Forem Creators and Builders 🌱

Cover image for Changelog: Member Detail Page

Changelog: Member Detail Page

Hello, Creators and Happy March!

Following our ongoing theme of making the admin panel cleaner and more intuitive, we are rolling out improvements to the Member Detail page. This will make the process of managing your logged in users (also known as members) so much easier. Let’s take a look around at the new interface.

You can get to this page by going to the People section of the admin panel and selecting a user. The first thing we did was bring the most important information about your members to the top of the page. This includes their status, contact information, social accounts, and important dates. Within this area you will be able to take administrative actions such as exporting their data, unpublishing their posts, or banishing them through the menu on the right.

Member Primary Information

Under the member overview, we have organized the most important information about the member into tabs. The Overview tab will give you a birds eye view of the member’s roles, organizations, credits, and any tag moderation they have been assigned.

Member Overview

The Notes tab allows you and other administrators to make notes about the member that can only be seen by administrators. This is a great place to track any positive or negative interactions or facts about the member. In the Emails tab you can verify their email address, send an email, and see any previous communications.

The Reports tab is all about reports submitted by the Member while the Flags tab is all about any flags about the member submitted by a moderator.

Member email tab

As with all our recent improvements, we have also greatly improved the accessibility of the page to be easily used with any assistive device. We are hoping all these changes to the member detail page will help you better manage your members.

Next up in the admin panel will be the member list page at which point we will officially rename this section from People to Members. As you can tell, we are making a lot of improvements to the admin panel to make it easier to find the settings you need.

Top comments (32)

Collapse
ildi profile image
Ildi • Edited on

This is really good stuff right here! Thank you @jennieocken + team 👏

Im really curious about the info that will be included in the member list page. As an admin it would be useful to have the option to filter the member list by metrics such as total comments, posts, ractions, followers, and badges. At the moment, there is no way for me to rank/arrange member list by how many posts or comments each member has made, and I think this would be useful to have so that you can get a reading on who the active members in your community are.

One thing I noticed when clicking the emails tab for each member of my community, they all list as email not verified. What does this mean exactly? Is it normal for all of them to not be verified?

I really like the notes tab, this will be super useful for admins! I noticed there is no way to currently delete any notes, is this on purpose or might be something to add later on?

I also really like the option to merge users. In the past some members have created multiple accounts and have asked me to delete old one, so this feature will help in that scenario. What happens to comments and posts made by the account that will be merged and deleted? Do those get assigned to the new account?

When choosing the unblish all posts option, im assuming that posts are put into draft mode? What about comments made by this same user, what would be the best way to bulk-delete all of those? Would that be what the banish user option does? Im guessing banishing is different from deleting user, in that banishing still keeps their email in our database which means they cannot create a new account using that same email?

I also tested out the send an email feature and it works well, didnt catch any bugs. I still have to configure my own email settings so right now emails are coming from noreply(at)forem.com. One thing I would maybe adjust would be the "reminder" note that is included within the emails (see screenshot below). I find it to be a bit confusing, it comes off as being part of the main body text of the email. Maybe the font size should be smaller or maybe there should be a line divider between the main email body text and the reminder text.

email test screenshot

Collapse
ellativity profile image
Ella (she/her/elle)

Thanks for the detailed feedback (as always) @ildi! So much gold to sift through here!

Let me give some of it a shot? Not that you really need me here, because it feels like you've got a handle on it:

  • Yes, Unpublish all posts puts the member's posts into draft mode
  • Yes, the member's comments remain live and unaffected by unpublishing their posts
  • Yes, Banish will delete all their posts and their comments, suspend them from further activity, and does not delete their account (for precisely the reason you suggest)

Tagging @jennie in here for the email "Reminder text" suggestion - with her green light I'll be happy to write up a small issue to adjust the layout of that paragraph in the email so it's clearer.

The main reason we don't have a delete function for Notes is that transparency is essential for asynchronous admin teams. If you know that your team mates can't remove any notes on a member account, you can use them as a source of truth when handling issues.

Hope this helps a little bit!

Collapse
jennieocken profile image
Jennie Ocken (she/her) Author

Yes on the reminder text suggestion. 😄

Collapse
ildi profile image
Ildi

Thank you for confirming some of those @ellativity 🙏 and the thinking behind why there is no delete function for Notes is solid.

Thread Thread
ellativity profile image
Ella (she/her/elle)

That said, if you have ideas why they should be deletable or editable, I know our Product team are really good listeners 👂

Thread Thread
ildi profile image
Ildi

I was initially thinking of notes as reminders or like a record of warnings or bad actions. For example maybe I wanted to remind myself to mention something to someone, or remind myself that a user might be acting in bad faith, but I can see that there are benefits to keeping a record of these things.

