We recently we had to deal with a suspected breach of privacy by a former admin of the site. Here we’re going to do our best to answer questions about that event, so that we can then leave it in the past and do what we came here to do; talk about esk8.

We’d like to begin by noting that we had no precedent for this kind of situation – this series of events has never occurred during the forum’s lifetime. We didn’t do everything right. We’ll own that and explain where we failed. In this post we are not confirming or denying the validity of the logs that were found, that can be done, if needed, at another time.

Important background: esk8.news had 4 admins until last week. Damon, Bill, Mike, and Jamie. Mike and Bill had some recent public, and private, disagreements, but generally we’ve gotten along well and have supported each other.

Mike had come under scrutiny by some forum members, for some out-of-character behavior; abrasive responses, moving content when it didn’t make sense. The admin pool was notified and that lead to the creation of new rules for mods and admins that were publicly posted.

The platform we use to run the forum, called “Discourse” provides little control over permission that site Admins have, at least in the default installations without complicated customization. Essentially, Admins can see everything, and thusly requires strong dedication by Admins to not misuse those priveledges. For example, Admins can see logs of all user activity, and they can review system logs to review all system events. Another feature that is available to admins is the ability to see ALL content that a user generates on a site, including the user’s personal messages to other users (PMs).

On August 23rd Bill turned on a logging feature that tracks instances of Admins checking personal messages of users. By default, this system feature is turned off (which seems like a terrible default). The feature is called “Log personal message views by Admin for other users/groups.” When engaged, if an admin account accesses a personal message, a record will show up in the system log. There are other ways to trigger this log entry. We explored this in a new thread we created on the Discourse Community forum: https://meta.discourse.org/t/when-does-it-log-check-personal-message/162285/4

On August 24th, Bill noticed two entries in the system log showing that personal messages were viewed through with Mike’s admin account. He notified the other admins, which was absolutely the correct step to take. We had some online discussion through telegram, and made a plan of action. The plan was: 1) admins have a call that night to discuss our approach to resolve the issue 2) Have a discussion with Mike to get his side of things 3) Reconvene the admins and decide on a final course of action.

We felt it was very important to closely review what happened before action was taken, and before a serious accusation was made. It is often that an entry in a system log does not show the whole, irrefutable truth about human behavior. Logs can be triggered indirectly, and we wanted to be diligent and respect each person involved.

The next day Zach made a public post about the log entries that were identified. Zach’s post was well-written, and well done. The problem was with the timing of it. We had agreed to talk to Mike about the logs first, and then reconvene to discuss the right course of action. We had agreed that this was a serious accusation that warranted discussion and careful thought before we made an accusation. We were frustrated because Zach’s post defied our plan, and meant that we didn’t have the chance to hear Mike’s side of things before action was taken.

When asked, Zach explained that others, outside of the mod\admin pool already had screenshots of the system log, and that it was already publicly known. This is now less than 24 hours since we first met to discuss the incident. We were surprised, because at the time only Damon, Bill, and Jamie knew about the incident. Assuming that Zach had taken the screenshots and distributed them to external parties before we could execute our plan, we removed Zach’s mod permissions and temporarily silenced his account. A public statement was then made about the issue.

The next day some discussion occurred, and Zach denied taking or sharing the screenshots. Zach is upstanding, so we believed him. The issue was, then, who in the admin pool sent system log images to an external party? When asked, Damon said it wasn’t him, Jamie said it wasn’t him, Bill said it wasn’t him. Bill later confessed that it was him. When this was discovered, Bill’s mod and admin rights were removed, and his account was temporarily silenced. At this point, we believed that Bill had not only taken the screenshots and shared them with an external party, and disrupted our plan to address the breach, but also allowed Zach to take the blame for his action for a full day. We were also concerned that there was further action was intended; if sharing screenshots of the system log was possible, what other actions could occur? We wanted to understand Bill’s intent before we changed his account status again.

This surprised and saddened us, because we also consider Bill to be an upstanding person and a friend. A close friend. A personal apology was sent to Zach for the misunderstanding.

Here’s where we seriously screwed up : We temporarily silenced both Bill and Zach’s accounts, but we did not silence Mike. His mod and admin rights were removed, but we did not silence him during the “investigation period.” In hindsight this was a very major mistake, since the others were silenced. We will learn from this, and make sure we don’t make that same mistake in the future.

