Closed (won't fix)
Project:
Privatemsg
Version:
5.x-1.8
Component:
Documentation
Priority:
Normal
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
27 Apr 2008 at 22:23 UTC
Updated:
12 Oct 2009 at 20:44 UTC
Jump to comment: Most recent
Comments
Comment #1
chx commentedPrivacy.
Comment #2
spamjim commentedCan't you monitor by looking at your MySQL tables directly?
Comment #3
vm commentedJust because you can, doesn't mean you should.
Comment #4
gsutcliffe commentedI agree with the privacy concerns. You would have to notify your user base and place content on the form stating the fact that messages are not private and may be read by the admin and stored for record keeping (the messages I do not think are stored under normal operation).
However, to answer your question you would have to create a custom solution to actually capture those messages. Sorry there is no silver-bullet solution, but it's probably good there isn't one.
Comment #5
spamjim commentedLooking at your MySQL tables directly does not inherently mean a privacy concern. If janson is seeking to identify spammers, a query could be run to identify an inordinate number of private messages for an average user. Keywords could also be searched just as any US resident can be sure that they will hear a click on the phone line when they mention something about sending their son to an Al-Qaeda summer camp.
Actual reading of private posts would not be required unless one of these queries raises a red flag.
Comment #6
siliconvalley1 commentedI'm not trying to spy on them but rather keep my site from being ruined by spammers.. my site is an employment related site but it has a social networking part as well that is only intended to be used by people who work in that field and not by companies to contact these people to try to recruit them or sell them something, so basically if a site admin can't read messages, at least on a random basis I have no way of telling if this is happening, basically it would be something where if I suspect it is happening I would read all messages sent by a user (such as if its reported to me or something seems suspicious)
Comment #7
siliconvalley1 commentedok so its done through querying the mysql, yeah basically what you're saying, I want to know how many messages people are sending, basically I need to be pro-active ( and I think any sharp webmaster does) in preventing spam or people who are abusing the messaging system because it doesn't take much to turn someone off to using my site especially when they are receiving email notifications for private messages, a feature that I would like to keep since it helps bring people back to my site but it only works when they are getting legitimate pm's that they want to read.
Do the people who are objecting to this run social networking sites? I'm pretty sure that sites like Facebook do some monitoring of their messages.. how else would they keep out spammers.. thats all this is about as social networks are magnets for spammers. Anyways I would appreciate any more input if anyone else does this which I find hard to believe that no one else finds it necessary to do some quality control.
Comment #8
vm commentedYes, I run two social networking sites. I don't put spam in front of privacy for the sake of being proactive against spam or by hiding it behind the idea that breaching a users privacy can be called a quality control method.
I've employed other methods for users to deal with spam which are a bit more manual but don't breach users privacy.
I don't any bot spam getting past Drupal user registration system. If it's manual spam then there isn't much you can do any way beyond wait for a user to forward a mail, file a complaint and the like.
If Facebook what you claim, I'd imagine they are using a program or a filter of some sort, not having a human sifting through it. Though I don't see in my quick overview of Facebook TOS where they state they monitor private messaging between users. Though admittedly I could have missed.
Comment #9
spamjim commentedTypically, in any TOS, there is a provision that the admin monitors the 'system' without detailing what parts make up the system. Simply specify in your own TOS that 'any material submitted through your system may be monitored for the maintenance of system performance and compliance with established rules'. Most web hosting and network providers also impose the same on us. They don't want their systems or networks adversely affected by spam, piracy or other illegal activity either.
You would use this TOS statement whether you are using an automated method or manual peeking.
Comment #10
siliconvalley1 commentedWell, I think that checking the number of pm's being sent out by a user is a good way to get an idea for whats going on, if someone sends 100 messages in a day obviously their account deserves a closer inspection, I'm certainly not intending to sift through all messages just if I see something like that.
Comment #11
fuzzy_texan commentedVeryMisunderstood - I know this is a little off topic, but I was surprised to hear you say you don't find any bots getting past Drupals user registration screen. Up until we put in a captcha on user registration, our site was getting ~30 automatically created spam users per month. I'm certain they were automatically created too.
Comment #12
vm commented@ fuzzy-texan - I didn't say my drupal registration is/was drupals default registration and I didn't elaborate because this topic has nothing to do with registration in it's own right.
Comment #13
fuzzy_texan commented@VeryMisunderstood: thanks for clearing that up.
Comment #14
deverman commentedI also need this monitoring feature.
Comment #15
spamjim commented@deverman, I doubt that this will ever be part of this module as noted in the first reply by chx. You will need to roll your own solution for monitoring. Is it really that hard to look at the privatemsg database table?
If spamming is the real concern here for everyone, your best option may be to tweak the 'Private messaging max rate' to something higher than 1 minute.
Comment #16
thomasmuirhead commentedHi all,
I just want to give you all an example of where this sort of monitoring is very useful. We are a cancer charity with a social network for people as young as 12. We need to be able to access their private messages just in case, in a horribly extreme case someone may be being contacted for unacceptable reasons by much older people - you can see where I'm going. To be honest, our users' privacy takes second place to their protection, and it's a real shame that we can't access their private messages easily.
We wouldn't dream of going into their private messages normally, but we need to have the means in extreme cases...that's all.
Any thoughts about how we could call up private messages without too much trouble?
thanks
Comment #17
naheemsays commentedI think this is implemented in the 5.x3.0 codebase, but I may be wrong. (I use a hacked up version of that for Drupal6 and it has this feature.)
Comment #18
plan9 commentedThis might be useful: http://drupal.org/node/286282#comment-1955794
It's a patch applied to 5.x3.0 which adds a PM tab to user profile pages. Admins are then able to access users PM boxes.
Initially I was reluctant to have this function (I just wanted the tab available to users) and I am not in the habit of snooping on users private conversations. But recently, after seeing some odd comments posted on a profile page I took a look in the said users out box and saw 500+ messages in their outbox each with the same title. I took a look at one of the messages and sure enough it was a phishing attempt.
Without this function I would not have been aware of the problem.
Comment #19
dman-dupe commentedyes, you can! what's I did is create a new rule: event: A message is sent.(under private message); actions: Send mail( To: your email or admin email address; Subject: site user just send message; Message value: [privatemsg-message:url] ; From : anything you like
So every time user send private message, admin will receive email, click email link, your will see all the details of this private message. Enjoy!