More on Attachment Privacy

Astaroth

[*screaming into the void intensifies*]
Original poster
STAFF MEMBER
DONATING MEMBER
FOLKLORE MEMBER
Invitation Status
  1. Not accepting invites at this time
Posting Speed
  1. Speed of Light
  2. Slow As Molasses
Online Availability
It varies a lot depending on my schedule, unfortunately.
Writing Levels
  1. Advanced
  2. Adaptable
Preferred Character Gender
  1. Primarily Prefer Male
Genres
Psychological horror
Body horror
Supernatural
Giallo
Splatterpunk
Dark fantasy
Historical
Low fantasy
Magipunk
Weird West
Noir
Thriller
Gothic horror
Southern Gothic
Gaslamp fantasy
Cyberpunk
Space saga
Clockpunk
Space Western
Space opera
Paranormal
Modern fantasy
Dieselpunk
Post-Apocalyptic
Crime drama
Medieval fantasy
Hey guys. Quick announcement about a privacy issue that resulted from the September updates. As some of you are aware if you've read our Privacy Policy, as well as the announcement by Kitti at the time of the update's conclusion that detailed some of the software changes, one of the features added to the base Xenforo software included an attachment manager in the admin control panel that shows all attachments on the site, including those in PMs.

What this means is that instead of looking in PMs directly to see an exact message in its entirety, a power which admins have always had but RARELY use and never without cause, we can (by going to this area of the admin CP) see at a glance a list of attachments. This list includes a small thumbnail, file name, who it was uploaded by, and the type of message to which it was uploaded (thread, PM, etc.) It does not include the text of the message, so there is no context for these images. This feature is something only admins and the site owner can access.

This was a brand new feature and due to some concerns about it, I personally opened the manager during the update and skimmed through. My biggest concern was how much porn was being sent via PM, if there was anything illegal being sent (like child porn, for instance) for which we might be liable, and what kind of policies we might need to implement as a result of this feature. I didn't as a rule look at who was posting individual images, but I did click on a number of thumbnails that looked NSFW so I could see the full image. I also linked a few of these images (which thankfully were mainly hentai art, nobody's personal nudes were peeked at) to a private admin-only chat, because I wanted to get my co-admins' take on what sort of images were being attached and what they thought we should do about it. I admittedly giggled and was poking fun at these images because out-of-context weird hentai is funny. I did not share names except for one, because it was an exceptionally weird piece of original artwork and happened to be from a member who was frequently reported, which caught my eye.

In the end it was decided unanimously that this feature would be made public information and that we'd have a policy of not using it, nor would we moderate to check for NSFW images (or anything else). It has not been touched since.

Why is this being brought up again months later, after an announcement about the feature was already included and the Privacy Policy was revised?

Shortly after everything went down with the update, you may recall that Jorick resigned. The fact is that my use of the attachment feature is why. His reasons for resigning were that he was angry at me for using this tool at all, even to test it for the forum, and found my behavior inappropriate. He felt that he could no longer work with me and insisted that he would step down. Last night, Jorick messaged me asking to provide more information about what occurred because he was not satisfied with what was made available.

For the record, there was never any intention of hiding facts from the community; we believed the matter had been adequately addressed and we had a lot going on, especially as regards our health issues and the many bugs caused by the update. I had a relapse of my multiple sclerosis, which sent me to the hospital for several weeks. I was partially numb and paralyzed with minimal muscle control from mid-torso down. I spent months afterward in physical rehabilitation. This is why I've been absent from the site for so long, which has left Kitti (who also has health issues) to run Iwaku as the sole admin in the interim. Needless to say, stuff hasn't been getting done promptly.

If you are uncomfortable with my actions, I'm sorry and I understand if you would like to leave Iwaku. It was not a moment where I considered what I was doing and how it might be perceived carefully and I regret it. If you have any questions or concerns, please voice them.

One more thing: Please do not harass Jorick over this incident. Thank you.
 
HEY FUCKERS, SITE GRUMPY UNCLE HERE. Lemme add a quick addendum to the above post in relation to the state of data protection on Iwaku, since it’s pretty relevant to the topic at hand.

“But Grumpy, what do you know about data protection? You can’t even spell coherently!”

Well see, I’ve got a bit of professional experience with this sort of malarkey. I spent a good six months in my last role involved in a joint IT-Legal project that was tasked with rolling out new privacy and data security policies across the organisation in advance of the General Data Protection Regulation (or GDPR, as it’s known). It was a fucking headache, given that the organisation in question was run on dinosaurs and carrier pigeons for the most part, but the experience gave me a reasonable knowledge of data protection and what needs to be in place in terms of policy.

SO LET’S TALK IWAKU’S PRIVACY POLICY.

