Many of our members have heard about the read PM hack. We have confirmed over and over again, that we do not have this hack on our board, nor have we ever had this hack on our board.

I am not pointing fingers at administrators who do use this from vb.org, however, it is not something that I could stand by and use.

Just wondering what I can do if anything to convince them otherwise. And if anyone else has run into this kind of questioning, and what they did to show that they have never used invasive hacks.

Looking for advice, or perhaps Steve can come over to uofmom.com to convince them too;) :p

All advice is much appreciated:)

This is certainly not the appropriate place for this.

Perhaps a forum for community administrators would be a good place to ask this.
Or the Chit-Chat forum (http://www.vbulletin.com/forum/forumdisplay.php?f=6).

I'll reply here and assume the thread will be moved to chitchat.

There's really nothing you can do to convince your members of something if they don't want to believe you. Just try to be trustworthy. They should also assume that anything they type into a computer might be seen by the whole world.

vBorg mods are not to be discussed here, they have discussion threads for that on vBorg. In case of this hack, I made one version. I also do not allow the morals to be discussed in my release thread.

So, if your members do not trust you, give them the option to close their account, and also inform them they're free to delete their privmsgs from their in and outbox.

Also not that vBulletin the software for EVERY CUSTOMER does NOT encrypt messages, so they are stored plain text in the database. So ANY admin with phpmyadmin or otherwise database access can go into the database and read out the message he or she is looking for. The 'mod' on vBorg that I released back in the dizzle, is just a GUI for this, to make it easier. This mod will become obsolete, now that version 3.8 of vBulletin will finally have 'report PM to staff' feature. So any reported privmsg will now include the message, and makes it easier to pinpoint msgs by abusive users. For that is the only reason I made the mod, if someone said "he is racist to me in a PM" or "this user is PM spamming me", one no longer have to phpmyadmin the sender to confirm, or use this mod to quickly confirm that. But can just read out the reported PM. That there are doucehbag admins that use it 'spy' on their members, that's not the intention of the mod. It is up to your community to simply trust you, if they don't .. just offer them to discontinue their account. If they keep whining tell them you've said the truth, and that the topic has been discussed, and that there's no need to get back into it, and close the thread. If they KEEP going, just ban the user and tell them they're breaking the forum rules trolling.

As Floris has said, that hack just makes it easier. Anyone with direct access to the database can view PMs any time they want.

If your users don't believe then that's their choice. Just tell them if they really don't trust you/your staff that much then they know where the door is.

Take a screenshot of your installed plugins.

If they still don't believe you, tell them in a pretty manner just how much you value their distrust for you. :)

Seriously, other than giving them admin just to see what you can do, your options are limited. It's not really your problem if they believe you or not, they signed up, they don't have to PM or even use the site.

The plugin I wrote hides it from everybody but the super admin, it's not a plugin, it's a stand alone file. Plus, if they don't take your word for it, they will just say you've removed it from the ls -all list manually ... anyway.

Many of our members have heard about the read PM hack. We have confirmed over and over again, that we do not have this hack on our board, nor have we ever had this hack on our board.

I am not pointing fingers at administrators who do use this from vb.org, however, it is not something that I could stand by and use.

Just wondering what I can do if anything to convince them otherwise. And if anyone else has run into this kind of questioning, and what they did to show that they have never used invasive hacks.

Looking for advice, or perhaps Steve can come over to uofmom.com to convince them too;) :p

All advice is much appreciated:)

I tend to agree, there is little you can do to convince them your not using it. It's a bit like scare mongering, you'll have some members convinced your using it, no matter what you say. They start the bush fire, while others throw wood on it.

Your just going to have to sit-it out, until they get bored of talking about it. Chousho; made a good point. If they don't believe you, just tell them not to use the PM system then.

As a side note though, it's never sat well with me that vB.org have not removed that hack. PM Messages are supposed to be private, and advertising a hack openly there - that make them not private anymore, is a little stupid really. Common sense should have told them to remove that hack a long time ago. Or send it to the graveyard like they do with everything else.

