocket on the inbox screens that re-states it, and you still want users to have private messages among themselves and that THEY ARE AWARE that it is viewable and possibly read by Forum administrators. Then you have made it clear to the users. or do as others suggested if you don't want any private messages of any kind.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
AFAIK, there is no frontend designed to read other people's PMs. You have to look at the underlying DB for that.
IIRC, IF you know the conversation ID, and have admin privileges, you can view it on the frontend.
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
There is a configuration setting you can toggle that will activate the permission 'Conversations.Moderation.Manage' as granting access to others' private messages. The setting is
Conversations.Moderation.Allow = TRUE. Users with 'Conversations.Moderation.Manage' checked will then see the "Inbox" link on all profiles.As an ethical (and possibly legal) issue, we recommend making it clear to users that their private messages are viewable by administrators if you use that setting. There is a reasonable expectation of privacy in private messaging, as in email, unless you are told otherwise.
I never enable that setting on any site I manage, but understand the business considerations.
in Vanilla 2.1.5 and probably other versions as well.
if you set in the config.php
$Configuration['Conversations']['Moderation']['Allow'] = TRUE;
and then check moderation manage for the Admin role. then non-root Admins can view other user id's messages
e.g. see messages for user id #12
messages/all?userid=12
if you just have.
$Configuration['Conversations']['Moderation']['Allow'] = TRUE;
Root admin can see inboxes for other users.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Thanks!
@x00: Of course. That may have to happen.
Privacy in quotes, because obviously without proper precautions (i.e. https) almost nothing is really 100% private.
Thanks also @Linc and @peregrine!
The configuration settings made my day! I am going to re-draft the TOS with my client tomorrow and explain the concerns. It's either that or we remove private messaging altogether. Clearly.
Cheers.
Fair enough; just wondered.
I'm wondering if I can tweak Vanilla in a related manner. We're building a forum where the admin (one person) should be able to view private conversations as well as contribute to them (so it would be a 3 way conversation).
Anyone know if this is even possible?