I’ll mostly be chatting about this through the lens of GDPR, since that’s what I understand best, but in short a website needs to do the following in order to be in the clear when it comes to good data protection:

1. Make users adequately aware of the data it is storing on them.
2. Take adequate steps to securely store and protect this information.
3. Ensure that only the minimal necessary amount of data is requested/stored.
4. Ensure that this data is never shared with any unnecessary persons/groups.
5. Offer users the right to access their data, upon request.
6. Offer users the right to have their data removed, upon request.

Conveniently, Iwaku’s policies/procedures on all of the above can be found here, outlined in our Privacy Policy. It’s all concise and shit, you should read it.

The new attachment manager feature that was described in the post above (and Kitti’s original announcement) might cause some concerns amongst folks. Privacy is important, after all: no-one likes to feel like they’re getting snooped on. What I can assure everyone of is the fact that their data hasn’t been mismanaged or exposed to any form of breach. This attachment manager feature was not even available to staff members: the only people with access were admins and the site’s owner. These individuals are what you could consider recognised authorities for Iwaku (the organisation I worked for referred to such people as “data protection champions” but using that term makes me want to drown myself), since they are the people who ran the damn forum, and as such are in charge/responsible for any data uploaded to Iwaku’s servers.

The new attachment manager didn’t grant the admins/owner any new access to data, it merely provided a more efficient method for accessing data.

No information/data/photos was shared outside of this circle of authority.

What’s more, having trialled the feature the admins elected to introduce a policy where they would not use it, due to privacy concerns for users, and that they would publicly disclose this sort of access was possible.

If you’re interested in reading more about GDPR, there’s a pretty handy breakdown here, and if you have any questions feel free to hit me up. I just wanted to offer some extra info about data protection on Iwaku, in case some folks were curious.

NOW OFF YOU FUCK AND HAVE A GOOD DAY, CHUMS.
 
Iwaku’s a great community, and it’s become a second home for me. I’ve met some great people who’ve become some of my closest friends, and I’m truly grateful to the staff and admins who’ve kept this place going by giving their spare time freely. I’ve never once felt like my trust in them was misplaced. Not until today.

I hope you recognise that a line was crossed when you linked a user with the contents of their private messages without a valid security reason. Not a line in terms of data protection, but in terms of the conduct we as users would hope for from someone in a position of site leadership and responsibility. It’s one thing for the attachments panel to be there, it’s another to say “Hey, look what this guy posted.” In the eyes of some people, that line may have been crossed earlier in the buildup, but I feel like this is where it became indisputable that admin permissions were misused. I also hope you understand the concern I feel when it takes a request from somebody else for this to be openly admitted.

I accept that there’s been a lot of other things you’ve had to deal with, what with both the aftermath of the update and your own health issues. I certainly can’t imagine how frustrating and difficult the past few months have been for you. I’m glad that we finally heard about this, rather than it be swept under the rug. I hope you’ve reflected on it and considered what could have been done better, both at the time of the original incident and subsequently.

I’m not comfortable with your actions, and today I did consider leaving Iwaku. But this place means too damn much to me to quit it. Iwaku was my anchor as I struggled with work-related stress and anxiety disorders. To a certain extent it still is. I hope you’ve learned from this misstep, and I hope as we move forwards that I never have another day where I consider leaving Iwaku. Today hurt too much as it is.
 
Iwaku’s a great community, and it’s become a second home for me. I’ve met some great people who’ve become some of my closest friends, and I’m truly grateful to the staff and admins who’ve kept this place going by giving their spare time freely. I’ve never once felt like my trust in them was misplaced. Not until today.

I hope you recognise that a line was crossed when you linked a user with the contents of their private messages without a valid security reason. Not a line in terms of data protection, but in terms of the conduct we as users would hope for from someone in a position of site leadership and responsibility. It’s one thing for the attachments panel to be there, it’s another to say “Hey, look what this guy posted.” In the eyes of some people, that line may have been crossed earlier in the buildup, but I feel like this is where it became indisputable that admin permissions were misused. I also hope you understand the concern I feel when it takes a request from somebody else for this to be openly admitted.

I accept that there’s been a lot of other things you’ve had to deal with, what with both the aftermath of the update and your own health issues. I certainly can’t imagine how frustrating and difficult the past few months have been for you. I’m glad that we finally heard about this, rather than it be swept under the rug. I hope you’ve reflected on it and considered what could have been done better, both at the time of the original incident and subsequently.

I’m not comfortable with your actions, and today I did consider leaving Iwaku. But this place means too damn much to me to quit it. Iwaku was my anchor as I struggled with work-related stress and anxiety disorders. To a certain extent it still is. I hope you’ve learned from this misstep, and I hope as we move forwards that I never have another day where I consider leaving Iwaku. Today hurt too much as it is.

