I own forums and I wouldn't dream of doing this - and I use vBulletin anyway so it's not possible - but is such "snooping" common on other forums?

The biggest market for buying and selling websites, Flippa.com (part of the Sitepoint webmaster forums), was hacked recently. Hackers posted an image (http://www.burn-blue.com/image/view/c6W32JOD/edit-user-top2.jpg) of the admin screen. Clearly visible in the top right corner is the facility for admins to log into a user's account. This gives them access to reading PMs. The owners of the forum don't disagree that they do read private messages between members.

I'm appalled, but does this happen elsewhere? What's the legal position?

Not sure the 100% legal position, and I suspect it might differ depending on the site terms and conditions, but you can read the PM's via vBulletin... There's a hack on vb.org that allows it, or you can go directly via the database.

I've done it once via the database after a few threatening messages were made via my forum - I don't make a habit of doing it though.

I have in my t&c's that they can be read, and will be if required to do so by the police or other authority

I think this would depend upon the forums. If they wanted to, it wouldn't be too hard as it will all be within the database somewhere. Legally, i believe it would only be legal if it is explicitly mentioned within the Terms and Conditions that are agreed to when signing up to use the forum.

In this case, there's no mention in their terms and there's no mention on their privacy policy.

I have in my t&c's that they can be read, and will be if required to do so by the police or other authority
I can definitely see the need for that.

it depends on the terms and conditions on the forum but personally i don`t think that this is legal may be it is but only in some certain conditions like for security reasons

As said, there is no need to "log in" as you can read them all in the database.

Most forums will have it covered off in the T&Cs, often in a generic one about interlectual property - that anything put through the site becomes their IP. If its their IP they are naturally allowed to look at it.

I think it is definately legal and also advised! Any site with a large membership base will receive regular contact with regard to disagreements, abuse reports, people using PM for spamming other members etc....

How else would you ever verify a claim as an admin if you didnt do this. I'm sure they don't whittle away the hours reading private message as they probably have better things to do with their time but it doesn't surprise me that they have access to it.

Thanks for your replies, folk. I guess I felt more strongly about it because, unlike with forums like ukbusinessforums, mods - who are buyers and sellers of sites themselves - can derive considerable financial benefit from listening in to conversations between sellers and buyers.

Erm.... would have to ask..... why do you think they created the forum for potential customers/ suppliers/ competitors in the first place?

A former associate had a forum based on his industry with a "tenders" type section with each post requiring Admin approval prior to being made public. Guess what happened to people posting requests for work which exactly matched his companies proposition -v- those that he wasn't interested in?

Don't know if this is legal or not but I think it is disgraceful for anyone to abuse the trust visitors to your website put on them when using their sites.

Don't know if this is legal or not but I think it is disgraceful for anyone to abuse the trust visitors to your website put on them when using their sites.

I have to disagree, the internet can be a powerful tool when used correctly, but it can also do a great deal of harm if abused.

Where an individual is threatened with phyiscal abuse, libelled, slandered, racially or sexually abused using the medium of a Private Message system, then we as a society should have an interest in protecting the innocent and catching the guilty.

Forum owners and moderators have a duty of care to their members and where a member makes a complaint they need to have recourse to investigate and the only way to do that is to read the PM's sent.

We all want and expect privacy, especially in a forum, but we should also expect that level of security that review offers.

I have no problem with mods reading any of my PM's, I would not include personal or commercial information in a PM anyway, I would do that through traditional email after making initial contact through a PM.

I have to disagree, the internet can be a powerful tool when used correctly, but it can also do a great deal of harm if abused.

Where an individual is threatened with phyiscal abuse, libelled, slandered, racially or sexually abused using the medium of a Private Message system, then we as a society should have an interest in protecting the innocent and catching the guilty.

Forum owners and moderators have a duty of care to their members and where a member makes a complaint they need to have recourse to investigate and the only way to do that is to read the PM's sent.

We all want and expect privacy, especially in a forum, but we should also expect that level of security that review offers.

I have no problem with mods reading any of my PM's, I would not include personal or commercial information in a PM anyway, I would do that through traditional email after making initial contact through a PM.


