# Confidential Information being shared from bogus account



## Vigilance (Sep 27, 2005)

I have been posting some to this thread: http://www.enworld.org/showthread.php?p=2610191#post2610191

Today I received a private message from a clearly bogus account that began like this:

Hello! We noticed all the discussion on Enworld about the rpgnow change. For the 
record, we have attached the email that rpgnow officially sent to us last week 
about this change (see below), in case you have not seen it. Please understand 
that we must keep our identity private, in fear of retaliation from rpgnow.

It then went on to provide me with a complete confidential email from RPGNow intended for the eyes of vendors only.

If a Mod would be kind enough to contact me via email I would be happy to forward the email to him and/or provide him the user name used to send the private message.

My hope is that the IP of offending party can be used to determine his or her identity.

Chuck


----------



## Michael Morris (Sep 28, 2005)

IP's of PM's aren't logged. Further, PM forwardings can't be validated. Even further, it is a violation of US and Florida state (where the ENWorld server is located) privacy laws to use admin access to pilfer through PM's for any reason as they are labelled as "private".


----------



## Vigilance (Sep 28, 2005)

Spoony Bard said:
			
		

> IP's of PM's aren't logged. Further, PM forwardings can't be validated. Even further, it is a violation of US and Florida state (where the ENWorld server is located) privacy laws to use admin access to pilfer through PM's for any reason as they are labelled as "private".




The IP of the user account can be verified though couldnt it?

This is someone violating privacy, not looking to be violated.

Chuck


----------



## Michael Morris (Sep 28, 2005)

If they've made a post, yes -- but IP addresses can be forged and they are somewhat unreliable as a means to ascertain ID.


----------



## DanMcS (Sep 28, 2005)

Besides which, RPGnow sending email to a bunch of people and labelling it confidential isn't very binding.  Unless they have a cast-iron contract that vendors sign when they join up that states that all communications from RPGnow are confidential, then just slapping "confidential" in the title of an email has no weight.  I'd like to see this "confidential" thing, actually.


----------



## Vigilance (Sep 28, 2005)

I am very confused by the (non) reaction to this.

I am trying to be a good citizen here and I realize this isn't the end of the world.

But I have seen Mods come down with more of a vengeance when someone called a poster a moron- this guy is TELLING ME he's trying to circumvent the system and share confidential business information and there's nothing that can be done? 

Chuck


----------



## Vigilance (Sep 28, 2005)

DanMcS said:
			
		

> Besides which, RPGnow sending email to a bunch of people and labelling it confidential isn't very binding.  Unless they have a cast-iron contract that vendors sign when they join up that states that all communications from RPGnow are confidential, then just slapping "confidential" in the title of an email has no weight.  I'd like to see this "confidential" thing, actually.




Well maybe if you're lucky you'll get an illicit PM too.


----------



## Psionicist (Sep 28, 2005)

Illicit? Sharing someones e-mail is rude but it's defenitely not illegal, unless a paper (NDA, contract etc) has been signed. I doubt this is the case.


----------



## Vigilance (Sep 28, 2005)

Psionicist said:
			
		

> Illicit? Sharing someones e-mail is rude but it's defenitely not illegal, unless a paper (NDA, contract etc) has been signed. I doubt this is the case.




Pardon me- I forgot to consult my thesaurus and a legal dictionary before I used the word illicit.

NO I am not advocating tracking him down with police dogs ok?

Chuck


----------



## Michael Morris (Sep 28, 2005)

To be blunt, we cannot verify the contents of a PM without breaking Federal and state law. Unless we can verify the contents, we cannot legally take action. The only way around this is to secure a court order. Importantly, if you believe this fellow is breaking the law then any evidence you present or we acquire on your behalf must be legally acquired -- if we search the database without a court order for this message then the message will not be admissable in court. 

To sum up - I'm sorry, but private messages are just that -- private. If you don't want to receive a PM from a given user put them on your ignore list.


----------



## Vigilance (Sep 28, 2005)

Spoony Bard said:
			
		

> To be blunt, we cannot verify the contents of a PM without breaking Federal and state law. Unless we can verify the contents, we cannot legally take action. The only way around this is to secure a court order. Importantly, if you believe this fellow is breaking the law then any evidence you present or we acquire on your behalf must be legally acquired -- if we search the database without a court order for this message then the message will not be admissable in court.
> 
> To sum up - I'm sorry, but private messages are just that -- private. If you don't want to receive a PM from a given user put them on your ignore list.