I am sorry for the hurt this has caused you and I absolutely understand your concerns. I would like to clarify that the image where I mentioned a name was in fact NSFW art, not simply a weird drawing, and that this person had a history of being reported for NSFW issues among other things. There is a lot of context I glossed over because I did not intend this thread to be a defense of my actions, but I think there was a failure of communication here on this one note.
 
Er, maybe it's just me being horridly insensitive, but, I don't feel like my rights have been greatly trespassed or that y'all need to apologize to me. To be honest, a tool like that would be hard not to ignore the use of, the simple fact that you could find and stop skeevy crap like pedophilia should it rear it's ugly head without being reported would be too hard to pass up, at least in my eyes. I know everybody, especially an american like me should be up in arms about our rights, but I have no illusions that this is somebody else's site and it's their duty to maintain and uphold the law and order by whatever means are necessary. I do a LOT of posting in pms, because I'm a bit sensitive of letting the public see my horrid smuts, but I know that it's an admin's right to see what I'm up to if I'm suspected of anything. Regardless, I respect Jorick's integrity on the matter, and his understanding of how others would feel if they knew that such a thing was possible, though, at the same time I understand/respect the other end of the spectrum for doing what they see fit for the good of the site.

Such a thing would never cause me to leave, I love this site and appreciate you all for wading through the crap we all leave for you to deal with. Thank you for apologizing, but for me, you never had to in the first place. Long as this site's alive and healthy, I'm happy.

I'm exhausted, so this may not be worded/formatted in the most elegant of ways, but I'd like to let you all know I still think you're alright. We all make mistakes, and your integrity to address them make me all the more secure in the knowledge that you've got the right stuff to look after us all.
 
I think a line was not crossed. In fact, I have a more positive view of Iwaku.​

From a legal stand point, Iwaku should only be collecting/storing/accessing/sharing any information/data which is necessary to hold/share in the course of its duties. Regular auditing and cyber security by appropriately authorised staff are duties that Iwaku can and should perform. So use of the attachment viewer tool without notifying users appears to be legitimate, and no user authorisation is needed.​

Over and above a need for such a tool for auditing purposes, a user permits content to be collected/stored/accessed/shared simply by the act of posting a message/attaching a file. Be that in PMs or elsewhere.​

The type of update (i.e. Xenforo 2.0.9) was made public knowledge in an earlier announcement [1][4] so users have not been necessarily blindsided. The attachment viewer tool is plainly an admin tool that is available in this update [2][3].​

I am grateful that Iwaku admin have gone over and above the minimum required steps. I am glad to be part of a community where the admin take the time to dicuss sensitive information with users, and have a wherewithal to make decisions about ethics. It shows that Iwaku is truly a place built on, and made for, the enjoyment and happiness of its users, and that the admin have our backs. Thank you with a big heart.​

[2] XenForo 2.0.9 Released (Security Fix)


[4] WELCOME BACK
Added [4] for clarity. This is the main update annoucement, which refers to [1].
 
Last edited by a moderator:
Hey. Sorry to hear about your health issues. I don't think anyone disagrees that Iwaku and its administrators have certain rights regarding data management. However, I've got a couple of questions pertaining to how data access was abused here.

"I admittedly giggled and was poking fun at these images because out-of-context weird hentai is funny. I did not share names except for one, because it was an exceptionally weird piece of original artwork and happened to be from a member who was frequently reported, which caught my eye." ... "I would like to clarify that the image where I mentioned a name was in fact NSFW art, not simply a weird drawing, and that this person had a history of being reported for NSFW issues among other things."
1) Why did you abuse the permissions available to you to make fun of users? That is not, as referenced in the post above, "necessitated for a legal concern". (1)

2) Why did it take a request from Jorick to publish the details on this situation? Would none of this have been relayed if he hadn't brought attention to it? And, for that matter, why would anyone harass Jorick for such behavior? From my point of view, you are presenting him as having taken unreasonable actions, but if I had been in the same place, I believe I would have had reacted similarly.

3) Why was this thread not titled, "An apology for invasion of privacy"? You messed up here, but you chose to present this whole situation as merely informational instead of pertaining to actions you'd taken.

For those who aren't aware, I used to be staff here (Community), but chose not to re-apply after the mass firing before the forum update. I don't know what the current state of affairs is behind the scenes, but I'd hope that not everyone is simply remaining silent over this sort of misuse of power.
 
2) Why did it take a request from Jorick to publish the details on this situation? Would none of this have been relayed if he hadn't brought attention to it? And, for that matter, why would anyone harass Jorick for such behavior? From my point of view, you are presenting him as having taken unreasonable actions, but if I had been in the same place, I believe I would have had reacted similarly.

