Previous Thread
Next Thread
Print Thread
Hop To
#246809 11/13/2011 7:13 PM
Joined: Aug 2007
Posts: 386
B
enthusiast
enthusiast
B Offline
Joined: Aug 2007
Posts: 386
OK, I guess this is just my UBB questions day.

I'm an admin (yes that is scary). But, the owner of the company and the owner of the board is also an admin. I am going to assume that he has more capabilities than I do.

I get asked this question all the time by users:

Can the actual owner of the board see private messages?

Thanks.

Bert


UBB version 7.5.8
php version 5.4.22
MySQL version 5.5.36-cll
Bert #246811 11/13/2011 7:20 PM
Joined: Jan 2004
Posts: 2,474
Likes: 3
D
Pooh-Bah
Pooh-Bah
D Offline
Joined: Jan 2004
Posts: 2,474
Likes: 3
I also get asked this a lot. The answer is - not easily.
(For reasons of conscience wink and coding.) However...

It _is_ possible. But it's not something most of us feel comfortable about.

It is not part of the stock code that comes with any* forum.

It is possible to write a MySQL query to examine any aspect of the database.

This is something that an admin can do (assuming they have access to the 'Database Tools || SQL command').

Although, I suspect anyone doing this would probably not sleep well at night.





* - that I am aware of, anyway...

Bert #246813 11/13/2011 7:23 PM
Joined: Aug 2007
Posts: 386
B
enthusiast
enthusiast
B Offline
Joined: Aug 2007
Posts: 386
Well, since he crashed the whole board trying to reset FTP admin privileges, I am going to assume he can't do it.

Thanks.


UBB version 7.5.8
php version 5.4.22
MySQL version 5.5.36-cll
Bert #246814 11/13/2011 7:24 PM
Joined: Jan 2004
Posts: 2,474
Likes: 3
D
Pooh-Bah
Pooh-Bah
D Offline
Joined: Jan 2004
Posts: 2,474
Likes: 3
heh - sounds like he may not be that 'switched on'.

Bert #246815 11/13/2011 7:25 PM
Joined: Aug 2007
Posts: 386
B
enthusiast
enthusiast
B Offline
Joined: Aug 2007
Posts: 386
Don't think so.


UBB version 7.5.8
php version 5.4.22
MySQL version 5.5.36-cll
Bert #246820 11/13/2011 8:45 PM
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
Well, he can just use the feature "Become User" and go read their PT's.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Bert #246835 11/14/2011 4:27 PM
Joined: Apr 2011
Posts: 31
S
newbie
newbie
S Offline
Joined: Apr 2011
Posts: 31
I don't understand why you would want to do this. I know of 2 forums that do that and it does not sit well with their members when they find out.

Bert #246838 11/14/2011 4:46 PM
Joined: Jan 2004
Posts: 2,474
Likes: 3
D
Pooh-Bah
Pooh-Bah
D Offline
Joined: Jan 2004
Posts: 2,474
Likes: 3
I don't think he does want to mate. It's the super-admin that Bert is concerned about.

Bert #246840 11/14/2011 5:32 PM
Joined: Jun 2006
Posts: 81
M
member
member
M Offline
Joined: Jun 2006
Posts: 81
As Gizmo points out, it is VERY easy as an Admin to read a member's PMs.

It's a matter of ethics. If the Admin has none, expect that your PMs will be read. Which begs the question... How would you know if the Admin of any given forum has any sense of ethics?

The answer for me is that I never say anything in a PM that I would get bent out of shape over if it got out.

That is not to say I have never said anything bad about someone in a PM. It's just that I'd not be overly concerned if it got out and I just might say it in public if the topic were brought up there. grin


Bert #246842 11/14/2011 5:55 PM
Joined: Aug 2007
Posts: 386
B
enthusiast
enthusiast
B Offline
Joined: Aug 2007
Posts: 386
Thanks driv for clearing that up.

@Mike

That is good practice. But, the whole idea of Private Messages is that you say things in private you wouldn't say on the board. And, it doesn't necessarily have to be bad.