In general, im a big advocate of privacy and im not fond of companies collecting user data without permission. It seems weird to me that someone might be building a database with info relating to me without my knowledge. Im curious, are users able to opt-out of this feature, so that admins cannot add notes about their particular accounts?

Thread Thread
ellativity profile image
Ella (she/her/elle)

Interesting... I do see what you're saying about how it could possibly be used for nefarious means, if someone really had that intention. There's always got to be a line drawn between equipping mods and admins to keep community members safe from bad actors vs logging data about people without their knowledge. Between transparency, accountability, and privacy.

Members have to consent to the information they share on a Forem being stored by that Forem (it's the only way that any content could exist for the community). In the case of the Notes function on a Forem, our use case has been to ensure continuity of case handling for members facing content suspensions or comment suspensions. They're used as a way to balance privacy with transparency because they allow multiple admins to answer a member's questions about the reason for the action being taken on their account, and provide accountability to prevent abuse of such powers.

Can you explain to me why you see this as being a particular cause for privacy concerns only? I ask because personally, Forem's approach to data and privacy is part of the reason I work here. I don't see why admin notes (that can only be read by other admins whilst a member's account is active) would be a privacy concern so I welcome the opportunity to understand an area I've overlooked or misunderstood.

Thread Thread
ildi profile image
Ildi

I don't see why admin notes (that can only be read by other admins whilst a member's account is active) would be a privacy concern so I welcome the opportunity to understand an area I've overlooked or misunderstood.

The first thing that comes to mind is if admins/mods are going to write notes relating to my profile, I would like to also have access to those notes. I think that would solve the issue of transparency.

Thread Thread
ellativity profile image
Ella (she/her/elle)

I'm really intrigued by our conversation here, because I see this as a bit of a arbitrary divide: does it matter if admins are making notes about a member on the Forem or in a separate document? Should everyone have access to everything that's ever said about them? Where do we draw the line between communicating to make a decision that might have consequences on the community - is either text or speech acceptable?

I consider privacy/transparency to be an issue of gathering data that pertains to an individual's identity, lifestyle, or habits. If someone writes a rude or derisive post, and we make a note of that for future reference, they already know they submitted that to our platform and should be aware it will be read.

Curious to hear from some other mods @michaeltharrington, @casey, @lee?

Thread Thread
ildi profile image
Ildi

Im also divided on this, my first comment regarding the notes tab was that I really like it and that admins would find it very useful.

Should everyone have access to everything that's ever said about them?

This is a good question that I do not have a very good answer for. Maybe a middle ground could be that a user is sent a notification making them aware that a note was made about them but they dont get to see the full note. But im not sure, that might make users more curious and they may demand to see what was written.

You also bring up a good point that within any community you participate in, anyone can view your profile and therefore theoretically can start making notes about you in an online or offline document that no one knows about.

I guess a lot of my thinking these days around this topic is formulated from how public/decentralized blockchains work. I like the idea that every action taken within a database is public for all to observe + scrutinize without actually attaching real names to accounts/wallets. Maybe we take this thinking too far, but I like the idea that all data collected regarding my profile should completely belong to me and I should be able to revoke access to it and take the data with me at any given moment. I guess in a way we do offer this with Forem, because you can request for us to completely delete your account. Does this also completely remove the notes admins may have written about a user?

Thread Thread
ellativity profile image
Ella (she/her/elle)

Does this also completely remove the notes admins may have written about a user?

It does. According to our GDPR compliance, we remove all data about a user at their request. Of course, if the Forem admin has exported the data then that's outside of Forem-the-platform's control.

As you already know: although the platform itself is designed with respect for privacy, it's always important to be aware that any information you share about yourself online could end up in any number of places. This is an area where the value of blockchain as you've described it is really highlighted, although even NFTs can be right-clicked 😉

Thread Thread
ildi profile image
Ildi

It does. According to our GDPR compliance, we remove all data about a user at their request. Of course, if the Forem admin has exported the data then that's outside of Forem-the-platform's control.

With that being said, Forem does respect privacy when it comes to the notes admins/mods make since ultimately the user is in control of all of their data within all Forem communities they join. As long as admins do actually follow/respect users request to delete their data. Like is there a way for a user to verify that their data was indeed removed upon request?

This is an area where the value of blockchain as you've described it is really highlighted, although even NFTs can be right-clicked.

You may copy/redistribute the JPG as you wish, but the provenance cannot be tampered with. NFTs help keep a record of ownership/support. This is very important for digital content + art. No one can deny your contributions, they can’t erase history. At some point almost everyone in the world becomes a big fan of The Weeknd, Justin Bieber, or Adele. But how can we prove who was showing these artists love/support from day one? That's the power of NFTs imo 🥳

Thread Thread
michaeltharrington profile image
Michael Tharrington • Edited on

Curious to hear from some other mods @michaeltharrington, @ioscasey, @lee?

