Privacy & safety concern: Mark all old entries as private should be free?

[iamsosmart]

Title:
Privacy & safety concern: Mark all old entries as private should be free?

Area:
Entry privacy

Summary:
Instead of requiring a paid account to set all past or newly imported entries to private, Dreamwidth should offer it as a free option to help protect the privacy and online safety of users. (Caveats below.)

Description:
Currently Dreamwidth only offers free users the ability to set the privacy of all NEW entries to "access list only" or "just me (private)". It is also impossible to set a single privacy level for imported entries as they're being brought in; by default they retain their privacy settings from the original source journal.

This can be a problem, particularly with older journals (imported or otherwise) where, in the past, the user wasn't as careful with the sharing of personal information as they should have been. It can also be an issue if a user suddenly has someone harassing them (online or offline) over the content of their journal and they wish to hide it, or if they wish to privatize their content for any other reason (such as worrying that a new employer may be Googling them, or being found by a family member).

In cases like these, the only option for the user in question is to delete their journal, or to go back and manually change the privacy of each and every public journal entry. For established journals, or journal compiled from a number of imported journals, this just isn't feasible, which isn't really fair or reasonable considering that the user in question may already be very anxious and the situation may be urgent.

Users should have the right to be able to privatize all of their entries quickly. On the other hand, I realize that there are processing and data concerns, and that Dreamwidth has costs to manage.

So my proposal is this: offer free users the option to set all of their past entries to private, once.

However this may, potentially, present problems for users who set their privacy and then later import a journal with entries they also wish to lock. In light of that, offering tokens for mass entry locks, offering the option of setting a single privacy setting for imported entries, or imposing a frequency restriction for mass entry locks (such as one request per three months) might be acceptable. denise has kindly pointed out to me that this can be done - setting a minimum journal privacy before importing automatically makes all newly imported entries match that privacy setting. That leaves only the issue of locking existing entries.

If there are logistical problems to implementing this, I would be curious to know them. I'm a programmer myself and may be able to offer assistance or insight. :)

Poll #5605 Privacy & safety concern: Mark all old entries as private should be free?

Open to: Registered Users, detailed results viewable to: All, participants: 60

View Respondents

This suggestion:

View Answers

Should be implemented as-is.
22 (36.7%)

Should be implemented with changes. (please comment)
0 (0.0%)

Shouldn't be implemented.
22 (36.7%)

(I have no opinion)
16 (26.7%)

(Other: please comment)
0 (0.0%)

Comments

[noracharles]

Not having the mass edit option doesn't hamper day to day use of a journal. Therefore I think it's one of those convenient but non-essential features needed to keep paying members paying.

In the event of an emergency, if a user is unable to acquire 30 Dreamwidth points, deleting the journal temporarily is always an option.

[ratcreature]

I've never mass edited for privacy, but most desktop clients can do that, no? So free users can set up the automation on their end rather than DW's.

[noracharles]

Definitely. As far as I know there are no supported and recommended desktop clients for the job, but programs which can do it do exist.

[arethinn]

That there is no desktop client for DW as far as I am aware. (Semagic could not do this on LJ, though, if that's what you're thinking; it required a separate program.)

[ninetydegrees]

*nods*

[iamsosmart]

Deleting it temporarily would only work if it was a temporary situation, wouldn't it? Can you edit entry privacy while a journal is deleted? Otherwise you're back to the same two options again.

I hadn't considered a desktop client. I find it difficult to find a good one considering that most of them are made for Windows and I run Linux. Regardless, while the option is there, I still think that users shouldn't be required to pay or download third-party software to manage something as inherently important as their privacy. It's like you're charging them for their safety.

[zaluzianskya]

Can you edit entry privacy while a journal is deleted?

You cannot, I just tried it.

Even if a mass privacy edit is never enabled for free accounts, I still think it would be a good thing to be able to enforce a minimum security level for imported entries, if that's possible.

