Suppression of Sensitive Information


(Alex Sherwood) #1

Earlier today a user posted their mobile number in this post Card still not working & it took a couple of hours after I flagged the post, for the moderator to it pick up.

I’m surprised that the number wasn’t automatically suppressed (automatically identified & hidden) & since it wasn’t, are there any safeguards in place for the forum at the moment?

I can post a 16 digit number 0000 0000 0000 0000 (card number) & a 9 digit number 000-000-000 (from my card) 000 (CSV). For most people it’s obvious that it’s not a good idea to post these details but even so, I think suppression should be put in place.

Also, this must be mentioned somewhere but the guidelines don’t mention that users shouldn’t post personal / account details etc. in the forum…


One of the things I love
(Adam) #2

issue with blocking all phone numbers is no-one is able to post the support number such as the below when a telephone number is important




(Alex Sherwood) #3

Ok but they can post a link to the page where the support numbers are listed.


(Rika Raybould) #4

I’ve experimented with automated dox protection on previous forums I’ve been on, sadly it has the same problems as trying to censor words or phrases. It becomes an unwinnable game.

The best solution I ever got was automatically silently flagging suspect posts and only showing them to trusted users until they had been verified clean. Also having a good moderation team on top of their flag queue, generally reviewing every post within 15–20 minutes.

Now, this community is a bit too nice to throw down those levels of moderation but certainly, getting posts flagged and reviewed quickly is the biggest step in solving any issues.


(Tristan Thomas) #5

Thanks for the feedback! Totally agree about personal information but as @RichardR says, I think that’s a game we can’t win forever. Users can flag certain topics and once enough people have, it should be automatically hidden and then one of us can look at it. Additionally, we’re pretty stretched at the moment so don’t get to spend as much time here as I’d like :frowning: But we’ll have a new community manager joining at the end of August :tada: So start thinking about improvements you’d like to see :wink:


(Alex Sherwood) #6

I appreciate that the automatic suppression wouldn’t be fool proof and as we’ve all seen, if someone wants to get around it, they can.
But it does remind the person making the post that the information shouldn’t be shared so it would cover innocent mistakes. Then, for anything that that gets past the automatic detection there’s the flags. But you’re then relying on a moderator picking up the post before someone who’s going to misuse the information.

I’m sure Discourse has the capability, it’s pretty common feature.

It took a couple of hours for a flagged post (because of a personal mobile number being posted) to be picked up yesterday & I’d be surprised if account details aren’t posted in the future…

Thanks for feedback by the way!


(Tristan Thomas) #7

@alexs Fair points. If you can point me to where to turn it on in Discourse/add a plugin, I’ll take a look this weekend :slight_smile:


(Alex Sherwood) #8

Great, there’s this feature which would potentially be more useful…

although it’s ‘planned’, not released yet so I might have been getting ahead of myself!

And you’ll have seen my tweet to Discourse to ask for other options :wink:


(Alex Sherwood) #9

Another quick update, I got some feedback about the feature on Twitter from Discourse

& carried on the conversation in their Meta site. This is what one of the co-founders of Discourse told me

and I’m hoping that they’re on release 1.6 now?

It might be tricky for me to pick up on the update, since I don’t have access to the feed of Discourse customer’s information so hopefully, if you can keep your eyes peeled, this will be ready soon!


(Rika Raybould) #10

Feed of customer information? Discourse is all open on GitHub though! :smile:

Or just keep an eye on the releases category of meta.discourse.org if you don’t want to stare at commits and pull requests to find where it gets added.