Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
[3.0.0 beta 5] Read your members Private Messages Details »
[3.0.0 beta 5] Read your members Private Messages
Mod Version: 1.00, by Floris (Member) Floris is offline
Developer Last Online: Mar 2021 I like it Show Printable Version Email this Page

This modification is in the archives.
vB Version: 3.0.0 Rating: (3 votes - 5.00 average) Installs: 137
Released: 04 Jan 2004 Last Update: Never Downloads: 122
Not Supported  

* Users tested this on beta 5,6,7,gamma,rc1 and didn't complain about errors *

/*======================================================================*\
|| This IS the First vB3 Hack (PM.PHP)
|| Description: Allow Super Administrators to read Private Messages
||
|| Author : Scott (
[email protected]) (version 1.0 for beta 3)
|| SideKick : Xiphoid (
[email protected]) (version 1.1 for beta 5)
||
|| Install : Upload to admincp/ folder and in browser run as
||
http://www.yoursite.com/forum/admincp/pm.php?userid=x
\*======================================================================*/

ENJOY
(and thank you Scott)

Download Now

Only licensed members can download files, Click Here for more information.

Screenshots

Click image for larger version

Name:	screenshot_pm_nomsgs.jpg
Views:	3351
Size:	176.5 KB
ID:	15365   Click image for larger version

Name:	screenshot_pm_overview.jpg
Views:	2272
Size:	174.7 KB
ID:	15366   Click image for larger version

Name:	screenshot_pm_reading.jpg
Views:	2060
Size:	182.5 KB
ID:	15367  

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Similar Mod
Mod Developer Type Replies Last Post
Super Admins can Read Private Messages Floris vBulletin 3.5 Add-ons 78 03 Oct 2012 14:28
Private Messages Enhancements Read Your Members Private Messages (v1.2) Trigunflame Modification Graveyard 163 04 Jun 2007 00:32

  #16  
Old 04 Jan 2004, 23:32
FASherman's Avatar
FASherman FASherman is offline
 
Join Date: Aug 2002
Originally Posted by Weasel
You should probably point out if you are not a lawyer and your occupation has nothing to do with law.
I have been an IT tech and manager for over 20 years and have had to design systems to comply with the law.

(3)(a) Except as provided in paragraph (b) of this subsection,
a person or entity providing an electronic communication service
to the public shall not intentionally divulge the contents of any
communication
other than one to such person or entity, or an
agent thereof) while in transmission on that service to any
person or entity other than an addressee or intended recipient of
such communication or an agent of such addressee or intended
recipient.

(b) A person or entity providing electronic communication
service to the public may divulge the contents of any such
communication -

(i) as otherwise authorized in section 2511(2)(a)
or 2517 of this title;

(ii) with the lawful consent of the originator or
any addressee or intended recipient of such communication;

(iii) to a person employed or authorized, or whose
facilities are used, to forward such communication to its
destination; or

(iv) which were inadvertently obtained by the
service provider and which appear to pertain to the commission of
a crime, if such divulgence is made to a law enforcement agency.

(4)(a) Except as provided in paragraph (b) of this subsection
or in subsection (5), whoever violates subsection (1) of this
section shall be fined under this title or imprisoned not more
than five years, or both.


It doesn't get any clearer than that, folks. In the US, installing and using this hack is a federal offense that can earn you prison time.

Here's the law: UNITED STATES CODE TITLE 18. CRIMES AND CRIMINAL PROCEDURE PART I--CRIMES CHAPTER 119--WIRE AND ELECTRONIC COMMUNICATIONS INTERCEPTION AND INTERCEPTION OF ORAL COMMUNICATIONS

It also bears mentioning that individual states also have privacy laws that may or many not be violated by reading your users' private messages. One would also be subject to prosecution under state laws as well.

Given the privacy concerns relative to the Patriot Act, this is an extremely sensitive issue to many people.

I have no further need to continue to try to convince anyone further. I've given you the best advice I can. If you choose to do something stupid and put yourself at risk, thats your business.
Reply With Quote
  #17  
Old 06 Jan 2004, 15:46
leagleaze leagleaze is offline
 
Join Date: Mar 2003
He may not be a lawyer, but I am. Of course this requires me to say we are not in an attorney client relationship, I am offering generalized advice, it is worth what you paid for it, yadda yadda.