Completely agree. I too would be happy for the mods to have a peak in my private messages whenever they see fit.

In a forum like this you shouldn't be pm'ing anything which you wouldn't want them to see anyway, so the only possible outcome of them doing so, would be a safer, more secure forum.

The owner of the site is a publisher and ultimately responsible for any damage their forum does.

It's never occurred to me that any pm's I send via their system were private? I have always assumed anything I type is available to the owners. On a forum I moderate, we mods cannot read PMs, but the admin can. This seems perfectly sensible.

Rather like ebay, who routinely scan any messages sent between members in case they are doing deals privately to circumvent ebay fees.

The internet is great, but private it's not.

I would 'expect' the admin staff to have access to Private Messages for many reasons as have been mentioned already.

On UKBF for example is is against the rules to send unsolicited PMs trying to sell your product/services off the back of discussion threads. I would expect if I reported a member for such activity the admin team could and would verify this themselves otherwise I could just make it up.

I personally think a Private Message should be a Private Message and have not only always beleived that to be the case but have actually been categorically told that on other forums.

No Mods or Admin need read pms IMO ... surely if a person has a problem with a PM they have received then they should be able to send it to Admin/Mods should they feel it necessary.

If you own a forum, and have a legal responsibility in whatever is published on it, then as the terms and conditions essentially say nothing is private, then if the owner wishes to read peoples PMs going through their system, then I can't see a problem. Indeed, anyone assuming the internet is private is rather 'innocent'.

Don't get me wrong Paul ... I can see both sides although surely if a PM is private then it's not published?

I think the main issue is that most people will assume that a PM is private full stop.

A poll on the busiest forum would be interesting.

I think people assume private means private, when I suspect the forum owners understanding is not public.

Certainly on the forum I look after, when moderators wish to have a private moan, we all do it off-forum, because from the screens we can see, but not access, the admin people at the top have access to the private stuff - often it's quite useful when a member complains about another breaking the rules, the private messages going through the system can be checked - not that we're told they are, but simply that they can be.

I think that when you use a system provided at somebody else's expense, it's not reasonable to assume privacy. I suppose this is why many employers read emails nowadays, and the evidence can be used.

PM's can be read in any forum software, either directly or from the database.

Prevents abuse etc.

I would be more worried about keeping passwords private, to easy to social engineer peoples passwords and abuse their account.

Dont take for granted passwords are safe, early yabb forum software stored passwords in plain text. Abusive admins could read every users passwords; now if you use the same password for your email account it means effectively admins could log into and read your mail.

In extreme circumstances admins could send abusive email from your account to others and in some cases even talk to forum members as if they were you, both by email and through the forum

Secret is don't get paranoid, good discussion about reading PM's over on phpBB in the discussion forum.

I and others have been told categorically that Admin and Mods CANNOT read PMs and I know others have. (Not on this particular forum for me btw)

I have no objection to Admin and Mods reading PMs as long as members are made crystal clear that this is the case ... for example a tick box to confirm they understand before sending the message that it is what it is which is NOT PRIVATE.

Surely otherwise it leaves the whole world of forums open to potential bribary and corruption :eek:

I personally wouldn't trust it even if I was told it was Private but that's just me ;)

and in some cases even talk to forum members as if they were you, both by email and through the forum

Have just witnessed that this week elsewhere and the members actually think it's funny :eek:

I and others have been told categorically that Admin and Mods CANNOT read PMs
If they have access to the server they can read PM's


Surely otherwise it leaves the whole world of forums open to potential bribary and corruption :eek: Yes (but dont get paranoid) :p
I personally wouldn't trust it even if I was told it was Private but that's just me ;)Would be fun if a forum had 400 persons and several were the same person :eek: Now im being paranoid (or am I :D )

It would be dependant on what the information gained from reading the pm was used for. That's what I believe to be true not a quote of the law.
I can just imagine the look on the judges face should an application to court be made because "he looked at my pm" but if there was a case for sensitive information being misused and financial loss or personal suffering involved then the reading of the pm would be part of a bigger case and claim rather than a stand alone illegal activity. Again, not much help, just an opinion.

