Allow direct messages to be deleted

[tonyk2000]

Might have been mentioned before, but still. Isn't it time to allow PMs to be deleted? All the same - security reasons after an epik hack specifically. All sites can be hacked. NP members may possibly share private info in PMs (not that it should be done, but...) - paypal email accounts, usernames to push if some domain was bought or sold, etc, etc

 

[Bravo Mod Team]

Hello,

Please keep in mind that the conversation belongs to all participants, and you wouldn't want someone else in the conversation deleting your direct message. Also, it would make it very difficult for us to help whenever there was a marketplace dispute, spam report, etc.

Learn more:

• https://www.namepros.com/threads/wh...tion-from-your-private-message-inbox.1238401/

 

[tonyk2000]

So, let all conversations expire (be autodeleted) after lets say of 1 month of inactivity..?

 

[Bravo Mod Team]

So, let all conversations expire (be autodeleted) after lets say of 1 month of inactivity..?

Given that NamePros is a business community, it may not be a popular opinion to purge business history after a short period of time. It's also worth noting that fraud investigations would be much more difficult, which can occur after one month. For example, a chargeback can occur several months after a transaction completes.

Still, it's worth seeing if a significant percentage of the community would prefer it.

Thanks for suggesting it.

 

[tonyk2000]

OK, we are in suggestions forum. So, a related suggestion. At this time, we are speaking about private conversations (3 or more persons may participate). In this case, I do not think that anything too sensitive can be shared. Fine. Why not to implement 1-to-1 conversations with "zero knowledge" for 3rd parties including NP moderators. Encrypted. PGP or something similar as a plugin maybe (just an idea, no exact technical details yet).

How about this scenario:

1) A member is discussing his account with a registrar or marketplace representative

2) It is 1-to-1 conversation

3) Some private info was shared as a part of the conversation

4) Should NP be hacked someday, the hacker will then access the private info mentioned above

 

[Bravo Mod Team]

Why not to implement 1-to-1 conversations with "zero knowledge" for 3rd parties including NP moderators. Encrypted. PGP or something similar as a plugin maybe (just an idea, no exact technical details yet).

That's been considered before, but it's probably best if members move the conversation off of NamePros if they need that temporarily. The conversations on NamePros are intended to provide authoritative details about transactions, business dealings, etc. That's especially important when we need to get involved to help with something. Once the conversation is outside of NamePros, we're unable to assist.

We understand that it would be nice to have a service that can do it all, but in this case, it may degrade or detract from our primary purpose.

Should NP be hacked someday, the hacker will then access the private info mentioned above

This is an understandable concern.

It's worth noting that if a participant in the conversation is hacked, there is still that risk. There is also a risk of another participant publishing it or selling it without your knowledge.

A better strategy than trying to purge information is to learn about things you can do to protect yourself even if that information becomes public. This way, it won't matter, and you can rest easy.

Here are some places to start:

• https://www.namepros.com/search/sea...hild_nodes=1&type[thread][group_discussion]=1

We hope that helps.

 

[tonyk2000]

As a side note, nothing prevents NP members from using PGP in emails or PMs. It is critical for both participants of 1-to-1 chat to use PGP keys, Such an encryption + authentication will solve some of the concerns...

 

[tonyk2000]

As a side note, nothing prevents NP members from using PGP in emails or PMs. It is critical for both participants of 1-to-1 chat to use PGP keys, Such an encryption + authentication will solve some of the concerns...

NP already has custom fields such as My Favorite Domains or Most Valuable Domains in user profiles. So, adding an optional "PGP public key" field is something that can and probably should be done in forum config...

 

[Bravo Mod Team]

So, adding an optional "PGP public key" field is something that can and probably should be done in forum config...

Some members have added them to the “About” section of their NamePros profiles.

 

[MasterOfMyDomains]

Delete older messages. Say 3 years old and older. We were under impression messages were private in the old days. We shared a lot of info. The business i did with Dawg in 2014 is no longer relevant just a security risk.
I delete emails all the time. If its important i keep it.
There is i am sure 10-20 separate pm, i mean dm from certain members over the years. Tax records we toss after 6 years.
Toss Dm too

 

[dncafe]

It's also worth noting that fraud investigations would be much more difficult, which can occur after one month.

Thanks for suggesting it.

Has NamePros offered full transparency on what NamePros "Staff" members have access to private messages?

 

[tonyk2000]

Has NamePros offered full transparency on what NamePros "Staff" members have access to private messages?

Since NP staff is using "technical" more or less anonymous "mod team" accounts, due to various reasons explained in appropriate threads, the answer should be NO. Since who exactly is using technical "team" account is not a public info by itself.

However, I think that staff members do not have any personal interest to access other PMs. In my pre-domaining career, I worked as a sysadmin in various companies - and I could technically access all their email boxes. So I can tell "from inside" - I had absolutely no interest or curiosity. Offline postmen are in the same boat...

The problem is that the PMs are not encrypted, so what may happen should NP be hacked someday?

 

[Bravo Mod Team]

Has NamePros offered full transparency on what NamePros "Staff" members have access to private messages?

NamePros does not have private messages; there are only direct messages.

With the help of the technical team and solely for fraud investigations, moderators can access anything we need. This has been publicly discussed many times.

The problem is that the PMs are not encrypted, so what may happen should NP be hacked someday?

This was covered previously in this thread.

We hope that helps.

 

[dncafe]

NamePros does not have private messages; there are only direct messages.

....moderators can access anything we need. This has been publicly discussed many times.

We hope that helps.

Where can I read more about this?

I ask because as user @tonyk2000 stated "PMs are not encrypted" and also that this website uses the popular message board script XenForo. From my understanding the XenForo script does not offer the access to direct messages of other users in the admin panel or elsewhere (other than manually looking at it in the database).

The only way to view direct messages would be through a 3rd party add-on that would allow a mod to login as a user or view their direct messages.

As with Wordpress and other popular CMS platforms, 3rd party add-ons and plugins can be buggy or have security and hacking issues.

My point of all this is that if NP is relying on a 3rd party add-on, that is one day hacked, this will expose tens of thousands of unencrypted private messages going back 15+ years.

This is a genuine concern, if there were a public data dump of these direct messages it would lead to all kinds of fraud and identity theft.

EDIT

Maybe add some kind of option to delete direct messages after 1 year, or a set time frame.

 

[MasterOfMyDomains]

It the old days, we sent pm. Private message. New days its dm. Direct message. when that rule changed, all previous pm delete

 

[Bravo Mod Team]

As with Wordpress and other popular CMS platforms, 3rd party add-ons and plugins can be buggy or have security and hacking issues.

Correct, this is one of the reasons that all add-ons used by NamePros are created by our development team or trusted, respected developers of the XenForo community. In all cases, our development team reviews every add-on before it is used on NamePros.

Every site can be hacked, even those that have invested millions in security (e.g., Facebook and LinkedIn), but as far as forums go, NamePros works as hard as you can when it comes to security.

Where can I read more about this?

This thread has summarized everything that we'll share about it. If we shared additional details, it would be a security risk that nefarious actors could use to try to evade our fraud-detection systems and investigative processes.

We hope you understand.