15 réponses à ce sujet

[Jeremiah12LGeek]

Hello. A bird fired off a request that I break down my experiences with privacy, so here's somewhere to start.

 

I may be editing this as I go, and I'll answer any questions about it as we go along.

 

The basics:

 

So, group privacy is both weird and buggy, but here's a definition of the basic terms as the site uses them.

 

The group privacy setting

 

Is a misnomer. It determines whether or not the group is privately listed or publicly listed. Essentially, whether it appears in the group list along with the rest. This is actually a useful function, but obviously the name is confusing as @#%$.

 

The member ranks

 

These primarily determine everything, and much of what we'll cover is how to make sure these are set up to protect the group's privacy.

 

The first thing to understand is that as far as the site is concerned, "member" means all members of the BioWare forum, NOT members of the group, specifically. This makes it a little easier to understand why everyone can see threads through portals and backdoors - it's because default membership applies to everyone on the site (even people without forum posting privileges.)

 

An Example of Settings/Membership Ranks

 

So, here is how one of the groups I know handled things, more or less (Ranks have been changed to save embarrassment from silly rank names.)

 

The Privacy Setting was originally private, and it wavered as we sorted things out, but eventually we set it to public. We were able to do so, being publicly listed, without our group's privacy being compromised.

 

From there, the way we broke down ranks was the tool for establishing privacy.

 

Default Rank requires that all privileges be unchecked. This is the most important privacy setting there is. This is what all members of the BioWare Forum have, so it's important to make sure that all privileges are unchecked for the default rank.

 

First Level Member Rank is what you would theoretically be approving with the moderator step. This is actually a two-step process, where the final step is to edit the member's rank from "default" to "Group Member." This rank had posting and viewing privileges, without which the default rank could only see the error message regarding the group being private.

 

Officer and Mod Ranks would have privileges like editing or hiding posts, approving members, stickying/unstickying threads etc. It can make sense to have more than one level of these, but with 70 some odd members it's probably not necessary to complicate things.

 

Administrative Rank(s) are actually quite important. These are the members who can edit member ranks and the Group CP. By default, the group leader has all administrative privileges checked. It is a good idea to have at least one other administrative rank, for emergencies (they do come up) when privacy gets buggy and you need someone to get into the Group CP and check the ranks for bugs or holes in security.

 

A quick note about administrative ranks, unless it has been fixed since then, a leader can't "give up" a group, although there is a function to pass on leadership. It merely clones the leadership rank, and leaves both members with leadership privileges (not that it ended up ever coming up in my experience.)

 

I have a bit more to cover, which I'll reserve a couple of posts for. This post will almost certainly be edited for clarity, as well, but ask anything you like (although give me 1 minute to reserve the posts, my computer is slow. )

[Jeremiah12LGeek]

Invites When Privacy Settings Are Secure

 

These can be a bit tricky, and there is a bug to watch out for (you may have encountered it already.)

 

To successfully invite someone to a private group, you use the invite function, but it is very important to coordinate a bit if you can, and make sure that only one person sends the invite.

 

One of the bugs happens when multiple invites are sent to an account before it accepts the first one, locking that account out of joining the group. It is temporary, but it can take days or weeks of hammering away at deleting all the invites and trying again to work around it (moral is - try and avoid this by only sending one invite at a time. )

 

So the steps in order:

 

1. Invitation

 

2. Invitee must click to accept the invite. Many click to view the group by accident, which ends in confusion when they are locked out. Clicking anything but the accept button won't work.

 

3. Moderator must approve the member, and manually change their rank from "default" to "Group Member." This activates the posting/viewing privileges, while preserving privacy from default members.

[Jeremiah12LGeek]

And...

 

The Bugs

 

Besides the above-mentioned invitation bug, the ranks can spontaneously bug out, as well. Unfortunately, there's usually not much way to find out this happened until someone lets you know the group can be publicly seen.

 

This has happened to me twice in two groups, and both times it was necessary to go in and create two new ranks, essentially to replace the ranks that weren't working, the default and member ranks.

 

The old ones couldn't be safely edited, because they were allowing public viewing despite having the privileges checked correctly. They look like they should be working, but they just aren't. We didn't delete them, but we left them unused, and replaced them with a new "default rank" and a new "member rank," making sure the privileges were checked correctly. Once the group CP was edited to make use of the new ranks, it corrected the bug that allowed back-door privacy in both times.

[Jeremiah12LGeek]

Okay, from there if anyone has any questions, I'll check back in periodically to see how things are progressing. If you need someone to test whether the ranks are working correctly after tinkering with them, I can help with that, too.

[Lady Artifice]

I'm trying to make you a group mod, Jeremiah, in the hope that you might be able to check my settings and verify I'm seeing everything I should be when editing ranks. But when I try to do so, I receive an error message. If I refresh it says something about my security passcode not working. I don't know what the problem is. 

[Jeremiah12LGeek]

I'm trying to make you a group mod, Jeremiah, in the hope that you might be able to check my settings and verify I'm seeing everything I should be when editing ranks. But when I try to do so, I receive an error message. If I refresh it says something about my security passcode not working. I don't know what the problem is. 

 

That definitely sounds like a bug, or something. It may necessitate posting in the Forum Help section to see if they know what's up.

 

They have made some changes, and one of them is to update the forum's security by routing everything through HTTPS. My best guess is that might have something to do with it.

[Jeremiah12LGeek]

For now, maybe try creating a temporary administrative rank, instead of changing me to an existing one.

 

Check the administrative privileges (allowing the creation/editing of ranks, especially) and that might be a back door to allowing me to have a look.

[Lady Artifice]

For now, maybe try creating a temporary administrative rank, instead of changing me to an existing one.