I'm just going to slip in and answer this one!

It was my executive decision not to make a public announcement of Astaroth's mistake. Mistakes happen staff-side all the time, from inexperience and screwing up with things like bans, to wildly misjudging appropriate behavior, and also plain old not thinking and making a bad choice. I've even made really shitty choices in the past when it comes to management of the site. They happen.

Unless a situation puts member safety in peril or leaks private information to the public, there's not a need to announce it.

In this particular situation Jorick's opinion of what should've happened are the opposite to mine. Making a public acknowledgement was the requested solution to give him some closure and put it to bed.

Meanwhile, asking people not to harass Jorick over this is pretty much standard fair any time an announcement goes up that involves very strong opinions. You can already see in the thread that people have different views, and by nature members get really passionate about defending their stance. (This we know from experience thanks to every announcement ever made.) It's one of those things where not everyone is going to agree, so neither Jorick nor Astaroth deserve getting hassled.
 
  • Like
Reactions: Astroblaze
Hey. Sorry to hear about your health issues. I don't think anyone disagrees that Iwaku and its administrators have certain rights regarding data management. However, I've got a couple of questions pertaining to how data access was abused here.

Hey Eru. For ease of posting, I'll address these in order:

1. As I said, I was linking those pictures in the course of testing out the tool. Laughing at them was definitely not a necessary action, and I agreed in hindsight that it was in poor taste and I was being thoughtless. I could elaborate on what was going on in my head, but I really did not set out to make this thread into a defense of my actions or lay out excuses, and I would like to keep it from becoming that. If you're interested in more, you're welcome to message me privately.

2. As Diana posted above, we don't normally post about mistakes unless something was compromised. After seeing Jorick's reasons for thinking it should have been admitted openly, I actually agree with him more than Diana in this case and I would have said something months ago if the discussion had happened earlier. For various reasons, it did not.

I asked people not to harass Jorick because he is no longer a member of staff/administration, so he shouldn't be in the line of fire for anyone who wants to get heated about this (which happens, even for the most neutral situations) or even just flooding with messages asking about it, since that was not part of what he asked for. I would do the same for any announcement where someone got mentioned by name in this sort of context. I'm not sure how I've presented him as unreasonable; I stated his reasons for leaving, his opinion of my behavior, and that he asked for an announcement, then asked people to leave him alone about it. Painting him as unreasonable was not at all my intention, so sorry if it came across that way.

3. This thread was addressing both my own actions (including an apology) as well as information about the tool and about Jorick's resignation, so I thought this title fit the content. The thread itself does focus mainly on the first part, though, so maybe I should have chosen a title that reflected that.

I completely understand why you're upset with what's gone down, but I hope this answered all of your questions. Let me know if you need any more clarification.
 
  • Like
Reactions: Astroblaze
Originally, I wrote a few paragraphs with the intent to subtly scold those who were freaking out about this. I decided against posting it because it would not help this situation.

Instead, I will simply state my views on this.

Mistakes happen. That is fine. That action was taken regarding it (announcing it and making a policy about it) is good.

I don't see a problem with the admins being able to see our attachments, and I think that they should be able to. We encourage people to report problems and issues, but not everyone is going to do so, and some people might even opt to encourage rule-breaking and possibly illegal behaviors. To me, it seems a bit silly to have a policy against checking attachments.

In order to protect the site, it seems like skimming/scanning through these attachments is something that _should_ be done.

However, I also understand that people treasure their privacy and don't want to be laughed at (or have their uploads laughed at). This makes perfect sense, given the world we live in and how many people have near-zero privacy.

I'm sad that this is the reason Jorick resigned, since to my perception, this doesn't seem like a big deal, but I do understand that my perception is not always correct, and his decision was made based on his morals, experiences, and emotions.

Similarly, I am not upset about Astaroth laughing at a few images. If I were in his shoes, I would have done the same thing—investigated the new feature and shared my findings with my fellow admins. I would have laughed at out of context hentai, too. It's human nature to be curious and seek humor.

To me, this seems like it's been made into a bigger issue than it needed to be, but again, my experiences and views are not the same as those of others. I am glad that this situation is being addressed, even if it took place (what feels like) an eternity ago.
 
Just quick question? @Astaroth if it's not nudes, like a reference to clothing a character is wearing and there no face. Is that okay? I just leave them as attachments and don't insert them so it sfw
 
Just quick question? @Astaroth if it's not nudes, like a reference to clothing a character is wearing and there no face. Is that okay? I just leave them as attachments and don't insert them so it sfw
Hi there. If you're wondering if something breaks our NSFW rules, you can review our guidelines here. Hope that helps! If you still have questions let me know.