Confidential Information being shared from bogus account

Status
Not open for further replies.
I've been following this somewhat, and am still confused a little.

Vigilance's title indicates he is a "Registered User", can he even received EN World PMs? Or was he talking about some other form of instant messaging? He does have his Yahoo and AIM addresses public.
 

log in or register to remove this ad

JoeBlank said:
I've been following this somewhat, and am still confused a little.

Vigilance's title indicates he is a "Registered User", can he even received EN World PMs? Or was he talking about some other form of instant messaging? He does have his Yahoo and AIM addresses public.
Click to expand...

I was under the initial impression that it was a PM. It appears it was an email sent through the site.

Chuck
 

Vigilance said:
I was under the initial impression that it was a PM. It appears it was an email sent through the site.

Chuck
Click to expand...

Were you able to contact RPGNow? I'd be interested to see what course of action they wish to pursue.
 

reveal said:
Were you able to contact RPGNow? I'd be interested to see what course of action they wish to pursue.
Click to expand...

My impression is that without some way of identifying the person who sent the emails (hard for me to believe Im the only one who got one) that the issue is a non-starter.
 

Eosin,
I am not sure that harassment delivered via PM is actionable under the COC. As has been pointed out, it is not easy to ascertain the authenticity of a PM. Efforts to determine authenticity violate privacy policies and can violate local & federal law.

Sending threatening email through any method likely violates federal law. That should be reported to a law enforcement agency for advice on how to pursue it. Along that path, a court order might require EN World to try to track it down.

Vigilance, I understand your concern, but I don't understand what you expect EN World to do about it. Forging IP's is not hard. Forging email addresses is even easier. As well, through the wonders of Network Address Translation (NAT, or IP Masquerade) it is quite likely that you will have more than one person posting from one apparent address. All 474 people at my workplace will originate from the same IP Address because we use NAT with a private addressing scheme behind our firewalls. As well, my wife posts from the same address at home since we use NAT with a private address scheme at the house as well. From time to time, my friends might post from here as well since I often share my encryption keys with them so they can jump onto my wireless network when they are over.

It isn't an easy, straightforward situation where you can track down the sender. To do so likely requires technical assistance from more than one source as well as a legal order requiring this assistance. Otherwise, one or more people involved in tracking this down could be in violation of several laws.

As I said, I understand your concern, but I don't understand what you think they should be doing.
 

Okay, putting aside the question of legal action, let's look at it this way:

The person in question is clearly using their PM function to send information that is violating someone else's privacy, even if it isn't invading any privacy here on EnWorld. If the email being copied and pasted is one passed between two businesses in private, I think some of the statements in this thread regarding said email not being a matter of confidentiality are highly suspect. Third parties may not be in a legally strong position here, but EnWorld, as a private service provider (these messageboards) is in a position to use the information given them to act on their own without revealing any of that data to third parties.

It is perfectly legal for EnWorld to use their own, internal registration data to take internal action. Are they legally required to do so? Highly unlikely, unless a third party wishes to file suit against EnWorld for furnishing services that have allowed for a confidentiality breach and it can be illustrated that EnWorld took no intenal action (unlikely, but it's happened against Yahoo and similar services, which is why they are now so quick to dump yahoogroups that have allowed things like this to happen.) Does it illustrate a clear failing on EnWorld's part to have a matter such as this brought to their attention and have them state that they won't take any internal, private action despite their services being used for such activity? Yes, it most certainly does. It's like me sending a personal email (say, about my health) to a group of people I'm associated with--an email that has nothing to do with my business--and that someone creating a false account here to PM that email to other people. Regardless of whether it is illegal or not, the fact remains that something said in confidence is being spread through EnWorld's services. If EnWorld were to then tell me it wouldn't so much as take internal action (meaning they'd deal with it but couldn't tell me who was responsible), then yes, they are definately doing less than the law allows them to do and certainly less than their responsibility to their users demands. The fact that confidential business information rather than personal information is the subject of this particular instance doesn't change that.
 

Steve Conan Trustrum said:
The person in question is clearly using their PM function to send information that is violating someone else's privacy, even if it isn't invading any privacy here on EnWorld. If the email being copied and pasted is one passed between two businesses in private, I think some of the statements in this thread regarding said email not being a matter of confidentiality are highly suspect. Third parties may not be in a legally strong position here, but EnWorld, as a private service provider (these messageboards) is in a position to use the information given them to act on their own without revealing any of that data to third parties.