I personally do not feel like it's a privacy concern to take private notes on a user's account in the Forem platform.

Ella's totally right that we use this space to log information about folks who have broken (or near broken) our Code of Conduct, so that we can have that history to make informed decisions about disciplinary actions. While we could take this info out of the platform and log it in another piece of software, I think it's actually a bonus to the user that we don't do that, because as y'all noted, when they delete their account all of their records are purged from our system.

All this said, there could be potential for abuse if another community manager out there were to use Forem's note-taking abilities to log information about the user in order to try to sell them things or what not. But, I also think someone could do that outside of Forem; I don't really see Forem as enabling this behavior.

I think it would be problematic to let the user know the contents of every notes we may have taken on them. As y'all noted, that would probably trigger more questions from the user. Still, this is an all around interesting convo and it does have me rethinking how public we should be with folks about any disciplinary notes we're taking on them!

Thread Thread
lee profile image
Lee

I agree, it’s not happening programmatically, this is one human making notes about another humans general behaviour (when flagged), it’s a fair system that then allows for fair discussions on warnings and then a potential ban. Those notes would be made somewhere anyway right? Either on paper or in an email, much easier for community managers to see it all in one place

Thread Thread
jennieocken profile image
Jennie Ocken (she/her) Author

Not sure I want to jump into this slippery slope but here we go...

I feel like having mods/admins have notes on users is well within the usage of the platform and not a privacy concern. After all things written by a person belong to that person even if they are written about someone else (otherwise non-fiction writing would be a very strange place). I think it is right and proper that we connect those notes to a user so we can have effective moderation of the site. And that we remove that data if we remove the user, as it is not longer part of that effort.

It's important to have these conversations and think through privacy from all points of view. Personally, I don't really want to know what people say about me when I am not around 😇. But, I also want to make sure that our mods can do their work in a safe way. Making a bully aware that the mods are discussing their behavior could actually make the mod's life harder without any real privacy benefit.

Thread Thread
ellativity profile image
Ella (she/her/elle)

It's important to have these conversations and think through privacy from all points of view.

Seconded! I really value 1) @ildi gave us a different lens to view it through, 2) Ildi was comfortable to share an alternative perspective, 3) we were able to have a thoughtful discussion with multiple people sharing their experiences. I hope we can have more of these conversations around here!

Thread Thread
ildi profile image
Ildi

Making a bully aware that the mods are discussing their behavior could actually make the mod's life harder without any real privacy benefit.

This is true and I do agree that in general there is no way to prevent anyone from writing notes about how you behave in a public platform.

All this talk of privacy has made me curious about the scenario when a user requests to have their profile deleted (which includes all their data) how can that user verify for themselves that the deletion has taken place with 100% certainty since the database itself is not publicly available?

Also going back to my original comment on this post, I mentioned that in the emails tab each member of my community shows as “email is not verified”. I’m a bit confused by this and what it means.

Thread Thread
ildi profile image
Ildi

Thank you for going deeper on some of this stuff. These type of discussions help reframe my own thinking around subjects so I find them to be very valuable.

I can’t say that I’m really happy with how the internet has grown. Privacy and being able to own, control, backup, and verify everything to do with your data is super important to me. Too many things are hidden from the average user, and it’s created this culture of really poor privacy and security when it comes to the overall infrastructure of the internet.

Thread Thread
ellativity profile image
Ella (she/her/elle) • Edited on

That's why it's European law that

Everyone has the right to

  • the protection of personal data concerning him or her
  • access to data which has been collected concerning him or her, and the right to have it rectified

This right is enshrined in article 8 of the Charter of Fundamental Rights.

These laws allowed France to fine Google €50m for GDPR breaches because they didn't give users enough information to be able to consent to or decline their data tracking.

Thread Thread
ildi profile image
Ildi

Unfortunately I feel like many websites/platforms on the web probably don’t follow these laws. It’s up to the user to prove that their data has not been used in good faith. Then you gotta pay a lawyer to make your case.

So much of this can be avoided if users are truly given ownership/control of their data and if the databases were not controlled by centralized actors. But from a technical perspective, this is not easy to achieve. I do hope it’s where we are headed though because the law itself and how it is upheld is often flawed and biased. That’s not to say that we don’t need laws, because we can’t decentralize everything. Also no system is perfect but I really think we can do without serving users with a cookie collection warning popup every-time they visit a website. I can’t stand those, there has to be a better way 😂

Collapse
jennieocken profile image
Jennie Ocken (she/her) Author

Im really curious about the info that will be included in the member list page.

