"Private messages can be read" should be a red X, not a yellow thumbs-down

I think services reading your PMs is really creepy and should be weighted more in the judgement.


I agree, but the only way a service can guarantee they don’t do this is end-to-end encryption. But if a service promises in their terms not to read PMs, even unverifiably, that might be worth a dedicated good point – if any examples of this can be found ‘in the wild’.


I agree with @HACKER3000 , it’s an invasive method of data collection that should be showed more prominently in the reviews.

If they promise that, then it shouldn’t fall under that case: they’d had the technical means to read private messages, but would be legally prohibited to do it as they claim the contrary.

I don’t think this situation happens very often. Generally services only explicitely tell users they can read private messages if either they provide a way to make messages E2EE (like Telegram does) or they are required by law to inform about it because they collect and may use that data.


Since no other opinons have been expressed on this, Case 239: Private messages can be read is now a Blocker.
I’ll wait a couple days before closing the topic to let the chance for other reviewers to express their thoughts.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.

Why is this a “blocker”?

I agree that services primarily providing a message service should not be able to read private messages.

However, I find it desirable on sites with another primary purpose with potential for sharing abusive messages (in particular, gaming sites), that they should be able to moderate such abuse.

I noticed this is listed as a blocker on Blizzard’s ToS, where I value this as a positive (or, at least, neutral). I want Blizzard’s moderating team to be able to review abusive private messages.

Habbo takes a hit for this for saying only “We may keep chat log records for safety and moderation purposes.”
That is clearly a necessary and desirable part of the service they provide.

I would be less inclined to agree the terms, in these cases, if they could not do this.

I also find it a shame that previous discussion of this topic has been closed. It doesn’t seem to be a robust decision-making process if decisions such as this are finalised after only three comments.

1 Like

Thank you for your input.
Your point of view is really interesting and I think we should take it into account.

On the one hand, recording private messages is a serious privacy violation, these are sometimes used to target advertising or are shared with third parties known for abusing their users’ privacy, or they could be accessed by unauthorized third parties during a data breach. These reasons could justify the blocker classification to be honest.

On the other hand, I agree with you with the fact that some services don’t seek private communications but rather a safe community. That is for instance the case of Discourse, the open-source software running this forum. This issue reminds me of a post in another topic closely related:

The solution found for the topic above was to create a point linked to Case 189: Your private content may be accessed by people working for the service. Perhaps each reviewer should choose either Case 239 or the foregoing case depending on the nature of the service?

1 Like