Ok- I guess Im an idiot and NO ONE realizes what I am asking for here.

I dont want to sue the freaking guy.

Id like to think this is a banning offense though, ok?

Ive seen people banned for being RUDE for crying out loud.

This seems like a ban-worthy offense to me.


----------



## Michael Morris (Sep 28, 2005)

Vigilance said:
			
		

> Ok- I guess Im an idiot and NO ONE realizes what I am asking for here.
> 
> I dont want to sue the freaking guy.
> 
> ...




I don't make decisions regarding bans.  That's the moderation team's call.

PM's are unmoderated.  Forwarding a bad PM doesn't work because we have no way of knowing if you altered the text of the PM before sending the forwarded PM (I'm not trying to say or imply that you would - I'm simply stating that we can't verify the contents of the PM). In order to ban or kick someone we'd need evidence we cannot obtain short of searching the PM archives, which is illegal.


----------



## reveal (Sep 28, 2005)

Vigilance said:
			
		

> Ok- I guess Im an idiot and NO ONE realizes what I am asking for here.




They do realize what you're asking for. And what Spoony's telling you is that they cannot do it without a court order. Without a court order, if they did it, it would be illegal. It's not worth it because the information in question is simply confidential. No one signed a contract saying they would not give said information to others. Therefore, nothing illegal occured on the senders end. 

So, basically, to fulfill your request, Spoony would have to perform an illegal action to combat a  non-illegal spreading of information.


----------



## Dinkeldog (Sep 28, 2005)

Vigilance, there's a stickied thread in this forum that has all of the current e-mails of the moderators.

Having said that, it is possible to find an e-mail address for a given login for our own internal purposes. 

Having said that, the current attitude toward this is to treat it as a news item (which is why the thread was not closed and deleted the day it started).  You can always send an e-mail to one of the moderators in the thread above and we can discuss the issue.  It is just as likely that some form of the letter would end up on the front page, however.

Unless there is actual illegal activity, then it is highly unlikely that any ban would occur.


----------



## Vigilance (Sep 28, 2005)

Dinkeldog said:
			
		

> Vigilance, there's a stickied thread in this forum that has all of the current e-mails of the moderators.
> 
> Having said that, it is possible to find an e-mail address for a given login for our own internal purposes.
> 
> ...




So, I've just discovered the world's most ingenious marketing tool in the form of the PM?


----------



## Michael Morris (Sep 28, 2005)

I'm fairly certain that if multiple users complained about the same user concerning PM's their PM priveledges would be suspended, but as to how many and what for only the mods can say.


----------



## reveal (Sep 28, 2005)

Vigilance said:
			
		

> So, I've just discovered the world's most ingenious marketing tool in the form of the PM?




If you're so upset about this, you should be talking to RPGNow. If the information is supposed to have been kept secret, then they can go through proper legal channels to get the matter taken care of, which includes getting a court order and presenting it to EN World to divulge the information.

EN World cannot give out private information simply because they think illegal activity may be occuring. That, in and of itself, is illegal.


----------



## Dinkeldog (Sep 28, 2005)

Vigilance said:
			
		

> So, I've just discovered the world's most ingenious marketing tool in the form of the PM?




First, Vigilance, I receive myriad spam IMs each day, usually from webcam porn sites.

Second, your example isn't marketing.

Third, are you a community supporter?  Is the other individual a community supporter?  Is your e-mail public?  Is your instant messenger login public?  (Note both of mine are at this site.)


----------



## Vigilance (Sep 28, 2005)

Dinkeldog said:
			
		

> First, Vigilance, I receive myriad spam IMs each day, usually from webcam porn sites.
> 
> Second, your example isn't marketing.
> 
> Third, are you a community supporter?  Is the other individual a community supporter?  Is your e-mail public?  Is your instant messenger login public?  (Note both of mine are at this site.)




My email is public because I occasionally get questions or comments about the books I write via email from people who see me on the boards.