Our immediate goal is to greatly simplify this page and make the columns / actions more usable. As part of this we will actually be removing /admin/permissions and /admin/moderation/mods so there one place you are going to find your user. Here is a sneak peek of the amazing work our designer has been doing on this feature. I also forwarded your suggestion on to him. I don't think it will make it into cut one but it's an intriguing idea.

member list view design spec

There are some filters and bulk actions hidden behind the scenes in this picture. But we are currently scoping the work so we will likely be releasing in sections.

Collapse
ildi profile image
Ildi

Awesome! Thank you for sharing that screenshot. Looking forward to learning more about the filters and bulk actions.

Collapse
jennieocken profile image
Jennie Ocken (she/her) Author

I think in all this discussion we lost track of these two excellent questions by @ildi . @ellativity would you be willing to answer these?

All this talk of privacy has made me curious about the scenario when a user requests to have their profile deleted (which includes all their data) how can that user verify for themselves that the deletion has taken place with 100% certainty since the database itself is not publicly available?

Also going back to my original comment on this post, I mentioned that in the emails tab each member of my community shows as “email is not verified”. I’m a bit confused by this and what it means.

Collapse
ellativity profile image
Ella (she/her/elle)

Thanks for the reminder, @jennieocken!

To @ildi's first question, I think this question really gets to the heart of what we're trying to do with Forem. Although having full access to our database would be the most transparent way (for a former member to prove the absence of their data after they request a deletion), we all recognize that the outcome of that would be giving everyone access to everyone's data. As far as personal privacy goes, that wouldn't be ok (and would definitely fall foul of GDPR laws!)

One of our reasons for being open source is to try to reach levels of transparency that just aren't possible without giving away other people's privacy. Here's the part of our codebase where data deletion begins after a deletion request. You can see that we have several functions built in here that determine what data belongs to the user, and ensures it doesn't unravel other interactions on the site. We don't rely on manual deletion, because this would be just too much to expect a Forem admin to process for each deletion request.

Without publicly-visible code, we could only speak to the way we manage our own communities and their data. By building the software in the open, and automating the deletion processes according to this logic, we hope Forem is a viable community platform that provides peace of mind, for both members and admins, that data is handled responsibly and cautiously.

If you ever want to test that your data is deleted after you request deletion, you could always create a new account using the same credentials. That would confirm that those credentials had been removed from the system upon deletion, otherwise you wouldn't be able to create a new account with them.

And to your second point, the email verification is required for members to switch their accounts over to email-only sign-in, if that's enabled on your Forem under /admin/customization/config > Authentication - hope this helps make sense of that one!

Collapse
ildi profile image
Ildi

If you ever want to test that your data is deleted after you request deletion, you could always create a new account using the same credentials. That would confirm that those credentials had been removed from the system upon deletion, otherwise you wouldn't be able to create a new account with them.

I think being open-source and having the option to spin up your own Forem and test things out on your own is the transparency that im looking for, so this was a great explenation, thank you @ellativity!

And to your second point, the email verification is required for members to switch their accounts over to email-only sign-in, if that's enabled on your Forem under /admin/customization/config > Authentication - hope this helps make sense of that one!

As you know 1VIBE is currently invite-only but I had email and Twitter login enabled before. So im confused why all members (30+ users) shows up as "email not verified". Most members did sign up via email so shouldn't it say "verified" for them?

Thread Thread
ellativity profile image
Ella (she/her/elle)

As you know 1VIBE is currently invite-only but I had email and Twitter login enabled before. So im confused why all members (30+ users) shows up as "email not verified". Most members did sign up via email so shouldn't it say "verified" for them?

You know what? I'm going to look into this further, because this doesn't make sense to me either...

Collapse
thomasbnt profile image
Thomas Bnt • Edited on

Oooh 😲
Woah... For the little I've seen of the admin dashboard, this update will make it so much classier to manage a user. Great job! 👏🏼👏🏼👏🏼🎉

Collapse
ellativity profile image
Ella (she/her/elle)

@thomasbnt we need to get you a Forem set up soon! Maybe the next time I'm installing myself a self-hosted Forem we can do it together?

Collapse
thomasbnt profile image
Thomas Bnt

Awesome !! I'm in!

Thread Thread
thomasbnt profile image
Thomas Bnt

But I never really deployed a Forem pod, only two times with Gitpod. And even with that, I had some deployment issues.

Thread Thread
thomasbnt profile image
Thomas Bnt

Hmmm I created a new PR about the badge on the README, and I clicked to test if the deployment is correct. But I don't know how I login with the master account. I prefer to you wait before I do anything xD

Forem deployment

Collapse
ildi profile image
Ildi

Has anyone made a video tutorial breaking down how to fully setup and maintain a self-hosted Forem community using DigitalOcean?