Hi there,

I thought (and strongly remember) getting rid of u2uadmin.php. In case you're unaware of its purpose, it allows snooping by admins of users' u2u's.

I am thoroughly against the inclusion of this file as it directly breaches EU Privacy laws, Australian common law (there is a court case against Ansett which says that employees have a reasonable level of privacy unless otherwise notified), directly 100% against NSW law preventing unauthorized snooping (whilst allowing wide ranging powers for law enforcement snooping).

I think unless a mandatory T&Cs area in the sign up rules created alerting them to the fact that they can be snooped, I'm reasonably certain this file needs to go, if only from CYA. However, in the vein of do no evil, this feature is evilness of the highest order and should be discontinued.

Thoughts?

Andrew

I can't think of anything to say for/against that actually. It makes sense. I don't like anyone reading private e-mails to me, so thinking about it, I don't see why U2Us should be any different. After it all, it is U2U.. user-to-user. Not intended for anyone else.

Would've never thought about it breaching privacy laws, but as it would cover most forms of (intended to be) private communication I suppose that'd be right enough and probably should go.

This feature has been removed from CVS.

Ben - can you make sure it's gone

thanks,
Andrew

Web site owners can snoop via the u2u table.

The feature mentioned as being removed is useful for checking reports of spamming etc. and as long as your Privacy statement states the circumstances under which a web site operator will use it, should cover it.

It's against all laws AFAIK.
Most don't know that rightyo, but you're correct.

If they need to so bad they can always go to the db, but it's still not really "legal" unless they have a warrant to do so.

Bit of a quandry then for admins trying to protect their members from spam if they can't legally check and enforce against spammers.

I don't think they'd have to if the users reported it or gave them permission to check them, which is the only legal method of doing so.

"checking against spammers" is not in the anti-snooping laws and in the common law in Australia.

A better solution to protect against spammers is U2U posting limits for low post count members (raise the bar) and a CAPTCHA to protect against robot registrations.

Andrew

I pay for the web space, I do all the work, the forums are mine as much as they can be, in as: XMB group allows me to use the forum software..My members do not own my site, they do not pay for my site, they do not maintain my site..They are Visitors.

I dont never read the U2Us, I dont care to, and dont have the time to be a peeping tom in their messages..but If I suspect that someone has joined my forums, and is trying to steer my members away, Threatening them, harassing them or spamming them.....

An example is, a member of mine gets a U2U from an enemy that followed him to my site from another site, this member complains, I go take a look in both u2u boxes to confirm what I am being told..then and only then do i have the facts to settle it once and for all..without this option, either one could be lying to me about the other..

The 2 fastest ways to loose a boat load of members is, 1: to allow someone to do this and not do anything about it..Or, 2: to not have the facts straight and ban someone on somebody else's say so. what you are saying needs done can cripple a site owners ability to control what certain members do...and there are a butt load of people out there that for whatever reason, join these boards for no other reason than to cause problems for an otherwise very friendly community, it is like a hobby to them and they get their Jollys doing it.

If your going to take away the Superadmins ability to get into a members u2u box, you may as well just take the u2u feature out of it all together..then if they wish to get communication from other members, they can make thier emails visible to the other members. If they have a problem through the email, it is out of my hands or they can deal with it themselves, they had the option of not letting out thier email addy.

Then we make it as a hack, or you go into the database and look it up. It's not difficult.

Ahh, but it is much easier to just go through the members profile to get there..and I am no good at looking things up in the database, I have never done it. does the database save deleted u2us?

The law in many countries just doesn't cope with your desire to open other people's personal messages and read them for whatever purpose.

Imagine if USPS opened people's mail because they didn't think $0.41 warranted privacy? Oh wait, that's illegal.

Imagine if your apartment manager opened your mail before delivering it to your mail box? They own the buildings, no? They put a lot of effort into looking after the place. Surely they deserve to open your mail? Oh wait, it's illegal.

Imagine if your employer opened mail or e-mails without telling you? In Australia and Europe, it's illegal *even if you're told* as you have rights under legislation. We are available to those countries, therefore we can't have that feature.

The lack of money changing hands or how much effort you put into your site has nothing to do with the price of fish - it's simply not covered in the anti-snooping laws (as it is irrelevant), therefore the feature is illegal, therefore the feature is gone.

This thread is closed.

Andrew