OK ... what if for instance someone had an amazing business plan that they wanted help with and they knew they could trust someone on the forum as they'd met them in person etc etc so they felt comfortable pm'ing them ...

Then they were say enticed by another member into having a cyberfling for instance ...

Then they had their idea stolen by the forum Admin and then they threatened to expose the scam, only to find out that the cyber affair was a set up and the scammers threatened to tell the persons wife :eek: ... and then ...

and then ...

OMG :eek: ... I think I need a lie down :D

Jokes aside this is IMO a serious issue ...

OK ... what if for instance someone had an amazing business plan that they wanted help with and they knew they could trust someone on the forum as they'd met them in person etc etc so they felt comfortable pm'ing them ...

Then they were say enticed by another member into having a cyberfling for instance ...

Then they had their idea stolen by the forum Admin and then they threatened to expose the scam, only to find out that the cyber affair was a set up and the scammers threatened to tell the persons wife :eek: ... and then ...

and then ...

OMG :eek: ... I think I need a lie down :D

Jokes aside this is IMO a serious issue ...


Have been reading my PM's!!? :D

Have been reading my PM's!!? :D

LOL :D ...

Maybe we should start a thread in "Time Out" ... you know one of those where each person writes the next bit of the story ... lets just see how far the chaos theory would spiral :D

We'll start with your PMs PMSL ...

OK ... what if for instance someone had an amazing business plan that they wanted help with and they knew they could trust someone on the forum as they'd met them in person etc etc so they felt comfortable pm'ing them ...

Then they were say enticed by another member into having a cyberfling for instance ...

Then they had their idea stolen by the forum Admin and then they threatened to expose the scam, only to find out that the cyber affair was a set up and the scammers threatened to tell the persons wife :eek: ... and then ...

and then ...

OMG :eek: ... I think I need a lie down :D

Jokes aside this is IMO a serious issue ...

It's pretty simple. If you don't trust the admin, don't send anything commercially sensitive by PM.

Secret is don't get paranoid, good discussion about reading PM's over on phpBB in the discussion forum.

I think there's a few going on on this forum too in one form or another and I'm sure they're all over the web ... trouble is that the webs so vast that the message isn't getting through to those who are vulnerable :( ... there is too much noise being made in all the wrong places ...

I think there's a few going on on this forum too in one form or another and I'm sure they're all over the web ... trouble is that the webs so vast that the message isn't getting through to those who are vulnerable :( ... there is too much noise being made in all the wrong places ...

Denise, what on Earth has caused you to be reacting in this way.
What message are you trying to convery to people, that the web is a scary place so be careful what you write.
Where is all of this coming from?

You have got just got accept that nothing we do in life is 100% in our control or our domain completely, but that does not mean folks are out to get us.

What could most of us on here have that anyone one else would want to spy on us for, it is just too bizzare for words.

Anyone can read our emails, not just mods on message boards, should they have the time or in the inclination,:D - the big WWW is NOT private - but is that really a problem?

I have no problem with mods etc checking posts, if they see fit, as for people selling information, well a local postie was prosecuted a few weeks ago for opening and selling some people's mail, it goes on in all walks of life.
People in high office leak documents, that does not mean we are living in 'Big Brother Is Watching You Land'.

Please, let it drop as it is getting slightly OTT;)

The flowers you sell are much more interesting to read about, along with the fleas you hand out.

Please (again) do not spoil what you have built up on here.



Poppy xx

Pops … I didn’t start the thread I merely posted on it as it is something that interests me.

I love to chat bubbles about flowers and fleas but that is what my blog’s for … at the end of the day I joined this forum from a business point of view and as my business is online, security has to be one of the issues I should take seriously.

Whilst chatting bubbles I also frequent other forums and have been astounded at how many people play right into the hands of scamsters (and that has just been one issue). What frustrates me further is that when one tries to explain the dangers of what they are doing, they simply say “go away you’re boring us we want to chat about what interests us”. This is not a criticism of anyone as it tends to be how most of us utilise forums … we gravitate to what interests us.