People have been discussing the morale of the mod since the release for 3.0, kinda useless. Especially since I almost get daily requests to update it to 3.7. As many people complain about it as are using it. When I chosen to not update it others (like Dream) made a newer improved version. I am sure if he stops, someone else will make an update for vb3.8 or vb4.0, and against thousands will use it. It's just a GUI to what's already available. Personally I have always said I think vB should have called it personal messages, or store the private msgs encrypted. And introduce a PM report option. Thankfully 3.8 does one of the 3. So it's a start. Let's hope version 4 will revamp the PM system and introduces a true private, or a plain text personal msg system. phpmyadmin will still be available for plain text stored data to any admin of any forum.

In my rules i have it so that member know that the anyone with access to the database can read the PM's.


Private Messages
Private messages are not completely private and they can be read by anyone that have access to the database. Do not share your last name, street address, zip code, phone number, school information or any other information that you may consider private through [PM] private messages.

Side note: If you don't have your admincp protected by an .htaccess file, a user could browse to admincp/pm.php and if they get a login screen, they'll know you have the mod installed. :)

The members on my forum know that it's possible for the admin to access their PM's since it's stored in plain text anyway. I disclose that openly in the term of service so that they don't expect 100% privacy when using the forum.

You'll just have to tell them that you don't use it and that they can either trust you on that or stop using the PM system, then close any future threads relating to that topic with a link back to your post.

Anyway it's best not to bring morals into this, there are perfectly good reasons to use the mod (countless people claim that someone is sending them hate-messages, you can verify it now). Of course some people will always use it wrongly, but thats the same with everything.

Exactly. What people seem to forget is that a site administrator potentially has access to any information you submit to their site. It'd be almost impossible for them to prove otherwise. As a user you should only ever submit information to a site you trust implicity, and even then only as much is necessary.

Make a Privacy Statement and say you can be hold resposible legally if you read their PMs. Problem solved. Not sure what happens if you need to read them one day.

By the way this mod will have to be redone for 3.8 I think. Now with the report function maybe it won't be needed.

Make a Privacy Statement and say you can be hold resposible legally if you read their PMs. Problem solved. Not sure what happens if you need to read them one day.

By the way this mod will have to be redone for 3.8 I think. Now with the report function maybe it won't be needed.
My idea was to merge yours and mine and re-release one for 3.7.x specifically.
But with 3.8 offering report PM, I am not going to continue with the mod.

I like the mod, I don't know which one of your's we use, but I find it an effective tool to detect spam.

I've never had a user question me about it, nor do I think it really matters. The vbulletin core product has been sold with a Forward button. Which means any member that receives a pm can then Forward that pm to any and all members of the board.

Therefore anyone sending a pm is actually taking the initial risk of that pm being seen by everyone else on the board. So it doesn't matter whether you use the mod or not, because whether someone is reporting a negative pm such as a flame or troll, or if they are just sharing a comment or joke, it's irrelevant. The moment the initial pm is sent to someone it has a chance of reaching it's way to the staff members.

I use it for one purpose only and HAVE NEVER read private emails, I only look for duplicate titles, if I see that I know it's a spammer sending out advertisements and then I ban/delete there account and delete there pm's before a member even gets a chance to view the pm and then complain to me about it.

That's all I use it for, spam control. People might say it's unethical, but it's only unethical if you use it for the purposes it wasn't intended for. I don't so my conscience is clear and I don't care what anyone else's opinion is on it, because it's not open to discussion or negotiation on my website that I pay for.

Not sure if I'll remake mine if needed, someone still might come up with some good reason for someone to update it.

I know about privacy issues, but I still think this can help the administrator judge misbehavior on the forums beside checking for spam. Although you could argue that if someone is annoyed by this misbehavior they can report the PM, so my mind isn't made.

Unless 3.8 brings threaded PMs I'm not sure the mod will need updating.

My advice would be to tell them that if they don't believe you they should go somewhere else. You have no reason to lie about this sort of thing.

We renamed "Private Messages" to just "Messages" and put a notice about it in our rules.

We find it necessary to occasionally review them as our site used to be targeted by spammers and scammers.

Thanks for all the replies. Our database is manned by an outside source, and we do not have the read PM hack, and I have invited super moderators into the panel and encouraged them to look around.

The ironic part is, a few members are using PM's to attempt to move others to another board, and I was oblivious to the fact that the PM's were being used for that, until someone warned me.

Irony at it's best :eek::eek::rolleyes: