Commentary is welcome, although this is just my own note on this project if it is ever implemented.
The idea to create an interceptor came up when a user asked whether admin has the ability to view all messages created and sent by a given website users. In its current form, the Elgg platform does not provide for such capability.. Therefore, if we agree in principal, then we have to manufacture some code to create this capability.
Initially, we started with a moral and legal discussion with respect to the question as to whether we, even if we have the capability, should tap into users' messages in a 'Big Brother' fashion. I personally do not believe that it is morally right to do so, and more importantly, it is clearly illegal. This was elaborated in this topic.
At the same time, my research showed that legal liability may be present in cases of a website operators' failure to take adequate steps in order to ensure that its users are safe from online predatory behaviours. This has, in some cases extended to matters as trivial as 'spam' where users collectively sued webmasters for failing to ensure that their website was protected against spammer attacks. Further, the initial inquiry about message exposure to admin was made by a user who operates a community of a sensitive nature where under-age users may use the messaging feature for illegal purposes, and therefore, it is imperative that some monitory measures be taken so that, where possible, any such danger is detected before it eventuates into actual criminal activity. Another real example is a website that is provided entirely for children less than 13 years of age. This environment represents a perfect ground for online child molesters, sex predators and paedophiles.. I've done some research over the past 3 weeks to learn about the methods they adopt to locate and lure their victims. I found that those criminals use ordinary language as they know that a child would not be familiar with any secret code for online crime and sexual behaviour. Therefore, we had to, in this instance, approach the interceptor project the same way as the infamous 'Phone Call' interceptor in the USA. This means that we listen more than analyse.. Simply because the language used is not complex or coded and requires minimum code-breaking.
Ultimately, I decided, and with discussions with Dhrup, to look into bringing the Messages Interceptor into reality.. And, I think I've succeeded.
The task is not fully complete as yet, but it certainly is progressing in the right direction. It has been a tedious process and is very demanding from a technical angle. Surely, the concept may sound a simple one, but in reality, there is so much to be considered on the backend level. And, even though the result coding is not a very complex one, the work I had to do to be able to create that code was relatively sizeable.
The ultimate result is illustrated in this topic.
The prime factors I had to take into account:
1. Will mask bad words with '*'s.
2. Will display safety threats as they are written.
3. Will contain the normal sender/recipient details.
4. Appear like any other message.
While the same message is intercepted and now forwarded onto admin and will:
1. Be free from any masking so that all words are displayed in original form.
2. Safety threat key words are highlighted.
3. The duplicate is not to be processed by the same code again because it was already intercepted.
4. The message is to appear as sent from admin to admin to avoid the interception (copy forward) appearing in the 'Sent Messages view' of any user.
The entire module is built in line with social networking and open source. This means that we will inject as much key words into the text files, but, we will continue to expand key words collections as we learn them from our users. This real life street approach will bring us as close as possible to successful interception.
There are other additions that can be planned for the future, some of which may include creating a separate view for which intercepted messages can be saved. Along with this, we might be able to create forms to manipulate these massages in cases where we want to note actions taken in response to the messages (The three strike approach). This may also be helpful in cases where messages need to be provided to authorities like the police, courts.. etc. if the need ever arises.
I expect work on this to be completed within the next 24 to 48 hours at which time I will provide a testing site along with login details for 2 users and an admin so that our users can test drive it.
I am still not sure if I am doing something good, or bad.. but I've decided that I will pursue it regardless.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
Carlos I understand the dilemma this brings to mind as I am completely against big brother, and the so called state sanctioned spying But ??????? the other side of the coin is not acceptable either.