But- my conduct isnt really what's at fault here is it?

You and reveal both seem to feel like I am at fault.

Chuck


----------



## reveal (Sep 28, 2005)

Vigilance said:
			
		

> My email is public because I occasionally get questions or comments about the books I write via email from people who see me on the boards.
> 
> But- my conduct isnt really what's at fault here is it?
> 
> ...




I don't think you're at fault. I think the person who sent you this is at fault. What you seem to be doing is demanding that EN World do something about this when, legally, they have no grounds to do anything. You've been told that but you continue to make the same demands.

As I said, you need to talk to RPGNow. It's their information and they are the ones who have the legal recourse to try to catch this person, if they choose to do so.


----------



## Vigilance (Sep 28, 2005)

reveal said:
			
		

> I don't think you're at fault. I think the person who sent you this is at fault. What you seem to be doing is demanding that EN World do something about this when, legally, they have no grounds to do anything. You've been told that but you continue to make the same demands.
> 
> As I said, you need to talk to RPGNow. It's their information and they are the ones who have the legal recourse to try to catch this person, if they choose to do so.




I guess I really am confused.

Here's my sum up of what you guys seem to be telling (at least one of whom, as near as I can tell, is actually a mod):

1. Someone can create a false account to send you PMs because they KNOW what they are sending you violates the rules of ENWorld and RPGNow.
2. There is nothing the board can or will do about this.
3. If someone gets upset by something they receive in violation of said rules, they just need to deal with it.
4. If they are really really upset, dont come to the Mods, they will tell you they are powerless, and mostly wont care and stuff. 
5. Dont forward the email to any mod because it will be treated as NEWS and posted on the front page if newsworthy.


----------



## Dinkeldog (Sep 28, 2005)

Vigilance, you can also feel free to contact me over my AOL instant messenger, if you'd like to discuss this more privately.


----------



## reveal (Sep 28, 2005)

Vigilance said:
			
		

> I guess I really am confused.
> 
> Here's my sum up of what you guys seem to be telling (at least one of whom, as near as I can tell, is actually a mod):
> 
> ...





I don't speak for the mods.

1)  I'm telling you where the board stands legally. It is illegal to look up the IP address of the person who sent you the information without a court order. What you are asking cannot be done legally without that order. So, in short, yes, someone can send PMs that violate the rules and ENWorld and RPGNow if they are not doing anything illegal.

2) See #1. 

3) You need to go through the proper channels. Once informed of the proper channels, you need to follow them to get the results you're looking for.

4) No. They will tell you the truth, which you don't seem to want to except.

5) I doubt that would happen.

I am not a lawyer but that is my understand of computer law. I learned a lot from the AOL debacle in which they just handed over usernames to the Feds with no court order. They got in a LOT of trouble for that.


----------



## Michael Morris (Sep 28, 2005)

First, vbulletin doesn't maintain a log of e-mail sent through the emailing macro, so there's no information for me to look up. 

Second the IP address that would appear on the email sent from that macro will be EN World's, not the sending computers. IP's using that macro are not logged. The functionality to log it could be added, but it brings up snooping and big brother issues I frankly am not comfortable with. I don't want to know what people email each other about nor do I have a right to know.

Third email addresses and IP's are very easily forged and cannot form the basis for the disciplining of a user. The mods have a big enough job covering the boards themselves without adding the PM's and emails associated to the board to the list.


----------



## DanMcS (Sep 28, 2005)

Vigilance said:
			
		

> I guess I really am confused.
> 
> Here's my sum up of what you guys seem to be telling (at least one of whom, as near as I can tell, is actually a mod):
> 
> 1. Someone can create a false account to send you PMs because they KNOW what they are sending you violates the rules of ENWorld and RPGNow.




I think here's where you and others are miscommunicating.  This PM doesn't violate the rules of enworld in any way.  I understand that it bugs you, but what rule was broken?  If they really did breach a contract between themselves and rpgnow, it not illegal, it's a breach of contract, and enworld is not a party to it.

The news thing, by the way, wasn't referring to your PM, it was referring to the original thread.


----------



## diaglo (Sep 28, 2005)

and to get PM or send PM via ENWorld you have to be community supporter. which means Morrus added you to the system after you paid for your subscription.

seems like an awfully elaborate way to go about spamming so very few people.

but i do agree it is ban worthy.


