OneFora banner
  • Welcome to OneFora - This is an invite only resource for our Mod and Admin team; all threads are kept behind a login. Please see your Area 51 section to join.

User Profile Page - Email / Password

2815 Views 34 Replies 11 Participants Last post by  Fastturbo
G
Hey Everyone,

We have made some changes around user email addresses and passwords. We want to keep the discussion on these two topics in this thread.

New Feature;
Allow users to reset via Username
- Users can now reset their passwords via username in addition to email.

Product release notes :
  • Like
Reactions: 3
1 - 20 of 35 Posts
Hello all,

@jbanks15
@Ross Wittig
@ossodiseppia
@jwko
@Old Navy
@Mike Lang

The plan is to make it easier for you to help people help themselves when it comes to their account -- and keep private data private. One way we’re doing that you can see below with new password reset tools.

User emails will look like this in the Admin CP: j*[email protected]*****.com

Keeping a person’s private data private should help us (you and VS) build trust with your members, and it ensures privacy regulations are followed. That means looking deeper at the reasons moderators use email addresses to determine how to solve the underlying problem. We’ve listened to why you would’ve needed to see an email address, here’s what we’ve heard so far:
  • Helping users regain access
  • Spam / fraud control
  • Contacting a user
Are there any other problems you are trying to address with this information? If you tell us what else you needed to see an email address for, we’ll add it to the list to see how we can solve the underlying problem.

For a password reset, you won’t need their email address. You can send a reset password email from the Admin CP with the click of a button. We have also included the ability for a member to reset their password with their username. This would send them an email and show them something like j*****[email protected]********pe.com to remind them what email address they have associated with their account.

Some of you asked ‘what’s a hard no in changing?’ Masked emails is probably one of them. Some of you asked, ‘then, tell us why?’ No problem. It’s really around trust and protecting each other. We trust you to help take care of your community, and we want to help you not have to deal with issues like privacy and data. Someone also mentioned, ‘just have us sign an NDA.” That would only do so much. If the email is exposed in the system, it’s exposed. We don’t need to have you sign anything to trust you - we already do. The plan is to be best in class with trust and privacy. To that end, we don’t want all VS employees to have access to user emails either. In fact, we’re looking at ways to make sure those who need it are kept to a minimum.
See less See more
It would help when email banning knowing what to ban. At the very least, and I'm just speaking for myself, make the domain visible.

Even my own email is hidden away from me. LMAO!
@AG Jeff HOGWASH! I might get fired for this, but here goes.

It's really a bunch of crap. One of the most important ways of communicating with our members has been taken away from us. Privacy concerns is just an excuse. We keep things private all of the time. We know how to respect privacy and we know how to manage the forums we manage.

As I mentioned in a previous post, confidentiality agreements can easily be drafted and signed by all moderating staff.

I'm sorry folks, your way of rolling out and updating the forums is really bad. It's clear to me that whomever is steering the ship has no clear direction, only a destination. The steps that need to be taken are clearly missing. This whole transition from vBulletin to Xenforo has been poorly thought out and implemented.

This Labs site is here for the developers to get feedback and input from some of the most experienced Admins and Moderators. It seems to me that many of us Admins have more experience at doing our jobs than you. Why aren't you doing a better job of listening?

The changes that have been and are being implemented affect our user experience, not to mention that of all of the members. Isn't the goal to make the user experience better? You guys are frustrating us.

A while ago, I posted about a guy who signed up with the username ****. I temporarily banned him and reached out to him via email to start a dialog with him. If I ban a member, how on earth can I communicate with him? What am I or another Admin to do, if in a situation like this? We ban a member, but have no means of communication with them? Do we ask one of you and wait two to three days for a response?

There are not enough of you to support the demands of the Admins from over 800 forums. The response time is pathetically slow. Most of the replies that I get seem to be from someone who lacks the skills to help us with issues.
See less See more
  • Like
Reactions: 2
Here's another situation. There's a member on our site who has posted the same question in several threads. One of the Moderators has sent him a message asking him to stop. He's also been pointed to the answer. The member has not read his conversation because he doesn't know that hes getting messaged. So, if Admins could email the member, we would get him and stop and provide an answer to the member's question.

The only tool I have to stop him is ban him.
  • Like
Reactions: 2
@ossodiseppia We are going to have a meeting very shortly to discuss rolling back this change until such a time that we are able to ensure that all of your concerns are met, and that your jobs are EASIER not more difficult.
We once again VERY MUCH appreciate your candid, thoughtful, and helpful feedback. Thank you.
  • Like
Reactions: 4
I guess I am ranting. Reading through the VerticalScope Privacy Policy, I found the following statement:

We limit access to personal information to employees, representatives and service providers who require access in connection with their job responsibilities.

"Can someone smarter than me please explain the difference(s) between employees, representatives and service providers?"

Keeping things private is about trust. When folks sign up on one of your bulletin boards, they trust that VerticalScope, it's employees, representatives and service providers will keep their data private who require access in connection with their job responsibilities.

Where, in the above quote to Administrators and Moderators fall? We aren't employees, nor are we service providers. In a sens, we are service providers. We provide a service to the members and the owners of the bulletin boards. We are also representatives as we represent the owners of the bulletin boards and act on their behalf. And, we do it for FREE.

Keeping this private is about trust. A person who signs up on one of your bulletin boards doesn't need to read through the terms of use or privacy policy to know that their data will be kept private. Or will it? Privacy = trust. Confidentiality Agreement means trust.

As an Admin, I should not have to fight so hard to get you folks to understand the every one of the Admins and Mods on your 800 plus forums are in positions of trust and do not abuse the privilege of having access to confidential information.

Here's something else that I and several other Moderators and Admins have discussed. In years past, some of us have been threatened with law suits.

If one of us is sued, is VerticalScope going to step up and pay for our legal representation? This is a valid question.
See less See more
  • Like
Reactions: 2
@ossodiseppia Some honest feedback in return as well... while I will agree with you that we make mistakes from time-to-time, including this one kind of getting "out of the right order" (eg. fix the problems before you mask the emails), I would argue that having moved 414 sites to a new platform, growing traffic significantly (to forum sites that many industry people claim are on their deathbed) and also doing over 40 software releases since last May... the old platform, and in fact vBulletin itself, probably has not witnessed that level of software release in a good 5 years+. We are trying, and we ARE listening. Otherwise you and everyone else wouldn't be here.

The problem with any sort of development is... not everything is perfect, or goes to plan exactly how you'd like. Inherent with change, you make mistakes. How quickly you can recover from them is more important than if you make them. Telling a team they can make 0 mistakes is the death-knell. We could do ZERO updates, and that would make our team's job much easier. We could say... here is what XF delivers out of the box and we're not going to touch it. Some people may even prefer that.... but, we believe there is real value to be added through new features that XF doesn't offer, real concerns & feedback that users have to make the platform better, at scale, things we can do better than XF out-of-the-box (eg. Search, Recommendations, Memberships, etc.) and real concerns that legislators and privacy officials WILL have at some time... and that includes having 10,000 moderators and administrators having access to email addresses. Email is considered private & personal information under both CCPA and GDPR. Its not a game we're making up - its real to our business and to your forums.

So, I guess, I will take an issue with the fact that we aren't listening, and this whole thing is poorly thought out. I would instead say.... THANK YOU FOR YOUR FEEDBACK.... and keep helping us to identify the errors so that we can correct them, and work with you guys to make your jobs easier. We have a vested economic interest in the success of forums, and there is nothing, personally, that I want more than for forums to be very successful not only in 2020, but in 2030 and 2040 as well.
See less See more
  • Like
Reactions: 2
@ossodiseppia An employee has a clear legal definition. Where it affects forums the most, is that once you are an "employee" then you are no longer covered by useful legislation that governs user-generated content, and in particular copyright laws, and section 230 of the 1996 Communications Decency Act.

according to which (simply put) no “interactive computer service” should be treated as a publisher or a speaker, hence should not be liable for what had been expressed by means of user-generated content (UGC).
We cannot be responsible for your user-generated posts. We would spend every day of the rest of our lives in the courtroom fighting frivulous lawsuits.
G
Hey @ossodiseppia, real quick one: no one's getting 'fired' for speaking their mind and providing us feedback. It's even hard for me to type 'fired' as the last thing I want is this group to feel like it's a job, and for you to feel like you can't enjoy leading the communities the way you do. I'm bringing together the team on this, and we'll follow up very shortly like Rob mentioned.
  • Like
Reactions: 3
Thank you, Jon. I am retired and have been since 2014. If I have to spend hours of my time pounding the table to get someone to listen to common sense, then it feels like a job.

I spoke out on the email address censorship two months ago.


9 days ago, @AG Jeff said in his post:

We will most likely not be giving admin address to full emails as they will be truncated to protect user privacy and adhere to current industry best practices.
I replied and in my post I said:

If VerticalScope wants to hide email address from the Admins and Moderators, you are tying our hands. Many of us have had to deal with problem children in the past. The way we have done it is through our personal emails to make it more personable. We've even called members who have caused us problems. We prefer these methods of communication because they are more effective

I am sorry, Jeff, I don't buy the industry best practices line. The Admins and Moderators we have on the AlfaBB are all exceptionally bright and responsible. We go into a user's profile to get their email address only for AlfaBB business. That business is solely moderating. We do not abuse the privilege of having access to their email address.