[denise]

To be absolutely clear: the mass privacy edit tool is significant server load, which is why it's a paid feature. Anyone can edit entries one at a time, but using the tool that does it automatically is a paid feature because of the principle that anything that significantly increases server load is a paid feature.

[matgb]

I ticked 'no opinion' becaus eI don't just want to say 'no'. I've never needed to edit for privacy, in the 7 years I've been using DW/LJ. If it was urgent it needed doing, then paying, asking someone else to pay, or simply asking Support, would all be options, as would a mass edit client.

Mass edit was introduced as a paid feature reasonably recently, and it was one of those "why?" features for me.

[denise]

If by recently you mean five years ago. *g*

[azurelunatic]

I only started my reign of terror over the suggestions comm on the other side recently! ... if by recently you mean four years ago. :D

[matgb]

That's less than half the life of the site, so it's reasonably recent...

[iamsosmart]

As far as paying goes, I'd been thinking of teenagers using the site, who might not have the means to buy a paid account (ie. a credit card or PayPal account). They're also, in my personal experience, the ones most likely to have need of a feature like this.

Asking Support could be an option. Do you know how likely they'd be to honour a request like that? Especially if it was regarding an unverifiable offline threat? (eg. "I have 500 entries and if my new stepdad reads them I am grounded for life")

[cesy]

Going on past experience, if someone submitted a support request like that, a volunteer would probably donate a month's paid time to cover it before it even got as far as the site admins.

[cesy]

Also, if you can't afford a month's paid time for this, there is always the paidaccountfairy.

[iamsosmart]

That seems like a kind of sketchy thing to be forced to rely on in the event of an emergency.

[matgb]

Actually?

More than half of the paid time I've had on DW has been donated to me by others, mostly Support and similar volunteers who get paid time for the work they do, sometimes style designers who also get paid time, etc.

I think my current paid is the second, maybe third time that I've actually paid myself (did it for 6 months, Xmas present to myself), and I've been paid pretty much since open beta started. OK, I know I'm an edge case and I have lots of friends in support and similar, but...

There are so many ways of working around this, Support can help, LJ Sec can help, asking friends can help, and I feel it's such an edge case that really does hit the server, that I just can't support it myself.

[arethinn]

I was going to say I liked the idea of a special-purpose token, but other comments have pointed out to me that really you could just buy 1 month of paid time, and bingo you would be able to do this. I can't see why they'd want to make the hypothetical token cost less than that ($3.00), so.

[iamsosmart]

Provided you could buy it. If you don't have a credit card or PayPal account (as younger members are likely to do), you're outta luck and at the mercy of account fairies. cesv has pointed out that people are pretty generous in that regard, but it still isn't a solid protection.

[azurelunatic]

If people want it, I wonder if say $2.75 with a note that for $3 you can get a month paid and do more things including that.

[msilverstar]

Looks like it would be a good idea to make the privacy specification more obvious on import, rather than set it elsewhere and rely on memory

[cesy]

This sounds like a good idea to me, though it probably needs to be a new suggestion.

[silverflight8]

I just wanted to add that while the "set all entries to private" may bar someone from accessing the actual entry, it's not perfect; search engines likely have already indexed that page, and the contents are still preserved there. :(

[iamsosmart]

Yeah, but you can request for them to remove that cache and Google in particularly is pretty good about that.

[azurelunatic]

This really does sound like it's crying out for a freely downloadable multiplatform client that will run on the user's box, wherever that is, and iterate through the entries at a reasonable rate, accept a minimum security, check the existing security, and make sure that the existing security is at least as secure as whatever the user said, and change it if not.

It should remember where it was in case of internet connection badness or computer crash (but be stoppable if someone started it mistakenly), and in case it gets "WOAH NELLY YOU ARE HITTING THE SITE WAY TOO FAST" messages, knock it off for a while and then start back up.

This then would, we are to hope, make things less dire on the server end, and yet just as convenient from the user end, so it would not spell an OMGWTF without money to offset it.