Are Private Messages (PMs) really private?

MacDawg

macrumors Core
Original poster
Mar 20, 2004
19,708
4,274
"Between the Hedges"
I am just wondering, are Private Messages (PMs) really private here?

I know nothing is truly private when posted, transmitted, etc. on the internet, but I was just wondering about the actual privacy of "private messages" on MR

Do moderators or site administrators (or arn or WildCowboy) have any form of access to PMs sent between members on the Forum in any way?

Exactly how "private" and secure are PMs?


Woof, Woof - Dawg
 

redwarrior

macrumors 603
Apr 7, 2008
5,562
3
in the Dawg house
I would think that anyone with access to the database would be able to get to the messages. It's easier to just have them forwarded, of course, but if they really wanted/needed to see PM's, they are stored somewhere.
 

kainjow

Moderator emeritus
Jun 15, 2000
7,745
3
I don't think vBulletin provides a way out of the box to read PMs. Mods certainly don't have access to the database. If an admin really wanted to read a PM, I'm sure they could just scan the database directly, but that would probably only happen in very extreme cases.
 

MacDawg

macrumors Core
Original poster
Mar 20, 2004
19,708
4,274
"Between the Hedges"
I would think that anyone with access to the database would be able to get to the messages. It's easier to just have them forwarded, of course, but if they really wanted/needed to see PM's, they are stored somewhere.
That is what I am really asking...

First can a moderator/administrator see them as an option?

Or, can the site owner dig them out if they wanted to?

What level of privacy/security is actually given to the PM's

And if they can be read or viewed somehow or some way, shouldn't that be disclosed somewhere?

I don't think vBulletin provides a way out of the box to read PMs. Mods certainly don't have access to the database. If an admin really wanted to read a PM, I'm sure they could just scan the database directly, but that would probably only happen in very extreme cases.
What would qualify as an extreme case?
Are there guidelines anywhere for that?

Woof, Woof - Dawg
 

redwarrior

macrumors 603
Apr 7, 2008
5,562
3
in the Dawg house
That is what I am really asking...

First can a moderator/administrator see them as an option?
That's a good question. I'm trying to remember, but with SMF forums, I don't think that even the site owners can see the PM's as an option.

Or, can the site owner dig them out if they wanted to?

What level of privacy/security is actually given to the PM's

And if they can be read or viewed somehow or some way, shouldn't that be disclosed somewhere?
The only way to keep them from being read in the database would be for the data to be encrypted, like passwords. However, even that can be cracked, rather easily. I've done it, and I'm not a hacker. :eek:
 

kainjow

Moderator emeritus
Jun 15, 2000
7,745
3
What would qualify as an extreme case?
Are there guidelines anywhere for that?
Don't think there are, but arn/Q/WC could probably give you a better answer.


I just tested this with my own private vB forum, and using any simple MySQL database reader (such as phpMyAdmin), it's really easy to read PMs. But I would imagine only arn has access to something like that.

Deleting a PM is really all you need to do if you don't want the chance of someone reading it. As soon as it's deleted, it's cleared from the database.
 

UngratefulNinja

macrumors 68000
May 9, 2009
1,604
0
Pennsylvania
I'm the owner/admin on another vbulletin site. I just went into the admin section to see if I could view anyone's pm's and I don't see a section anywhere for that. I COULD, however, change the password, then log in to their account to view their pm's, then reset the password. I wouldn't CHOOSE to do that, but technically I could :eek:
 

MacDawg

macrumors Core
Original poster
Mar 20, 2004
19,708
4,274
"Between the Hedges"
Don't think there are, but arn/Q/WC could probably give you a better answer.


I just tested this with my own private vB forum, and using any simple MySQL database reader (such as phpMyAdmin), it's really easy to read PMs. But I would imagine only arn has access to something like that.

Deleting a PM is really all you need to do if you don't want the chance of someone reading it. As soon as it's deleted, it's cleared from the database.
Ah, so deleting them eliminates them from the database
Interesting

Good info

Woof, Woof - Dawg
 

redwarrior

macrumors 603
Apr 7, 2008
5,562
3
in the Dawg house
I just tested this with my own private vB forum, and using any simple MySQL database reader (such as phpMyAdmin), it's really easy to read PMs. But I would imagine only arn has access to something like that.

Deleting a PM is really all you need to do if you don't want the chance of someone reading it. As soon as it's deleted, it's cleared from the database.
That's what I thought. But remember, things are backed up. The backups will have the PM's. If backups are done daily, then it wouldn't be too hard to go back and find them. Who knows what the retention policy is on the backups for this place though. I wouldn't think they'd keep much for long at a time.

I'm the owner/admin on another vbulletin site. I just went into the admin section to see if I could view anyone's pm's and I don't see a section anywhere for that. I COULD, however, change the password, then log in to their account to view their pm's, then reset the password. I wouldn't CHOOSE to do that, but technically I could :eek:
Yep, that would be a rather quick and easy way to get to the messages.
 

redwarrior

macrumors 603
Apr 7, 2008
5,562
3
in the Dawg house
You said you weren't a hacker

Wait, haven't I seen you hanging around outside 4chan?

