Hello, Creators and Happy March!
Following our ongoing theme of making the admin panel cleaner and more intuitive, we are rolling out improvements...
For further actions, you may consider blocking this person and/or reporting abuse
This is really good stuff right here! Thank you @jennieocken + team π
Im really curious about the info that will be included in the member list page. As an admin it would be useful to have the option to filter the member list by metrics such as total comments, posts, ractions, followers, and badges. At the moment, there is no way for me to rank/arrange member list by how many posts or comments each member has made, and I think this would be useful to have so that you can get a reading on who the active members in your community are.
One thing I noticed when clicking the emails tab for each member of my community, they all list as email not verified. What does this mean exactly? Is it normal for all of them to not be verified?
I really like the notes tab, this will be super useful for admins! I noticed there is no way to currently delete any notes, is this on purpose or might be something to add later on?
I also really like the option to merge users. In the past some members have created multiple accounts and have asked me to delete old one, so this feature will help in that scenario. What happens to comments and posts made by the account that will be merged and deleted? Do those get assigned to the new account?
When choosing the unblish all posts option, im assuming that posts are put into draft mode? What about comments made by this same user, what would be the best way to bulk-delete all of those? Would that be what the banish user option does? Im guessing banishing is different from deleting user, in that banishing still keeps their email in our database which means they cannot create a new account using that same email?
I also tested out the send an email feature and it works well, didnt catch any bugs. I still have to configure my own email settings so right now emails are coming from noreply(at)forem.com. One thing I would maybe adjust would be the "reminder" note that is included within the emails (see screenshot below). I find it to be a bit confusing, it comes off as being part of the main body text of the email. Maybe the font size should be smaller or maybe there should be a line divider between the main email body text and the reminder text.
Thanks for the detailed feedback (as always) @ildi! So much gold to sift through here!
Let me give some of it a shot? Not that you really need me here, because it feels like you've got a handle on it:
Tagging @jennie in here for the email "Reminder text" suggestion - with her green light I'll be happy to write up a small issue to adjust the layout of that paragraph in the email so it's clearer.
The main reason we don't have a delete function for Notes is that transparency is essential for asynchronous admin teams. If you know that your team mates can't remove any notes on a member account, you can use them as a source of truth when handling issues.
Hope this helps a little bit!
Yes on the reminder text suggestion. π
Thank you for confirming some of those @ellativity π and the thinking behind why there is no delete function for Notes is solid.
That said, if you have ideas why they should be deletable or editable, I know our Product team are really good listeners π
I was initially thinking of notes as reminders or like a record of warnings or bad actions. For example maybe I wanted to remind myself to mention something to someone, or remind myself that a user might be acting in bad faith, but I can see that there are benefits to keeping a record of these things.
In general, im a big advocate of privacy and im not fond of companies collecting user data without permission. It seems weird to me that someone might be building a database with info relating to me without my knowledge. Im curious, are users able to opt-out of this feature, so that admins cannot add notes about their particular accounts?
Interesting... I do see what you're saying about how it could possibly be used for nefarious means, if someone really had that intention. There's always got to be a line drawn between equipping mods and admins to keep community members safe from bad actors vs logging data about people without their knowledge. Between transparency, accountability, and privacy.
Members have to consent to the information they share on a Forem being stored by that Forem (it's the only way that any content could exist for the community). In the case of the Notes function on a Forem, our use case has been to ensure continuity of case handling for members facing content suspensions or comment suspensions. They're used as a way to balance privacy with transparency because they allow multiple admins to answer a member's questions about the reason for the action being taken on their account, and provide accountability to prevent abuse of such powers.
Can you explain to me why you see this as being a particular cause for privacy concerns only? I ask because personally, Forem's approach to data and privacy is part of the reason I work here. I don't see why admin notes (that can only be read by other admins whilst a member's account is active) would be a privacy concern so I welcome the opportunity to understand an area I've overlooked or misunderstood.
The first thing that comes to mind is if admins/mods are going to write notes relating to my profile, I would like to also have access to those notes. I think that would solve the issue of transparency.
I'm really intrigued by our conversation here, because I see this as a bit of a arbitrary divide: does it matter if admins are making notes about a member on the Forem or in a separate document? Should everyone have access to everything that's ever said about them? Where do we draw the line between communicating to make a decision that might have consequences on the community - is either text or speech acceptable?
I consider privacy/transparency to be an issue of gathering data that pertains to an individual's identity, lifestyle, or habits. If someone writes a rude or derisive post, and we make a note of that for future reference, they already know they submitted that to our platform and should be aware it will be read.
