Hi what is the UMDs response to their policy of reading the private messages of women users without their consent or knowledge? This got brought up in that other messy thread about old Leon but nobody addressed it.

It seems to me this is a major violation of personal privacy but it has been a long standing tradition by moderators here to look at people private messages they send to each other.

How can women feel safe knowing their private messages are being looked at by moderators and that also extends to the male posters here.

I am pretty sure MM was talking about the conversation on the forums and the private ones he was having with other mods and folks messaging him.

No where in that sentence you quoted does it imply that he was reading private messages. Where are you getting that from?

Please show me your proof because otherwise this is wild speculation solely designed to stir up already fraught emotions.

I believe this is the post that randm. is referring to:
https://umd.net/forums/i-am-leaving-umd?start=150#postid_908756


Personally, I'm not bothered - I haven't put any sensitive info in my messages, and I think it makes sense for the site owners to be able to view conversations (e.g. if someone reports that they've been sent unpleasant messages). The same applies to Facebook Messenger, etc.

I do not have the time or inclination and dispute your unfounded accusation

Only I and Messmistress can view private messages. We see all messages past and present, deleted or live.

OK, but again, this doesn't prove MM reads every one in full. There is no proof that he is getting anything out of it, only that he is able too which is necessary for site/user safety.

There is probably an algorithm that flags up certain words for him to keep this place safe and he reads those, but I doubt he has the time to read every single message sent.

Again, this is just an inflammatory post designed to stir up more argument.

Useless troll is obvious.

I know it's frustrating B. Hang in there.

Anybody could ask any of these questions to me in private. Posting them publicly is probably a deliberate decision, but ultimately it's for the best because other people will have these questions but will just give in to their own assumptions. The people I respect most are those who at least give you insight into their thinking and a chance to explain yourself. Ultimately better to have people express concerns publicly.

MM has never made any secret of his ability to look into inboxes here, anyone who wants strictly private conversation can swap email addresses or use Facebook Messenger, Signal, or any of the other comms apps out there. It's perfectly normal for the admins of any system to have the ability to access mailboxes / inboxes (it's necessary for fault fixing), and the US (where the UMD is based) isn't subject to Europe's GDRP regulations, so it's all perfectly legal.

Only MM has this ability though, the rest of us moderators do not.

I think it's good that MM has access to all messages, It's not done in a nasty way, it's too keep people safe. If you don't agree with his rules leave his site simple really.

I will point out that there really shouldn't be an expectation of absolute privacy on the internet. If a crime were committed and that crime was discussed on here, Facebook, Twitter, email etc. and the records were subpoena by the authorities, they would be handed over. Your best bet is to use an encrypted messaging service, and even that is not absolute. Just expect with everything you say in private no matter where it is that the owners of the platform have access to the messages.

Absolutely no admins have access to private messages (as previously stated by DM1) only the site owner and his partner have this level of admin power. Most of us admins have varying but fairly modest and limited levels of access to the site controls. The main purpose of our privileges being to alleviate MM's general admin workload.

I do know for a fact that accessing PMs/DMs is not taken lightly and is always as an absolute last resort carried out in the interests of the safety and security of the site and its members. A responsibility taken very seriously.

well not upset anyone but this is wrong GDRP does apply to this site becuase you have people come to this site from euro

https://www.mightybytes.com/blog/what-does-gdpr-mean-for-us-based-websites/
https://www.cmdsonline.com/blog/the-looking-glass/gdpr-us-websites/

All very scary, but impossible to actually enforce. The laws of the EU do not apply outside sovereign EU territory, just as the laws of the US do not apply outside the territory of the United States. Big multinational companies with physical presence will comply with the differing laws wherever they operate to avoid having their servers impounded. But UMD only exists in the US. The EU are hardly going to send a snatch squad to Philidelphia to kidnap MM and drag him to Brussels. Also the UMD is smaller than small fry in EU financial terms. Realistically, the chances of any US website operator smaller than Amazon or Disney having to worry about GDPR are negligible. Eventually the US may pass similar laws at state or federal level. But as yet, as I understand it, they haven't done so, and obviously UMD complies with existing US law.

