Forem Creators and Builders 🌱

Discussion on: Changelog: Member Detail Page

Collapse
 
ildi profile image
Ildi

Thank you for confirming some of those @ellativity 🙏 and the thinking behind why there is no delete function for Notes is solid.

Thread Thread
 
ellativity profile image
Ella (she/her/elle)

That said, if you have ideas why they should be deletable or editable, I know our Product team are really good listeners 👂

Thread Thread
 
ildi profile image
Ildi

I was initially thinking of notes as reminders or like a record of warnings or bad actions. For example maybe I wanted to remind myself to mention something to someone, or remind myself that a user might be acting in bad faith, but I can see that there are benefits to keeping a record of these things.

In general, im a big advocate of privacy and im not fond of companies collecting user data without permission. It seems weird to me that someone might be building a database with info relating to me without my knowledge. Im curious, are users able to opt-out of this feature, so that admins cannot add notes about their particular accounts?

Thread Thread
 
ellativity profile image
Ella (she/her/elle)

Interesting... I do see what you're saying about how it could possibly be used for nefarious means, if someone really had that intention. There's always got to be a line drawn between equipping mods and admins to keep community members safe from bad actors vs logging data about people without their knowledge. Between transparency, accountability, and privacy.

Members have to consent to the information they share on a Forem being stored by that Forem (it's the only way that any content could exist for the community). In the case of the Notes function on a Forem, our use case has been to ensure continuity of case handling for members facing content suspensions or comment suspensions. They're used as a way to balance privacy with transparency because they allow multiple admins to answer a member's questions about the reason for the action being taken on their account, and provide accountability to prevent abuse of such powers.

Can you explain to me why you see this as being a particular cause for privacy concerns only? I ask because personally, Forem's approach to data and privacy is part of the reason I work here. I don't see why admin notes (that can only be read by other admins whilst a member's account is active) would be a privacy concern so I welcome the opportunity to understand an area I've overlooked or misunderstood.

Thread Thread
 
ildi profile image
Ildi

I don't see why admin notes (that can only be read by other admins whilst a member's account is active) would be a privacy concern so I welcome the opportunity to understand an area I've overlooked or misunderstood.

The first thing that comes to mind is if admins/mods are going to write notes relating to my profile, I would like to also have access to those notes. I think that would solve the issue of transparency.

Thread Thread
 
ellativity profile image
Ella (she/her/elle)

I'm really intrigued by our conversation here, because I see this as a bit of a arbitrary divide: does it matter if admins are making notes about a member on the Forem or in a separate document? Should everyone have access to everything that's ever said about them? Where do we draw the line between communicating to make a decision that might have consequences on the community - is either text or speech acceptable?

I consider privacy/transparency to be an issue of gathering data that pertains to an individual's identity, lifestyle, or habits. If someone writes a rude or derisive post, and we make a note of that for future reference, they already know they submitted that to our platform and should be aware it will be read.

Curious to hear from some other mods @michaeltharrington, @casey, @lee?

Thread Thread
 
ildi profile image
Ildi

Im also divided on this, my first comment regarding the notes tab was that I really like it and that admins would find it very useful.

Should everyone have access to everything that's ever said about them?

This is a good question that I do not have a very good answer for. Maybe a middle ground could be that a user is sent a notification making them aware that a note was made about them but they dont get to see the full note. But im not sure, that might make users more curious and they may demand to see what was written.

You also bring up a good point that within any community you participate in, anyone can view your profile and therefore theoretically can start making notes about you in an online or offline document that no one knows about.

I guess a lot of my thinking these days around this topic is formulated from how public/decentralized blockchains work. I like the idea that every action taken within a database is public for all to observe + scrutinize without actually attaching real names to accounts/wallets. Maybe we take this thinking too far, but I like the idea that all data collected regarding my profile should completely belong to me and I should be able to revoke access to it and take the data with me at any given moment. I guess in a way we do offer this with Forem, because you can request for us to completely delete your account. Does this also completely remove the notes admins may have written about a user?

Thread Thread
 
ellativity profile image
Ella (she/her/elle)

Does this also completely remove the notes admins may have written about a user?

It does. According to our GDPR compliance, we remove all data about a user at their request. Of course, if the Forem admin has exported the data then that's outside of Forem-the-platform's control.

As you already know: although the platform itself is designed with respect for privacy, it's always important to be aware that any information you share about yourself online could end up in any number of places. This is an area where the value of blockchain as you've described it is really highlighted, although even NFTs can be right-clicked 😉

Thread Thread
 
ildi profile image
Ildi

It does. According to our GDPR compliance, we remove all data about a user at their request. Of course, if the Forem admin has exported the data then that's outside of Forem-the-platform's control.

With that being said, Forem does respect privacy when it comes to the notes admins/mods make since ultimately the user is in control of all of their data within all Forem communities they join. As long as admins do actually follow/respect users request to delete their data. Like is there a way for a user to verify that their data was indeed removed upon request?

This is an area where the value of blockchain as you've described it is really highlighted, although even NFTs can be right-clicked.