----------



## Dinkeldog (Sep 28, 2005)

Diaglo, it's not banworthy by my understanding.  It's at worst an unwelcome e-mail that does not break any rules (and isn't "spam" by our definition, since it's not a marketing thing, either--no attempt at selling something was attempted.)


----------



## Justin D. Jacobson (Sep 28, 2005)

This may be a minor point, but...

Even if the offending party had a confidentiality agreement or some such, it would not be *illegal* for him to violate it. It's merely _actionable_, i.e., able to be sued on in civil court for damages.


----------



## diaglo (Sep 28, 2005)

Dinkeldog said:
			
		

> Diaglo, it's not banworthy by my understanding.  It's at worst an unwelcome e-mail that does not break any rules (and isn't "spam" by our definition, since it's not a marketing thing, either--no attempt at selling something was attempted.)



that's why they pay you the big bucks and not me.

i've got about a hundred or more people i'd ban.

diaglo "promoting be an Admin for a day" Ooi


----------



## Eosin the Red (Sep 28, 2005)

I want to be sure that I understand what the mods and Spoony Bard are saying --
Let's say I send a PM using foul language ENWorld (or any other forum admin) can't take action on said PM?

What about if unethical propositions were made (get free e-books)?

What about PMs that involved flat out illegal activity like threatening behavior or offers of illegal substances.

***Disclaimer - I run a vBulletin so I am just wanting some clarification.


----------



## JoeBlank (Sep 28, 2005)

I've been following this somewhat, and am still confused a little.

Vigilance's title indicates he is a "Registered User", can he even received EN World PMs? Or was he talking about some other form of instant messaging? He does have his Yahoo and AIM addresses public.


----------



## Vigilance (Sep 28, 2005)

JoeBlank said:
			
		

> I've been following this somewhat, and am still confused a little.
> 
> Vigilance's title indicates he is a "Registered User", can he even received EN World PMs? Or was he talking about some other form of instant messaging? He does have his Yahoo and AIM addresses public.




I was under the initial impression that it was a PM. It appears it was an email sent through the site.

Chuck


----------



## reveal (Sep 28, 2005)

Vigilance said:
			
		

> I was under the initial impression that it was a PM. It appears it was an email sent through the site.
> 
> Chuck




Were you able to contact RPGNow? I'd be interested to see what course of action they wish to pursue.


----------



## Vigilance (Sep 28, 2005)

reveal said:
			
		

> Were you able to contact RPGNow? I'd be interested to see what course of action they wish to pursue.




My impression is that without some way of identifying the person who sent the emails (hard for me to believe Im the only one who got one) that the issue is a non-starter.


----------



## BSF (Sep 28, 2005)

Eosin,
I am not sure that harassment delivered via PM is actionable under the COC.  As has been pointed out, it is not easy to ascertain the authenticity of a PM.  Efforts to determine authenticity violate privacy policies and can violate local & federal law.  

Sending threatening email through any method likely violates federal law.  That should be reported to a law enforcement agency for advice on how to pursue it.  Along that path, a court order might require EN World to try to track it down.  

Vigilance, I understand your concern, but I don't understand what you expect EN World to do about it.  Forging IP's is not hard.  Forging email addresses is even easier.  As well, through the wonders of Network Address Translation (NAT, or IP Masquerade) it is quite likely that you will have more than one person posting from one apparent address.  All 474 people at my workplace will originate from the same IP Address because we use NAT with a private addressing scheme behind our firewalls.  As well, my wife posts from the same address at home since we use NAT with a private address scheme at the house as well. From time to time, my friends might post from here as well since I often share my encryption keys with them so they can jump onto my wireless network when they are over.  

It isn't an easy, straightforward situation where you can track down the sender.  To do so likely requires technical assistance from more than one source as well as a legal order requiring this assistance.  Otherwise, one or more people involved in tracking this down could  be in violation of several laws.  

As I said, I understand your concern, but I don't understand what you think they should be doing.


