PM's How Private?

Page may contain affiliate links. Please see terms for details.

summerdays

Cycling in the sun
Location
Bristol
Well if it's not encrypted (and I assume it wouldn't be) then Shaun could read them, he just chooses not to.

Well, he could also log in as any one of us and take a peek if he wanted
I don't think he could log on as you without changing your password.

Certainly Mods can't and Shaun has always said he can't see them. He has enough alerts from the forum on a daily basis to read without going looking for more stuff to browse!
 

Pat "5mph"

A kilogrammicaly challenged woman
Moderator
Location
Glasgow
I had a few PMs from someone who died. Amusing gossip and observations. Now that he has gone, that stuff is locked away for ever in a server somewhere. His widow presumably knows nothing of them unless he gave her his CC details, or CC gave them to her. Our conversations had nothing to do with his personal life but gives a humorous insight into his character. Should I print them out and send them to her?
I would wait a year or so, then ask her if she would like to read them.
 

slowmotion

Quite dreadful
Location
lost somewhere
I would wait a year or so, then ask her if she would like to read them.
I've decided not to do anything with them. People seem to cherish old letters written by a previous generation but emails and other electronic comms are a bit different. I'm not sure why. Maybe it's because a bit less thought is given to the content.
 
I don't think he could log on as you without changing your password.

Certainly Mods can't and Shaun has always said he can't see them. He has enough alerts from the forum on a daily basis to read without going looking for more stuff to browse!

  1. Yeah, it would require some hacking.
  2. No, I don't think he would do it
But speaking of hacking, I wouldn't put anything in a "conversation" that would be damaging if it feel into the wrong hands. It's possible that this site could be hacked and someone might download the entire database. This is why you shouldn't use the same email/password on multiple sites. I'd be more nervous about bank details - which shouldn't cause problems but who knows, but pretty relaxed about phone numbers or addresses.
 

glasgowcyclist

Charming but somewhat feckless
Location
Scotland
Well if it's not encrypted (and I assume it wouldn't be) then Shaun could read them, he just chooses not to.

Well, he could also log in as any one of us and take a peek if he wanted


On another forum where I'm the site owner I could (I don't!) look at the MySQL database to read private messages between members. I couldn't use their credentials to login as any of them as the passwords are all hashed. The setup may or may not be similar here on CC.
 
  • Like
Reactions: mjr
I imagine it's just permissions, same as on something like an Exchange server in a work environment. Don't ever imagine your work mail is in some way private, it simply isn't. I often had to grant permission to senior managers to examine someone's email. It's not something I liked doing and was eventually glad to be rid of the responsibility when they finally appointed an over-arching security bod, who really seemed to enjoy catching people out, the prick!
 

mjr

Comfy armchair to one person & a plank to the next
Don't ever imagine your work mail is in some way private, it simply isn't. I often had to grant permission to senior managers to examine someone's email.
I don't think that's legal unless it's in the employment contract, but I could be wrong. However, still don't rely on email being private as support workers can open emails to debug system faults (but any that follow ethical standards, perhaps as part of a technical society membership) but shouldn't read the bodies unless it's relevant to the fault.

Ultimately, if you want to keep messages private, install an Open and Pretty Good Privacy (OpenPGP) encryption add-on, such as APG for K9-mail on phones, or Enigmail for Thunderbird, or many more. https://gnupg.org/related_software/swlist.html is one list. There may be other lists. I don't know. I installed stuff years ago and keep it updated but mostly, it just works once it's set up.

(edited to fix ytpo)
 
Last edited:
On another forum where I'm the site owner I could (I don't!) look at the MySQL database to read private messages between members. I couldn't use their credentials to login as any of them as the passwords are all hashed. The setup may or may not be similar here on CC.
You could save the hash from the database (in a text file), change the password, poke around, then copy the hash back again.

Just sayin' :whistle:
 

Pat "5mph"

A kilogrammicaly challenged woman
Moderator
Location
Glasgow
You could save the hash from the database (in a text file), change the password, poke around, then copy the hash back again.

Just sayin' :whistle:
But if the member wants to log in at the same rime of the "poking" and his password is not working, would they not suspect foul play?
 

summerdays

Cycling in the sun
Location
Bristol
We don't have the ability to look at someone's password. If they forget it we set it to something new, tell them and then they change the password to one they can remember and we don't know.
 
But if the member wants to log in at the same rime of the "poking" and his password is not working, would they not suspect foul play?
Yeah, but he could always say something like "Sorry, my fault - I'm testing the speed and integrity of a number of caching data stores on the server and when I switch between them it invalidates the session data,"

(Shaun is going to punch me shortly)

We don't have the ability to look at someone's password. If they forget it we set it to something new, tell them and then they change the password to one they can remember and we don't know.
Yes, you can't look at them. But I bet the backend of CC is a MySql database, that is almost entirely unencrypted. The passwords are probably MD5 encrypted. Shaun can almost certainly access that. And he could, if he wanted, use that to hack.

I don't for a second think he wants to, or has. But it's easily doable.
 
Top Bottom