You may copy/redistribute the JPG as you wish, but the provenance cannot be tampered with. NFTs help keep a record of ownership/support. This is very important for digital content + art. No one can deny your contributions, they can’t erase history. At some point almost everyone in the world becomes a big fan of The Weeknd, Justin Bieber, or Adele. But how can we prove who was showing these artists love/support from day one? That's the power of NFTs imo 🥳

Thread Thread
 
michaeltharrington profile image
Michael Tharrington • Edited

Curious to hear from some other mods @michaeltharrington, @ioscasey, @lee?

I personally do not feel like it's a privacy concern to take private notes on a user's account in the Forem platform.

Ella's totally right that we use this space to log information about folks who have broken (or near broken) our Code of Conduct, so that we can have that history to make informed decisions about disciplinary actions. While we could take this info out of the platform and log it in another piece of software, I think it's actually a bonus to the user that we don't do that, because as y'all noted, when they delete their account all of their records are purged from our system.

All this said, there could be potential for abuse if another community manager out there were to use Forem's note-taking abilities to log information about the user in order to try to sell them things or what not. But, I also think someone could do that outside of Forem; I don't really see Forem as enabling this behavior.

I think it would be problematic to let the user know the contents of every notes we may have taken on them. As y'all noted, that would probably trigger more questions from the user. Still, this is an all around interesting convo and it does have me rethinking how public we should be with folks about any disciplinary notes we're taking on them!

Thread Thread
 
lee profile image
Lee

I agree, it’s not happening programmatically, this is one human making notes about another humans general behaviour (when flagged), it’s a fair system that then allows for fair discussions on warnings and then a potential ban. Those notes would be made somewhere anyway right? Either on paper or in an email, much easier for community managers to see it all in one place

Thread Thread
 
jennieocken profile image
Jennie Ocken (she/her)

Not sure I want to jump into this slippery slope but here we go...

I feel like having mods/admins have notes on users is well within the usage of the platform and not a privacy concern. After all things written by a person belong to that person even if they are written about someone else (otherwise non-fiction writing would be a very strange place). I think it is right and proper that we connect those notes to a user so we can have effective moderation of the site. And that we remove that data if we remove the user, as it is not longer part of that effort.

It's important to have these conversations and think through privacy from all points of view. Personally, I don't really want to know what people say about me when I am not around 😇. But, I also want to make sure that our mods can do their work in a safe way. Making a bully aware that the mods are discussing their behavior could actually make the mod's life harder without any real privacy benefit.

Thread Thread
 
ellativity profile image
Ella (she/her/elle)

It's important to have these conversations and think through privacy from all points of view.

Seconded! I really value 1) @ildi gave us a different lens to view it through, 2) Ildi was comfortable to share an alternative perspective, 3) we were able to have a thoughtful discussion with multiple people sharing their experiences. I hope we can have more of these conversations around here!

Thread Thread
 
ildi profile image
Ildi

Making a bully aware that the mods are discussing their behavior could actually make the mod's life harder without any real privacy benefit.

This is true and I do agree that in general there is no way to prevent anyone from writing notes about how you behave in a public platform.

All this talk of privacy has made me curious about the scenario when a user requests to have their profile deleted (which includes all their data) how can that user verify for themselves that the deletion has taken place with 100% certainty since the database itself is not publicly available?

Also going back to my original comment on this post, I mentioned that in the emails tab each member of my community shows as “email is not verified”. I’m a bit confused by this and what it means.

Thread Thread
 
ildi profile image
Ildi

Thank you for going deeper on some of this stuff. These type of discussions help reframe my own thinking around subjects so I find them to be very valuable.

I can’t say that I’m really happy with how the internet has grown. Privacy and being able to own, control, backup, and verify everything to do with your data is super important to me. Too many things are hidden from the average user, and it’s created this culture of really poor privacy and security when it comes to the overall infrastructure of the internet.

Thread Thread
 
ellativity profile image
Ella (she/her/elle) • Edited

That's why it's European law that

Everyone has the right to

  • the protection of personal data concerning him or her
  • access to data which has been collected concerning him or her, and the right to have it rectified

This right is enshrined in article 8 of the Charter of Fundamental Rights.

These laws allowed France to fine Google €50m for GDPR breaches because they didn't give users enough information to be able to consent to or decline their data tracking.

Thread Thread
 
ildi profile image
Ildi

Unfortunately I feel like many websites/platforms on the web probably don’t follow these laws. It’s up to the user to prove that their data has not been used in good faith. Then you gotta pay a lawyer to make your case.

So much of this can be avoided if users are truly given ownership/control of their data and if the databases were not controlled by centralized actors. But from a technical perspective, this is not easy to achieve. I do hope it’s where we are headed though because the law itself and how it is upheld is often flawed and biased. That’s not to say that we don’t need laws, because we can’t decentralize everything. Also no system is perfect but I really think we can do without serving users with a cookie collection warning popup every-time they visit a website. I can’t stand those, there has to be a better way 😂