In the middle of April, after a discussion about a troll who was sending disparaging Personal Messages (PMs) to new members, Elias decided to disable the PM feature, and I made the changes to the permissions to make sending PMs unavailable. Reading of existing PMs was still possible, but no new ones could be sent. I checked today, and none had been sent.
Moonbeam suggested that maybe we could disable PMs for only new members. After thought and discussion, Elias asked me last night to re-enable PMs, but not for "Provisional" or "Newbie" members. This means that if you have made 50 or more posts on the forums, you may send and read PMs, and people may send PMs to you. If you have made fewer than 50 posts, you may neither send nor read PMs, and nobody may send PMs to you. This leaves a small potential class of people who received PMs before April, but who have made fewer than 50 posts. They will be unable to see their existing PMs until they have made 50 posts. This class may be empty. I haven't tried to check.
Hopefully, these new settings will make it harder for a troll to poison the well, and will allow people to communicate in a less-than-public way. Remember, though, that PMs are stored in plain-text in a database table. Anyone with shell access to the Linux system hosting this web site, and knowledge about how to look at them, can see them. As far as I know, I am currently the only such person, and I do my best to not pry into private messages, except as I unavoidably see while looking for evidence of PM trolls. I so far have seen no evidence that any of our trolls managed to login, but if someone should break in, and there are always vulnerabilities that allow a dedicated goblin to do that, they will be able to read your PMs.
Bottom line: if your communication needs to be truly private, use a truly private messaging system, or at least encrypt your PMs before sending them here, so that the plain text is not in our database.