----------



## Steve Conan Trustrum (Sep 28, 2005)

Okay, putting aside the question of legal action, let's look at it this way:

The person in question is clearly using their PM function to send information that is violating someone else's privacy, even if it isn't invading any privacy here on EnWorld. If the email being copied and pasted is one passed between two businesses in private, I think some of the statements in this thread regarding said email not being a matter of confidentiality are highly suspect. Third parties may not be in a legally strong position here, but EnWorld, as a private service provider (these messageboards) is in a position to use the information given them to act on their own without revealing any of that data to third parties.

It is perfectly legal for EnWorld to use their own, internal registration data to take internal action. Are they legally required to do so? Highly unlikely, unless a third party wishes to file suit against EnWorld for furnishing services that have allowed for a confidentiality breach and it can be illustrated that EnWorld took no intenal action (unlikely, but it's happened against Yahoo and similar services, which is why they are now so quick to dump yahoogroups that have allowed things like this to happen.) Does it illustrate a clear failing on EnWorld's part to have a matter such as this brought to their attention and have them state that they won't take any internal, private action despite their services being used for such activity? Yes, it most certainly does. It's like me sending a personal email (say, about my health) to a group of people I'm associated with--an email that has nothing to do with my business--and that someone creating a false account here to PM that email to other people. Regardless of whether it is illegal or not, the fact remains that something said in confidence is being spread through EnWorld's services. If EnWorld were to then tell me it wouldn't so much as take internal action (meaning they'd deal with it but couldn't tell me who was responsible), then yes, they are definately doing less than the law allows them to do and certainly less than their responsibility to their users demands. The fact that confidential business information rather than personal information is the subject of this particular instance doesn't change that.


----------



## DanMcS (Sep 28, 2005)

Steve Conan Trustrum said:
			
		

> The person in question is clearly using their PM function to send information that is violating someone else's privacy, even if it isn't invading any privacy here on EnWorld. If the email being copied and pasted is one passed between two businesses in private, I think some of the statements in this thread regarding said email not being a matter of confidentiality are highly suspect. Third parties may not be in a legally strong position here, but EnWorld, as a private service provider (these messageboards) is in a position to use the information given them to act on their own without revealing any of that data to third parties.
> 
> It is perfectly legal for EnWorld to use their own, internal registration data to take internal action. Are they legally required to do so? Highly unlikely, unless a third party wishes to file suit against EnWorld for furnishing services that have allowed for a confidentiality breach and it can be illustrated that EnWorld took no intenal action (unlikely, but it's happened against Yahoo and similar services, which is why they are now so quick to dump yahoogroups that have allowed things like this to happen.) Does it illustrate a clear failing on EnWorld's part to have a matter such as this brought to their attention and have them state that they won't take any internal, private action despite their services being used for such activity? Yes, it most certainly does. It's like me sending a personal email (say, about my health) to a group of people I'm associated with--an email that has nothing to do with my business--and that someone creating a false account here to PM that email to other people. Regardless of whether it is illegal or not, the fact remains that something said in confidence is being spread through EnWorld's services. If EnWorld were to then tell me it wouldn't so much as take internal action (meaning they'd deal with it but couldn't tell me who was responsible), then yes, they are definately doing less than the law allows them to do and certainly less than their responsibility to their users demands. The fact that confidential business information rather than personal information is the subject of this particular instance doesn't change that.




The only evidence they have is from the recipient, because the admins can't access the contents of the message that was sent.  And acting against a user based on a single, easily falsifiable report, is terrible policy.  There would be nothing to stop someone from making an enworld account emailable and then saying "I got a message from Steve Conan Trustum containing a hundred SSNs and associated credit card numbers", and the enworld admins would have precisely as much verifiable evidence for that claim as they do for Vigilance's report.  They don't want to get involved in that kind of headache, for which I don't blame them.


----------



## Steve Conan Trustrum (Sep 28, 2005)

DanMcS said:
			
		

> They don't want to get involved in that kind of headache, for which I don't blame them.



Bull. I run a messageboard and am aware that there are legal ways to go way beyond the "meh" response that is being vocalized thus far. If the answer is "it's too much trouble to ensure a member's privacy isn't being violated" then I'm not certain that I'm (as a publisher and as just some guy who uses messageboards) sympathetic to that headache.


