PMS: remove non-system messages from backend view

By doing so you are breaking Japan privacy law.

Thank you for providing us with information regarding the restrictions and limitations of the new version of CB. We are very familiar with privacy APPI related laws and regulations in Japan and we are quite capable of conducting our business within the bounds of those laws and regulations. Would you like a link to an English language explanation of those details? We promise you that removing admin ability to monitor content of the message system as provided by CB has absolutely no correlation to the current APPI related laws and regulations in Japan.

Just a thought, but it would make much more sense to include the (sort of) hidden PMS messages as an option rather than a non-reversible change. If you have some kind of fear of "CB breaking the law out of the box" then you could have the default setting be to remove non-system messages from backend view, while giving other admin users in other less restrictive countries (or admin users with a better understanding of domestic privacy laws) the ability to take full administrative advantage of the tools available.

If you need a directory of addresses then create a directory of addresses instead of trying to communicate that information in private messages.

That is just one of the kinds of requests we get and no, creating a directory of addresses or google map settings does not address the issue of a specific and one time address/location being specified as the pick up spot for a volunteer in a foreign country for the first time. It might be a specific bus or train stop number on a specific route or the sidewalk in front of a convenience store on a specific day at a specific time. And where in the address/google map directory does one indicate that they will be wearing a red shirt and straw hat for easy recognition?

But really, the main advantage is having access to communications if a user initiates some kind of dispute about some aspect of the service or the relationship with another member. Having access to communication history is extremely helpful in understanding and resolving many of this kind of situations.

Of course, these are just suggestions and some information to help give more insight into the actual practical uses and functionality of your software to a variety of users. As long as the information in the data table is not encrypted then we will be able to make a work-around to the new decrease of functionality.

Is offering the option to remove or allow non-system messages from backend view factually and actually in violation of a specific privacy law in any country? Our research indicates that it is not.

I don't have a solution at this time. I'll be reviewing adding permissions that can only be set by a Super User to allow access to all private messages so it can be explicitly set. In addition to that we'd likely utilize Joomlas action log to log an entry every time someone accesses a users private message so there's a history of access.

forge.joomlapolis.com/issues/8742

I know some sites needed this. Schools with minors in particular. I'm doing the best I can to ensure all our users are safe and as a quick solution the best approach was to be privacy first.

But really, the main advantage is having access to communications if a user initiates some kind of dispute about some aspect of the service or the relationship with another member. Having access to communication history is extremely helpful in understanding and resolving many of this kind of situations.

Dispute resolutions can be handled using the Report feature which will send the message to moderation. They can report as many messages as they need. Sending more than the directly reported message without consent won't work. WhatsApp was just recently sued over doing exactly this (a message report sent the last 4 messages). Facebook has faced similar charges for this as well. The plan is to extend the reporting feature so the user has to manually select what messages in the conversation chain to include in the report making it a fully consented action.

I do not wish to get into further arguments regarding the legality of this. I frankly don't have the time nor energy to link any and every law regarding private communications actions. As long as your sites privacy agreement explicitly discloses that private messages are accessibly to administration and not truly private then you're typically fine, but we can't expect sites to have done this.

You can now toggle this back on after installing latest build release. Within the Private Message System > Parameters you can now toggle on backend management of user messages. Once done you'll notice a new Permissions button in Private Message System > Messages this will allow you to extend management of backend user messages to other usergroups (currently only super users have permission). Next anytime a user private message is accessed an entry will be logged to Joomlas action log recording the access (this cannot be turned off, but you can clear Joomlas action log as needed).