Privacy/security of private messages

[Minim]

As some people may have noticed I've won a contest, but I haven't sent my PM to the host yet because of a concern about the forum's processes. I'm nervous about sending personal information even through private message, because once I send it through there's nothing as far as I know to stop the user from keeping these messages, apart from whether they will delete it or not. What I'm hoping for is some kind of "automatic deletion over time" option for any secure messages. One week for example would be good.

[mantha16]

wow just wow

[Simon]

If messages deleted themselves, receipients would immediately backup everything, and thus you still wouldn't get what you think you need.

Messages are stored on the forum server in clear text. Forum admins can read them in theory, but we respect privacy. Nonetheless, there is the danger that, in a couple years, the entire database gets compromised.

Thus: Is the message clear text on the webserver your concern, or that it remains readable to the recipient? Forum admins can edit the database directly and purge the message from the server, but I don't want to do this habitually. I'd tentatively recommend a different way of messaging instead, so that you keep more control and don't depend me.

Or are you worried that third parties (forum staff, internet/government surveillance) will be able to read the message at all? The answer to this is a chat/messaging tool with strong end-to-end encryption, not a forum PM. I believe HTTPS is ultimately investigable (but I'm not a security expert) and the clear text stored on the server doesn't make it better.

-- Simon

[Minim]

Thanks for the information, Simon. That second paragraph is useful. I'm just trying to improve my understanding before I make a decision.

[mantha16]

i can write it out then delete the message if you want