Discussion in 'Site Security & Legal Issues' started by \o/, Oct 1, 2019.
How about turning off private messaging. Crisis averted!
Don't run sites that are likely to attract sketchy people.
Generally speaking, anyone who is really sketch is not going to go out of their way to use a forum's means of communications for no reason, especially as it is very well-known that admins can read whatever they want without much fundamental safe-guard.
If they *are* there, then there is something very wrong going on there in the first place.
Drug dealers and the other horsemen don't just appear out of thin air for no reason, not when there are so many more private options.
The four horsemen: https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalypse
Also, if it is the four horsemen, they are extremely sophisticated and you will be in for a world of pain.
A few concrete rules:
Don't go full 8chan aka anything that is legal goes. People will rulelawyer and they have different ideas of what is "legal" than you do. It will also attract a really bad crowd and possibly the feds.
No pornography. You will bite off more than you can chew, unless you know the people really well.
Don't touch upon certain topics like nazism, zoophilia, paedophilia, the dark web, hacking, the drug trade, etc. If you must run a site geared around security, label it as a security community and not a hacking one. Wording does matter, you don't want to be like HackForums ending up in the news and possibly dragged before Congress after a user's botnet takes down Paypal, Twitter, Amazon, etc.
Don't try to be clever there either. No "load testing" services or what-not. No obvious SQL Injection tutorials written just for the purpose of causing mayhem.
No funny business. Signs of illegality need to be stamped out and treated as absolutely unacceptable. People can and will push boundaries, if they think you are weak. Be as jumpy as Joel at signs of illegality. That sets a certain stance.
Don't advertise on sketch sites or places, including but not limited to, ones on the dark web like the Hidden Wiki. Make it absolutely clear that advertising it in such places is unacceptable, if that is likely. That is a sure-fire way to get all four horsemen.
Keep it well moderated. If they think the site is moderated, they are less likely to try to mess with you.
I have only ever heard of one site here on TAZ which got hit by one of the horsemen a couple of times and that was only because of pornography and naming a board in such a way that it created a potential misunderstanding. They basically never appear for all intents and purposes.
What country is your forum operated in?
Surprised at how many people's first solution to solve this made up problem is to read people's private or personal messages or do keyword searches. I think a better solution would be end-to-end encryption. Then the forum owner has been forced out of the equation.
As stated in another thread, technically, I am from Germany - but I really would like to operate from elsewhere. German internet laws are ridiculously bound to the age of faxes. I guess I'll choose the Netherlands.
Illegal activity doesn't show up out of the blue - the perps have been drawn to the forum in question for a reason and that reason is likely to be open discussions concerning iffy topics and/or a lack of moderation so complete as to indicate there's nobody watching the store at all and the forum is free for the taking.
Or, just don't run a forum.
Which would be one approach to the problem, but I have a personal need for a forum this time.
Healthy conversation is never a bad thing, so it's interesting to hear ideas about this.
But I'd ask again - does anyone have a verifiable example of this ever becoming a problem for any forum admin? Ever? At all.???
Trolls threatening members has been an issue and those trolls openly advocating sex with underage persons and knowingly doing it in a publicly accessible section of the forum caused a serious ick - but strict moderation put an end to that real quick.
I think all of us have faced public posts with this kind of stuff, as well as harassment of members through the private message system which Admins have had to step in and address. My interpretation of the above quoted policy sounds different from these situations.
The policy seemed to suggest that reading private/personal messages wouldn't be limited to extreme circumstances, but could be a common occurrence in the course of ensuring that rules are followed. That's a monumental difference.
Yes, but they usually ask for it by having the site's main topic be something a bit on the dodgy site.
I haven't seen any of those, not even the threatening part, but maybe I live in calmer waters.
And they shouldn't be doing that anywhere, even in an inaccessible area, those sorts of people will land you in prison, they don't sound like trolls, they sound like paedophiles.
I know an owner of a really big site, not a forum however, who has dealt with a couple of them before. They like to post novels involving sex with the young teenagers and the like and then they go around advocating that where they can. The owner put a stop to that by purging them entirely.
You know of an admin who was held personally & legally responsible for the contents of private messages sent by users of their site?
I don't mean to sound skeptical, but... I'm skeptical.
Not quite, but the court of public opinion tends to be stacked against you and your own ISP / host will cut you off, if there is too much suspicious activity on your site. It also invites the police to walk away with your servers to gather evidence of criminal activity.
But, as I mentioned, you kind of need to be asking for it.
In theory, if someone is groomed on your platform, which is one reason why those sorts of people are troublesome, then they could sue you for not doing enough to prevent it. I think there was a law called FOSTA or something that allows for that.
I suppose it depends what you define as a problem. I've had a member make serious allegations against another member which resulted in me verifying screen shots of conversations against the database. It's the one an only time I recall reading through a member's personal messages.
It resulted in an instant forum ban and other sanctions taken against the member.
I wouldn't describe any of that as a particular problem for me but the member concerned certainly tried to make my life difficult for many years after the event. It caused to me ensure that I keep my real identity and on-line identity completely separate.