I've actually been watching this debate for a while. Find it pretty interesting.

All I can say is this, and you'll pardon me if my tone is blunt.

There are some recent cases that might suggest that this could be a violation of the act in question. Normally the cases involve reading other people's emails or putting key caps programs on people's computers without their permission or knowledge. If people believe, reasonably, that their private messages are private, you could have a problem.

Now a lot of you will say they don't reasonably believe that, nothing on the Internet is private. My response is you need to take a look at the type of people who use your site. Are they aware enough to appreciate this fact? A court will look at what is reasonable based upon the knowledge base of the people. So if you have a hacking board or something your argument is a good one. Not so good for a board where the people don't know the first thing about vbulletin, how it works, what can be read, so on and so forth.

Yes, we can view the PMs by going through the databases. Sysadmins can also view emails easily. And without proper cause, if a sysadmin for an email provider started reading your email, he'd be liable for all sorts of things. It's a definite no no. Once you place something out there for people to use it becomes more complicated then it is my property so tough to you. And if you had a problem and you went into court and said hey, it is my board, it is my property I can do what I want, I promise you that answer won't cut it.

On the other hand, if you can say, I had a problem with a stalker or with someone trading warez, and I had a note on my sign up page that said you are consenting to being monitored with just cause, then you have a very good argument. Is it a winnable argument? Honestly, I don't know. Any more then I know for certain you would be found liable for violating the Act(s).

In the end, I'd suggest that if you want to install this hack and you want to protect yourselves, it probably wouldn't hurt to put something in your TOS noting that they are consenting to monitoring or that nothing posted through the board is private or what have you. It is not a difficult thing to put in your TOS and it is better to be safe. I would also be very careful to limit your reading of pms to when it is a necessity.

Of course, this only applies to US law. The EU has even more stringent privacy laws. Your mileage my vary.

By the way, if you are wondering if I, as an attorney, would ever install this hack, the answer is no. I think it is unwise, and I think, as our IT person thinks, that it could get you in a lot of trouble, even with warnings to the users.


L

Last edited by leagleaze; 06 Jan 2004 at 15:49.
Reply With Quote
  #18  
Old 06 Jan 2004, 16:10
mzlogical
Guest
 
^ I Agree. i wont be installing... but:

It's not "stupid" for people to want to do that. A lot of people may have valid reasons, who knows.

Originally Posted by leagleaze
it probably wouldn't hurt to put something in your TOS noting that they are consenting to monitoring or that nothing posted through the board is private or what have you. It is not a difficult thing to put in your TOS and it is better to be safe. I would also be very careful to limit your reading of pms to when it is a necessity.
THAT ^ is what everyone that installs this hack should do to protect themselves. If the person signing up doesn't bother to read it. Tuff for them. They should also change "private" to just plain ol "messages". :ermm:
Reply With Quote
  #19  
Old 06 Jan 2004, 16:32
FASherman's Avatar
FASherman FASherman is offline
 
Join Date: Aug 2002
Originally Posted by leagleaze
He may not be a lawyer, but I am. Of course this requires me to say we are not in an attorney client relationship, I am offering generalized advice, it is worth what you paid for it, yadda yadda.

I've actually been watching this debate for a while. Find it pretty interesting.

All I can say is this, and you'll pardon me if my tone is blunt.

There are some recent cases that might suggest that this could be a violation of the act in question. Normally the cases involve reading other people's emails or putting key caps programs on people's computers without their permission or knowledge. If people believe, reasonably, that their private messages are private, you could have a problem.

Now a lot of you will say they don't reasonably believe that, nothing on the Internet is private. My response is you need to take a look at the type of people who use your site. Are they aware enough to appreciate this fact? A court will look at what is reasonable based upon the knowledge base of the people. So if you have a hacking board or something your argument is a good one. Not so good for a board where the people don't know the first thing about vbulletin, how it works, what can be read, so on and so forth.

Yes, we can view the PMs by going through the databases. Sysadmins can also view emails easily. And without proper cause, if a sysadmin for an email provider started reading your email, he'd be liable for all sorts of things. It's a definite no no. Once you place something out there for people to use it becomes more complicated then it is my property so tough to you. And if you had a problem and you went into court and said hey, it is my board, it is my property I can do what I want, I promise you that answer won't cut it.