 

Check the administrative privileges (allowing the creation/editing of ranks, especially) and that might be a back door to allowing me to have a look.

 

 

I tried. I've got two new ranks now (pending member with nothing checked as the default rank and administrator with everything checked), but I can't seem to edit any group members any longer. This is frustrating. 

 

If anyone else that I've already set as a moderator can give it a try, I'd appreciate it. 

[Jeremiah12LGeek]

At this point, I would definitely mention something in the Forum Help section, specifically the security-related error message that you mentioned.

[Biotic Apostate]

If anyone else that I've already set as a moderator can give it a try, I'd appreciate it. 

I'm one of those people, and I'd be happy to help, but I don't have that function in the ModCP (the only tools are unapproved and removed content). Outside of that I can hide/remove posts and access thread management (pin, move, merge, close, etc.), but nothing else.

[Lady Artifice]

Okay (Darn it). I'll post something asking for help there tomorrow. 

 

The good news is, I think I might have resolved the group actually being hidden problem thanks to Jeremiah's advice. I've got two new member ranks, and one of them is "pending member." This is set at default, and no group privileges are checked for that rank. To make a long story short, I think the membership approval setting were actually working against us, because the settings work differently for groups that require manager approval to join as compared to groups that don't. 

 

If anyone has the means to verify this, I'd be grateful. 

[Jeremiah12LGeek]

I'm one of those people, and I'd be happy to help, but I don't have that function in the ModCP (the only tools are unapproved and removed content). Outside of that I can hide/remove posts and access thread management (pin, move, merge, close, etc.), but nothing else.

 

That makes sense. The Mod CP and the Group CP are split up to allow for the roles to be divided.

 

Most groups I know didn't create a backup admin rank with Group CP access, and there isn't one by default, so it may be tricky finding a way around it.

 

Okay (Darn it). I'll post something asking for help there tomorrow. 

 

The good news is, I think I might have resolved the group actually being hidden problem thanks to Jeremiah's advice. I've got two new member ranks, and one of them is "pending member." This is set at default, and no group privileges are checked for that rank. To make a long story short, I think the membership approval setting were actually working against us, because the settings work differently for groups that require manager approval to join as compared to groups that don't. 

 

If anyone has the means to verify this, I'd be grateful. 

 

I can have a look for you today, and at least check some of the common back door portals that I know about. I'll follow up a bit later.

[Jeremiah12LGeek]

Okay, I have a faster laptop to work with for a few hours, so I'm going to try and gain backdoor viewing access to the group.

 

The easiest test is if this post is the most recent group post. Obviously there are many groups, so it could take a while to get this first test done, but the social groups recent post portal is the biggest hole in group security, so if anything is wrong, that should be the first place to see the symptoms.

 

I may have to post a few times to successfully log back in check it successfully.

[Jeremiah12LGeek]

Okay, the good news is that the test was easily completed in one try.

 

The bad news is that the result is not the one we hoped for: the group is still visible to all members, even if only through backdoor channels.

 

This strikes me as almost certainly being related to the bug we struggled with before, as it is very similar, but I can't help but wonder if the changeover to https is partially, or even wholly, responsible.

 

I'm going to run a test on another group, to see if the symptoms are limited to this one. Either way, I suspect we won't be able to proceed without help from Bioware Site admin.

[Jeremiah12LGeek]

So, more good news, in that at least the other groups are still private. That means that this is almost certainly a variation of the bug I've dealt with before, and that makes me confident that there should be a way of dealing with it.

 

However, the bug that is making it impossible for the leader to change member's ranks is still disconcerting, and I'm pretty sure we'll need staff help to work through that one.

 

If there was anyone other than the leader who could change member ranks, we'd have more options for testing, but I think we're at a wall for the moment until we get some inside assistance.

[Jeremiah12LGeek]

I have had two ideas, one of which I would hesitate to consider even though I'll mention it.

 

Based on what Jessie Reid said, and my understanding of the https changeover, it shouldn't make any difference whether you're logging into the group with an old bookmark or not. But we should look into it, just in case.

 

This is related to why people couldn't access their notifications from whatever page they landed on when logging into the site after the switch. They had to access them from a page routed through https, which the bookmark (being old) wasn't. The permanent solution was to update the bookmark to the https page, which is what I did. According to Jessie Reid, this shouldn't be an issue, anymore, but just in case try updating your login link, if you haven't.

 

This would only apply if you login to the group using a bookmark made before the switch to https. You would need to navigate there without using the link in your bookmarks, then delete the old one and replace it with the page that starts with "https."

 

That probably won't make any difference (and you may have done it already for all I know) but it's definitely worth doing just to check.

 

The other option would involve attempting to exploit the leadership bug, which is a sketchy proposition.

 

That would involve you attempting to pass leadership to me. This would produce (hopefully) one of two results: The bug is still in effect, in which clase you "clone" your privileges to me, while retaining your status as leader. The other likely result would be that they fixed the leadership bug, which would result in leadership actually passing to me. At this point, you hope I don't turn out to be Donald Trump, and that I merely take advantage of the situation to go over the settings and see if I can find/fix the problem before handing the (now-functioning) leadership back to you.

 

However, in the world of buggy software, there are always more than two potential results. So, while those two scenarios are the most likely, they aren't the only possible outcomes, and there's nothing to say that cloning your privileges to me won't pass the bugs along with them, making the exercise pointless, at best (and potentially making it worse.)

 

So you should probably put that second idea on the backburner for when and if other avenues are proving fruitless.

 

And, maybe keep an eye on me to make sure I'm not dropping hints about how the DA forums are sending us their trolls and we have to build a wall.