Remove user's email address from the moderator "new user registration" emails

[dfabulich]

Right now, the "new user registration" emails to moderators include the user's email address. That's bad, because it means that IFDB users' private information now resides in all moderators' email archives. If we decide to "fire" a moderator, there's no way to claw that information back.

Occasionally, it can be informative to see the user's email address (e.g. gmail addresses containing a lot of dots are typically spammers) but Akismet's spammer identification system can typically identify those spammy emails for us. (I don't think we've ever seen an email with lots of dots that Akismet didn't identify as spam.)

I don't think we need more than the Akismet judgment and the StopForumSpam counts to make decisions on these emails; if we do need to see the full email address, we can just include a link in the email to click through to the website to see the actual email address.

[curiousdannii]

That's bad, because it means that IFDB users' private information now resides in all moderators' email archives.

That's a fair concern. Ideally there'd be a moderator control panel in the IFDB software itself so this can all be better managed without going offsite.

[dfabulich]

There is a moderator control panel, but it's not as convenient as clicking links in the emails.

[fos1]

I disagree. Emails are not protected personally identifiable information. They can be changed at will and faked. It is a necessary identifier. It is provided by the user and they know at registration that it will be used for administrative purposes. A moderator cannot adequately screen users.

On my own very small forum, I get approximately 100 severe spammers that slip through the automated spam systems. A manual check is the only way to begin to ferret them out.

It could be argued that we have too many moderators. Either the moderators are going to have authority or they are not.

On Fri, Feb 26, 2021 at 12:04 AM Dan Fabulich notifications@github.com wrote:

There is a moderator control panel, but it's not as convenient as clicking links in the emails.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/iftechfoundation/ifdb/issues/714, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADDAWSMSNRMBIWPDYUPGLW3TA42YTANCNFSM4YH2Q4NQ .

[qdacsvx]

As someone who uses ifdb, I might fear if I'm banned from one IF website, will my email be passed around and I won't be treated fairly on other IF websites?

[fos1]

The spam filtering software systems add you to their spam lists. Moderators are pretty useless if they can't verify your email address. I do it on my discussion forums everyday. most listed spammers have their IP addresses, user names, and email addresses listed as much as 1000+ times. About 100 confirmed spammers try to register on each of my small sites each month on average. That is why they are called spammers. Forum (social site) administrators have to have a means to identify the miscreants.

On Sat, Mar 6, 2021 at 5:18 AM qdacsvx notifications@github.com wrote:

As someone who uses ifdb, I might fear if I'm banned from one IF website, will my email be passed around and I won't be treated fairly on other IF websites?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/iftechfoundation/ifdb/issues/714, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADDAWSNF432AGUZ3NI4PGNLTCIFR3ANCNFSM4YH2Q4NQ .

[dfabulich]

I wanted to clarify that in no case would the emails be altogether hidden from moderators. Since you have to click through to the website to take action on moderator emails anyway, I just meant that you'd have to actually go to the website to see the email address, so it wouldn't just be sitting around in your email archives automatically.

[dfabulich]

It's not clear whether we should ever do this, but we certainly shouldn't do it until we do iftechfoundation/ifdb#616.