There is another very important thread running at the moment, a lot of which is above my head but which I am trying to follow:

http://www.ukbusinessforums.co.uk/forums/showthread.php?t=168971



It’s interesting Pops that you haven’t picked up on anything anyone else has said on this thread either.

Denise x

To Clinton the original poster
I cannot post a link to the phpBB forum regrding the discussion I mentioned earlier.
Certainly worth a read to hear both sides of the coin, been a lurker hear for a while.
Never posted myself due to not having started a business, however I am desparate to do so, just looking for something that is right for me at this time as I dread retirement and loss of income.

Pops … I didn’t start the thread I merely posted on it as it is something that interests me.

I love to chat bubbles about flowers and fleas but that is what my blog’s for … at the end of the day I joined this forum from a business point of view and as my business is online, security has to be one of the issues I should take seriously.

Whilst chatting bubbles I also frequent other forums and have been astounded at how many people play right into the hands of scamsters (and that has just been one issue). What frustrates me further is that when one tries to explain the dangers of what they are doing, they simply say “go away you’re boring us we want to chat about what interests us”. This is not a criticism of anyone as it tends to be how most of us utilise forums … we gravitate to what interests us.

There is another very important thread running at the moment, a lot of which is above my head but which I am trying to follow:

http://www.ukbusinessforums.co.uk/forums/showthread.php?t=168971



It’s interesting Pops that you haven’t picked up on anything anyone else has said on this thread either.

Denise x

Am I being a real Numpty Denise, what are other people saying on the thread, that I cannot see?

I know what you are getting at Denise about the safety of your business, after all you would not go off and leave your shop unlocked, so I know you mean security in respect of what you post/write etc.

But, what else have you picked up on, that you refer to?

Have you had your website hacked as well?

I think Internet security is basically impossible, having had my bank details and accounts hacked 3 times from online transactions.
I use ALL of the safeguards, but like my bank said, you only need 1 rogue person somewhere in the line of that transaction and your security is breached.

It is worrying, but I am not sure what anyone of us can do.

Poppy xx

To Clinton the original poster
I cannot post a link to the phpBB forum regrding the discussion I mentioned earlier.
Certainly worth a read to hear both sides of the coin, been a lurker hear for a while.
Never posted myself due to not having started a business, however I am desparate to do so, just looking for something that is right for me at this time as I dread retirement and loss of income.

You do not have to have started a business to post.

Post and ask some questions, or bounce some ideas.

My friends Husband is in exactly the same position, plus he also does not want to sit about doing nothing.

He is in the process of writing all that he likes doing, is good at doing, that he thinks there is scope for him to make money from, the cost to set whatever up, and hoping to come out with an answer and his only little business.

Good Luck


Poppy xx

You do not have to have started a business to post.

Post and ask some questions, or bounce some ideas.


Thanks Poppy
What would be the best forum to start a thread?

I think Internet security is basically impossible, having had my bank details and accounts hacked 3 times from online transactions.
I use ALL of the safeguards, but like my bank said, you only need 1 rogue person somewhere in the line of that transaction and your security is breached.

It is worrying, but I am not sure what anyone of us can do.

Poppy xx


It is impossible to be secure when hosts aren't even regulated.

Thanks Poppy
What would be the best forum to start a thread?

Bounce some ideas around on the general business forum.

What you do at the moment, what you like doing etc etc, and take it from there.

Good Luck

Poppy xx

It is impossible to be secure when hosts aren't even regulated.

True!
The way I look at it is, I get far more out of using the Internet, heavens sometimes it has been my lifeline - it has given me answers and solutions that would have taken me months to source..

I keep in touch with friends.
I can buy online far more cheaply than buying from stores.
Check all of bank details within seconds.

One of my friends found her new property (200 miles away from where she lives at present) and sourced her mortgage through a broker, all online.

The list is endless...so yes, sometimes this all goes wrong, and bad people abuse the information they are privvy to.

One of my friends does not have the Internet, but she has had her house broken into, it ALL has to be put into context, and we have to accept that from the good can sometimes come bad...


Poppy xx

I don't think this is even a question being legal. What can the members want to hide that the administrators shouldn't see.