----------



## IronWolf (Sep 28, 2005)

Steve Conan Trustrum said:
			
		

> The person in question is clearly using their PM function to send information that is violating someone else's privacy, even if it isn't invading any privacy here on EnWorld. If the email being copied and pasted is one passed between two businesses in private, I think some of the statements in this thread regarding said email not being a matter of confidentiality are highly suspect. Third parties may not be in a legally strong position here, but EnWorld, as a private service provider (these messageboards) is in a position to use the information given them to act on their own without revealing any of that data to third parties.




It sounds like they used the _email_ function, not the PM function to which it appears Vigilance agrees to in post 32.  Email is not a secure means of communication unless encrypted.  To rely on email as a secure communucations medium is sort of asking for it.  As seen here it can easily be forwarded on to other parties or in more extreme cases sniffed off the wire by a properly motivated individual.  There is even doubt as to how much an email disclaimer at the bottom of emails can help you in regards to confidentiality and such.



			
				Steve Conan Trustrum said:
			
		

> I run a messageboard and am aware that there are legal ways to go way beyond the "meh" response that is being vocalized thus far. If the answer is "it's too much trouble to ensure a member's privacy isn't being violated" then I'm not certain that I'm (as a publisher and as just some guy who uses messageboards) sympathetic to that headache.




In this case Spoony Bard has stated (in post 24) that the email module isn't maintaining a log of the input in the email form.  So apparently there isn't much for them to even look at, click submit and the message is off and away with little history.

It's an option as to whether you want to accept emails or not through the site.  If you don't want your privacy invaded then it may be best to disallow that option for your user account.


----------



## Umbran (Sep 28, 2005)

Message removed by author who did not see it was redundant.


----------



## Steve Conan Trustrum (Sep 28, 2005)

If it's an email, that actually makes it easier to track. 

Last year, Misfit Studios had an account using our messageboard email to spam. Tracked it down. Contacted their ISP. Bye-bye account.


----------



## Steve Conan Trustrum (Sep 28, 2005)

IronWolf said:
			
		

> If you don't want your privacy invaded then it may be best to disallow that option for your user account.



So it's Vigilance's fault for not turning his email function off? Because him turning off incoming mail would have stopped this guy from spreading the confidential email he received from a party other than Vigilance?


Wow

just ... wow.


----------



## Dinkeldog (Sep 28, 2005)

Steve Conan Trustrum said:
			
		

> If it's an email, that actually makes it easier to track.
> 
> Last year, Misfit Studios had an account using our messageboard email to spam. Tracked it down. Contacted their ISP. Bye-bye account.




Steve, this is at worst an unsolicited, unwanted e-mail.  Our current attitude toward this is that it is a breaking news story.  

Which laws do you think are being broken?

Which board rules do you think are being broken?


----------



## reveal (Sep 28, 2005)

Steve Conan Trustrum said:
			
		

> If it's an email, that actually makes it easier to track.
> 
> Last year, Misfit Studios had an account using our messageboard email to spam. Tracked it down. Contacted their ISP. Bye-bye account.




Technically, the e-mail in question is not spam.

http://www.spamhaus.org/definition.html



> A message is Spam only if it is both Unsolicited *and* Bulk.




As I have stated, the content of the e-mail related to business dealings within RPGNow. The first course of action should have been for Vigilance to go to RPGNow and ask what needed to be done. There were no laws broken. None.


----------



## Crothian (Sep 28, 2005)

Steve Conan Trustrum said:
			
		

> So it's Vigilance's fault for not turning his email function off? Because him turning off incoming mail would have stopped this guy from spreading the confidential email he received from a party other than Vigilance?
> 
> 
> Wow
> ...




No, but it would have stopped Vigilance from getting the e-mail.  Thus the invaded privacy part of that post.  And that's really all that was saying.


----------



## Steve Conan Trustrum (Sep 28, 2005)

Dinkeldog said:
			
		

> Steve, this is at worst an unsolicited, unwanted e-mail.  Our current attitude toward this is that it is a breaking news story.
> 
> Which laws do you think are being broken?
> 
> Which board rules do you think are being broken?



