![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
charmianRegarding this comment which I linked in an earlier post.
The person who made the comment has responded, explaining their remarks, in a comment to that post.
To summarize it, the person says that they heard from a volunteer that the volunteer looked up someone's history of support requests in the course of investigating a support request that the user did not feel was adequately dealt with. However, this does not seem to me to necessarily indicate any kind of abuse of power.
Also, to reiterate something: all public posts (unless I make it technically impossible to do so, like turning off comments) are open to comments from anyone (that is, unless you're a spammer/leaving OT/inappropriate comments).
The person who made the comment has responded, explaining their remarks, in a comment to that post.
To summarize it, the person says that they heard from a volunteer that the volunteer looked up someone's history of support requests in the course of investigating a support request that the user did not feel was adequately dealt with. However, this does not seem to me to necessarily indicate any kind of abuse of power.
Also, to reiterate something: all public posts (unless I make it technically impossible to do so, like turning off comments) are open to comments from anyone (that is, unless you're a spammer/leaving OT/inappropriate comments).
no subject
Date: 2010-05-26 10:00 pm (UTC)no subject
Date: 2010-05-26 10:23 pm (UTC)The sort of thing that would make me concerned would be a scenario like -- say someone has provided their password even when they're told not to, and it gets moved to a private category. Say they later have a mobile problem, and their mobile number is part of the troubleshooting, and it too gets moved to a private category. Say they sign one of their support requests with their legal name, which they've taken off of their journal three years later, but it's still on the support request. Say they send in troubleshooting stuff for post-by-email, and they've used the last 4 of their SSN as their post-by-email PIN. Even without access to the payments category, an unscrupulous person would then have access to enough information to start in with the identity theft, or at least seriously fucking with their shit. (Though this is probably a bad example, because most of the key information gets moved private.) But that's the level of badness that could happen as the result of various legitimate situations, combining it, and an unscrupulous person with access to the put-together data.
no subject
Date: 2010-05-26 10:28 pm (UTC)I guess in that situation, you'd need to be really careful about who is granted access to see such information. (I'm not sure how they normally handle this? NDAs? Contracts? Bonding?) But then, identity theft is illegal as well.
no subject
Date: 2010-05-26 10:46 pm (UTC)no subject
Date: 2010-05-27 12:03 am (UTC)no subject
Date: 2010-05-27 12:03 am (UTC)So is 'support history' considered something that's private? Isn't keeping records sort of conventional practice in customer service offices?
no subject
Date: 2010-05-27 12:51 am (UTC)(If I were still LJ staff, and reading those comments in the news post, I would've lost my shit on them. Because holy fuck is that a wrong thing to say.)
no subject
Date: 2010-05-27 01:03 am (UTC)Yeah, I suggested to them that if that wasn't what they meant to imply, they should leave a comment clarifying what they meant. I think people should take responsibility for any allegations they make, by clearly retracting them if they can't stand behind them any more. >_<
no subject
Date: 2010-05-27 01:46 am (UTC)"Locked" in the context of an entry is, of course, non-public.
"Locked" in the context of a Support request is "the user cannot re-open this request", used (as we know, Bob) only in the event of a particularly argumentative-and-getting-nowhere exchange. It says nothing about the privacy.
So if someone got into a heated exchange that was then locked (so they could not re-green), but it was not also moved to a private cat, and then this was referenced, if that fundamental misunderstanding about the meaning of a "locked" support request was in place, I could see that misunderstanding growing and causing alarm.
Wait a second...
Date: 2010-05-27 03:35 am (UTC)1) I joined a community in 2006 that discussed LJ Abuse. It was called LJ Abuse Abuse because Abuse was hated by them; the comm was designed to act as a sort of troll in itself of LJ Abuse. I believed a lot of what I read in this comm, so I repeated it, 4 years later, in the brief original comment I made on the LJ news post linked to in Charmians's other entry.
2) I also very briefly mentioned that I knew for a fact that LJ volunteers could go through closed support requests. In the reply I got to that on LJ I was asked so what. I didn't reply to that, because "so what" is complicated and actually personal in nature. I have since explained to Janine in Charmian's other post what "so what" entails. Now that you all know:
a) This post and the comment you have attached to it and to the other post makes me look like I got hysterical and worked up over nothing, which could not be further from the truth
b) Nobody has edited this "Update" to explain otherwise, which makes it an unfair discredit to my name
c) Charmain asked me to add more clarifying info to the LJ thread I made my first comments in, so I edited my first LJ comment tonight to link it to her post, which now contains sensitive info that has probably gotten me and
two other peoplethe support volunteer into hot water and possibly stirred up the other LJ user who inspired what I see as an actual priv abuse - whoops...c) and you're going around talking about flipping your shit and saying how could I confuse the issues when I never did. I can't account for what happened, though, when the rest of you all read my comment. Again, only now with an afterword:
Locking is a waste of time if you're trying to hide posts from LJ staff. Closed support requests can be viewed by an assortment of folks as well, not just staff. I have never seen official word on it, but I have had plenty of unofficial words over the years with those who have privs, and I used to lurk in communities like LJ Abuse Abuse (yes, that's two Abuses in the name; it was made up of former angry volunteers - I used to troll them years ago) on how they're able to use those privs, if they want. It's nonsense on any LJ-based platform to think that your entries and/or closed support requests cannot be seen by anyone who's staff, and by certain volunteers as well. There are volunteers on this site trusted beyond all shadow of a doubt, who do a lot of good for the site, normally, who have admitted to me that...well, just guess the rest. It's nonsense to think that locking a post or closing a support request keeps those away from any of them.
Afterword: this part, where I wrote, "I have never seen official word on it, but I have had plenty of unofficial words over the years with those who have privs," is the *only* part of that entire comment where I was combining info from people in the LJ anti-Abuse comm who said Support was reading flocked posts with what I learned from someone who was abusing (at least, to my mind) his privs to snoop on closed support requests of another user. I have messages from this person (for some reason, it's multiple copies of the same message) to prove it. I would not like to prove it. It was not my intention to get this person into hot water, only to warn others to watch out for LJ staff/volunteers abusing privs - if he did, I think anyone would. I hate to say that, but once my trust is gone, it's gone.
I would like to see the OP your comment is attached updated (an update of the update) to add the extra info I've given Janine since it was posted, and I would like you to calm down.
Also, I'm on my laptop now, which has the touchpad from hell, so if I missed accidentally erasing anything I'll try to add it back in if I can.
Re: Wait a second...
Date: 2010-05-27 03:53 am (UTC)Yeah, the point you're telling me to calm down is the point I leave the conversation. You told people to tell you if you were wrong. I told you that you were wrong, drastically so, and explained why.
Considering that I was the manager of the LJ abuse team from 2003-2007, I certainly do remember
For the last time, whatever you have been told is wrong, you are using the false testimony of people who have a grudge against LJ and against the Abuse team in particular as Holy Writ, and you are getting worked up over nothing. Volunteers have no access to your locked entries, staff members don't go reading locked entries for shits and giggles (the privs that allow people to do that is strictly limited in who gets it,and all uses of them are logged -- complete with reason for its use, in one of the two cases -- and frequently audited by someone who will ask "wtf" if their use looks non-legit), and your comments both in
Looking up someone's past support requests is not "snooping", nor is it an "abuse of privs". Any experienced support volunteer will do it twenty times a day.
I'm done here. At this point it's pretty clear that you're just looking for a reason to mistrust LJ, and that's certainly your option, but I have better things to do than to try to convince you that you're tilting at windmills.
Re: Wait a second...
Date: 2010-05-27 05:36 am (UTC)staff members don't go reading locked entries for shits and giggles (the privs that allow people to do that is strictly limited in who gets it,and all uses of them are logged -- complete with reason for its use, in one of the two cases -- and frequently audited by someone who will ask "wtf" if their use looks non-legit) - so vulva's incident never occurred - 'scuse me (you really are running for cover here)!
and your comments both in news and here in charmian's journal have directly conflated "staff is reading your locked entries" with "experienced volunteers can get an easy list of previous support requests you've opened", which are not even in the same zip code. - you mean "confused", and the answer is still no, they were not conflated nor confused, even if they were read that way, and I think I've re-stated just for extra-sparkling clarity at least six times already between this post and the other one that I was talking about two separate things, and which two separate things, so at this point, the conflation/confusion cannot realistically still be on me, since I have stood on my head to clarify and...
Just for more clarity, since I think I can see now what the problem was:
When I wrote: "It's nonsense on any LJ-based platform to think that your entries and/or closed support requests cannot be seen by anyone who's staff, and by certain volunteers as well." I meant it in that order: entries/staff, closed support requests/volunteers...I can be extremely condensed in my writing, and I don't always immediately get that it's confusing even if some confusion like this is pointed out to me...
