PM's How Private?

Page may contain affiliate links. Please see terms for details.
summerdays

summerdays

Cycling in the sun
Location
Bristol
jefmcg said:
Well if it's not encrypted (and I assume it wouldn't be) then Shaun could read them, he just chooses not to.

Well, he could also log in as any one of us and take a peek if he wanted
Click to expand...
I don't think he could log on as you without changing your password.

Certainly Mods can't and Shaun has always said he can't see them. He has enough alerts from the forum on a daily basis to read without going looking for more stuff to browse!
 
Pat "5mph"

Pat "5mph"

A kilogrammicaly challenged woman
Moderator
Location
Glasgow
slowmotion said:
I had a few PMs from someone who died. Amusing gossip and observations. Now that he has gone, that stuff is locked away for ever in a server somewhere. His widow presumably knows nothing of them unless he gave her his CC details, or CC gave them to her. Our conversations had nothing to do with his personal life but gives a humorous insight into his character. Should I print them out and send them to her?
Click to expand...
I would wait a year or so, then ask her if she would like to read them.
 
slowmotion

slowmotion

Quite dreadful
Location
lost somewhere
Pat "5mph" said:
I would wait a year or so, then ask her if she would like to read them.
Click to expand...
I've decided not to do anything with them. People seem to cherish old letters written by a previous generation but emails and other electronic comms are a bit different. I'm not sure why. Maybe it's because a bit less thought is given to the content.
 
jefmcg

jefmcg

Guru
Location
The dark heart of the former British Empire
summerdays said:
I don't think he could log on as you without changing your password.

Certainly Mods can't and Shaun has always said he can't see them. He has enough alerts from the forum on a daily basis to read without going looking for more stuff to browse!
Click to expand...

  1. Yeah, it would require some hacking.
  2. No, I don't think he would do it
But speaking of hacking, I wouldn't put anything in a "conversation" that would be damaging if it feel into the wrong hands. It's possible that this site could be hacked and someone might download the entire database. This is why you shouldn't use the same email/password on multiple sites. I'd be more nervous about bank details - which shouldn't cause problems but who knows, but pretty relaxed about phone numbers or addresses.
 
glasgowcyclist

glasgowcyclist

Charming but somewhat feckless
Location
Scotland
jefmcg said:
Well if it's not encrypted (and I assume it wouldn't be) then Shaun could read them, he just chooses not to.

Well, he could also log in as any one of us and take a peek if he wanted
Click to expand...


On another forum where I'm the site owner I could (I don't!) look at the MySQL database to read private messages between members. I couldn't use their credentials to login as any of them as the passwords are all hashed. The setup may or may not be similar here on CC.
 
  • Like
Reactions: mjr
C

Crackle

..
I imagine it's just permissions, same as on something like an Exchange server in a work environment. Don't ever imagine your work mail is in some way private, it simply isn't. I often had to grant permission to senior managers to examine someone's email. It's not something I liked doing and was eventually glad to be rid of the responsibility when they finally appointed an over-arching security bod, who really seemed to enjoy catching people out, the prick!
 
mjr

mjr

Comfy armchair to one person & a plank to the next
Location
mostly Norfolk, sometimes Somerset
Crackle said:
Don't ever imagine your work mail is in some way private, it simply isn't. I often had to grant permission to senior managers to examine someone's email.
Click to expand...
I don't think that's legal unless it's in the employment contract, but I could be wrong. However, still don't rely on email being private as support workers can open emails to debug system faults (but any that follow ethical standards, perhaps as part of a technical society membership) but shouldn't read the bodies unless it's relevant to the fault.

Ultimately, if you want to keep messages private, install an Open and Pretty Good Privacy (OpenPGP) encryption add-on, such as APG for K9-mail on phones, or Enigmail for Thunderbird, or many more. https://gnupg.org/related_software/swlist.html is one list. There may be other lists. I don't know. I installed stuff years ago and keep it updated but mostly, it just works once it's set up.

(edited to fix ytpo)
 
Last edited:
jefmcg

jefmcg

Guru
Location
The dark heart of the former British Empire
glasgowcyclist said:
On another forum where I'm the site owner I could (I don't!) look at the MySQL database to read private messages between members. I couldn't use their credentials to login as any of them as the passwords are all hashed. The setup may or may not be similar here on CC.
Click to expand...
You could save the hash from the database (in a text file), change the password, poke around, then copy the hash back again.

Just sayin' :whistle:
 
Pat "5mph"

Pat "5mph"

A kilogrammicaly challenged woman
Moderator
Location
Glasgow
jefmcg said:
You could save the hash from the database (in a text file), change the password, poke around, then copy the hash back again.

Just sayin' :whistle:
Click to expand...
But if the member wants to log in at the same rime of the "poking" and his password is not working, would they not suspect foul play?
 
summerdays

summerdays

Cycling in the sun
Location
Bristol
We don't have the ability to look at someone's password. If they forget it we set it to something new, tell them and then they change the password to one they can remember and we don't know.
 
jefmcg

jefmcg

Guru
Location
The dark heart of the former British Empire
Pat "5mph" said:
But if the member wants to log in at the same rime of the "poking" and his password is not working, would they not suspect foul play?
Click to expand...
Yeah, but he could always say something like "Sorry, my fault - I'm testing the speed and integrity of a number of caching data stores on the server and when I switch between them it invalidates the session data,"

(Shaun is going to punch me shortly)

summerdays said:
We don't have the ability to look at someone's password. If they forget it we set it to something new, tell them and then they change the password to one they can remember and we don't know.
Click to expand...
Yes, you can't look at them. But I bet the backend of CC is a MySql database, that is almost entirely unencrypted. The passwords are probably MD5 encrypted. Shaun can almost certainly access that. And he could, if he wanted, use that to hack.

I don't for a second think he wants to, or has. But it's easily doable.
 
You must log in or register to reply here.

Similar threads

M
How to reply to CycleChat PMs?
Replies
3
Mike Ayling
How do I "unignore" threads?
Replies
2
Chislenko
How to post a video?
Replies
8
Dave7
CC has started to send alerts to my phone.....how do I stop it ?
Replies
9
Top Bottom