Forem Creators and Builders 🌱

Discussion on: Changelog: Member Detail Page

michaeltharrington profile image
Michael Tharrington • Edited on

Curious to hear from some other mods @michaeltharrington, @ioscasey, @lee?

I personally do not feel like it's a privacy concern to take private notes on a user's account in the Forem platform.

Ella's totally right that we use this space to log information about folks who have broken (or near broken) our Code of Conduct, so that we can have that history to make informed decisions about disciplinary actions. While we could take this info out of the platform and log it in another piece of software, I think it's actually a bonus to the user that we don't do that, because as y'all noted, when they delete their account all of their records are purged from our system.

All this said, there could be potential for abuse if another community manager out there were to use Forem's note-taking abilities to log information about the user in order to try to sell them things or what not. But, I also think someone could do that outside of Forem; I don't really see Forem as enabling this behavior.

I think it would be problematic to let the user know the contents of every notes we may have taken on them. As y'all noted, that would probably trigger more questions from the user. Still, this is an all around interesting convo and it does have me rethinking how public we should be with folks about any disciplinary notes we're taking on them!

Thread Thread
lee profile image

I agree, it’s not happening programmatically, this is one human making notes about another humans general behaviour (when flagged), it’s a fair system that then allows for fair discussions on warnings and then a potential ban. Those notes would be made somewhere anyway right? Either on paper or in an email, much easier for community managers to see it all in one place

Thread Thread
jennieocken profile image
Jennie Ocken (she/her) Author

Not sure I want to jump into this slippery slope but here we go...

I feel like having mods/admins have notes on users is well within the usage of the platform and not a privacy concern. After all things written by a person belong to that person even if they are written about someone else (otherwise non-fiction writing would be a very strange place). I think it is right and proper that we connect those notes to a user so we can have effective moderation of the site. And that we remove that data if we remove the user, as it is not longer part of that effort.

It's important to have these conversations and think through privacy from all points of view. Personally, I don't really want to know what people say about me when I am not around 😇. But, I also want to make sure that our mods can do their work in a safe way. Making a bully aware that the mods are discussing their behavior could actually make the mod's life harder without any real privacy benefit.

Thread Thread
ellativity profile image
Ella (she/her/elle)

It's important to have these conversations and think through privacy from all points of view.

Seconded! I really value 1) @ildi gave us a different lens to view it through, 2) Ildi was comfortable to share an alternative perspective, 3) we were able to have a thoughtful discussion with multiple people sharing their experiences. I hope we can have more of these conversations around here!

Thread Thread
ildi profile image

Making a bully aware that the mods are discussing their behavior could actually make the mod's life harder without any real privacy benefit.

This is true and I do agree that in general there is no way to prevent anyone from writing notes about how you behave in a public platform.

All this talk of privacy has made me curious about the scenario when a user requests to have their profile deleted (which includes all their data) how can that user verify for themselves that the deletion has taken place with 100% certainty since the database itself is not publicly available?

Also going back to my original comment on this post, I mentioned that in the emails tab each member of my community shows as “email is not verified”. I’m a bit confused by this and what it means.

Thread Thread
ildi profile image

Thank you for going deeper on some of this stuff. These type of discussions help reframe my own thinking around subjects so I find them to be very valuable.

I can’t say that I’m really happy with how the internet has grown. Privacy and being able to own, control, backup, and verify everything to do with your data is super important to me. Too many things are hidden from the average user, and it’s created this culture of really poor privacy and security when it comes to the overall infrastructure of the internet.

Thread Thread
ellativity profile image
Ella (she/her/elle) • Edited on

That's why it's European law that

Everyone has the right to

  • the protection of personal data concerning him or her
  • access to data which has been collected concerning him or her, and the right to have it rectified

This right is enshrined in article 8 of the Charter of Fundamental Rights.

These laws allowed France to fine Google €50m for GDPR breaches because they didn't give users enough information to be able to consent to or decline their data tracking.

Thread Thread
ildi profile image

Unfortunately I feel like many websites/platforms on the web probably don’t follow these laws. It’s up to the user to prove that their data has not been used in good faith. Then you gotta pay a lawyer to make your case.

So much of this can be avoided if users are truly given ownership/control of their data and if the databases were not controlled by centralized actors. But from a technical perspective, this is not easy to achieve. I do hope it’s where we are headed though because the law itself and how it is upheld is often flawed and biased. That’s not to say that we don’t need laws, because we can’t decentralize everything. Also no system is perfect but I really think we can do without serving users with a cookie collection warning popup every-time they visit a website. I can’t stand those, there has to be a better way 😂