I haven't any control over this and I'm just seeing this now. No worries, I respect your privacy.
Messages sent in/out/from/via the Private Message function on this server are stored in plain text in the SQL databases. This means that anyone who can access the SQL databases (limited by IP, strong password, and encryption when stored locally) can read any of the "Private Messages" you send to each other.
In theory it is as close to 100% secure as one can make it. However - I still feel that full disclosure and informed choices are the best policy with security and privacy.
If you have ANYTHING that you are concerned about please feel free to Private Message me. *grins*
For the record, frankly, nothing one does online is ever private or completely secure. That being said, all interactions with the databases are limited to the localhost and this should prevent anybody other than those people directly affiliated with Gł Solutions from accessing the data. (If they can, well, the last thing they're going to be curious about is your private messages. You'll have to trust me on that one.)
What is MORE secure? Nothing really. I will consider changing it if I can safely do so without impacting server performance. I have added a modification which allows you to email one another via the email buttons - those are not, to the best of our awareness - logged anywhere for very long though the record will still exist in the logs as outbound packets via sendmail protocol.
Is this any different then anywhere else, anything else, or any other site or forum? No, not really. I'm probably just the only one who's really wanting to make you aware of it now that I've noticed the information is retained and I also want to ensure that you know that all backups are stored (data at rest) in an encrypted state.
Possible solutions include using the MD5 hash to disable the plain text storage of the private messages. With such a large volume of data that becomes a rather difficult process and is likely to be compute cycle intensive to the point where it would certainly be considered abusive by myself and I'd have to then ban myself and kick me off the server this is housed on.
Just so you are aware, this doesn't affect passwords or the likes. All passwords are encrypted using the MD5 hash which prevents them from being reversed. (They could be looked up, of course, but those records are pretty pathetic and not entirely accurate so there's no cause for alarm with anything that is security related, it is just a matter of privacy and now that I'm aware of this situation I wanted to ensure that you heard about it, knew about it, and were able to make an informed choice as to the content you put into the private messages.)
Again, if you have any concerns, please contact me via the private message function or via email at
kgiii@kgiii.info and we'll work on it from there. As this is an abnormal situation this post will remain unlocked for the time being and those wishing to add comments, ask questions, or state their feelings are welcome to do so here as well.
Please understand me when I say that I will personally continue to educate myself on this subject until I'm more certain of the methods used but at this time it appears as if all sent, saved, read, and unread PMs are stored - even after being "deleted" - in plain text in the database. From a forensic view that is a good thing and it will help to ensure that we're able to investigate complaints should they ever happen however it is something I feel very strongly about and would like to know that you are all aware of the circumstances. Additionally - it is an assumption, at this time, that when I clear out data via the admin interface that older private messages are then deleted from the data on the server. I can not confirm that at this time and that still does not completely address the fact that the data is also stored locally, though encrypted, for 6 months on a weekly schedule. So, please, remember that regardless of the security involved you should not ever enter any information into a Private Message that you would not want to be made public.
KGIII
Gł Solutions
