What's new
What's new
By:
Advanced search…

OT - Are private messages really private?

M

maynah

Stainless
Joined
Mar 24, 2005
Location
Maine
Can moderators, forum owners, or IT people read private messages between members on vBulletin forums? I’m not referring to PM, but on other forums that deal with very high end collectable items. There is a lot of back room dealing and collusion, and I’m thinking private messages maybe aren’t so private. (Really Milacron, I’m not pointing fingers at you about that rare Schaublin tail stock you’ve been coveting.)

For that matter emails probably aren’t as private as we wish they were.
 
I'm sure any IT-level admin can read them. Whether moderators could is debatable, and would depend on settings. Since your user name is public, are you using an easily-guessable password? Could be as easy as that... and there's no indication of being logged-on twice, from two different machines.

The thing to watch for is that some fora's "pm" functions have been taken over by 'conversations', which sometimes are just open exchanges located on your User Control Panel page, and are not private at all. Always depends on the site.

If you have high-value deals brewing with private messages on your other public forum, it might be best to migrate out-of-band to encrypted emails, or even just phone calls.

Chip
 
maynah said:
Can moderators, forum owners, or IT people read private messages between members on vBulletin forums? I’m not referring to PM, but on other forums that deal with very high end collectable items. There is a lot of back room dealing and collusion, and I’m thinking private messages maybe aren’t so private. (Really Milacron, I’m not pointing fingers at you about that rare Schaublin tail stock you’ve been coveting.)

For that matter emails probably aren’t as private as we wish they were.
Click to expand...

NOTHING IS PRIVATE. It is just a matter of resources and resolve to get what you want for information.
 
maynah said:
Can moderators, forum owners, or IT people read private messages between members on vBulletin forums? I’m not referring to PM, but on other forums that deal with very high end collectable items. There is a lot of back room dealing and collusion, and I’m thinking private messages maybe aren’t so private. (Really Milacron, I’m not pointing fingers at you about that rare Schaublin tail stock you’ve been coveting.)

For that matter emails probably aren’t as private as we wish they were.
Click to expand...

Go back and read all the agreements provided to you when you signed up. If something is not explicitly stated in in about the use of the information you provide on the site, then it is not private. Some sites proved a separate privacy statement. Again if it is nto explicitly stated in there you have no legal standing.

dee
;-D
 
maynah said:
Can moderators, forum owners, or IT people read private messages between members on vBulletin forums? I’m not referring to PM, but on other forums that deal with very high end collectable items. There is a lot of back room dealing and collusion, and I’m thinking private messages maybe aren’t so private. (Really Milacron, I’m not pointing fingers at you about that rare Schaublin tail stock you’ve been coveting.)

For that matter emails probably aren’t as private as we wish they were.
Click to expand...
Unless I'm expecting some info from a member on something they have for sale or a solution to a tricky problem, I could care less about my own private messages, much less someone else.

I can tell you with the VB software we use, none of us can access member passwords, so in that sense we can't read private messages. However it occurred to me once I can change a members password and could get in to read his messages that way in an emergency. I can't imagine a situation, other than perhaps a spouse wanting to read her dead husbands pm's, I would actually do that, but then your post isn't really about me but the possibility of some other site owner doing that....to which I can say, yes, it probably is possible by doing the master moderator password change trick.

Of course to be properly sneaky about it, they'd have to change the password back to what it was ASAP...but then come to think of it, the moderator would not know what the previous password was ! So yeah, it could be done but not without creating a little suspicion because your password stopped working !

Bottom line is, if you don't know the members email or phone number and your chattering is of a sensitive nature, use a pm to get that info, and correspond via email, phone or text from there on.
 
I've set up a few messageboards in my time. They all use a back-end database to hold everything. It's trivial to do a dump of that database and have full access to everything if you have access to the database (login/password, etc). I've done it when moving a messageboard to a different ISP. Bad or poorly written software is what causes hackers to get into a lot of databases, by sending malformed commands through a web browser which gives them access to the database. Properly written software and good security measures prevent that.

The standard caveat is if you don't want someone to find out about it, NEVER post it to a messageboard, email, or anything online. Someone somewhere will have access to it at some point.
 
On another forum, another member PM'ed me and said one of the moderater's was a 4 letter word and he got kicked off that forum. So on that site Big Brother was watching. I was warned not to talk about that forum or I would be sued. So I won't mention it's name.

I think Don has a wonderful site as I expect what we read and write here will be used like a History Book someday by our Grand Children looking for info on our machines we pass on to them. Rich
 
Is your microwave in the same room as your computer?

Really...it would be relatively easy for someone with knowledge of database structure as Jeremy suggested, and administrator access...but my take on the crowd dealing in antiques and collectibles is, it's not going to be an issue...but then that's going to depend on the collectibles as well. Collectible mainframe computers, you bet your ass. Collectible barbies? Unlikely.
 
I think this a great site and feel people should not write sensitive things anywhere with not expecting a way someone might find it out..

*Do think moderators should not change a thread title with not disclosing who did it and what the change was.
 
Jeremy said:
I've set up a few messageboards in my time. They all use a back-end database to hold everything. It's trivial to do a dump of that database and have full access to everything if you have access to the database (login/password, etc). I've done it when moving a messageboard to a different ISP. Bad or poorly written software is what causes hackers to get into a lot of databases, by sending malformed commands through a web browser which gives them access to the database. Properly written software and good security measures prevent that.

The standard caveat is if you don't want someone to find out about it, NEVER post it to a messageboard, email, or anything online. Someone somewhere will have access to it at some point.
Click to expand...

