I noticed that what's written in the personal pad is stored in the database without encryption, meaning that admins are easily able to read their users' personal pad messages through phpMyadmin.
Shouldn't be forums' members warned about the fact that what they write in this personal pad may be read by admins ?
Ever since the days of BBS's..... SysOps and Admin have had the privilege of reading user's Private Messages, Emails and Notepads. It's a precaution thing.. User's do not have the right to post hidden messages from or to, all involved and keep them totally secret.
Admin / SysOps, have the right to 'Police' what is being covertly published on their forums... else the forum 'underground' could be used for anything and everything illegal.
Quote:Ever since the days of BBS's..... SysOps and Admin have had the privilege of reading user's Private Messages
Yeah I even changed the way passwords are stored in database modifing php files to bypass the md5() function, showing them all as clear in phpmyadmin instead as md5 hashed -_-
[ in order to be able to help members having trouble logging in / who have lost their password of course... ( and escaping the hours spent running cain&abel ) What you say ? I'm lying ? Noooooo how can you give me such nasty intentions ? I swear I did that only to help my members xD ]
PS : No way to find a Mod allowing the reading of others' Private Messages with the MyBB soft -_- ?
I have moved this to General Support because it is not a bug, rather a privacy thing.
The passwords from md5 to nonencrypted was a horrible idea, maybe you wont go back and use them against someone, but if your site is ever exploited and/or hacked, seriously, every members password and email address is at their fingertips. Wasnt there some US law on passwords being forced to be encrypted? I guess thats besides the fact, and you wouldnt be able to md5 peoples private notepads because md5 is irreversable. Probably something like blowfish then hash it against the users password. As for reading private messages, why? Usually it isnt the admins buisness whats going on in other peoples private messages, it could be personal stuff. Hense the name private messages.
HomeDawg Wrote:Wasnt there some US law on passwords being forced to be encrypted?
Never forget: US law is not valid outside the US
(Whereas to decrypt is still a bad idea)
HomeDawg Wrote:Usually it isn't the admins business whats going on in other peoples private messages, it could be personal stuff. Hence the name private messages.
I think 'private' in this sense is only used to indicate that no other member has access to it.. Some BBS's now use 'personal' message in lieu of it.
While Admin have the right to read personal messages, it is expected of them not to abuse that privilege.
But the access is needed in the event that the system or members are / is being abused or used for covert and illegal stuff...
If messages are
that personal... I would suggest email be used.
Ozidave Wrote:If messages are that personal... I would suggest email be used.
With PGP, otherwise it is as private as a postcard.
Ohhh, I can't delete this post.
call them personal messages then. They are 'personal' but not private.
Plus, I'm happy for gmail to read my emails. Machines 'read' and/or 'process' your messages anyway. they can't help it, they need to 'read' it to display it.
the whole Gmail thing works similar to BBcode. it searches for words it recognises, then displays the appropriate view. so our forums search for stuff like [ b ] and then [ /b ]. Gmail searches for "mobile" "website" "news" and words like that.
Anyway, like I said earlier, if you're concerned with the wording 'private messages' rename it to 'personal messages'.