Woof, Woof - Dawg
Being knowledgeable of such things automatically makes one a hacker, I suppose. I recant my statement. :D

Hmmmm, I was trying to keep from being seen. Guess I'm a hacker who will never make it as a spy. :cool:
 

RedTomato

macrumors 601
Mar 4, 2005
4,011
312
.. London ..
I'm a newbie sysadmin at work (50-user deployment). I don't have access at an easy level to user passwords, so if someone forgets their password, I can't tell them what it is. (I'm sure it's possible, just I haven't bothered to find out how yet.)

However, it's a 5-second job for me to *change* their password to a new password, and tell them what it is. I don't need to know the old password to do that. (The user can then change the new password to something else if they want.)

So on MR, anybody with admin access to vbulletin (Arn, Wild Cowboy, maybe a couple others, and whoever MR's webhost provider) can change a user password and go into their account.
 

yg17

macrumors G5
Aug 1, 2004
14,888
2,480
St. Louis, MO
I'm an admin on a vBulletin forum:

Can admins read PMs on an "out-of-the-box" vB install? No
Are there 3rd party plugins for vB that allow admins to easily read PMs from the Admin Control Panel? Yes
Can someone with access to the database read PMs? Yes

Regarding the password issue, no, it's not possible for an admin to view your password since it's saved as an md5 hash in the database.
 

MacDawg

macrumors Core
Original poster
Mar 20, 2004
19,708
4,274
"Between the Hedges"
Interesting information to be sure
Thanks for the insights

Since it seems like it is certainly possible for MR admins to access and read PMs, either by 3rd party plug-ins or by accessing the database, I would like to hear from arn, Wild Cowboy or another administrator on the actual and definitive policies in place for MR concerning Private Messages as well as their retention policy.

Woof, Woof - Dawg
 

WildCowboy

Administrator/Editor
Staff member
Jan 20, 2005
16,719
1,023
As others have noted, there are ways that private messages could be read by people behind the scenes, but it would involve directly accessing the forum database to see them. There may be vBulletin plug-ins that would allow admins/mods to read them, but we do not have any installed and I can't imagine a circumstance in which we'd want to install one.

Access to the database is extremely limited. To my knowledge, only arn and Knox have access to it. I don't. I'm 99% sure that Doctor Q doesn't. (We'd probably be too tempted to try to change something and just muck everything up.)

Also to my knowledge, we have never gone digging into the database for PMs, and the only case I can think of in which arn would would be at the request of law enforcement should such circumstances warrant.

Not having access to the database, I can only surmise that PMs are deleted from the database when they are deleted by the users. But as others have mentioned, the site is backed up regularly, so they could in theory be retrievable even after deletion.

Also keep in mind that there are two parties to every private message. There have been situations where people have passed along private messages to us for one reason or another, as they could pass them along to any other forum member or copy and paste them to e-mails or anywhere available on the Internet. So in that respect, they're only as private as the parties involved in the conversation.

Hope that helps.
 

RedTomato

macrumors 601
Mar 4, 2005
4,011
312
.. London ..
Look, MR is just Arn's pet blog, now slightly overgrown its kennel. It was only a few months ago that he started working on it full-time.

Things like 'data retention policies' are merely topics that get discussed in the OSX Server Forum, without any relevance to MR.

You know what 4chan is, places like that need data and privacy policies. MR is a family-friendly site, and the mods enforce that quite strongly.

If you're worried about your own PMs, best delete them or assume that nothing is private here. But hey, you donated to MR, you deserve a reply.
 

Doctor Q

Administrator
Staff member
Sep 19, 2002
36,034
3,246
Los Angeles
Access to the database is extremely limited. To my knowledge, only arn and Knox have access to it. I don't. I'm 99% sure that Doctor Q doesn't.
Make that 100%. I could, in theory, access a user's Private Messages by resetting their password, logging in under their account, and looking in their mailboxes. I have never done so because it would be improper and not in keeping with policy. Forum users have the reasonable expectation of privacy and we take privacy seriously. I suppose there could be some circumstance where a user asked us to access their messages for them and we'd agree to do so, but I can't think what it would be and it has never happened.

Deleting your Private Message from your own mailbox isn't 100% foolproof in making it absolutely certain that nobody could ever read it because the other party has a copy they can share with anyone else. Also, there are two technical reasons: First, there could be a backup copy of the database from the time your message was in your mailbox so MacRumors would technically still have a copy. Second, although vBulletin hasn't been known to leak Private Message data, we know that ALL software can have bugs or can develop bugs, so we can't say for certain that vBulletin won't ever have a glitch in the handling of Private Messages. None of these concerns have ever been an issue in practice.

My advice: Don't take chances anywhere on the Internet with information that absolutely must be protected at all costs e.g., financial account information. You should not put this type of information anywhere on the Internet or transmit it without encryption or other protection. For routine private information (e.g., identity and contact information, very personal communications, etc.) you can choose whether to send it via Private Messages with our assurance that the MacRumors staff will not read through your messages or access them directly in the underlying database unless it's in cooperation with law enforcement.
 

MacDawg

macrumors Core
Original poster
Mar 20, 2004
19,708
4,274
"Between the Hedges"
I appreciate Wild Cowboy and Doctor Q taking the time to give a definitive answer on the MR policy

I just thought it was an interesting question and I had never seen it addressed here

Woof, Woof - Dawg