The best practice is for VerticalScope to draw up a confidentiality agreement for any and all moderators and admins to sign.
I think It brought this issue up in a timely fashion allowing for enough time for the development team to discuss and make the necessary changes.

Thank you for listening to me.
  • Like
Reactions: 2
Thank you, Jon. I am retired and have been since 2014. If I have to spend hours of my time pounding the table to get someone to listen to common sense, then it feels like a job.

I spoke out on the email address censorship two months ago.


9 days ago, @AG Jeff said in his post:
This has been an ongoing and animated discussion for a long time, I have said on many occasion that when I look at 'view all' I'm Staff, that is pretty simple to understand, I've also said out loud and in private conversations here and with modadmins on my home forum before my invitation to Labs that I want all the rites I had under vB back, there is NO valid reason why I can't as far as I'm concerned, that is a 'gimme', I (and my fellow admins) have faithfully served P4x4 and its members for years which also means I have faithfully served Verticalscope.

We have come a long way in the past few months, this and Premium Membership are the final hurdle as far as I'm concerned.
Right now the tool we have to sort spam or duplicate accounts is the approval queue:

This will show the duplicate accounts from the same IP address and allow us to mark as spam and clean the content the same as One Click Ban however it will not ban the user IP address. The problem we run into is shared IP addresses at public locations, schools, libraries, workplaces and if we ban those we could be locking out current valid and future users.

We will most likely not be giving admin address to full emails as they will be truncated to protect user privacy and adhere to current industry best practices.

Approval Queue
When we have alerts in the approval queue, found near the upper left-hand corner of the site, it is much easier than it looks like at first glance.



You will see "StopForumSpam matched". Beside it, it will give reasons for what caused it to be flagged as possible spam. In this case, it gave us 3 reasons, username, email, and the IP address. With all 3 reasons being flagged, this is very likely spam, and I would likely choose the spam clean option. If it had only said the username was flagged as spam, that is not enough for me to reject this.


How do we decide? We use our best judgment at the time. If we choose to approve one, and we are wrong, it isn't a big deal because if they do end up posting spam, we can simply ban them as spam at that time.

Jeff M
I sorry, But this program is hurable. 1% of my bans comes from here. It misses duplicate emails all the time and I find the dig into their profile(s), and go "Dang" everytime I find them. I will not ban on on a IP Address alone and this why I need access to the email Address. Without it and above program not working - they go free until they caught in the act of samming.
  • Like
Reactions: 1
I sorry, But this program is hurable. 1% of my bans comes from here. It misses duplicate emails all the time and I find the dig into their profile(s), and go "Dang" everytime I find them. I will not ban on on a IP Address alone and this why I need access to the email Address. Without it and above program not working - they go free until they caught in the act of samming.
That's sort of how I do it as well. Although most of the time I'm fairly sure by IP, I also Google 'username + forum' and sometimes the email address and view activity on other forums, if available.
  • Like
Reactions: 2
HaHa, What a coincident, I just got a Spammer now, who drives a 2003 Black Ford Focus and is a Auto Consultant from Gillingham, Kent, United Kingdom, Europe. "Stop Forum Spam" data;

Username: tobygiant
Email Address: M*@y.com
IP Address: 185.244.9.47


So I'm assuming his email Address is; [email protected]

Should I Ban Him?!?
Its iffy. That name has registered on several forums over the past few weeks. That's usually a sign of a spammer but if you have no IP matches with other accounts might be best to hold off and watch them. Just my opinion though.

No close IP or name matches on fordforums and no direct IP matches in my old saved files.

*edit - I think I've strayed off topic and may be in for punishment. hahaha. Sorry

**edit - I got an Idea. Create a forum where all VS-AG forum admins can get together, have fellowship, help each other, compare notes & ect..
  • Like
Reactions: 1
Wow, great feedback, folks.

I want to start off by apologizing to the paid staff for being a little to "forthright" with my comments and finger pointing. As I understand things, it is management within the company that is dictating the privacy policy without actually understanding what the Admins and Mods need to do their jobs. It was explained to me that we are in the trenches and the folks here are the ones that take our feedback to management. The folks here are the filter between us and them.

So, thank you for listening to me and putting up with my crabby nature.