Data protection legislation is a guideline which can really only be applied in practical terms, punitively, when a breach constitutes a significant wrong doing in retrospect.

Good luck extraditing a US citizen on behalf of their entity in such a case.

I will defend Derek by saying this: I have been here, like 25 years. I believe he has always handled UMD with integrity. Also, the majority of us are not interesting enough to spy on.

https://www.youtube.com/watch?v=JsntlJZ9h1U

An appropriate song, perhaps?

(Well let's face it, we need some levity around here.)

I'm not sure some people understand what I actually do. I am not an employee or admin who has been "given" access to the data. This, what everyone sees here, is the front-end: It's only about 10% of my job. I LIVE in the code and in the databases. That's what I actually do. I don't really sit and read the forums. I don't even have time to watch and enjoy content. It's about code development, data backups, fixing bugs and developing new features, backing up content across our servers, and stuff like that. If somebody comes at me talking about GDPR I'll tell them where they can go.

Unless I am mistaken, I believe that MM used that resource recently to establish the true identity of a member to ensure that an accusation was not inferring that an innocent person was being accused, and that the accuser was genuine. Somebody has to be able to gain that info, I am happy that it is Derek.

I have disagreed with his decisions occasionally, but I have never doubted his good intent or integrity.

The flaw in the arguments in these links is that they are simplified for mass consumption. They use the term "doing business in" which is misleading to consumers. Apparently, the EU seems to think that the "point of sale/contact" for international interactions is at the consumer's physical location. This is a view that is not shared by much the rest of the world, including the US, which is where the UMD and Mothership are exclusively located. In the US, the POS/POC is the website's initial server location. (this is primarily for taxing authority identification) This gets vastly more complicated when doing card processing as there are MANY intermediary services and companies involved and they are spread all over the physical US. Regardless, the transaction doesn't leave the country again unless the customer has opted to receive a receipt via email.. Media is not "delivered" to the EU or any other country. Buyers access it from secured US-based servers and THEY transfer the file to their location.

What they actually mean by "doing business in" is "having NEXUS in", which essentially means "having a physical presence in". Generally this means the company operates an office or datacenter somewhere within the confines of the EU. This is pretty unavoidable for enormous entities like Google, Amazon, YouTube, FB, etc. They all operate their own content distribution systems and have their own caching servers physically located in the data centers & central offices of virtually all "eyeball networks" (ISPs) in the civilized world. There is some disagreement as to whether distributing through 3rd-party CDNs like Inktomi or Cloudflare also constitute nexus for the originator, but The Mothership uses only limited external systems for any purposes and none of them are located in the EU specifically to avoid having nexus there. As far as I know, the UMD operates in the same fashion.

There are even some theoretical discussions in geek circles as to whether writing data to a user's device via data cookies can be interpreted as nexus. Seems stupid to me, but The Mothership has never used cookies, primarily because any end user can change them at any time, making them unreliable and even dangerous to rely on.

GTFO?

The last time women called for more safety they expressed that there should be less privacy to acheive this.

It makes sense as you cant really argue that MM not being able to read everything you have sent to another person on UMD is more important than catching somebody reveiling that they are breaching the rules in theiir PM's.

In the Real World, I'm an IT admin. On the systems I control, I have the power to look at literally anything and everything if I want to. Even the ultra private stuff I don't technically have automatic access to, there are ways and means if I need to. I could even take over someone elses account. It comes with the job.

Do I actually use these powers regularly? Nope. Some of them never get used, the rest only rarely when I absolutely have to. I have far better things to do with my time on a day to day basis. They are there for when I absolutely need them. The trick is not to make me need them...

Anyway, I guarantee you pretty much any system you are on there are people with this level of power, but unless you give them a reason to be interested in you, you're perfectly safe.

And this is precisely why MM doesn't store stuff like our "verified" information here. Even he doesn't want access to that shit. Due to the CC rules it's a liability if he doesn't collect it, and legally, it's a liability if he readily has access to it.

You, my man, understand things.

Well considering you built the infrastructure and the site that's the most respectable way to at least mange any legal issues