UBB version 7.5.8
php version 5.4.22
MySQL version 5.5.36-cll
Bert #246843 11/14/2011 5:57 PM
Joined: Aug 2007
Posts: 386
B
enthusiast
enthusiast
B Offline
Joined: Aug 2007
Posts: 386
Originally Posted by Gizmo
Well, he can just use the feature "Become User" and go read their PT's.

Never thought of that. Now that is scary.


UBB version 7.5.8
php version 5.4.22
MySQL version 5.5.36-cll
Bert #246844 11/14/2011 6:29 PM
Joined: Jan 2004
Posts: 2,474
Likes: 3
D
Pooh-Bah
Pooh-Bah
D Offline
Joined: Jan 2004
Posts: 2,474
Likes: 3
If you suspect 'foul play' you should not select the "Remember me on each visit" option.

Then at least, when you are about to log in, you will be able to see if you were 'logged in' - when you were away from your forum.... if you see what I mean.

Bert #246845 11/14/2011 6:31 PM
Joined: Aug 2007
Posts: 386
B
enthusiast
enthusiast
B Offline
Joined: Aug 2007
Posts: 386
So the person who "became you" would not be able to log you off?


UBB version 7.5.8
php version 5.4.22
MySQL version 5.5.36-cll
Mike L #246847 11/14/2011 7:07 PM
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
Originally Posted by Mike L
The answer for me is that I never say anything in a PM that I would get bent out of shape over if it got out.
+1


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Bert #246848 11/14/2011 7:07 PM
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
Originally Posted by Bert
So the person who "became you" would not be able to log you off?
I don't think it invalidates your cookie


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Bert #246849 11/14/2011 7:13 PM
Joined: Apr 2007
Posts: 3,940
Likes: 1
SD Offline
Former Developer
Former Developer
Joined: Apr 2007
Posts: 3,940
Likes: 1
giz is correct. you aren't affected smile

Bert #246852 11/14/2011 7:20 PM
Joined: Jun 2006
Posts: 81
M
member
member
M Offline
Joined: Jun 2006
Posts: 81
Edit. The following was being typed as SirDude and Gizmo responded.

That last is not exactly correct according to my understanding.


A topic such as this can lead to a bit of a mind twister. Excuse me if the following starts to sound like circle logic. crazy

If you log off on your last visit, you do not have the cookie set on your computer that keeps you logged in.

Thus even IF an admin becomes you via the control panel and does not log "you" off, it does not matter to your perspective. Or more accurately, your computer's perspective.

You will still need to log in when next you visit as you do not have the cookie set that keeps you logged in.

However, this is a bit moot. As the unscrupulous Admin who becomes a user for the purpose of reading PMs will need to log off so that they can log back in as their self to have their normal access.

Clear as mud?

Another aspect is that when an admin becomes a member, it will show to all the other members that you are logged in. It could get back to you that you were seen logged in at that time when you know you were not. Further, if you were to look, you could also see when you were last logged in and know that the time/date is not correct.

Bert,

I know what you mean about defeating the purpose of a PM. Perhaps I show my nature by using an example of bad-mouthing someone. It might well have been some other example where you would not want the info to enter the public domain even if not derogatory.

Still, it is the nature of online forums that you really need to be careful of what you disclose even in a PM. There is no reasonable expectation that the admin of any given forum is an IT professional with strong ethics. This is not to say that only IT professionals have ethics, nor do I contend that all IT folks are ethical.

A side note is that I am constantly amazed at what folks will reveal on a forum totally out in the open. I myself am just a tad more circumspect.

My point is that I never disclose something on a forum that I do not control if I would not want the communication to be viewed by others. If you have something where privacy is tantamount, take it to a medium you have more confidence in.

Lecture mode off. smile




Last edited by Mike L; 11/14/2011 7:21 PM.
Bert #246853 11/14/2011 7:25 PM
Joined: Aug 2007
Posts: 386
B
enthusiast
enthusiast
B Offline
Joined: Aug 2007
Posts: 386
Excellent review. And, this doesn't even count the PM where another is invited, and yet you only see the person who started it. That nearly happened to another user on our board. Actually, it did happen, she just hadn't said anything bad about that person.