Curious to hear from some other mods @michaeltharrington, @casey, @lee?
Im also divided on this, my first comment regarding the notes tab was that I really like it and that admins would find it very useful.
This is a good question that I do not have a very good answer for. Maybe a middle ground could be that a user is sent a notification making them aware that a note was made about them but they dont get to see the full note. But im not sure, that might make users more curious and they may demand to see what was written.
You also bring up a good point that within any community you participate in, anyone can view your profile and therefore theoretically can start making notes about you in an online or offline document that no one knows about.
I guess a lot of my thinking these days around this topic is formulated from how public/decentralized blockchains work. I like the idea that every action taken within a database is public for all to observe + scrutinize without actually attaching real names to accounts/wallets. Maybe we take this thinking too far, but I like the idea that all data collected regarding my profile should completely belong to me and I should be able to revoke access to it and take the data with me at any given moment. I guess in a way we do offer this with Forem, because you can request for us to completely delete your account. Does this also completely remove the notes admins may have written about a user?
It does. According to our GDPR compliance, we remove all data about a user at their request. Of course, if the Forem admin has exported the data then that's outside of Forem-the-platform's control.
As you already know: although the platform itself is designed with respect for privacy, it's always important to be aware that any information you share about yourself online could end up in any number of places. This is an area where the value of blockchain as you've described it is really highlighted, although even NFTs can be right-clicked π
With that being said, Forem does respect privacy when it comes to the notes admins/mods make since ultimately the user is in control of all of their data within all Forem communities they join. As long as admins do actually follow/respect users request to delete their data. Like is there a way for a user to verify that their data was indeed removed upon request?
You may copy/redistribute the JPG as you wish, but the provenance cannot be tampered with. NFTs help keep a record of ownership/support. This is very important for digital content + art. No one can deny your contributions, they canβt erase history. At some point almost everyone in the world becomes a big fan of The Weeknd, Justin Bieber, or Adele. But how can we prove who was showing these artists love/support from day one? That's the power of NFTs imo π₯³
I personally do not feel like it's a privacy concern to take private notes on a user's account in the Forem platform.
Ella's totally right that we use this space to log information about folks who have broken (or near broken) our Code of Conduct, so that we can have that history to make informed decisions about disciplinary actions. While we could take this info out of the platform and log it in another piece of software, I think it's actually a bonus to the user that we don't do that, because as y'all noted, when they delete their account all of their records are purged from our system.
All this said, there could be potential for abuse if another community manager out there were to use Forem's note-taking abilities to log information about the user in order to try to sell them things or what not. But, I also think someone could do that outside of Forem; I don't really see Forem as enabling this behavior.
I think it would be problematic to let the user know the contents of every notes we may have taken on them. As y'all noted, that would probably trigger more questions from the user. Still, this is an all around interesting convo and it does have me rethinking how public we should be with folks about any disciplinary notes we're taking on them!
I agree, itβs not happening programmatically, this is one human making notes about another humans general behaviour (when flagged), itβs a fair system that then allows for fair discussions on warnings and then a potential ban. Those notes would be made somewhere anyway right? Either on paper or in an email, much easier for community managers to see it all in one place
Not sure I want to jump into this slippery slope but here we go...
I feel like having mods/admins have notes on users is well within the usage of the platform and not a privacy concern. After all things written by a person belong to that person even if they are written about someone else (otherwise non-fiction writing would be a very strange place). I think it is right and proper that we connect those notes to a user so we can have effective moderation of the site. And that we remove that data if we remove the user, as it is not longer part of that effort.
It's important to have these conversations and think through privacy from all points of view. Personally, I don't really want to know what people say about me when I am not around π. But, I also want to make sure that our mods can do their work in a safe way. Making a bully aware that the mods are discussing their behavior could actually make the mod's life harder without any real privacy benefit.
Seconded! I really value 1) @ildi gave us a different lens to view it through, 2) Ildi was comfortable to share an alternative perspective, 3) we were able to have a thoughtful discussion with multiple people sharing their experiences. I hope we can have more of these conversations around here!
This is true and I do agree that in general there is no way to prevent anyone from writing notes about how you behave in a public platform.
All this talk of privacy has made me curious about the scenario when a user requests to have their profile deleted (which includes all their data) how can that user verify for themselves that the deletion has taken place with 100% certainty since the database itself is not publicly available?
