what should blocked users see? - social invention research

[ivolucien]

You will be able to block other members from seeing your profile and posts.  My current plan is to present account deletion and being blocked the same way, e.g. "That account is no longer available."  You will also be able to change a viewer's level of access, so posts that they could once see will appear to have been deleted from their perspective

Comments

[shemayazi]

1. That account is no longer available (good)
2. If previous access, yes, "that post is no longer available"
3. In that case, if they commented, then the comment is presumably tied to the post and would also not be available.
4. In searching for your own comments, you should be find all those that relate to posts where you have not been blocked, but not comments that are tied to posts that are owned by users who have blocked you. Maybe "the post your comment referred to is no longer available".

[ivolucien]

Thank you so much! I very much appreciate your input, and especially like the "comment referred to is no longer available." ^_^

[flasher702]

You should be able to find all of your own content, always. Never really fully deleted or unfindable by you unless you delete your account. And if you reply to someone else's post it should be always findable by them also, unless you delete your account. To be able to trash someone else's content just because they happened to post it as a reply to your thread, or have someone be able to trash the content in your thread by removing part of it (which could make a sensible reply seem inappropriate with the context removed) is not proper and is just depending on laziness and confusion rather than being truly secure (another illusion of security/privacy). A paranoid or malicious person, knowing others can just up and delete stuff without a trace it ever existed, could always just save the content the first time they saw it. Setting up a system where people are less likely to do this actually increases privacy. Having the power to delete content without leaving any trace that it ever existed other than a fuzzy memory can encourage improper

[flasher702]

My fundamental philosophy here is based on coherency, content ownership, and transparency. When I post a reply to your content there is an implied, and undeniable, level of shared ownership of my content due to it's potential contextual relationship to previous and following posts and that I put it into your thread but it's clearly authored by me. You could argue about what that level is but neither of us should be able to treat the other like they don't have a right to even know it existed nor should it be a cat-and-mouse game of who can delete posts before they are banned. That's both silly and unenforceable. It might work most of the time but expectations otherwise only lead to potential problems when those expectations are shattered.

[flasher702]

Completely wrong approach. Giving users credentials that are more restrictive than their parent group is not a viable security concept. If something is posted publicly you shouldn't be able to block a specific user from seeing it as this is a false sense of security and encourages inappropriate social behaviors. If something is posted privately or with selective viewing rights it's opt-in and therefore "blocking" is not relevant. Ideally if someone doesn't have the credentials to view something they shouldn't be able to see that it even exists (possible exceptions for well-known datafields ex: "birthday

[ivolucien]

Thank you! I very much appreciate the blunt and thorough critique. ^_

[flasher702]

Hmm, I hadn't considered that "any authenticated user" would be treated as separate group from "any unauthenticated visitor". Not much security/privacy in this distinction as anyone can just create a new/2nd account. Would stop ethical webcrawlers and encourages registration though and that has some value. I would suggest not letting user distinguish between the two groups any further than that single criteria, that they have to log in to see the content, as it could create a false sense of security.

[ivolucien]

Actually, there is a distinction that might be more valuable. I'm currently planning to offer inexpensive ID verification, and while not perfect, restricting a post to verified users would have some security value. *ponders*