Enforcing maximum time after posting to allow edit in Whonix Forum

TNT_BOM_BOM · April 10, 2015, 4:59pm

i want to share an idea that i have seen it in some forums which is disability of fixing/modifing any subject after period of time (1 day , 4 days , week ,…etc). but how this going to improve the posts ?

1- if someone from the users forum got hacked , and he has an active & good subjects which is useful to others. so the hacker simply can change any subject written under his name and mess the whole posts and forum (if he has many topics).

2- if some conversations went to be heated conversation , so anyone can modify his comments and saying: well i didnt say that.

…etc

then how can someone IF NEEDED to modify his subject after the period finished ?

simply he request that from any admin in the forum for confirming his changes.

what about if someone going to say well we can c when did he last time modified his topic ?

yeah u can c that , but only what u can c is WHEN he modified his post, not WHAT he modified in his post.

thnx

Edit by Patrick:
Changed title.

Patrick · April 10, 2015, 6:42pm

I see.

The forum software has a setting “Maximum time after posting to allow edit”.

Any opinions on that?

TNT_BOM_BOM · April 10, 2015, 9:34pm

yes exactly that , just make the period of time or time limited (from ur opinion) that allowed for any post to be edited.

Patrick · May 29, 2015, 4:54pm

There is now a case where exactly that happened:

Patrick · May 29, 2015, 5:09pm

Deleted those, since after the user edit the thread was useless.

As for not granting edit/deletion requests:
This is legal question with no obvious answer. If anything, the forum rules would have to communicate that forum administration has the legal right to use posts after they have been submitted. Otherwise, maybe(!), the one who requests deletion has the legal right.

We haven’t established yet if we would prefer to grant or deny deletion requests. In case we want to grant them, the above legal question doesn’t matter. Otherwise it matters. I tend to grant deletion requests.

TNT_BOM_BOM · June 11, 2015, 3:09pm

yeah that what i was saying , its good thing that his subjects werent new or bug fixer …etc. but how about if we have someone with 1000 comment and witha aid of hacking or self doing the subjects/comments deleted or changed? well i think u should grant/activate that as soon as possible at least to not face sucha similar cases in the future.

Patrick · June 11, 2015, 7:23pm

In most cases I guess there is no way to distinguish deletion requests and between identity theft + vandalism.

TNT_BOM_BOM · June 11, 2015, 9:16pm

thats true , but when someone requesting to change something, logically he wont change all of his topics in one day not even exceeding than 3 topics because thats going to be obvious its not him. also when someone got hacked and the hacker want to delete his topics, hes going to request that in the forum so thats will make it obvious to the original user because hes going to c that request and he know then that this comment is not by him (so we can say we r even giving time delay before the hacker mess). also we can make a limited editing per request like 3 or 5 editing only. in this case even if the user was hacked and the hacker requested the change order and we give him the permission to do so , he will not mess all topics which have been written.

Patrick · June 11, 2015, 10:18pm

Depends. Some may just have an urge of “paranoia” and request everything deleted at once. Such as what I expected happened in the above example.

I don’t know how theoretic this is.

How many accounts get hacked and how often? And in how much of these cases, the attacker wants to modify the posts?

How often someone wants to delete all its posts?

The “we won’t do any edits after a certain time” idea stands on pretty shaky legal and ethical grounds. Implementation legal wise would be quite some effort having all users re-accept updated forum rules.

Idea…

a) lock edits after a certain amount of time so no mass malicious edit is possible and undetected
b) grant reasonable edit requests with fall back to c) if too many
c) grant whole user/all posts deletion requests

TNT_BOM_BOM · June 12, 2015, 7:22am

preventing it from now , will make things better in the future even if they r less to happen. also i would ask whos going to modify his comment after one week from typing it ?. for later time we can add this ability also “download all your posts” for even further safety to the forum users comments/posts.

Patrick · June 12, 2015, 12:32pm

Unlikey, same reason as here:
https://www.whonix.org/forum/index.php/topic,1143.msg8474.html#msg8474

Patrick · July 15, 2015, 10:57pm

Doing the following for now…

lock edits after a certain amount of time so no mass malicious edit is possible and undetected -> [font=arial]Maximum time after posting to allow edit[/font] set to [font=arial]1440[/font] minutes (1 day).
grant reasonable edit requests with option to fall back to c) if too many/abusive edit requests
grant whole user/all posts deletion requests if user is able to authenticate

TNT_BOM_BOM · July 16, 2015, 10:40am

well thats awesome step to do , great job. so from now on , even if someone stolen any password of any user he cant destroy the whole topics.