01-11-2010, 01:23 PM | #1 (permalink) |
zomgomgomgomgomgomg
Location: Fauxenix, Azerona
|
How much access to 'private' data do message board/website staff have?
This was going to be put in the 'anonymous poster' thread, but I figured I would put it here instead:
Caveat: I do not use vbulletin, so what I say here only applies strictly speaking to Invision Power Board. However, it applies more generally to this and other message boards as well, and all websites that store your information more generally than that. All moderators on my board can access the following 'semipublic' information:
As an administrator, I can access the following 'private' information:
Now, it is not convenient for me to do any of this administrative 'snooping'...it involves doing MySQL lookups on the raw database. My users are aware this 'snooping' is possible, and I have used it to resolve potential legal (and board) disputes. The only thing that almost all board packages (and websites in general, by now) handle securely is passwords. I cannot access your password, as it is hashed, I can only reset it. Is anyone surprised that this is possible? I would hope not...operating with the assumption of privacy online is a good way to get a nasty surprise. Can any staff here confirm or deny that vbulletin is similar? Even if everything were hashed and stored securely, instead of stored plain text/gzipped (very unlikely), anyone with both the server FTP password and an admin login could just copy the whole board onto an offline test environment, reset your password, and log in as you, getting all the access you have without alerting you that someone has changed your password. Can any IT staff confirm or deny their ability to access supposed 'private' data? For example, I know our IT department can easily read the email of anyone with a blackberry, but it requires logging in as someone to read regular user's.
__________________
twisted no more Last edited by telekinetic; 01-11-2010 at 01:39 PM.. |
01-11-2010, 01:34 PM | #2 (permalink) |
Tilted Cat Head
Administrator
Location: Manhattan, NY
|
I cannot confirm nor deny what you've posted here.
__________________
I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. |
01-11-2010, 01:37 PM | #3 (permalink) |
Young Crumudgeon
Location: Canada
|
General rule of the internet: anything that's not encrypted is going to be accessible to someone. Passwords are, as a rule, stored in a hash function and not even directly accessible to admins. Other than that, if you put it out there someone has the capability to read it, and to connect it back to you.
If you're paranoid about things like email, you can use encryption. PGP is free and widely available. On forum, it's important to keep in mind that you're a guest on someone else's space. Ideally that someone would respect your privacy except in situations where laws are being broken or rules violated, but you can't always count on that. The solution is to not put information out there that you wouldn't want widely available. I have no idea regarding the specifics of how TFP handles these things. It has been publicly confirmed in the past that staff are able to access things like hidden email addresses and private blog entries, and I believe it's been indicated before that they can access private messages if they need to as well, although I shouldn't be considered an authority on that. Regardless, after four years of interacting in this space I feel confident in stating that the administrators here will respect the privacy of the membership unless specific circumstances force them to do otherwise (chiefly liability issues, although there may be other situations).
__________________
I wake up in the morning more tired than before I slept I get through cryin' and I'm sadder than before I wept I get through thinkin' now, and the thoughts have left my head I get through speakin' and I can't remember, not a word that I said - Ben Harper, Show Me A Little Shame |
01-11-2010, 01:44 PM | #4 (permalink) |
Confused Adult
Location: Spokane, WA
|
You can actually mod the forum packages to store passwords in plaintext serverside if you wish, the users would be nonthewiser, I did it as a social engineering project and walked away with an entire music scene's passwords, I wasn't exactly ethical back then. Needless to say, the stuff people keep private is often boring and of no concern to the admin types. You might catch a few dirty messages here and there, which can potentially be exciting if you know those people in person, but it's just meaningless without personal context.
Point stands though, you're the only one who can censor yourself or find secure channels to transmit personal data such as incriminating/private photos & other forms of media. |
01-11-2010, 01:56 PM | #6 (permalink) |
Asshole
Administrator
Location: Chicago
|
Shauk, what does it say about me that I'm more upset by your comma splices than by you stealing faceless strangers' passwords?
Oh yeah, that the mythical stick up my ass is more metaphorical than mythical. Forgot about that.... When I came across this thread I thought I had two options - deflect with humor (see Cynthetiq) or move it out of view of everyone for staff discussion (which in reality would mean that it would never see the light of day again). As a rule - and for good reason - I don't like discussions like this because there will invariably be someone who starts railing on the staff for "First Amendment Rights" or somesuch bullshit. Then I realized that there's a third option and one that's probably the best fit given that I know that telekinetic is a good guy, loves this space and isn't going to do anything to purposefully harm it. And that's to say that, regardless of what mods can or can't do and what admins can or can't do (and the only admission you'll get from me is to confirm that they're different), you either trust us or you don't. If you don't, then you shouldn't post personal stuff here, especially if you buy into any of the smokescreen that I throw up around myself. If you do trust us, then there we go.
