Most discussion board software packages include a “private” message feature. One of the first things I did to phpBB2 was rip that feature right out. I had my reasons, and the resulting board has been active for more than seven years now so it has worked out okay. In fact it was earlier this year that I got my first question about why the feature was even missing.
At the same time there are valid reasons for folks to want to send a message to another board member without posting in public. Over at the phpBB2 Refugees site I got more immediate and vocal feedback. (Note: that link requires a login to the phpBB2 Refugees board.) As a result, the feature is in the process of being updated to include some new features. It has also been renamed from the “private” message system to the “personal” message system instead. Why is that?
Privacy Is A Myth
In general anything posted to the Internet is not private. (I am not going to consider encryption as an option for this discussion.) If you post on a message board, even in a private forum, someone else with access to that forum can read it and repost it elsewhere. If you send an email, someone can forward it to people you would rather not have read it. Basically the only way to ensure something stays completely private is to avoid posting it. Anywhere. Ever.
I frequently see topics at phpbb.com that ask questions along the lines of…
How can I read someone else’s private messages on my board?
Doesn’t the very question seem to contradict itself? How can I read a “private” message that belongs to someone else?
I see two questions that come from this. First, is it technically possible to do so. Second, is it ethically appropriate to do so. The answer to the first is clearly “yes” as there are several ways to approach the issue, and I will talk more about that in a moment. The answer to the second question is less clear. If someone has reported an issue with a PM and asks the board adminstrator to read it, then clearly it’s okay. But what if board member “Joe” reports to the administrator that board members “Jane” and “Jack” are using the PM system for inappropriate purposes. Is that enough to show “probable cause” and allow the board administrator to read those messages?
What if a board member hasn’t received any reports of abuse at all, but simply decides to go read all of the data stored in the privmsgs tables? Is that ethical? Is it legal?
I am not a lawyer, so I won’t try to answer the legal questions. I do, however, have a very strong feeling that it is not an ethical thing to do.
Why Remove It?
Ethical and legal questions aside, there was a very good reason why I removed the feature from my initial phpBB2 board. That board was a replacement for a mailing list. I was one of the most frequent contributors to the mailing list, and by definition my email address had to be public. It was, afterall, a mailing list. What happened was that people saw me answering a lot of questions (but not all) and therefore they assumed that they could send me a direct email rather than going through the list interface. I guess they assumed I had nothing better to do than read and answer their individual question. That assumption was wrong.
I had a standard reply to direct emails that went something like this:
Hi, I have a policy to not answer direct questions off of the list except for paying clients. By posting your question to the list you will get the attention of thousands of list members rather than just me. By answering questions on the list the entire community benefits rather than just one person. Thanks.
I had to send that message several times a month.
When we moved to the phpBB2 framework, I wanted to prevent that from happening again. I changed the default so that board member email addresses are hidden by default, and I completely removed the PM system. It didn’t seem appropriate to display the PM icon, only to present a board member with the “Private messaging has been disabled on this board.” message. At the time I was not smart enough to simply hide the PM button with a template switch, so I took it out altogether. As I mentioned in my opening paragraph, nobody complained until this year. I don’t think the community has missed the feature much.
How Can Private Messages Be Read?
I am not giving anything away here… these topics have been discussed quite often at phpbb.com from many different directions. There are several layers of access, starting from guest, then board member, then moderator, then board administrator, and finally server administrator. How can a guest read a private message? By having someone else post it in public. How can a board member read a private message? By having one sent directly to their account, or by having someone post something in public. Board moderators generally do not have access other than other board members, but board administrators do. If needed, a board administrator could change a user password, log in as that person, and read the messages direct from their inbox.
In most cases a board administrator is also the server administrator, with full access to the board database. At that point, all bets are off. Anyone with SQL access would be able to write SQL queries to retrieve any / all content from the phpBB2 board database. The table relationships are not that hard to figure out.
I have never seen a MOD that would allow board administrators or moderators to directly read the contents of the privmsgs tables, but it would not be hard to write.
All this means is there are both social and technical leaks in the so-called “private” message system. These leaks, along with my desire to avoid private requests for help on a public board, lead to my decision to remove the standard private message system altogether, rather than just disable it.
Personal Messages Are Not Private
Due to the requests from other members of the phpBB2 Refugees site I am bringing this feature back into the board code. However, the first thing I did was replace every occurrence of the word “private” with “personal” instead. Why take this approach?
I just posted a brief note about this on the Refugees board today. It will be interesting to see where the discussion goes. Right now the only visible changes on the board are to the language files and to the user profile screen. I am going to watch for comments from other board members for input for the next few weeks, just to see how they feel about the change. Once I get a general feel for whether the community will accept it or not, I will complete the updates to the permsgs.php code. Yes, I am even going to change the name of the file.
- Wiki on Probable Cause in US law