Plenty! Ranging from sneaky, to innocent. How about a business one. What if one of the forum administrators feeds back general forum comment to a third party - as in maybe telling a firm that their products are being slagged off. This, could be good practice to encourage the firm to join in and get things sorted - presents a caring attitude.

How about though, when something litigious pops up and one member posts publically "I'll send you a PM to explain" - what if this information for hopefully positive reasons should be known by another member? We're then into opinion, morality, ethics, legality and all that.

The fact that a court order (here in the UK) allows a forum's data to be removed and given to lawful authority sums it up, really.

A far more common scenario is where a forum has a pyramid heirachy with admin/owner at the top, and moderators at the lower levels running the day to day business. These mods may disagree with the admin, and if the forum has rules, which most do, then it's perfectly possible to canvas the others to perhaps secure enough support for unpopular (to the admin) changes. Paranoid, though many are - some would sense the writing on the cyber wall, and read these exchanges.

Another common one would be where a forum - let's use a computer one as an example have very strict rules on pirate software exchange. Somebody posts they want something. The admin people remove it, but a member remembers the username and send a message "I've got a dodgy copy of XYZ, yours for £25". If I was the dodgy member, I'd wish to keep this private, if I was the admin, I'd want to make sure people didn't do this.

The final example is very simple.

Ebay.

If you send messages via their system, do you honestly think they don't pick up on members attempting to circumvent ebay and paypal fees? I'm certain they have electronic filters that flag up mails ready for a human read.

Secrecy and security are necessary in a world where we don't really know the people we're dealing with.

Then do not post emails via the forum, use your own email, or set up a yahoo account or whatever, if you really think and feel this way.

I am not saying, you are wrong on all counts, of course there are people out there who have access to info they should not, via message boards etc, and could if they so wished use this info to their advantage - but that applies to most walks of life.

It is not worth getting uptight/set about, there is nothing we can do about it, is there?

I bet you would not complain if some form of terrorism or whatever was stopped from happening because someone infiltrated certain emails...

I bet 95% of all emails sent are boring rubbish anyway...so who would want to spy in on those!

If you have something worth protecting don't email it!


Poppy xx

Its probably not illegal is it.

The Terms and conditions / terms of service for websites can change like the wind. If you want to use the site you agree to them dont you.

I think i better go and delete my 400 pm's just to be on the safe side :D

I don't think this is even a question being legal. What can the members want to hide that the administrators shouldn't see.

I can't imagine!

:rolleyes::D

Legalities aside, how do you prove that an administrator has looked at your PM? What evidence have you got? Couldn't it be just as likely the recipient of your PM disclosed the information?

I think it's a moot point to be honest. The occurrence is one thing, proving it is another.

I certainly know it does happen. I've seen it used on games forums to detect multiple accounts and/or cheating plots.:eek:

They can also in some cases, see your password. This is actually surprisingly common (at least on games sites). And can be very problematic if you are identifiable and use the same password for other things.

Thankfully vBulletin encrypts the password and uses a salt.

If they have access to the server they can read PM's


Yes (but dont get paranoid) :p
Would be fun if a forum had 400 persons and several were the same person :eek: Now im being paranoid (or am I :D )

Just because you're paranoid don't mean they ain't done it :D x

People choose to become members, they agree to terms and conditions, and are happy to use somebodies server to pass messages around. As the invited guest, you're at the mercy of admins and mods. You just have to accept it. In fact, on a forum I moderate, the actual owner of the forum won't send passwords through the forum system, because even he's not totally sure that things are secure - and he's the boss.

Admin have access to all the databases, and as in many cases, we don't even know who they really are and where they live, we've no way at all to make them do anything. If they don't like us, they ban our IP and we can't even post to complain.

Never send electronically anything that can get you into trouble. I doubt very much if the admins would even want to read the stuff that goes through a busy forum - it's bad enough keeping up with all the reports and complaints, let alone going looking for it!

I'm rather pleased that although I know many people's passwords for various emails and personal message systems, I've never actually bothered to do it! That's willpower!

http://i.imgur.com/NA6Z1.jpg