Also going back to my original comment on this post, I mentioned that in the emails tab each member of my community shows as βemail is not verifiedβ. Iβm a bit confused by this and what it means.
Thank you for going deeper on some of this stuff. These type of discussions help reframe my own thinking around subjects so I find them to be very valuable.
I canβt say that Iβm really happy with how the internet has grown. Privacy and being able to own, control, backup, and verify everything to do with your data is super important to me. Too many things are hidden from the average user, and itβs created this culture of really poor privacy and security when it comes to the overall infrastructure of the internet.
That's why it's European law that
These laws allowed France to fine Google β¬50m for GDPR breaches because they didn't give users enough information to be able to consent to or decline their data tracking.
Unfortunately I feel like many websites/platforms on the web probably donβt follow these laws. Itβs up to the user to prove that their data has not been used in good faith. Then you gotta pay a lawyer to make your case.
So much of this can be avoided if users are truly given ownership/control of their data and if the databases were not controlled by centralized actors. But from a technical perspective, this is not easy to achieve. I do hope itβs where we are headed though because the law itself and how it is upheld is often flawed and biased. Thatβs not to say that we donβt need laws, because we canβt decentralize everything. Also no system is perfect but I really think we can do without serving users with a cookie collection warning popup every-time they visit a website. I canβt stand those, there has to be a better way π
Our immediate goal is to greatly simplify this page and make the columns / actions more usable. As part of this we will actually be removing /admin/permissions and /admin/moderation/mods so there one place you are going to find your user. Here is a sneak peek of the amazing work our designer has been doing on this feature. I also forwarded your suggestion on to him. I don't think it will make it into cut one but it's an intriguing idea.
There are some filters and bulk actions hidden behind the scenes in this picture. But we are currently scoping the work so we will likely be releasing in sections.
Awesome! Thank you for sharing that screenshot. Looking forward to learning more about the filters and bulk actions.
I think in all this discussion we lost track of these two excellent questions by @ildi . @ellativity would you be willing to answer these?
Thanks for the reminder, @jennieocken!
To @ildi's first question, I think this question really gets to the heart of what we're trying to do with Forem. Although having full access to our database would be the most transparent way (for a former member to prove the absence of their data after they request a deletion), we all recognize that the outcome of that would be giving everyone access to everyone's data. As far as personal privacy goes, that wouldn't be ok (and would definitely fall foul of GDPR laws!)
One of our reasons for being open source is to try to reach levels of transparency that just aren't possible without giving away other people's privacy. Here's the part of our codebase where data deletion begins after a deletion request. You can see that we have several functions built in here that determine what data belongs to the user, and ensures it doesn't unravel other interactions on the site. We don't rely on manual deletion, because this would be just too much to expect a Forem admin to process for each deletion request.
Without publicly-visible code, we could only speak to the way we manage our own communities and their data. By building the software in the open, and automating the deletion processes according to this logic, we hope Forem is a viable community platform that provides peace of mind, for both members and admins, that data is handled responsibly and cautiously.
If you ever want to test that your data is deleted after you request deletion, you could always create a new account using the same credentials. That would confirm that those credentials had been removed from the system upon deletion, otherwise you wouldn't be able to create a new account with them.
And to your second point, the email verification is required for members to switch their accounts over to email-only sign-in, if that's enabled on your Forem under
/admin/customization/config
> Authentication - hope this helps make sense of that one!I think being open-source and having the option to spin up your own Forem and test things out on your own is the transparency that im looking for, so this was a great explenation, thank you @ellativity!
As you know 1VIBE is currently invite-only but I had email and Twitter login enabled before. So im confused why all members (30+ users) shows up as "email not verified". Most members did sign up via email so shouldn't it say "verified" for them?
You know what? I'm going to look into this further, because this doesn't make sense to me either...
Oooh π²
Woah... For the little I've seen of the admin dashboard, this update will make it so much classier to manage a user. Great job! ππΌππΌππΌπ
@thomasbnt we need to get you a Forem set up soon! Maybe the next time I'm installing myself a self-hosted Forem we can do it together?
Awesome !! I'm in!
But I never really deployed a Forem pod, only two times with Gitpod. And even with that, I had some deployment issues.
Hmmm I created a new PR about the badge on the README, and I clicked to test if the deployment is correct. But I don't know how I login with the master account. I prefer to you wait before I do anything xD
Has anyone made a video tutorial breaking down how to fully setup and maintain a self-hosted Forem community using DigitalOcean?