UBB version 7.5.8
php version 5.4.22
MySQL version 5.5.36-cll
Bert #246883 11/15/2011 4:55 PM
Joined: Jul 2005
Posts: 45
M
mig Offline
newbie
newbie
M Offline
Joined: Jul 2005
Posts: 45
Another point that is worth mentioning that relates to Become This Member, is that Admin team members have the ability to see the actions of other admin team members within the Admin logs. If an admin needs to troubleshoot a problem for a member, that actually requires becoming them, it will appear in the logs. If you use the function, you become someone, troubleshoot and get immediately back out again.

I think that matters of privacy and the integrity of the admins is the most important thing to consider when inviting someone on to the team - you have to know you can trust them with the privacy of your membership.

On our board, we are committed to respecting and safeguarding people's privacy and there is no circumstance under which we would violate that trust. I wouldn't want to belong to a board that did! If our members didn't feel that they could trust the admin team, then I don't think they'd stay on very long. I guess that may depend too on the type of board (but it is particularly important on ours, which is a health-related site).

Bert #246894 11/15/2011 7:46 PM
Joined: Aug 2007
Posts: 386
B
enthusiast
enthusiast
B Offline
Joined: Aug 2007
Posts: 386
Thanks. I don't think it would happen on our board either. Not that this is anything that would concern you guys and it is a tiny bit off topic, but there has been some politics between the company and the customers. One thing that happened recently was a permission change in the CP. I was the first user on the board and have been the admin for quite a long time. A global mod from the company was added. (I won't go into the suspected reasons). Anyway rather than making her an admin, which would be strange, the owner simply changed what were all 0s next to GMs to 1s, thereby in effect, making her an admin.

This does all tie together with the lack of trust, although I still do not think the owner would check the PMs.

Sorry, if this is way off topic. Thanks for all the help.


UBB version 7.5.8
php version 5.4.22
MySQL version 5.5.36-cll
Bert #246896 11/15/2011 11:21 PM
Joined: Jan 2008
Posts: 514
addict
addict
Joined: Jan 2008
Posts: 514
No not off topic. My board is by no means as significant as some people's are here. I am one of 3 admins (I am the owner), but I take very serious the power of the admin rights and I have my admins sign (physically) a waiver that they will not, unless asked, become another member to fix an issue....and even then the other 2 admins assigned ask me first. I take our people's privacy seriously and do not allow anyone to read pm's... My policy...if you absolutely have to then do so AND GET OFF THE ACCOUNT there is no need to look any further than that. IMO. It is a moral and ethical issue and most forum board owners and admins (that I know) have the integrity not to do something like read another's pm.

Dunny

Bert #246897 11/15/2011 11:37 PM
Joined: Mar 2008
Posts: 262
enthusiast
enthusiast
Joined: Mar 2008
Posts: 262
I agree it is a moral issue too. I was the systems admin for a large company, and I could have read the presidents email if I wanted, but would I no. We have 3 admins on our board and I do not think any of them would ever read a members PM's


Ian
http://www.firstgenmc.com/ubbthreads

"Experience is a hard teacher because she gives the test first, the lesson afterwords."
Bert #246898 11/15/2011 11:43 PM
Joined: Jun 2006
Posts: 1,344
G
veteran
veteran
G Offline
Joined: Jun 2006
Posts: 1,344
I let the other admin and owner know if I ever caught them login as another user that I will pull their access. Even technical issues that may require me going into their account I request the user to change password to a temp one and I will login that way, with their consent and help.


Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
spam issues
by ECNet - 03/19/2024 11:45 PM
Looking for a forum
by azr - 03/15/2024 11:26 PM
Editing Links in Post
by Outdoorking - 03/15/2024 9:31 AM
Question on barkrowler and the like
by Mors - 02/29/2024 6:51 PM
Member Permissions Help
by domspeak - 02/27/2024 6:31 PM
Who's Online Now
2 members (Havenofsobriety, rootman), 624 guests, and 106 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)