Secure PMs?

**James Wonnacott** · 06-06-14, 13:37

In general they can only be seen by the sender, recipient and, of course, site administrators.
BUT the golden rule of computer security is:
"What one man can invent, another can discover" (applies to both sexes actually).

James.

**Anna** · 06-06-14, 13:52

If you use the search facility you will see there have been several threads about PM. Here is the last one: http://www.for3.org/forums/showthrea...ivate+messages
If it worries you then simply exchange private email addresses with whomsoever you wish to correspond with.

**Nick Armstrong** · 06-06-14, 14:10

Thank you Anna, I was thinking of that earlier thread and would have searched for it had I had the opportunity!

**french frank** · 06-06-14, 16:31

Originally posted by James Wonnacott View Post

In general they can only be seen by the sender, recipient and, of course, site administrators.
BUT the golden rule of computer security is:
"What one man can invent, another can discover" (applies to both sexes actually).

Not even the site administrators (me, Andrew and Mark) can do that unless they break into your account by overwriting your password with a new one. But we wouldn't be able to rewrite your password again as we can't see what it is, so you wouldn't be able to log in (I may have said that on the other thread).

**french frank** · 06-06-14, 18:37

Andrew, who knows about these things, has PM'd me:

"The database, which holds all messages and PMs, doesn't appear to be encrypted. Therefore, in principle, if anybody managed to hack into the database, then they would be able to read anything in the database, including PMs. We need to make this known, in case anybody thinks they're secure.

Of course, there will be security measures on the server to resist hacking attempts, but ....."

It remains the case that the forum administrators would have to behave in a quite unacceptable way in order to read PMs - no spending happy afternoons browsing through everyone's PMs! And wouldn't then be able to cover their tracks (well, I wouldn't - can't speak for Andrew!

)

**James Wonnacott** · 07-06-14, 17:25

As I said, The admins could. But admins don't -because they are admins. Someone has to be god.

James (SysAdmin in a school)

**Dave2002** · 09-06-14, 16:32

Originally posted by french frank View Post

"The database, which holds all messages and PMs, doesn't appear to be encrypted. Therefore, in principle, if anybody managed to hack into the database, then they would be able to read anything in the database, including PMs. We need to make this known, in case anybody thinks they're secure."

I agree that if the database isn't encrypted that it should be made known. Of course HS has also pointed out the dangers of an intended recipient forwarding on personal/private details.

So - don't go posting Jeremy Clarkson type bank details to other forum members, for example, if you buy or swap CDs. Similarly, don't post passwords - which should never be given out anyway, but people do. Perhaps for some situations phone numbers would be the best way to exchange details, as at least they don't represent information which can't be obtained by other means, or even if such numbers are passed on, most savvy people will be able to take reasonable precautions against hoaxsters and scammers.

**johnb** · 09-06-14, 17:08

I am really puzzled by this thread. Surely everyone by now must realise that they should only post information which they are happy for the world to see whether in the open forum or in PM. This is no reflection on this forum, just a general approach.

It reminds me of those "innocent" souls (yes, that is a euphemism) who believe that their workplace emails are truly private.

**Dave2002** · 09-06-14, 17:31

Originally posted by johnb View Post

I am really puzzled by this thread. Surely everyone by now must realise that they should only post information which they are happy for the world to see whether in the open forum or in PM. This is no reflection on this forum, just a general approach.

It reminds me of those "innocent" souls (yes, that is a euphemism) who believe that their workplace emails are truly private.

john

Firstly, I think we should be aware of the risks. HS has pointed out the obvious fact that even confidential information can be passed on.
Secondly, there is perhaps a greater risk if the database is not encrypted. Many of us have accounts with online stores (don't we) and we hope that the details are kept in a reasonably secure form. Sometimes this is not the case, but mostly we accept the risks, but we do assume that the risks have been minimised by third parties which store our data.

I agree that we should all treat PMs and other postings and also emails as if they can be read by anyone. I do think that some people forget this at times. Trust is also important - as without it we would probably never exchange any details with anyone.

I have been on public transport, both trains and buses, where people have happily read out credit or bank card numbers, plus security codes, and related dates. In one case someone wasn't even giving out her own card details, but her mother's - for a friend!

There are clueless people out there. I of course was ready with my notepad and pencil!

**Stanley Stewart** · 10-06-14, 11:56

erm...Dave2002. I sent you a PM, late yesterday afternoon (9 June) which could not be accepted as your mailbox was full!

**MrGongGong** · 10-06-14, 12:29

Originally posted by James Wonnacott View Post

As I said, The admins could. But admins don't -because they are admins. Someone has to be god.

James (SysAdmin in a school)

A "SysAdmin" in one school I visited last year is now a guest of the queen for some rather nefarious activities online

**Dave2002** · 10-06-14, 13:23

Originally posted by Stanley Stewart View Post

erm...Dave2002. I sent you a PM, late yesterday afternoon (9 June) which could not be accepted as your mailbox was full!

I think it's OK now, but if not now, it will be later today.

I don't actually see why we can't have significantly larger boxes for PMs - the cost of storage must be minimal by now, though keeping a lot of data for a long while is perhaps never a good thing. At least we can't send attachments for PMs - or at least I think we can't. I really love people who send me 10 Mbyte files as attachments to my email, and then block everything else. However, in the future we'll be able to send whole CD albums - firstly mp3 or equivalent - up to 150 Mbytes, then CD quality - up to 750 Mbytes, then hi-res - up to 1.5 Gbytes, and in the meantime DVDs and other video will have crept up - typical DVD - around 4.7 Gbytes, then we'll start on hi-res video - currently up to 50 Gbytes, but will go up further!

Managing all this stuff can be a pain!

**french frank** · 10-06-14, 16:43

Originally posted by Dave2002 View Post

I think it's OK now, but if not now, it will be later today.

I don't actually see why we can't have significantly larger boxes for PMs

You can - I reckon it's doing most people a favour to get them to sort their messages regularly rather than having hundreds and hundreds just mounting up.

Managing all this stuff can be a pain!

You can switch PMs off if you want to ...

Or not save your Sent Messages.

**James Wonnacott** · 10-06-14, 20:25

Originally posted by MrGongGong View Post

A "SysAdmin" in one school I visited last year is now a guest of the queen for some rather nefarious activities online

Wasn't by any chance in the SW was it?

Secure PMs?

Secure PMs?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment