[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Enforcing maximum time after posting to allow edit in Whonix Forum

Website
#1

i want to share an idea that i have seen it in some forums which is disability of fixing/modifing any subject after period of time (1 day , 4 days , week ,…etc). but how this going to improve the posts ?

1- if someone from the users forum got hacked , and he has an active & good subjects which is useful to others. so the hacker simply can change any subject written under his name and mess the whole posts and forum (if he has many topics).

2- if some conversations went to be heated conversation , so anyone can modify his comments and saying: well i didnt say that.

…etc

then how can someone IF NEEDED to modify his subject after the period finished ?

simply he request that from any admin in the forum for confirming his changes.

what about if someone going to say well we can c when did he last time modified his topic ?

yeah u can c that , but only what u can c is WHEN he modified his post, not WHAT he modified in his post.

thnx :slight_smile:

Edit by Patrick:
Changed title.

#2

I see.

The forum software has a setting “Maximum time after posting to allow edit”.

Any opinions on that?

#3

yes exactly that , just make the period of time or time limited (from ur opinion) that allowed for any post to be edited.

#4

There is now a case where exactly that happened:

#5

Deleted those, since after the user edit the thread was useless.

As for not granting edit/deletion requests:
This is legal question with no obvious answer. If anything, the forum rules would have to communicate that forum administration has the legal right to use posts after they have been submitted. Otherwise, maybe(!), the one who requests deletion has the legal right.

We haven’t established yet if we would prefer to grant or deny deletion requests. In case we want to grant them, the above legal question doesn’t matter. Otherwise it matters. I tend to grant deletion requests.

#6

yeah that what i was saying , its good thing that his subjects werent new or bug fixer …etc. but how about if we have someone with 1000 comment and witha aid of hacking or self doing the subjects/comments deleted or changed? well i think u should grant/activate that as soon as possible at least to not face sucha similar cases in the future.

#7

In most cases I guess there is no way to distinguish deletion requests and between identity theft + vandalism.

#8

thats true , but when someone requesting to change something, logically he wont change all of his topics in one day not even exceeding than 3 topics because thats going to be obvious its not him. also when someone got hacked and the hacker want to delete his topics, hes going to request that in the forum so thats will make it obvious to the original user because hes going to c that request and he know then that this comment is not by him (so we can say we r even giving time delay before the hacker mess). also we can make a limited editing per request like 3 or 5 editing only. in this case even if the user was hacked and the hacker requested the change order and we give him the permission to do so , he will not mess all topics which have been written.

#9

Depends. Some may just have an urge of “paranoia” and request everything deleted at once. Such as what I expected happened in the above example.

I don’t know how theoretic this is.

How many accounts get hacked and how often? And in how much of these cases, the attacker wants to modify the posts?

How often someone wants to delete all its posts?

The “we won’t do any edits after a certain time” idea stands on pretty shaky legal and ethical grounds. Implementation legal wise would be quite some effort having all users re-accept updated forum rules.

Idea…

  • a) lock edits after a certain amount of time so no mass malicious edit is possible and undetected
  • b) grant reasonable edit requests with fall back to c) if too many
  • c) grant whole user/all posts deletion requests
#10

preventing it from now , will make things better in the future even if they r less to happen. also i would ask whos going to modify his comment after one week from typing it ?. for later time we can add this ability also “download all your posts” for even further safety to the forum users comments/posts.

#11

Unlikey, same reason as here:
https://www.whonix.org/forum/index.php/topic,1143.msg8474.html#msg8474

#12

Doing the following for now…

  • lock edits after a certain amount of time so no mass malicious edit is possible and undetected -> [font=arial]Maximum time after posting to allow edit[/font] set to [font=arial]1440[/font] minutes (1 day).

  • grant reasonable edit requests with option to fall back to c) if too many/abusive edit requests

  • grant whole user/all posts deletion requests if user is able to authenticate

#13

well thats awesome step to do , great job. so from now on , even if someone stolen any password of any user he cant destroy the whole topics. :slight_smile:

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]