__________________
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - B. Franklin "There ought to be limits to freedom." - George W. Bush "We have met the enemy and he is us." - Pogo |
01-11-2010, 01:59 PM | #7 (permalink) |
Confused Adult
Location: Spokane, WA
|
wow yeah, I was just on a comma roll there.
>.> Oh well. NOT THAT IT MATTERS BUT: they weren't faceless strangers, I met every one of them for the years I spent DJ'ing and attending various events in which I was not DJ'ing I am a social buttahflyyyy or something. |
01-11-2010, 02:20 PM | #8 (permalink) | |
Tilted Cat Head
Administrator
Location: Manhattan, NY
|
Quote:
Today, just setup another one... The most important thing here is that we've developed a level of trust. Now I'm sure there will be one person in the community who will come forward and make a deal about being violated for privacy or something or another. We protect this space as we would any, and that may mean taking things seriously to the point where we have to look at logs and track users habits within our space. It does not mean however that we blab it among the community at large.
__________________
I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. |
|
01-11-2010, 02:24 PM | #9 (permalink) | |
Young Crumudgeon
Location: Canada
|
Quote:
__________________
I wake up in the morning more tired than before I slept I get through cryin' and I'm sadder than before I wept I get through thinkin' now, and the thoughts have left my head I get through speakin' and I can't remember, not a word that I said - Ben Harper, Show Me A Little Shame |
|
01-11-2010, 02:24 PM | #10 (permalink) | |
Sitting in a tree
Location: Atlanta
|
Quote:
Yeah and if I created this thread I'da been permanently banned, forcing me to use a proxy just so I can come back and visit. |
|
01-11-2010, 02:30 PM | #11 (permalink) | |
zomgomgomgomgomgomg
Location: Fauxenix, Azerona
|
Quote:
When you go to your friend's house, does it bother you he could secretly be filming you pee, or look at your social security and credit cards while you're in the bathroom? Or do you not even think of it, because he is your friend.
__________________
twisted no more |
|
01-11-2010, 02:32 PM | #12 (permalink) | |
Tilted Cat Head
Administrator
Location: Manhattan, NY
|
Quote:
This topic isn't a comfortable discussion for staff because most people can't seem to understand the difference in taking care of something and just accessing information for personal gain/reasons. They get emotionally involved in the "right to privacy" and not in the logistics of running and operating a privately owned space. People have created such threads for the years we've been around. Since I installed the anonymous function, people have decried it, while others praised it. I'm currently working on a man's laptop removing some spyware. He was kind enough to tell me that he's got some pr0n on his machine, gay pr0n. I told him that I didn't care what it was, I was interested in removing the virus. Meanwhile, knowing what I know about computers, I could easily discern and snoop about. But why? It's just more time I'd have to spend on his stuff, instead of finishing and moving onto the next task, or even going home instead of staying longer at the office.
__________________
I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. |
|
01-11-2010, 02:35 PM | #13 (permalink) |
Human
Administrator
Location: Chicago
|
If it's on a website, someone can access it. That's just a fact of the internet. Your e-mail is no different: there are people who could read it all if they wanted. Whether you trust that we adequately limit that ability and use it sparingly... well that's up to you.
__________________
Le temps détruit tout "Musicians are the carriers and communicators of spirit in the most immediate sense." - Kurt Elling |
01-11-2010, 02:38 PM | #14 (permalink) | |
Submit to me, you know you want to
Location: Lilburn, Ga
|
Quote:
Maybe because I've run forums for so long and pretty much know what admins can do that its a "given" in my mind, and not a problem for me and I tend to forget that "normal" people don't always know just what exactly they are entrusting people with. As a forum admin for many boards I own, I have a great respect for what it takes to run one and I am more than confident that the Admins here only do what is in the best interest of the community. Although I will say as an ordinary member here it DRIVE ME BANANA'S to see 8 spam posts and not be able to do anything about it lol
__________________
I want the diabetic plan that comes with rollover carbs. I dont like the unused one expiring at midnite!! |
|
01-11-2010, 02:39 PM | #15 (permalink) | |
Asshole
Administrator
Location: Chicago
|
Quote:
To slip back into character for a moment, no one should delude themselves to think that they're important enough for me to spend 10 minutes ferreting out exactly who they are and what they've been up to. I, personally, really couldn't care less. Unless, of course, I think that you're fucking with membership or abusing the system, in which case I'll be stalking you like dung beetle chasing a constipated elephant, awaiting that glorious moment when all your shit explodes.
__________________
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - B. Franklin "There ought to be limits to freedom." - George W. Bush "We have met the enemy and he is us." - Pogo |
|
01-11-2010, 02:40 PM | #17 (permalink) |
Asshole
Administrator
Location: Chicago
|
Let me know if you want the ability to do something about it. That goes for anyone else. We can always use more spam cleaners.