It is perfectly legal for EnWorld to use their own, internal registration data to take internal action. Are they legally required to do so? Highly unlikely, unless a third party wishes to file suit against EnWorld for furnishing services that have allowed for a confidentiality breach and it can be illustrated that EnWorld took no intenal action (unlikely, but it's happened against Yahoo and similar services, which is why they are now so quick to dump yahoogroups that have allowed things like this to happen.) Does it illustrate a clear failing on EnWorld's part to have a matter such as this brought to their attention and have them state that they won't take any internal, private action despite their services being used for such activity? Yes, it most certainly does. It's like me sending a personal email (say, about my health) to a group of people I'm associated with--an email that has nothing to do with my business--and that someone creating a false account here to PM that email to other people. Regardless of whether it is illegal or not, the fact remains that something said in confidence is being spread through EnWorld's services. If EnWorld were to then tell me it wouldn't so much as take internal action (meaning they'd deal with it but couldn't tell me who was responsible), then yes, they are definately doing less than the law allows them to do and certainly less than their responsibility to their users demands. The fact that confidential business information rather than personal information is the subject of this particular instance doesn't change that.
Click to expand...

The only evidence they have is from the recipient, because the admins can't access the contents of the message that was sent. And acting against a user based on a single, easily falsifiable report, is terrible policy. There would be nothing to stop someone from making an enworld account emailable and then saying "I got a message from Steve Conan Trustum containing a hundred SSNs and associated credit card numbers", and the enworld admins would have precisely as much verifiable evidence for that claim as they do for Vigilance's report. They don't want to get involved in that kind of headache, for which I don't blame them.
 

DanMcS said:
They don't want to get involved in that kind of headache, for which I don't blame them.
Click to expand...
Bull. I run a messageboard and am aware that there are legal ways to go way beyond the "meh" response that is being vocalized thus far. If the answer is "it's too much trouble to ensure a member's privacy isn't being violated" then I'm not certain that I'm (as a publisher and as just some guy who uses messageboards) sympathetic to that headache.
 

Steve Conan Trustrum said:
The person in question is clearly using their PM function to send information that is violating someone else's privacy, even if it isn't invading any privacy here on EnWorld. If the email being copied and pasted is one passed between two businesses in private, I think some of the statements in this thread regarding said email not being a matter of confidentiality are highly suspect. Third parties may not be in a legally strong position here, but EnWorld, as a private service provider (these messageboards) is in a position to use the information given them to act on their own without revealing any of that data to third parties.
Click to expand...

It sounds like they used the email function, not the PM function to which it appears Vigilance agrees to in post 32. Email is not a secure means of communication unless encrypted. To rely on email as a secure communucations medium is sort of asking for it. As seen here it can easily be forwarded on to other parties or in more extreme cases sniffed off the wire by a properly motivated individual. There is even doubt as to how much an email disclaimer at the bottom of emails can help you in regards to confidentiality and such.

Steve Conan Trustrum said:
I run a messageboard and am aware that there are legal ways to go way beyond the "meh" response that is being vocalized thus far. If the answer is "it's too much trouble to ensure a member's privacy isn't being violated" then I'm not certain that I'm (as a publisher and as just some guy who uses messageboards) sympathetic to that headache.
Click to expand...

In this case Spoony Bard has stated (in post 24) that the email module isn't maintaining a log of the input in the email form. So apparently there isn't much for them to even look at, click submit and the message is off and away with little history.

It's an option as to whether you want to accept emails or not through the site. If you don't want your privacy invaded then it may be best to disallow that option for your user account.
 


Status
Not open for further replies.

Similar Threads

Abstruse
Roll20 Hacked, Customer Information Possibly Exposed
Replies
3
Views
6K
Daraniya
D
Morrus
Evil Genius Games Attempts To Remove Bad Press [Update--And Then Adds Legal Threats!]
21 22 23 24 25
Replies
241
Views
71K
Saulster
S
ilgatto
Swords & Spells, or: Coming of Age (Being a Sequel to Duergar & Daemons, itself a Sequel to An Adventure in Five Acts) [Final Update] [25 Jan 2026]
Replies
8
Views
3K
ilgatto
ilgatto
Morrus
Judges Guild Makes Statement About Goodman Controversy [Updated]
31 32 33 34 35
Replies
343
Views
88K
chuckdee
chuckdee
AlexDJ
Kickstarter Gracewindale: Dungeon Master Screen II - 3D Printable Modular Game Master Screen and Accessories for TTRPG games
Replies
4
Views
1K
AlexDJ
AlexDJ

Recent & Upcoming Releases

Remove ads

Top