We learned just recently that, in fact, Zach, Bill, and the external party they shared the system logs with were aware of each other’s activities, and had worked together. This means that Bill and Zach were actually supporting each other and trying to support each other as they each accepted blame for about sharing the screencaps.

The other big mistake : Somewhere in the interactions between the admins, there was clearly a breakdown in communication and understanding about how the incident would be handled. Bill and Zach (must have) believed that the issue was not going to be dealt with appropriately, leading them to take action outside of the agreed-on plan, and in defiance of the rest of the admin pool. While we can’t condone going “rogue” and making accusations without proper investigation, or being dishonest to the admin pool, we must respect their intention to be truthful and diligent to the community.

We hope that Zach and Bill will accept our apology. They have both contributed tremendously to this community, and this forum would not be as vibrant and successful as it is today without their hard work and input. Both accounts are now available to them and we hope they will continue to engage here.

We’re thankful to the community while we derp’d our way through this messy situation, and hope we’ve answered enough questions for everyone to feel at ease.

( original thread here: Breach of Privacy Update [SERIOUS] )

So what did Mike have to say?

Mike just blamed it all on Andrew

I love you @BillGordon and @Zach

Nothing about what is planned to happen or about the fact the admin/mod pool is now empty?
With all due respect, all that remain are those who were the least active in the community. Presence in discussions plays a big role on a chat platform

It was my understanding that the statement was to be about what happened. Future plans probably need another thread and a bit of time.

I am with @taz tho, and I would like to know what Mike had to say when the admins talked to him.

But how did Andrew get banned because of all this?

This whole thing stinks. And I feel that none of the decisions could be considered correct.

I don’t agree with the sacking of two admins who shared the information informing the person who was the victim sure you can’t control the narrative from there on in but it really isn’t your call even as an admin.

And on the same vein I don’t agree with saying they broke the rules by sharing information so they’re banned because they felt it was going to be covered up which I would consider a sackable offence too, atleast in the court of public opinion.

Would this post have even been made if it hadn’t? Who knows. And there in lies the problem. I’d be inclined if I ran this place to re-enstate the ‘sacked’ admins and chalk it up to experience for the future.

Would they want to after the shit show that ensued. No I wouldn’t either and it makes me sad.

Can we get a concrete answer on this? or I am just going to assume that Andrew had a mark on his back when he repeatedly called out @longhairedboy’s relationship with Jeremy Bogan in the NeoBox fraud thread.

It all seems like a very forgiveable offense on all parties from where I’m standing. It was a big oofda but if all parties can recognize that there was no malice or malintent, which it seems there wasn’t then I don’t see why we can’t all just move forward. And learn from all this. I still strongly feel as tho people generally need to just chiaallll all around here. Love you all

I too want to believe that there was no I’ll intent but what was the reason for reading users pm tho?

I thought it had to do with Andrew being his usual self about a vendor (we all know who it is) but I can’t understand why this would be a reason to go read those private messages.

He didn’t. This has nothing to do with Andrew’s behavior or Andrew’s silencing. Andrew did not make anyone here do anything and was not silenced because of anything he did relating to this incident at all.

I only ever spoke to Mike once via PMs. It was actually me who found all the facebook Pixel Ids and cloudflare accounts linking neobox and boaweels and I Pmed him all the details. He seemed like a stand up chap. I really want to know why he read private PMs. He seemed so nice

Why is Andrew banned then? We really need to know because @longhairedboy and Andrew’s relationship was tense at the best of times and this is making me very uneasy.

Yeah I guess that’s why many of us are so confused about this.

Among other stuff

I have a theory. Andrew and Mike would sometimes clash re:Trampa. IIRC, Mike accused Andrew at some point working for or with Trampa on a remote. With Andrew starting his new freesk8 stuff, Mike might have gone in to dig up dirt.

Well his account got deleted, i would consider that a ban. On the screenshot he posted before the deletion you denied to bring it back.

What will now happen with Zach and Bill? Will they get their spot back? Where is the whole Mike story, why it even happened? What will the future look like? New mods? New rules?

Andrew has the DRI account anyways, it’s not like he’s been removed from here

I just find it super suspect he got deleted without anything (that I could tell) done wronf? I get that he ruffled lhb jimmies and would go a little extreme but I didn’t think that was worth the deletion. If i’m supporting the site, i feel like id like to be privy on such actions. The day to day is run by mods/admins but the banning of prominent members seems like it should at least be discussed? Maybe i’m wrong🤷🏽

So only one account per person? Just because he can create a new one isn’t justification for deletion either…