__________________
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - B. Franklin "There ought to be limits to freedom." - George W. Bush "We have met the enemy and he is us." - Pogo |
01-11-2010, 02:41 PM | #18 (permalink) | |
Sitting in a tree
Location: Atlanta
|
Quote:
Maybe we should all work on a code word or something to make sure everyone knows when I'm kidding, without having to type 'j/k.' |
|
01-11-2010, 02:41 PM | #19 (permalink) |
Asshole
Administrator
Location: Chicago
|
If that's the only part you're claiming to be kidding about, then I'm calling bullshit, mainly because I know you know better.
__________________
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - B. Franklin "There ought to be limits to freedom." - George W. Bush "We have met the enemy and he is us." - Pogo |
01-11-2010, 02:43 PM | #20 (permalink) | |
Young Crumudgeon
Location: Canada
|
Quote:
Professional courtesy is key in any situation where you're handling personal information. While the staff don't get paid to do what they do here, it's really the same principle in effect. They have nothing to gain by going through your private information, and I trust them to respect the privacy of the userbase here. So now I've come full circle, I suppose. My prior post was input as an IT professional, this one is just me. I trust Halx, Secretmethod70, the_jazz and Cynthetiq. They've all become acquaintances of varying degrees of familiarity over the years, and they've all individually earned my respect independently of their position. For that matter, the same can be said about the moderator team. You either trust them or you don't.
__________________
I wake up in the morning more tired than before I slept I get through cryin' and I'm sadder than before I wept I get through thinkin' now, and the thoughts have left my head I get through speakin' and I can't remember, not a word that I said - Ben Harper, Show Me A Little Shame |
|
01-11-2010, 02:50 PM | #21 (permalink) | |
Sitting in a tree
Location: Atlanta
|
Quote:
I have zero dupes here. Promise. For now, anyways. ---------- Post added at 05:50 PM ---------- Previous post was at 05:44 PM ---------- Don't tell the other 3 but have I told you you're my favorite admin? |
|
01-11-2010, 02:54 PM | #22 (permalink) | |
Asshole
Administrator
Location: Chicago
|
Quote:
In other words, don't go tearing down my carefully crafted facade of "genuine, Grade A, grain-fed asshole (see Cynthetic's signature)". It's taken me years to get people to believe that, and I won't have you tearing it down because you're bored one afternoon, missy.
__________________
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - B. Franklin "There ought to be limits to freedom." - George W. Bush "We have met the enemy and he is us." - Pogo |
|
01-11-2010, 02:58 PM | #23 (permalink) | |
Sitting in a tree
Location: Atlanta
|
Quote:
I mean, yes sir, Mr. Badass, sir. |
|
01-11-2010, 03:05 PM | #24 (permalink) | |
Young Crumudgeon
Location: Canada
|
Quote:
I just don't like you. Asshole.
__________________
I wake up in the morning more tired than before I slept I get through cryin' and I'm sadder than before I wept I get through thinkin' now, and the thoughts have left my head I get through speakin' and I can't remember, not a word that I said - Ben Harper, Show Me A Little Shame |
|
01-11-2010, 03:07 PM | #25 (permalink) |
Asshole
Administrator
Location: Chicago
|
Thank you for drinking the Kool-Aid, citizen. Move along and be happy that I don't get my banstick out for flaming.
__________________
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - B. Franklin "There ought to be limits to freedom." - George W. Bush "We have met the enemy and he is us." - Pogo |
01-11-2010, 03:09 PM | #26 (permalink) |
Young Crumudgeon
Location: Canada
|
Your banstick doesn't scare me, even if it is bigger than mine.
I wonder if I can convince Halx that you're a spammer.
__________________
I wake up in the morning more tired than before I slept I get through cryin' and I'm sadder than before I wept I get through thinkin' now, and the thoughts have left my head I get through speakin' and I can't remember, not a word that I said - Ben Harper, Show Me A Little Shame |
01-11-2010, 03:51 PM | #27 (permalink) | |
Paladin of the Palate
Location: Redneckville, NC
|
Quote:
*rimshot* To the OP: I run under the assumption that everything I think is "private" can be read by someone, so I never post anything that I wouldn't tell a friend/co-worker/random bar fly. If you figure someone is reading everything you type, then you won't put anything down on "paper" that you don't want someone to read. |
|
01-11-2010, 04:15 PM | #28 (permalink) | |||
zomgomgomgomgomgomg
Location: Fauxenix, Azerona
|
Quote:
Quote:
Quote:
__________________
twisted no more |
|||
Tags |
access, board or website, data, message, private, staff |
Thread Tools | |
|
|