Below is the list of the reasons why we need access:
  1. helping them gain access back into an old account that they have lost access too
  2. being able to use that email address to contact them if a PM (conversation) does not work
  3. to help manage fraud/spam/duplicate accounts through various processes outside the forums
  4. If they have been banned, there is no other way to communicate with them
  5. It makes for a more personable way to communicate with a member
In years past, we have given some users a suspension because of the behavior. During the suspension, we had need to communicate with them. So, email was THE option. In some cases, email became inconvenient, so we would talk to them on the phone. The only way to get their phone number was through email

I've also noted:

We don't get paid for what we do.
We are doing VerticalScope a favor
We do it for the love of the marque and owners (I'm assuming most of the sites are car related)
See less See more
  • Like
Reactions: 4
G
Wow, great feedback, folks.

I want to start off by apologizing to the paid staff for being a little to "forthright" with my comments and finger pointing. As I understand things, it is management within the company that is dictating the privacy policy without actually understanding what the Admins and Mods need to do their jobs. It was explained to me that we are in the trenches and the folks here are the ones that take our feedback to management. The folks here are the filter between us and them.

So, thank you for listening to me and putting up with my crabby nature.

Below is the list of the reasons why we need access:
  1. helping them gain access back into an old account that they have lost access too
  2. being able to use that email address to contact them if a PM (conversation) does not work
  3. to help manage fraud/spam/duplicate accounts through various processes outside the forums
  4. If they have been banned, there is no other way to communicate with them
  5. It makes for a more personable way to communicate with a member
In years past, we have given some users a suspension because of the behavior. During the suspension, we had need to communicate with them. So, email was THE option. In some cases, email became inconvenient, so we would talk to them on the phone. The only way to get their phone number was through email

I've also noted:

We don't get paid for what we do.
We are doing VerticalScope a favor
We do it for the love of the marque and owners (I'm assuming most of the sites are car related)
Thanks :D
Now Rob is the CEO, and Jon is the VP of Community engagement, and they are here to listen!

The CM team gets to be the Administrators 100% for a change ;)

So we need to organize the chaos that is a community, ROLE REVERSAL!!!

When we roll something out or ask for your feedback, it is because we bring that feedback to the planning team, is it always going to be done ASAP, no, will it be how you envisioned it, probably not but what we are asking is for you to be PART of that change, shocking right!

You all know me, some of you I have worked with for almost 10 years now. We have been through this journey together, things are changing and we REALLY want you to be part of that change. The only way to accomplish that is to work together, forget how things used to be, and have faith that it will be better.

Let's take square avatars, you asked, we listened, we delivered. There is a lot of resources going into planning and building this new platform, Things will take time to build, we need to plan ahead so we can build a better future. You are being asked to be part of that because we value you, and we know that you are what makes forums thrive.

Have a bit of faith and take a moment to think about how far we have already come. Nothing is set in stone, and your feedback is critical to getting things right.

What I would ask is that you help us! we release products here first, test them right away, give us clean direct feedback, the CM team then collets that feedback and share it with the planners and product people!

Thank you again for reading this, I know it is long! and thank you all for everything!
If any of you need a chat or would like to just vent, shoot me a conversation or I can give you a call!

OK Im done :D
Helena
See less See more
  • Like
Reactions: 4
I want to start off by apologizing to the paid staff for being a little to "forthright" with my comments and finger pointing. As I understand things, it is management within the company that is dictating the privacy policy without actually understanding what the Admins and Mods need to do their jobs.
Actually, it is management that stepped in here to listen to you guys and get the change reverted :) LOL ?

"Management" is a terrible word. I am more of a car & forum enthusiast than anyone out there (home electronics too Mike!) ... the fact is, we as a company are a group of people really passionate about what we do. I spend more time on Labs than anyone (check out my post count!) and I read almost every single thread in-depth.

So... I will take the sword on this one, because at the end of the day I'm responsible for EVERYTHING that goes wrong, because in some way or another, I approved what was being done, even if not intimately involved in the details.

BUT... I'm also the one that pushed hard for the change to be reverted, and am having it pushed forward ... and that is why we have Labs. So I can hear your feedback first-hand.

So hopefully, in our company, Management isn't the one getting blamed, but rather is a part of the positive change. That's a big culture change. I don't want management being blamed. I want you to have access to us, and I want to build this damn thing together :)

Hope that clarifies! And again, thank you for bringing the concerns up so we can do something about it!

p.s. I will work with the team to better anticipate these problems, so we don't launch things that will cause problems in the first place!! One thing we have identified... adminCP changes will be done on Labs first and have a 2 week comment/feedback period before going live to production.
See less See more
  • Like
Reactions: 5
Thank you for this. It helps me understand the process a bit better.

I am joking when I say this, but it looks like there is no swear filter. You get a 2 point infraction for swearing. :eek:
  • Like
Reactions: 2
1 - 20 of 35 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top