Who said a law has to be broken? Who says a current board policy has to be broken? Are you telling me that the current policies cover EVERY eventuality and there is absolutely NO means to look at individual instances where common sense and matters of privacy beyond the scope of these boards are to be addressed? Are you trying to tell me that there is nothing concerning using the board's systems with regards to privacy beyond the logistics of the board's actual coding and data storage? If so, that's a rather micro view to take while administering a community.

A board member has brought to EnWorld's awareness a case of privacy violations, a violation that, while not doing something illegal or violating the board's listed policies is CLEARLY not a kosher action to take.


----------



## reveal (Sep 28, 2005)

Steve Conan Trustrum said:
			
		

> A board member has brought to EnWorld's awareness a case of privacy violations, a violation that, while not doing something illegal or violating the board's listed policies is CLEARLY not a kosher action to take.




If RPGNow comes over and says "We have received word, and proof, that private material was sent through your board, would you look into it?" I'm sure the mods would do it.

At this point, all we see is a user screaming "Someone sent me private material!" He said/she said. EN World is too big to look in-depth, which is what would have to happen here since it's an e-mail sent not a PM and no logs are, apparently, kept, into every complaint brought up.


----------



## Dinkeldog (Sep 28, 2005)

Steve Conan Trustrum said:
			
		

> Who said a law has to be broken? Who says a current board policy has to be broken? Are you telling me that the current policies cover EVERY eventuality and there is absolutely NO means to look at individual instances where common sense and matters of privacy beyond the scope of these boards are to be addressed? Are you trying to tell me that there is nothing concerning using the board's systems with regards to privacy beyond the logistics of the board's actual coding and data storage? If so, that's a rather micro view to take while administering a community.
> 
> A board member has brought to EnWorld's awareness a case of privacy violations, a violation that, while not doing something illegal or violating the board's listed policies is CLEARLY not a kosher action to take.




Of course the current policies don't cover every eventuality.  But how does RPGNow changing how it handles business not count as a news story?  This doesn't appear to be a privacy matter.  It appears to be a whistleblowing matter at worst.  

But hey, sometimes different moderators view things differently and we discuss things and come up with a consensus and things change.  That hasn't happened as of yet on this matter, nor do I think it altogether likely.


----------



## Michael Morris (Sep 28, 2005)

Steve Conan Trustrum said:
			
		

> It is perfectly legal for EnWorld to use their own, internal registration data to take internal action.




We weren't talking about the user registry though. We were talking about the PM system. The contents of the Private Messages, while readable from PHPmyAdmin, cannot legally be read under US and Florida state law. If you feel differently you are setting yourself up to be sued.

The outgoing email logs are purged on a fairly regular basis to conserve memory. Assuming the file wasn't deleted though, it's a needle in a haystack to find since the logged sender of all the mails in question will be vbulletin.


----------



## Vigilance (Sep 28, 2005)

reveal said:
			
		

> If RPGNow comes over and says "We have received word, and proof, that private material was sent through your board, would you look into it?" I'm sure the mods would do it.
> 
> At this point, all we see is a user screaming "Someone sent me private material!" He said/she said. EN World is too big to look in-depth, which is what would have to happen here since it's an e-mail sent not a PM and no logs are, apparently, kept, into every complaint brought up.




I am most definitely NOT screaming reveal.

In point of fact I have used all the proper channels I know of and have since dropped it, seeing as how the mods have admitted they are powerless to stop it, and unwilling to stop it even if they had the power, since its news.

I encountered something that I thought was a serious problem for the boards and brought it to the attention of the mods.

They appear to disagree that it is serious.


----------



## reveal (Sep 28, 2005)

Vigilance said:
			
		

> I am most definitely NOT screaming reveal.
> 
> In point of fact I have used all the proper channels I know of and have since dropped it, seeing as how the mods have admitted they are powerless to stop it, and unwilling to stop it even if they had the power, since its news.
> 
> ...




Did you go to RPGNow? Before or after you dealt with ENWorld? If not, why not? If it's that serious, why not? You got your answer here but rather than find another method to deal with it, such as _talking to the company who's private material it actually was_, you continue to demand that it be dealt with here.


----------



## Vigilance (Sep 28, 2005)

And btw-

Would it be too much to ask that people not insinuate that this is my fault somehow, since I allow emails to be sent to me, and especially not insinuate that I am making it up?


