Earlier today, I installed (temporarily) a piece of software called phpmyadmin. This is something of a web interface to mysql, which is the database software that stores every single little bit of data on this site.
After installing it, I went about trying to get some information that might help me put an end to a prolonged attempt by some outsider to access the machine that BP resides on. As I am no mysql wiz, and had never used phpmyadmin, this involved the usual amount of bungling, stumbling, swearing and near-death experiences. Another part of this found me regarding someone's entry in the database, not really understanding what I was looking at, before I realized that parts of the entry were this persons Private Messages.
Our privacy policy states that in the unfortunate event that we are forced to view PMs (by law, by threat to the ability of the site to stay online, and other equally extreme circumstances), that we (like all sites everywhere basically) have the capacity to do so. It also makes clear that it's the last thing in the world I (as I'm the only one would could) want to do.
In fact, I'm so averse to this, that when I realized what I was looking at in the phpmyadmin entry, it felt a bit like my stomach twisted in place. I PM'd the user in question, made him aware of my gaffe and what I had seen (I believe it to be of little consequence, there was nothing sensitive in the PM seen, but that's for him to place a personal value on). I then followed that up later with an apology and better explanation of what had led to it. Part of that explanation indicated that I felt it important to say something about the mistake on the open forums, which is why I'm here now. For the record, at the time of this posting, that user hasn't responded, and this may be a far less noteworthy incident for him than it is to me. But I'm the drama queen this time and this is my show. So we continue.
The whole point of saying this is to remind people that 'Private' Messages are private when compared to posts in the forums, but not as private, as, say, an encrypted email, or whispered conversation in a closet with your imaginary friend. I have made the process to read a user's PM ridiculously complicated, even though the person who might try would have to be logged in as me. In fact, they'd have to be on my account, *and* would have to get through two layers of logins on the machine itself, just to get to the program that can accomplish this, and it's a program that has no documentation. I guess my point is, if your PMs are *ever* read, it's going to have to have been a very deliberate act, and it is ONLY going to be if there's a clear cut and tangible reason to do so. You've physically threatened someone, you're arranging, plotting or discussing a significant crime, and someone has ratted you out, or because there's some sort of legal obligation for me to release information. The point is, the only way your PMs are going to be read, are if you've done something where you should probably expecting it anyway. Unless of course, like in this case, I simply display a stunning degree of technical ineptitude. Stumbled across something I didn't mean to see while trying to fix something in the database, and end up making a rambling "Oh jeez am I an idiot" announcement like this in the forums.
Understand that this announcement is being made because of the personal degree of importance I put on your expectations of privacy. Hopefully this will make my position on the issue clear, and also serve to remind people that if there's something so sensitive that it would be a disaster if someone else saw it, I recommend email. In over 2 years, I've been forced to check one PM on two different accounts. In both instances, there were claims of real threats of physical violence. And in both instances this proved to be true. In the same 2 years there's been a single instance of what we'll call the "Clarity and mySQL go together like two things that don't go together at all, even a little bit" rule. That was today, and I'm left feeling unhappy about it. I suppose I could argue that one "woops" that resulted in a "so what" PM being seen during a legitimate effort to protect the site from a disasterous attack is something that could be easily shrugged off, but that just doesn't really cut it for me.
Hence the, "hey look, I fucked up" message here.
Mea culpa.
I've since removed phpmyadmin. It, like mySQL, Unix and PHP, is an evil and dangerous magic. I can't say I clicked on a single thing inside it, without rushing over to another window with the site loaded up to see if I destroyed the whole forum.
If you have any concerns about PMs or privacy, I recommend checking out the privacy policy, if you still have questions, I'm available for those and ridicule.
After installing it, I went about trying to get some information that might help me put an end to a prolonged attempt by some outsider to access the machine that BP resides on. As I am no mysql wiz, and had never used phpmyadmin, this involved the usual amount of bungling, stumbling, swearing and near-death experiences. Another part of this found me regarding someone's entry in the database, not really understanding what I was looking at, before I realized that parts of the entry were this persons Private Messages.
Our privacy policy states that in the unfortunate event that we are forced to view PMs (by law, by threat to the ability of the site to stay online, and other equally extreme circumstances), that we (like all sites everywhere basically) have the capacity to do so. It also makes clear that it's the last thing in the world I (as I'm the only one would could) want to do.
In fact, I'm so averse to this, that when I realized what I was looking at in the phpmyadmin entry, it felt a bit like my stomach twisted in place. I PM'd the user in question, made him aware of my gaffe and what I had seen (I believe it to be of little consequence, there was nothing sensitive in the PM seen, but that's for him to place a personal value on). I then followed that up later with an apology and better explanation of what had led to it. Part of that explanation indicated that I felt it important to say something about the mistake on the open forums, which is why I'm here now. For the record, at the time of this posting, that user hasn't responded, and this may be a far less noteworthy incident for him than it is to me. But I'm the drama queen this time and this is my show. So we continue.
The whole point of saying this is to remind people that 'Private' Messages are private when compared to posts in the forums, but not as private, as, say, an encrypted email, or whispered conversation in a closet with your imaginary friend. I have made the process to read a user's PM ridiculously complicated, even though the person who might try would have to be logged in as me. In fact, they'd have to be on my account, *and* would have to get through two layers of logins on the machine itself, just to get to the program that can accomplish this, and it's a program that has no documentation. I guess my point is, if your PMs are *ever* read, it's going to have to have been a very deliberate act, and it is ONLY going to be if there's a clear cut and tangible reason to do so. You've physically threatened someone, you're arranging, plotting or discussing a significant crime, and someone has ratted you out, or because there's some sort of legal obligation for me to release information. The point is, the only way your PMs are going to be read, are if you've done something where you should probably expecting it anyway. Unless of course, like in this case, I simply display a stunning degree of technical ineptitude. Stumbled across something I didn't mean to see while trying to fix something in the database, and end up making a rambling "Oh jeez am I an idiot" announcement like this in the forums.
Understand that this announcement is being made because of the personal degree of importance I put on your expectations of privacy. Hopefully this will make my position on the issue clear, and also serve to remind people that if there's something so sensitive that it would be a disaster if someone else saw it, I recommend email. In over 2 years, I've been forced to check one PM on two different accounts. In both instances, there were claims of real threats of physical violence. And in both instances this proved to be true. In the same 2 years there's been a single instance of what we'll call the "Clarity and mySQL go together like two things that don't go together at all, even a little bit" rule. That was today, and I'm left feeling unhappy about it. I suppose I could argue that one "woops" that resulted in a "so what" PM being seen during a legitimate effort to protect the site from a disasterous attack is something that could be easily shrugged off, but that just doesn't really cut it for me.
Hence the, "hey look, I fucked up" message here.
Mea culpa.
I've since removed phpmyadmin. It, like mySQL, Unix and PHP, is an evil and dangerous magic. I can't say I clicked on a single thing inside it, without rushing over to another window with the site loaded up to see if I destroyed the whole forum.
If you have any concerns about PMs or privacy, I recommend checking out the privacy policy, if you still have questions, I'm available for those and ridicule.