You could setup the DB that it puts all private data in tables that have encryption. Extra work and it is only supported in the enterprise versions of the popular SQL servers. so there is extra expense involved. Even that does not absolutely guarantee privacy because you are relying on the DBA to decide what is private and what is not. You can use symmetric or asymmetric key encryption depending on how you want to manage the access rights. you can chose encryption for the entire table, or columns or the entire db.

Privacy is still just a legal concept, and it is only as good as the agreement provided by the site. Then the various methods used to secure the information is just automating the need to live up to the agreement.

In all honesty most sites are not in the business of stealing your private information, and they are there to provide valuable services, and you can fundamentally trust the honesty of the people behind operation. Where it gets murky is when a site gets hacked, or changes ownership, etc. If a site is willfully violating the privacy of its members, the only recourse you have is in the courts, and only if they violate the stated privacy rules. If a site says noting about privacy, or explicitly states that they use any and all information provided at their pleasure, there is little to nothing you can do.

dee
;-D
 
I can see why some moderators step into a thread if it is going nowhere or someone argues or cusses as this info or writing is viewed around the world and as I said it is a history book and how many history books do you see someone saying F words or fowl language? I have had my moments and have had somethings deleted. I can now see why they do it. Thanks Don for giving us this opportunity! Rich
 
Agree to that, fowl language and just abusive talk, unsafe advice the site owner and moderator should have his way...

But to change something like a thread title with not saying changed by.. might put a person's post appearance other than true or the way intended.
AM speaking about one title that I noticed the change.. and the the poster(Gordon)inquired about it..It put Gordon in a bad light IMHO...I know he sometimes does that himself...

I figure I know who changed it.. Tha moderator could have added changed By xxxx
 
michiganbuck said:
Agree to that, fowl language and just abusive talk, unsafe advice the site owner and moderator should have his way...
Click to expand...

Fowl language = poultry in motion

Nothing you enter into a keyboard is private. There's somebody, somewhere, with the ability to log every keystroke. Only
question is, do you interest them.
 
I was really wondering if some personnel with the inkling would be able to read messages and obtain information they could benefit from. Almost like insider trading.

I agree. The only sure way of privacy would be face to face.......in a noisy public place....... with your hand covering your mouth.
 
Milacron said:
..is possible by doing the master moderator password change trick.

Of course to be properly sneaky about it, they'd have to change the password back to what it was ASAP...but then come to think of it, the moderator would not know what the previous password was ! So yeah, it could be done but not without creating a little suspicion because your password stopped working !
Click to expand...
Been a trivial exercise for so long electricity was probably not yet in common use.

The 'unreadable' original password need not BE read. Simply saved in its binary form, swapped back afterwards, log entry of the changes edited-out if logging had even been active during the exercise, and if server clock had not been diddled, AND.. etc.

IOW . .trivial exercise for even a low-level 'wizard'.

But - other than 'National Security', we Just f*****g DO NOT DOO THAT.

OUR reputation is more valuable to US than the information can ever be to anyone less than a government we uphold... even if we trust THEM far, far, less that they would wish us to do.

quis custodiet ipsos custodes

Well for-damned-sure, too seldom themselves...

I trust Milacron as much because he is too lazy to waste years learning how to go devious to get stale information when he can get better and more current answers, faster, and at lower resource waste, by just ..... ta da ...ASKING.

True of lots, and lots of 'sensitive' information, that. Most of it is stale if not also 'out of proper context'. Re-fighting 'the previous war', or a historical biz deal in new circumstances, as it were.

"Winners" in the strategy and tactics of human conflict and cooperation, of which 'War' is but a small subset, are more interested in what might happen next week than with what happened last year.
 
maynah said:
I was really wondering if some personnel with the inkling would be able to read messages and obtain information they could benefit from. Almost like insider trading.

I agree. The only sure way of privacy would be face to face.......in a noisy public place....... with your hand covering your mouth.
Click to expand...

I was on one largish forum where it was clear the admin was monitoring PMs, because he was clearly taking action on what he read there. I had the impression he could search PMs for pertinent conversations, not just pry into a particular member's PMs
 
Nothing on the web should be considered private or deleted.

There are only two types of web security; That that has been hacked and that that is going to be hacked.
 
You must log in or register to reply here.

Similar threads

A
OT. Problem sending Private Messages in this forum!
Replies
2
Views
935
atomarc
A
Spinit
  • Sticky
A copy of forum rules from ownership. A reminder FYI
Replies
2
Views
10K
Spinit
Spinit
A
FP2NC Control Swap (caution, long winded with pictures)
Replies
19
Views
6K
Osclar
O
J
Proud new owner
Replies
11
Views
3K
jbjaholl
J
C
CNC Threading possable resolve. And a Letter to the owner.
Replies
11
Views
2K
ClassicCannons
C








 

ABOUT PRACTICAL MACHINIST

With more than 10.6 million unique visitors over the last year, Practical Machinist is the most visited site for metalworking professionals. Practical Machinist is the easiest way to learn new techniques, get answers quickly and discuss common challenges with your peers. Register for the world’s largest manufacturing technology forum for free today to stay in the know.

Learn more about us.

STAY CONNECTED

Facebook Instagram YouTube LinkedIn Pinterest Twitter Tiktok

Register Become a forum member. Register today.

Sign Up Sign up for our e-newsletter.

© 2024 Copyright Practicalmachinist.com. All Rights reserved.

Back
Top