----------



## Vigilance (Sep 28, 2005)

reveal said:
			
		

> Did you go to RPGNow? Before or after you dealt with ENWorld? If not, why not? If it's that serious, why not? You got your answer here but rather than find another method to deal with it, such as _talking to the company who's private material it actually was_, you continue to demand that it be dealt with here.




Ok- apparently I need to spell everything out.

I did go to them.

There is a thread about this on the private forums at RPGNow.

To the best of my knowledge there's nothing they can do/are willing to do either.

Does that make you feel better? Is it now obvious enough for everyone involved that I am not somehow BLAMING ENWORLD FOR THIS.

The person at fault is the person who SENT THE EMAIL TO ME.

I was simply trying to be a good citizen and notify the parties I thought would want to know.

One was the ENWOrld moderators.

One was RPGNow.


----------



## reveal (Sep 28, 2005)

reveal said:
			
		

> Were you able to contact RPGNow? I'd be interested to see what course of action they wish to pursue.






			
				Vigilance said:
			
		

> My impression is that without some way of identifying the person who sent the emails (hard for me to believe Im the only one who got one) that the issue is a non-starter.




Apparently, this moron was just working from information you provided. I asked if you had contacted RPGNow and you said "the issue is a non-starter."

Maybe you should have spelled out Y-E-S and I would have understood you better.


----------



## Steve Conan Trustrum (Sep 28, 2005)

reveal said:
			
		

> Technically, the e-mail in question is not spam.



Spam was MY example, not an implication towards the email Vigilance received. Regardless of the semantics of a term that is not relevant, the key in both instances is the email system is being utilized.


> As I have stated, the content of the e-mail related to business dealings within RPGNow. The first course of action should have been for Vigilance to go to RPGNow and ask what needed to be done. There were no laws broken. None.



And, As I stated, there are actions that require a response that need not break the law. Yahoogroups has a policy of taking down groups dedicated to hate groups, for instance. No laws are broken, but they recognize that maintaining such a support reflects poorly on them and is indeed insulting to their organization and people using their services. Now, if EnWorld merely wants to say they don't care about the matter of confidentiality that's one thing--it's not a GOOD thing, but it's something--but if people are saying it's a matter of it CAN'T be done, as an entirely internal issue for legal or logistical reasons, then that's just incorrect.


----------



## IronWolf (Sep 28, 2005)

Vigilance said:
			
		

> Would it be too much to ask that people not insinuate that this is my fault somehow, since I allow emails to be sent to me...




My comment regarding protecting one's privacy was not meant to insinuate that this was your fault.  It was in response to one of Steve Conan Trustrum's posts (which I quoted when I made the comment so as not to be taken out of context).  My point was that it is hard to complain about violations of personal privacy when means are already at a person's fingertips to help control that were not utilized.

From your first post I did not see you mentioning any violations of _your_ privacy, just that you felt confidential information had been leaked inappropriately.  So by no means was I trying to insinuate this was your fault.


----------



## Steve Conan Trustrum (Sep 28, 2005)

Spoony Bard said:
			
		

> We weren't talking about the user registry though. We were talking about the PM system. The contents of the Private Messages, while readable from PHPmyAdmin, cannot legally be read under US and Florida state law. If you feel differently you are setting yourself up to be sued.



Although this particular instance is a matter of email, in the case of a PM you can get permission from the complaintant to sign into his/her account by resetting his password and then having them make a new password afterwards.


----------



## reveal (Sep 28, 2005)

Steve Conan Trustrum said:
			
		

> ...but if people are saying it's a matter of it CAN'T be done, as an entirely internal issue for legal or logistical reasons, then that's just incorrect.




I will take the word of the technical administrator of the board, Michael Morris, that it can't be done over your assumption that it can be done. I have no knowledge of how this board works on the back end.


----------



## Dinkeldog (Sep 28, 2005)

I'm going to close this because I can't see any value in further discussion.  The topic may be unlocked later after the moderators and admins can talk again.


----------



## Morrus (Sep 28, 2005)

Sorry, folks, I've been busy all day and didn't even see this.  The person in question has contacted me by email and owned up.  It's being handled, but not publicly.


----------