When I wrote: "there are volunteers on this site trusted beyond all shadow of a doubt, who do a lot of good for the site, normally, who have admitted to me that...well, just guess the rest. It's nonsense to think that locking a post or closing a support request keeps those away from any of them." I should have clarified: post/staff, support request/volunteer and staff. I just noticed that I left the post/staff part out (I wish I would study my comments the way others sometimes do, then maybe I could avoid this sort of problem)...
Looking up someone's past support requests [to satisfy your own curiosity and/or for your own edification, not to help anyone out!] is not "snooping", nor is it an "abuse of privs". Any experienced support volunteer will do it twenty times a day.
Really? I have about had it here in that case, too.
Re: Wait a second...
Date: 2010-05-27 06:39 am (UTC)It's not confusing, it's what you wrote. If you write and/or, that can mean 'and'. So let's look at that sentence with an 'and' in it:
How does the closed support request part of the sentence only apply to the volunteers here?
If everyone is reading what you wrote as something, than maybe they are not missing the point, but you actually wrote something else than you thought. And if you are accusing people of doing something they shouldn't have done and it turns out they were well within their rights to do so, the usual thing you do is to apologize, not go on and on saying "well, maybe they did" fifteen more times.
Do you even get that you are accusing people you are replying to here of doing these things? Do you get that when you say "LJ support volunteers" do these things, that the people who are talking to you here were or still are volunteers and they feel like they are having to defend themselves from these allegations? That if you say "staff did that for fun", there is a former staff member here who looked at those logs for years and is saying that no-one did it for fun back then. (And why would you think she is referring to the current situation,seeing as Denise hasn't been LJ staff for a few years now?)
Apparently, you'd rather trust Abuse LJ Abuse, which was a very sketchy community back then.
Re: Wait a second...
Date: 2010-05-28 02:32 am (UTC)Frankly, I don't believe that this post amounts to an 'unfair discredit to your name.' I believe I accurately summarized the comment in question (the one I linked to). I then added my opinion on what you have said. (I should note also that I don't feel your level of alarm matches the facts of what you said, and I continue to feel so even after having read all of your comments. It may be that we may simply have a difference of opinion on these matters. In any case, I think that if you disapprove of the policy of LJ support, you should talk to the people in charge of support directly.)
no subject
Date: 2010-05-27 06:40 am (UTC)And I would have loved to see that. Holy Mother of... something.
no subject
Date: 2010-05-27 01:20 am (UTC)I'm not sure, off the top of my head, exactly what level gets the ability to view support history, but it's not just any random who wanders in and starts answering requests.
As a part of normal operations, people who are answering requests may toss a link up and say "Can you check to see if they have any other requests about this same issue open?" or something of the like, and someone with the ability to find them will gladly look through, and provide the links to other related requests, or other simultaneous requests, with other relevant information, to anyone who's helping. So while the ability to search is restricted, the public results of the search are shared with people helping out in the course of their work.
Some jargon that may not be transparent to a non-Support person:
A "closed" support request is one where someone, either the user or an administrator, has come and marked the request as resolved. This is done by the user when it's resolved, by an administrator when it looks resolved but the user hasn't returned to declare it resolved after a reasonable amount of time. This does not affect the privacy of the request.
A "locked" support request is a slightly different beast. There are certain support requests where the user and the people answering the request get into a back-and-forth that does not resolve easily; if someone gets too argumentative, there is the capability for an administrator to close the request such that it cannot be re-opened by the user. This is potentially still public, depending on whether this support request is in a public category or a private category; in the context of support requests, "locked" has absolutely nothing to do with privacy, but I see how someone could get confused.
"Private categories" are basically areas of the support board that are not public; as JD said, you can tell a request is in this when there is the yellow information bar at the top that says this is not publicly visible. You can see these if:
a) you are the person who opened it, logged in
b) you are logged out, and you have the security code that is only sent to the person whose request this is (private category requests where it's known that someone's been sharing that link get closed with no further information shared in that request, for privacy reasons)
c) you have actually been granted the priv to view that particular private board, in which case you have a signed NDA on file, and you do not discuss those requests with someone who doesn't have same, like JD said.
I do not have the privs to view any private boards.
no subject
Date: 2010-05-27 08:49 am (UTC)For requests submitted via the web page, this is easy to determine. For requests submitted via email, as far as I know you are allowed to see it if the email address the request came from is the same as the currently validated address of the account that's trying to view the request.
(I ran into this when I couldn't see requests I had sent to support@ [especially support review requests] because I was sending them from pne@lj; once someone told me - or I found out somehow - about the email matching, I submitted them from my validated email address instead, and then I could see them while logged in as