Viewing flagged discussions should either not be a thing or should be optional for the admin

[studosi-flarum]

So, I noticed this option while translating. I don't get why this is a thing. It's a blatant privacy violation for the other party. Users can abuse it "for fun", and then what, your only option is to ban them? You can't even turn it off. I'm considering turning off this extension because this is a GDPR nightmare!

So, what needs to happen is either

• enable the administrator to disable the view flagged privated discussions oprtion for himself
• remove the option completely

I hope you can understand my frustration with this.

[askvortsov1]

Hi! I'm a bit confused what the issue here is: from my understanding, the purpose is, in permissions, to allow other user groups (such as moderators) to see flagged posts even if they're private. I don't believe that this is an option that can be set on the flag itself by a flagger to make a post private. If anything, this helps comply with online protection laws, as it allows people who send abusive messages in PRs to be flagged and addressed by moderators and admins. Perhaps I'm misunderstanding your concerns?

[clarkwinkelmann]

If I remember correctly, before we implemented that, users could flag private message. Moderators could see the flags. But moderators couldn't see the posts that were flagged, making the flag feature useless.

The logical option was to allow admins to see the flagged posts. The reasoning is, admins can always look at the data anyway, they own the database. This permission allows them to transfer that power to moderators as well.

Theoretically it should also be possible to remove the ability to flag private posts altogether. I'm not sure if anyone investigated that option.

There's also the option of disabling the flags extension. The two don't need to be used together.

[studosi-flarum]

The thing is - you're seeing the whole discussion. Also, the problem is that it can be abused by the reporter. I'd somewhat understand if you were able to only see the reported post, but to have access to the whole conversation... That is just a big no-no in my book.

Due to my the nature of my community, I was able to turn flags off. The rules are... not very strict and I can respond to reports via private discussions if need be. But I don't think it's reasonable to enable someone to effectively deprive someone of their privacy with 2 clicks, nevertheless. I cannot prove in court that I didn't read the whole conversation despite the one message being reported. If it isn't limited to just the flagged message, you should be able to disable it. You might argue that this is to prevent bullying in private messages, but this can be used as a bullying method itself...

Otherwise you have to issue a different GDPR statement that in the case of a flagged message you'll be able to see the whole conversation. Now, is it just me, or can you see how bad this sounds as well?

[luceos]

Personally I think this relies heavily on the type of community you have and the terms of use you apply to it. I've never heard of any type of community that required complete privacy inside private discussions. I'd love to hear the scenario, feel free to do so privately on discord.

We could offer the ability to disable flags inside PD's, but as @clarkwinkelmann pointed out, admins often have direct access to the database anyway. PR's are welcome for this feature, but we won't plan on adding it - not me at least.

[studosi-flarum]

Alright, I'll visit the discord to chat about it when I get the time.