New in 1.2.0?



  • Is there a changelist somewhere regarding what's new in 1.2.0?


  • Plugin & Theme Dev


  • Plugin & Theme Dev

    also... not on that list...

    admins and global mods can read anyone's chat messages :thumbsdown:



  • @pichalite said in New in 1.2.0?:

    admins and global mods can read anyone's chat messages :thumbsdown:

    what the fuck, what were they thinking..
    not updating until that is resolved



  • @phit was fixed in the latest master. You could use that temporarly.


  • Plugin & Theme Dev

    @AOKP what was fixed?


  • Gamers

    Assuming no end-to-end encryption is used (which is a reasonable assumption), admins will always be possible to read the chat messages between two users. These are stored in the database with no encryption, or with encryption of which the admins could have the keys.

    The only thing that could possibly change is the learning curve to read messages :P


  • Admin

    @pichalite said in New in 1.2.0?:

    also... not on that list...

    admins and global mods can read anyone's chat messages :thumbsdown:

    Added to the list now. As mentioned, it is something that admins (or rather, those with database access, anyhow) are able to do already, it's mostly a change in terms of the level of effort to do so :smile:

    That said, there seems to be a moderate amount of backlash for this feature, so we are investigating moving this out to another plugin.

    "Don't be evil" :grimacing:


  • Plugin & Theme Dev

    @JasperNL only admins with database access can read them.

    Also this doesn't mean it's OK to make it easier for them to read chat messages for all users on the forum.


  • Plugin & Theme Dev

    @julian said in New in 1.2.0?:

    there seems to be a moderate amount of backlash for this feature

    moderate backlash? that's because it's not listed anywhere and snuck in to a commit. :trollface:



  • @pichalite said in New in 1.2.0?:

    dmins and global mods can read anyone's chat messages

    Not even sure why this would be thought of as a good idea? Users shouldn't expect that admin are going around trying to read their private conversations... If there are admins who abuse the database, then we shouldn't make it easier for them.


  • Plugin & Theme Dev

    should probably be restricted to only admins, not global mods


  • Plugin & Theme Dev

    also plugin breaking changes etc?



  • @julian said in New in 1.2.0?:

    @pichalite said in New in 1.2.0?:

    also... not on that list...

    admins and global mods can read anyone's chat messages :thumbsdown:

    Added to the list now. As mentioned, it is something that admins (or rather, those with database access, anyhow) are able to do already, it's mostly a change in terms of the level of effort to do so :smile:

    That said, there seems to be a moderate amount of backlash for this feature, so we are investigating moving this out to another plugin.

    "Don't be evil" :grimacing:

    I'd go so far as to have an option to encrypt chats. Being able to read chats with less effort is not something we should strive for, it should be the opposite.



  • @torn2 said in New in 1.2.0?:

    @pichalite said in New in 1.2.0?:

    dmins and global mods can read anyone's chat messages

    Not even sure why this would be thought of as a good idea? Users shouldn't expect that admin are going around trying to read their private conversations... If there are admins who abuse the database, then we shouldn't make it easier for them.

    Conversely, as a forum administrator (moderator) I do not want my service being used as a conduit for nefarious actions. Being able to monitor all of the activity on a forum may be important to some. If I have it in my terms and conditions that all communications may be monitored I should have that opportunity. Now, if NodeBB moves to a full encrypted chat system I may have to consider turning off the chat feature.

    NodeBB is not an email service, it is a forum software, and an expectation of privacy is not necessarily implied. For example, when I signed up here at community.nodebb.org I did not expect my chats to be private between myself and the recipient. I had a feeling that the administrators could read them and I am fine with that. Of course, if I were using a forum that confidentiality was at the utmost of importance than I can see how encrypted chats and posts may be important.



  • @rod Sounds like maybe it should be an option or a plugin then! Interesting to see the other side of things.



  • @rod said in New in 1.2.0?:

    Conversely, as a forum administrator (moderator) I do not want my service being used as a conduit for nefarious actions. Being able to monitor all of the activity on a forum may be important to some.

    Do you plan on monitoring every chat of your users to make sure no one is using your site for such nefarious actions? What have you been doing this whole time without this feature? Let's say a person wants to setup a site for abused women... Do you think they'd want to use NodeBB knowing that they can't speak in privacy to people who they trust? Communities are built on trust. Just make it a plugin and admins may choose it for their community if it is essential for their site's security.



  • @torn2 said in New in 1.2.0?:

    Let's say a person wants to setup a site for abused women...

    I did address that, I wrote "Of course, if I were using a forum that confidentiality was at the utmost of importance than I can see how encrypted chats and posts may be important" but I am not running such a site. I am running a gaming site.

    And no I do not monitor all chats all of the time. Having the ability to do so is valuable though for me.

    Like all things in life there are no simple answers. Trust is important but so is also running a safe site. I am not suggesting nor do I want the ability for everyone to read all chats just having the opportunity to moderate them is valuable. Obviously if NodeBB goes to a fully encrypted chat system my site may have to disable the chat function.



  • @rod That's why it's best to leave it as a plugin.


Log in to reply
 


Looks like your connection to NodeBB was lost, please wait while we try to reconnect.