We’ve received some concerned feedback on this elsewhere (social media / support tickets), so I wanted to take the time to better explain the concept of Owners viewing Direct Messages.
Root concerns
The main concerns are that Owners may invade a user’s privacy. For those unaware, Organizations are a new product from Minnit; while they are mostly similar to our standard chatrooms, Organizations allows for everyone to have their own pool of accounts, fully separate from the rest of Minnit. This is great for getting Single Sign-On support, or for users who want to fully control who can, and cannot, access their chatrooms.
Each Organization acts as its own “data controller”, which means that users are signing up for that Organization specifically, not for Minnit in general. As such, all content they submit is accessible, and manageable, by that Organization. The Organization is able to edit or remove your account at any point, and otherwise maintain full control.
This is great if you own a sophisticated website with your existing account setup, and you want to integrate a simple chat that uses your established account setup. If you ever need to make adjustments to how SSO works, or otherwise modify a user account, you’re able to handle it all yourself, rather than contacting Minnit for assistance.
Since the Organization owns the accounts, all chatrooms within, and the user data, it makes sense for them to be able to access Direct Messages, as well.
Can’t you allow Owners to turn off the ability to view Direct Messages, and let us see whether or not it’s enabled?
If we were to add this function, Owners will still be able to access your account on their Organization directly and view your Direct Messages that way. While nobody, including Minnit Staff, are able to view your passwords (which are encrypted), we still allow individual Organizations to change a user’s password. To fully prevent them from accessing your Direct Messages, we would have to take away that ability, as well as the ability to change emails (to use the “Forgot Password” system).
Additionally, even if we did take away their ability to manage their own accounts’ passwords/emails, Organizations that use Single Sign-On could just manually manipulate the request on their end to gain access to the account, and use that to access your Direct Messages.
This in mind, there is no fool-proof way to prevent them from viewing your Direct Messages without removing Single Sign-On support & removing their ability to assist with forgotten passwords – neither of which we will do. Offering an option that says “This Organization cannot view your DMs anymore” would be disingenuous.
If you are using the service managed by the Organization, you must be comfortable knowing that your information is shared with them. If you are not comfortable, do not use that particular Organization, or do not utilize the Direct Messaging system.
What if myself and my friend want to discuss things completely private? Can you add a way for us to consent to a truly private discussion?
As stated, Minnit’s Direct Messages are viewable to the Organization by design, and we do not have a reasonable way to prevent them from accessing your account directly to view them that way.
If you’d like to discuss matters without the Organization viewing it, you are able to create your own Organization and talk there.
Even if Direct Messages can always be viewed, why make a queue?
We want to share our tools and resources with the individual Owners. Our only requirement is that Owners must not allow content that violates the laws that Minnit must abide by (both Commonwealth of Virginia & the United States of America), as well as content that violates our Terms of Service. Apart from that, it is not up to Minnit to police the chatrooms, it is up to the Owners.
Because of this philosophy, we want to ensure that Organizations have the tools they need, when they need them, rather than needing to contact us. The sad reality is that, even in 2022, spam is rampant online, not to mention targeted abuse and other unwanted content. Tools like this are necessary to ensure the Organization is properly managed and maintained.
Final thoughts
I’d like to end the post by saying that I’m thankful for all of the feedback Minnit has received over the years, and we are always interested in keeping an open dialogue with our users. Minnit will only continue to grow and evolve as long as we receive feedback about our service & its functionality.
That in mind, if you have any other questions or concerns about this feature, or anything else, feel free to post publicly on the forum, or contact us privately at minnit.chat/support – whichever method you’re most comfortable with.
Thank you for reading!
Jesse
