PM's How Private?
- Thread starter classic33
- Start date
Page may contain affiliate links. Please see terms for details.
summerdays
Cycling in the sun
I don't think he could log on as you without changing your password.
Certainly Mods can't and Shaun has always said he can't see them. He has enough alerts from the forum on a daily basis to read without going looking for more stuff to browse!
I would wait a year or so, then ask her if she would like to read them.
slowmotion
Quite dreadful
I've decided not to do anything with them. People seem to cherish old letters written by a previous generation but emails and other electronic comms are a bit different. I'm not sure why. Maybe it's because a bit less thought is given to the content.
Pro Tour Punditry
Guru
There are a lot of people replying to this thread that you have PMed me about
jefmcg
Guru
- Yeah, it would require some hacking.
- No, I don't think he would do it
rich p
ridiculous old lush
glasgowcyclist
Charming but somewhat feckless
On another forum where I'm the site owner I could (I don't!) look at the MySQL database to read private messages between members. I couldn't use their credentials to login as any of them as the passwords are all hashed. The setup may or may not be similar here on CC.
I imagine it's just permissions, same as on something like an Exchange server in a work environment. Don't ever imagine your work mail is in some way private, it simply isn't. I often had to grant permission to senior managers to examine someone's email. It's not something I liked doing and was eventually glad to be rid of the responsibility when they finally appointed an over-arching security bod, who really seemed to enjoy catching people out, the prick!
mjr
Comfy armchair to one person & a plank to the next
I don't think that's legal unless it's in the employment contract, but I could be wrong. However, still don't rely on email being private as support workers can open emails to debug system faults (but any that follow ethical standards, perhaps as part of a technical society membership) but shouldn't read the bodies unless it's relevant to the fault.
Ultimately, if you want to keep messages private, install an Open and Pretty Good Privacy (OpenPGP) encryption add-on, such as APG for K9-mail on phones, or Enigmail for Thunderbird, or many more. https://gnupg.org/related_software/swlist.html is one list. There may be other lists. I don't know. I installed stuff years ago and keep it updated but mostly, it just works once it's set up.
(edited to fix ytpo)
Last edited:
jefmcg
Guru
You could save the hash from the database (in a text file), change the password, poke around, then copy the hash back again.
Just sayin'
But if the member wants to log in at the same rime of the "poking" and his password is not working, would they not suspect foul play?You could save the hash from the database (in a text file), change the password, poke around, then copy the hash back again.
Just sayin'
summerdays
Cycling in the sun
We don't have the ability to look at someone's password. If they forget it we set it to something new, tell them and then they change the password to one they can remember and we don't know.
jefmcg
Guru
Yeah, but he could always say something like "Sorry, my fault - I'm testing the speed and integrity of a number of caching data stores on the server and when I switch between them it invalidates the session data,"
(Shaun is going to punch me shortly)
Yes, you can't look at them. But I bet the backend of CC is a MySql database, that is almost entirely unencrypted. The passwords are probably MD5 encrypted. Shaun can almost certainly access that. And he could, if he wanted, use that to hack.
I don't for a second think he wants to, or has. But it's easily doable.