On the other hand, if you can say, I had a problem with a stalker or with someone trading warez, and I had a note on my sign up page that said you are consenting to being monitored with just cause, then you have a very good argument. Is it a winnable argument? Honestly, I don't know. Any more then I know for certain you would be found liable for violating the Act(s).

In the end, I'd suggest that if you want to install this hack and you want to protect yourselves, it probably wouldn't hurt to put something in your TOS noting that they are consenting to monitoring or that nothing posted through the board is private or what have you. It is not a difficult thing to put in your TOS and it is better to be safe. I would also be very careful to limit your reading of pms to when it is a necessity.

Of course, this only applies to US law. The EU has even more stringent privacy laws. Your mileage my vary.

By the way, if you are wondering if I, as an attorney, would ever install this hack, the answer is no. I think it is unwise, and I think, as our IT person thinks, that it could get you in a lot of trouble, even with warnings to the users.


L
Let me ask you a question - realizing that the answer falls under the heading of freindly advice, not a legal advice.

The problem I see with someone installing this hack is removing the reasonable expectation of the users that their messages are indeed private.

You correctly point out that all users would need to be informed that messages are monitored and usage constitutes agreement to monitoring and you suggest this via a TOS.

How does a sysadmin protect himself in such a way that he can PROVE that a user consented to monitoring. As I understand it, the courts always side with the person whose privacy has been invaded in cases of ambiguity, the right to privacy being paramount.

For users from the hack install date on, one should edit their sign-up templates to warn of monitoring and the fact that they continued with the sign-up process is proof enough.

But what about existing users? Users who:

1. Signed up before monitoring was the norm
2. Sent private messages before monitoring was initiated under the expectation of privacy that can now be read.

The only way I see this being possible is that, at the time the hack is installed, all existing users have PMs turned off and all existing PMs deleted. Then, the user has to provide some positive consent to monitoring - maybe just a customized user field.

The reason all existing PMs need to be deleted is every PM involves two people: the person who sent it and the one that received it. If the receiver consents but the sender does not, the sysadmin still can't read that PM without being in violation of the law.

What are your thoughts? Assuming you HAD to install this hack, how would you protect yourself?
Reply With Quote
  #20  
Old 06 Jan 2004, 16:46
leagleaze leagleaze is offline
 
Join Date: Mar 2003
Hmmm. Interesting, very interesting. Let me think about this.

Your original TOS, does it have anything about modifications to the TOS? Mine does, says we will try to let people know of any major changes, they consent to them by using the site, etc etc. Yours should say something like that.

If I had to add this, I would do an announcement on the site, and I would document the fact I had done this in whatever records I kept. That announcement would say something like:

We have recently had a problem that requires us, in order to keep the site and its users safe and secure, to begin monitoring private messages. Please understand we will only monitor your messages should the necessity arise based upon improper use of the Message service. Improper use would include, but is not limited to illegal behaviors such as stalking, spamming or exchanging of copyrighted software.

Your continued use of the Private Message system acknowledges your understanding that these messages may be monitored. If you do not wish your messages to be monitored please delete all previous messages and halt your use of the private message system.

I would make it a lot less legalistic and a lot more polite, but you get the idea.

By doing this I don't have to take the step of doing the deletions, the person can do it him or herself. As far as the other party to any PMs sent, I wouldn't worry too much about old PMs, but if I was concerned, I would add something about asking individuals you have written to to delete the PMs if you are concerned.

By the way please don't copy this language and use it on your sites folks, it is off the top of my head and not quite right. If you use it and you get angry people or get in trouble that is your problem. I'll also be irritated with you. And we know you don't want an irritated lawyer hunting you down.


Edited to say

Sorry AG, didn't mean to get off on a tangent. I think if anyone else wants to talk about this we should probably take it off board or to a more appropriate thread, if there is one.

