Mark Smith's Journal

Work related musings of a geek.


09.05.2010 08:06 pm (UTC)

(no subject)

mark: A photo of Mark kneeling on top of the Taal Volcano in the Philippines. It was a long hike. (Default)
Posted by [staff profile] mark
In theory I agree with you, it'd be nice if people were notified when their content is accessed by someone they haven't explicitly given permission to do so. In practice, though, I think it opens up a lot of cans that I'm not sure we want to get into.

My first thought is: it only addresses half of the issue. On-site access. Right now, that's only Denise and myself, but in the future I can see us adding staff to that list who need that ability. (Think Terms of Service people, senior support administrators, etc.) The idea doesn't address sysadmin level access -- and I'm not even sure how you could, at that.

But even if we accept only the on-site half as being worth addressing, then we run into more problems. The viewall utility is used for many uses, not all of which I would want to send emails for. (Reports of a credible suicide threat, investigating a ToS violation, me verifying imports/deletes/purges/things, etc etc...)

Also, I could see us being in a situation where someone makes a report that user X is posting their private details, invading their privacy, all behind a lock! So we viewall, but it turns out to be a false report -- now user X is all "WHY WERE YOU DOING THIS TO ME" and we have to say "someone reported something" and that seems problematic to me. We're not going to release details on who reported what, or why they reported it, so we're pretty tied in what we can say. I expect getting a form letter would get old and not engender trust.

Of course, then another thought is, would you rather know that someone looked, even if they won't tell you why, or just not know at all? I lean towards the latter, but I know other people will lean towards the former. I know that my data on Facebook is visible to their admins, I accept that, and I don't put anything there I don't want them to see.

I dunno. I definitely see where it would be nice to say "look, we email you when your content is viewed by admins" but I can easily see how unscrupulous people will weaponize that, or how it will hinder me in some situations (i.e., if I'm verifying a community import worked, sometimes I viewall to make sure everything worked right -- screened comments, members only posts, etc). The ability to, as a sysadmin, check that things worked properly is valuable to me.

All of those thoughts, plus the fact that it only works for on-site access, makes me think it's not really worth doing. What do you think?
Anonymous( )Anonymous This account has disabled anonymous posting.
OpenID( )OpenID You can comment on this post while signed in with an account from many other sites, once you have confirmed your email address. Sign in using OpenID.
Account name:
If you don't have an account you can create one now.
HTML doesn't work in the subject.


Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.