Invisible access for administrators.

[detlef Köppel]

Is it possible for an admin to participate in sessions unnoticed and invisibly?
Like it is possible with some chat programmes.

Thanks Detlef

[Fred Dixon]

Not at the moment.  We don't have the ability for an invisible user to join the session invisibility as it would trigger a number of privacy issues.

What is the use case that you have for such capability?

Regards,... Fred

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/aadb013f-9762-4d46-8a5c-869f545474b7n%40googlegroups.com.

--

BigBlueButton Developer

http://bigbluebutton.org/

Like BigBlueButton?  Tweet us at @bigbluebutton

[detlef Köppel]

I have received data protection requests and wanted to explicitly exclude this. Thank you Fred for the quick reply.

[Merlin Brasil]

I would appreciate this also. It could be very useful to be able to document abuse online.

Thanks, Merlin

[basisbit]

Personally, I hope this does not get implemented, because it would further shatter people's trust in typical BBB installs which are operated outside of their control.

If it gets implemented nonetheless, please at least make it disabled by default and if disabled manually by default show this as part of a notification before a user enters a session. Nowadays the majority of the world thankfully has implemented some kind of privacy data protection laws.

[Fred Dixon]

Hi Basisbit,

No plans to implement this at the moment. 

Regards,... Fred

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/0d17de13-e061-4953-b34b-8d7fcccf4336n%40googlegroups.com.

[detlef Köppel]

Thank you for the feedback, I just needed to know because our data protection officer asked about it. Personally, I agree with the basic bit and don't want to be secretly observed :-)

[Jean Pluzo]

Hello everyone,

I'm glad to hear this is not being implemented.

Privacy is a big issue in some parts of the world. If BBB had a "spying" feature (this definitely sounds like it), many schools and universities would have to stop using BBB. Not because they wanted to, but because they would have to.

If you revisit this topic in the future, please don't implement such a feature.

Regards,

J.

[Merlin Brasil]

I understand your concern, but I don't see it as a 'spying feature'.

I see it more as a warning to all that they shouldn't have any expectation of privacy, a fact in this world.

Those who DO spy for a living will always find a way to intercept conversations, innocent or otherwise.

This prevents 'bad actors' from doing 'bad business' in a good environment.

My solution is to have a separate totally encrypted forum for VIPs after they've undergone a KYC process.

These are then KNOWN GOOD  ACTORS who need and appreciate the needed privacy.

Regards,

Merlin

You received this message because you are subscribed to a topic in the Google Groups "BigBlueButton-dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/bigbluebutton-dev/wHKJUTCEqiA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to bigbluebutton-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/2905b47c-6c94-4c18-a670-5615af81455cn%40googlegroups.com.

[Marcel Hellkamp]

Sorry, but this raises some major red flags.

First of all, eavesdropping on private conversation is straight up
illegal in some (most?) countries. In Germany, you can go to jail for
that. Sure, professional spys do not care about laws or privacy or
morale, but you as a service provider should. Want to destroy the trust
of all your users and get sued? Go ahead.

Sorry to tell you that, but you are not a spy or law enforcement
officer. It is not your job (or your right) as a service provider or
administrator to hunt down and convict 'bad actors', whatever you mean
by that. Do you plan to eavesdrop on every single meeting? Or just
customers/colleagues/students/children you are personally interested in?
You see how bad that sounds?

Your last point is particularly unsettling. You want to imply to your
regular users that all of their conversations could potentially be
snooped on or recorded, just to teach them a lesson that 'nothing is
private in this world' and then sell that privacy you deliberately took
away from them as an extra feature to VIP users? What!?

I really hope you do not work in a school context with that attitude. Or
in any context where people have to trust you.

Regards,
Marcel


Am 08.02.22 um 17:47 schrieb Merlin Brasil:

[Jean Pluzo]

Hi again,

@Merlin

- True. It might be that we're deviating away from privacy. But shouldn't we help, were there's still privacy?

- Also true. Spies will find a way. But shouldn't we make it harder for them, or at least try?

- To keep in mind: even those good actors could be exploited, be it by themselves turning into bad actors or someone else impersonating them.

@Marcel

- I agree with you. Perhaps a bit too extreme where you say "sell that privacy". But, in the end, this could be the case, as we have seen with countless apps for smartphones which sell the "no-ads" version.

It's interesting to see different points of view. I cannot say I'm neutral in this matter, and, as I've already said, I hope the BBB devs never implement such a feature.

Regards,

J.

[revertandreturners]

I dont see the issue with this.. as long as users are aware of Admin having private access to calls.

I train and would love to assess students without them knowing when im there.. once they see me in a room, their conduct changes..

i'd like this with consent.. - maybe sending them a report after to inform users..

[Phill. Whiteside]

Hi,

as this seems a bit of discussion, having people know that moderation can take place without the moderator being announced is not - in theory - a bad thing. As we in UK. EU, NZ and other countries around the world abide by the rules[1] unlike, for example, USofA And the AUofS, Russia and China with their 'wonderful' data laws. I would much prefer servers in the listed countries. A soft touch and not missiles / tanks does seem better> Not declaring yourself as not needing a court order to oversee spying on your populace is similar.

Regards,

Phill.

1. https://securityscorecard.com/blog/countries-with-gdpr-like-data-privacy-laws

1. 

--

You received this message because you are subscribed to the Google Groups "BigBlueButton-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/9054a723-837d-4a30-a6f9-0e53c30a2d03n%40googlegroups.com.

[Kernel Subbiah]

Hi all,

Those who are looking for monitoring activities of whom so ever with this feature have to remember one thing, traditionally it is not the way to assess something. If you need to assess/rank/evaluate there are huge possibilities and ways to do that. Invisibility/Spying is not the way to go. Can they deny that it is called as spying those who argue the positive points about this.  Spying is an act you do when you lack compassion with the fellow human. 

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/CABmcvjgUV1VGmHeXEFQkUzf-1FN5svyXPVrRy%3D5zusWt2K3cTA%40mail.gmail.com.

[Phill. Whiteside]

Hi Kernel,

as Teal'c would say .... "Indeed".

Regards,

Phill.

And, for anyone who didn't understand, watch Stargate SG1 :)

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/CAEhaJhA7EbgnH27SJB8T9vKxU%3DZR4%3DqfMeL1SS4xxWcMehrTaw%40mail.gmail.com.

[sd...@distancelearning.cloud]

Major industry around protecting corporations rights in the US.   If its In the workplace,  its not spying, its monitoring, and expected as part of general employment agreement.

https://www.worktime.com/12-most-asked-questions-on-us-employee-monitoring-laws

 

They can even monitor your personal devices you bring to office in same States.

 

Curious how this is in Europe?   Does the corporation retain rights on its devices/networks?

 

Regards,

Stephen

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/CAEhaJhA7EbgnH27SJB8T9vKxU%3DZR4%3DqfMeL1SS4xxWcMehrTaw%40mail.gmail.com.

[Phill. Whiteside]

Hi Stephen,

to give a quick understanding, as the "USofTo hell with your rights" has had the agreement to allow data from Europe to transferred there revoked[1]. Microsoft + Apple had previously asked that 'The defender of the Free' adopt GDPR, they were turned down. 

So, they fall under the same remit as Russia, China etc. There are ongoing court cases and it does explain why OVH (my server provider) based their "North America" expansion in Canada, both for Hydro-Electric and the Data Laws.[2]

Regards,

Phill.

1. https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_en

2. https://gdpr-info.eu/issues/third-countries/#:~:text=The%20third%20countries%20which%20ensure,United%20Kingdom%20and%20South%20Korea.

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/089e01d82a43%244c74ad40%24e55e07c0%24%40distancelearning.cloud.

[sd...@distancelearning.cloud]

So here is the same info on UK companies.

https://www.worktime.com/12-most-asked-questions-on-uk-employee-monitoring-laws#:~:text=monitor%20company's%20computers%3F-,Yes.,used%20appropriately%20and%20not%20improperly.

 

So if condition of employment requires signing your consent away… it is also done in UK if I read this right.

 

Although notifying employees about monitoring is a must, obtaining consent is, on the other hand, unnecessary in some cases. According to Regulation of Investigatory Powers Act (RIPA) 2000, these exceptions allow businesses to intercept and record communications (including communications via social media) without consent:

• To ensure compliance with the regulatory or self-regulatory practices or procedures relevant to the business.
• To show company standards that are or should be met by employees.
• To prevent or detect crime.
• To investigate or detect any unauthorized or misuse of the telecommunications system.
• To ensure that the system operates efficiently.

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/CABmcvjikE4Zb457ZtFqSQ6UcH5xb4Cy-_yzqNfxHh724_vbzCQ%40mail.gmail.com.

[basisbit]

One of the major use cases of BigBlueButton are online teaching. Those very often include people who are not employed by a company, and rather often those are students who are especially protected by data privacy regulations. (not just CCPA/GDPR, but much stricter ones).

The much earlier discussions in this thread established that implementing such a feature as proposed in the first post would probably cause serious trust issues in the software and thus would nullify one of the key "advantages" over other common online teaching or online conferencing tools and thus would harm the BBB project.

BBB already gives server administrators quite a lot of tools for curating content if necessary and if legally allowed in your use case: for example default-enabled always-recording, default-enabled extensive logging, admins can just join as visible participant to any currently running meeting and make them self mod, and more. If anyone wants more "spying"/control abilities: BBB is GPL licensed, you may implement the wanted changes for your own deployments. You may also create a pull request for that - however don't be surprised if that doesn't get merged or if that then causes a flame war.

I don't think that this group here is the right place to further discuss personal opinions or preferences regarding this part of data privacy and protection. If you need the feature for your use case, just implement it or pay someone else to do that. No need to further discuss this sensitive topic here, imho. 

[Phill. Whiteside]

 Hi Steven,

It is something you sign up for, not something done without being told. For example, each time I phone a UK company, the robot on the ansa fone tells me "All calls may be monitored and recorded".. Doing so without informing the caller / participant is illegal. Read section 1 of the regulations - put there so people read it 1st :)

But, we do seem to be digressing. I do not have lawful reason to intercept or monitor a BBB presentation / conversation on either of my instances. Any add on that allowed such, would be disabled. That is why my servers are not in USA, as they don't even need a court order.

Regards,

Phill.

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/08e701d82a4f%24022742a0%240675c7e0%24%40distancelearning.cloud.

[Phill. Whiteside]

Hi basisbit.

Well said,

Kindest Regards,

Phill.

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/9b5d3027-17d8-4f12-8731-eef0fc4bfa7en%40googlegroups.com.