Last edited by leagleaze; 06 Jan 2004 at 16:57.
Reply With Quote
  #21  
Old 06 Jan 2004, 16:48
proxyMX's Avatar
proxyMX proxyMX is offline
 
Join Date: Jun 2002
i see no real need for this
if i had concerns over PM activity, it temporarily shut down the PM system until i was sure enough that the PM activity had declined
__________________
http://air.proxymx.com/sig.gif
Reply With Quote
  #22  
Old 06 Jan 2004, 16:50
assassingod's Avatar
assassingod assassingod is offline
 
Join Date: Jul 2002
Please keep on topic guys.
Reply With Quote
  #23  
Old 10 Jan 2004, 07:20
integra99's Avatar
integra99 integra99 is offline
 
Join Date: Jun 2003
Real name: Colin
First, prove I read your private message. Secondly, I'm the administrator, I'll just delete the logs if someone starts a ruckus over it. Third, when I read PM's, I don't tell anyone.
Reply With Quote
  #24  
Old 11 Jan 2004, 12:46
dwkerr dwkerr is offline
 
Join Date: Oct 2003
The administrators of a forum have responsibility over how the forum operates. I feel have the ability to see everything that is ahppening with the board, including the ability to see private messages, go along with that, it will allow administrators to confirm that their forums is not being used as a message base for persons carrying on illegal / criminal activity. Having said that , administrators should never give out (except by court order) any info read in the private message area, and should include in the registration rules and faq the fact that the owners / administrators do have the ability to monitor / read private message sent on the forum, and the reasons for this as well as a privacy statement.
Reply With Quote
  #25  
Old 15 Jan 2004, 07:59
eLsGn eLsGn is offline
 
Join Date: Jul 2003
does it work with RC 2?
Reply With Quote
  #26  
Old 15 Jan 2004, 12:47
Charlie Argueta's Avatar
Charlie Argueta Charlie Argueta is offline
 
Join Date: Oct 2002
Real name: Charlie Argueta
For me is very usefull believe me, I had some problems with some mods attempting to use their access for bad intentions.

See Ya
Reply With Quote
  #27  
Old 15 Jan 2004, 22:27
blubber12 blubber12 is offline
 
Join Date: Nov 2003
I have no true interest in my member's pm's or their content. However I was subjected to some truly nasty shutdowns and server hacks over the last few months. As I later found out...much of this was being discussed by 2 or 3 members who were in on the whole thing. So I will install the hack, and, while those particular members are gone...as least as far as I can tell ..., if I notice a particular poster or member acting in a particular way, I will check out to whom he is pm'ing and if necessary find out what he's up to. There's too much time and money and trust involved in my board for it to be hijacked again.
Reply With Quote
  #28  
Old 16 Jan 2004, 04:33
FASherman's Avatar
FASherman FASherman is offline
 
Join Date: Aug 2002
Originally Posted by dwkerr
The administrators of a forum have responsibility over how the forum operates. I feel have the ability to see everything that is ahppening with the board, including the ability to see private messages, go along with that, it will allow administrators to confirm that their forums is not being used as a message base for persons carrying on illegal / criminal activity. Having said that , administrators should never give out (except by court order) any info read in the private message area, and should include in the registration rules and faq the fact that the owners / administrators do have the ability to monitor / read private message sent on the forum, and the reasons for this as well as a privacy statement.
You have no responsibility; responsibility is mandated by law. Your users have do have rights upheld in law. Unless you take the actions suggested above, you open yourself up to a lawsuit that can result in loosing everything you own, not to mention the posibility of criminal prosecution.

Here's the bottom line. Regardless of what you think, your forum is not your own. You are entitled to the software, but not the contents of the database. Those belong to the individual users. Believe it or not, even their own paswords are considered intellectual property. You should read about how one of the pioneers of Perl, Tom Christiansen, nearly went to jail.
Reply With Quote
  #29  
Old 18 Jan 2004, 04:36
AshAbed AshAbed is offline
 
Join Date: Nov 2003
Real name: Ashraf Abed
ill add something about this in the terms of service section, noone reads that anyways
i had a problem with a user advertising like crazy through pm's and thanks to this hack on vb2.3 i got it taken care of, so this will be useful
Reply With Quote
  #30  
Old 18 Jan 2004, 12:49
wolfman wolfman is offline
 
Join Date: Aug 2002
Well here is something that I think might help. Have a click through page that has a disclaimer about PMs not really being private and can be monitored for the general safely of the board and the users on the board.

Yes this could be a real pain for those that spend more time using the PMs than the board itself. It can even be an option that each user can turn off in their profile, but also by doing that they agree to the use of the PM system.

I think "private" in the PM leads many people to think they are truely private.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 07:03.

Layout Options | Width: Wide Color: