"It is not that I am “unwilling to configure our software so that comments posted before the new policy is implemented remain under chosen screen names.” I extensively investigated that possibility and was unfortunately told by our content-management software experts that such a configuration is impossible."
Is there actually any possible CMS where this problem cannot be solved in one line of code? It's either a terrible excuse/lie or one of those examples of why I'm so happy not to be working at a large organisation wrangling ancient legacy systems.
I cannot imagine a scenario under which this code is impossible to write, but take a few layers of bureaucracy and very few people who actually dare toy with a fragile system, and you have all sorts of impossible-to-fix problems.
I remember one programmer that worked for a fairly popular newspaper telling me it was "simply impossible" to change the color of their navbar. They were on wordpress.
The news business doesn't think about their CMS that much; it's just a box for them to type into most of the time.
All you need to do is use a software package like wordpress and not employ any actual developers. CMS packages nowadays allow even large operations to run entirely on point-and-click configuration; but the kind of special case they're being asked for here would very likely require a programmer to actually write code. Note how the quoted person says "content-management software experts" and "configuration", not "developers" and "feature".
Well, that's fine but with any decision comes downsides. If you marry your critical business operations to inflexible software, or you refuse to employ even one developer (or maintain a contract with an external company) then you may find that down the track you cannot make important changes to your business.
Case in point: the situation detailed in this article.
My sympathy is essentially at zero level here. In this situation their privacy policy, a legal contract, guarantees they won't reveal the names of contributors even if the privacy policy changes. There is no excuse whatsoever to violate such a legal document. If they find their software cannot handle what they want to do without violating this legal contract, what this means is they cannot take the action that will violate it.
Should the MT Standard take actions to wilfully violate their privacy agreement, then they open themselves to lawsuits. In some cases I wonder if a court might grant an injunction forbidding them from implementing their new policy?
That's a very weak definition of "impossible". Even in the situation you describe you just hire a developer for a couple of hours to fix the issue.
Yes, doing this will cost you money, but it will be much, much cheaper than dealing with the inevitable shitstorm that is going to follow if they go through with this change.
Well, in the defense of your mentioned programmer, it very well might be more complicated than it looks at first glance. Having worked for two different news organizations in my past, I've an unfortunately large amount of experience with the crufty kinds of integrations that lots of newspapers use for doing everyday things like providing classified ads, e-commerce sales, etc -- it's extremely common for varying areas of the site to be served by entirely different software stacks cleverly masked in such a way to make the branding appear continuous. In the worst of those cases I worked with years ago, your only method available for changing the "header" (not HTML header, of course) involved copying/pasting HTML with manually-inlined style declarations into a text area on the partner's website.
It's probable that he or she was just simplifying things for you, and that you're just unaware of the actual underlying complexities; although changing the color on the wordpress site's navbar sounds pretty clearly trivial at first glance, the full spectrum of places to which that change would have to be manually copied might be extensive, undocumented, and tedious enough to alter that "No, that's impossible" is the go-to answer instead of spending time explaining why something sounding so trivial might actually amount to many hours of effort.
No, there is no possible CMS where this is impossible. But I imagine it would take some custom configuration...e.g. a change to the database call that fetches comments to select only the username field, not the email, for articles before 2015-12-31.
Imagining the logic and code is not hard. But if you are a non-programmer, this is not how you think about things. Most people are trained to use a CMS, and every other computing interface. They don't understand that computer software can be changed. For them, hearing that it is impossible to reconfigure a CMS is like hearing that it is impossible to reconfigure a 1998 Honda Civic to become a hovercraft -- that is, it sounds completely reasonable because "that's the way these things are".
Edit: Another factor...it seems that the Standard uses a hosted CMS solution...which yeah, would pretty much make it impossible for this fix to originate in-house: http://www.townnews365.com/
They're just another customer to that company and there's no way they're going to throw developer time to create a feature to fix a self-created crisis for a single customer. Telling them it's not possible is easier than saying that.
I usually say it will cost "this" much and then it's no longer about whether it's possible or not. I always tell my clients almost nothing is impossible, it's just a matter of time, effort, and cost.
A quick look at their source suggests that they are using something called BLOX CMS, and their nameservers are run by TownNews, which is apparently the company behind BLOX.
BLOX is advertised as "Cloud-based" with "No hardware or software to install & maintain".
This all suggests that they actually cannot make such a change, by virtue of using an SaaS solution they have no control over.
Sure, but they could change all old accounts to use the screen name as the username, change their email address (locking them out of it) and force everyone to reregister. It's a pain in the ass but it's the only practical solution given the constraints.
But do they really need those comments on old articles? Why not just delete them? This is a community paper. How often are people reading old articles and how often are those people reading the comments? I have to question if the management of the paper are motivated more by unmasking certain shitty commenters than by anything else.
I understand how to make the implementation work initially, however I would tell the client no we don't support that, and then wait for them to offer an amount of money to make it worthwhile.
It's not hard, however, it complicates the software leading to subtle non-obvious bugs, and then you need to support this features with all the other features you're adding, etc.
PS. What happens when they turn if off? ...and then back on? And then the 20 other subtle bugs that this feature introduces... And how many other features that lots of customers want are we delaying while we implement this?
All this work for $24.95 a month... yeah... no, 86'd.
They presumably have a support agreement for the CMS. They simply need to call up and say "delete all comments prior to this date"
If it's anything like most small town newspapers, there are probably about a dozen people with nothing better to do, who argue and snipe at each other in the comments section of every story, and rarely add any insight or additional newsworthy information. Just deleting them would be the safest way forward and cause no loss of anything really important.
The guy is an absolute imbecile. He states that it is a small city where people know each other, and then immediately states that he doesn't think there will be consequences for most of his readers. He writes his own counterargument. There will be consequences for these people because it is such a small city. And he doesn't care because he thinks the only people who will be harmed are "meanies". What if your political/social/moral views differ from your parents or your wife and you don't want them to know in order to keep the peace. A simple google search on the site for your real name will take them to your comments. Those people could be genuinely curious to read what you have to write, with no il intent of "catching" you whatsoever. There will be plenty of innocent people who are harmed by this. Especially since the people that are being commented about in these articles are people who are known irl, not just names on paper. Privacy is more than about meanies on the internet, and this idiot should be fired, if only for telling the lie you quoted. Are the people of Montana to be treated like a bunch of inbred hill people who don't about these fancy city computers? His entire response was unacceptable and poorly thought out.
It is not that I am “unwilling to configure our software so that comments posted before the new policy is implemented remain under chosen screen names.” I extensively investigated that possibility and was unfortunately told by our content-management software experts that such a configuration is impossible.
So what? If it is impossible, then your privacy policy was clear you will protect the identity of posters.
Heaven help journalistic sources if they apply the same policy to anonymous sources!
Here are your options:
1. Tell the CRM writers the situation is unacceptable, and force them to fix the issue
2. Get a new, sane CRM that can actually do something that should be a complete no brainer: allow previous posts to remain as-is. Then fire the person who chose the unbelievable bad CRM you actually forked over money for.
3. If neither of those options are possible, then do not proceed with you new policy until which time you make the impossible, possible.
Frankly, you have Paul Levy on your tail. Be prepared for some substantial lawsuits from an incredibly tenacious and effective lawyer.
While all of us call BS on the tech team saying it "can't" be done [1], I'm all for this. If you're saying mean/hateful stuff online, you deserve to have your real name attached to it. It's amazing how much more polite people are when they don't have a wall of anonymity protecting them.
[1]: My bet's on people who can barely use a computer stood up a wordpress or joomla site, and only really understands how to edit configs, not actually change the programming.
my issues are that mean and hateful are fully separate categories and neither seems to have an agreed upon definition. Just look at colleges today where anything is hateful if someone complains. Worse many who do put their name forward are threatened by these groups in an attempt to silence dissenting opinion.
Threats on the other hand should suffer exposure. Being politically incorrect isn't hateful or mean but there many who will claim in. The danger is we are basically going to silence some who have real reason to fear persecution.
Have you looked at Youtube comments in the past few years? This claim is absolutely, demonstrably false. People say mean/stupid things when they feel there won't be any repercussions. Not having your name attached to something might have some correlation with that, but it's certainly not the cause.
1) This policy doesn't apply only to comments that say "mean/hateful stuff". It applies to ALL comments. Is your assertion that there is never any value for anonymous comments? Is your assertion that ONLY mean/hateful stuff should get attached to real names, and that positive well reasoned arguments should stay anonymous? Or is your argument that we should call well-intentioned valuable anonymous comments " collateral damage" in the war against mean things said online?
2) If you think that ONLY mean/hateful stuff needs to be attached to a real name, who gets to be the arbiter of this policy?
3) What about the legally binding promise made in the MT Standard's privacy policy where they said they would NOT share that information with third parties? And they further said that updates to the privacy policy could not affect comments retroactively? Are we willing to let a company get away with flagrantly violating their privacy policy so that we can win the war against "mean/hateful" stuff that is said online?
Edit: I also notice that you are posting here under the anonymous screenname "killface", while I'm posting with my first initial and last name. Ironic.
Even though it's not an employer I would want to work for I do wonder if his is the type that would at least make a concerned mental note that he has a pseudonym like "killface". It's easy to call for the unmasking of anonymous people when you're not the one that has to worry about the consequences.
Not that I consider your comment mean (it has some merit), but for the MY Standard they gave certain legally binding guarantees around anonymity. They can make new posts applicable to the new privacy policy (which I actually think is a good idea - if you want to be anonymous, contact the reporter and request anonymity, if it's important then they can report on it and you become a news source), but you can't retrospectively change the old comments.
The language in the old privacy statement is pretty ironclad!
As other's have pointed out this is a very short sighted view that's predicated on the assumption that the only hateful commenters would be on the hook. Punishing people is easy and that's why it should be done with extreme care.
In the first 2 pages of your HN commenting history, I can find half a dozen comments that, tied to your real identity, and given a sufficient amount of the right flavor of public attention, could be blown up to ruin your life.
Not that I necessarily think these comments are so wrong that you would remotely deserve such an outcome for thinking or saying them, but that's the point: if it came down to it, that wouldn't be my judgement to make. And would you have unreservedly said all the things you have, if they were going to be permanently and publicly tied to your real identity?
In fact, after a few more pages of your history, applied to some leet cyberstalking skills, I know your real identity and where you work and live. How would you feel about being outed, even over such nominally innocuous things?
I would never do that, because it would be wrong.
You commented with the assumption of a certain degree of anonymity. So did the people you're saying there would be nothing wrong with stripping a similar anonymity from.
As others have pointed out, there are valid reasons to wish for anonymity. You're kinda making the "If you have nothing to hide..." argument.
That said, I agree that (some) online communities profit from real-name policies. C. f. the difference between youtube and Facebook. But that is no argument for retroactively changing the policy.
Hey Killface, me and these other 10 guys disagree with you online. Why don't you tell us your real name and address, so that me and these other 10 guys here, who disagree with you, can come to your house and discus this with you, face to face. 10 of us. 1 of you. Discuss this. Face to face.
How about it? What's that? You don't want to give your real name? Why not? LOL.
The irony. You think that this will only applies to others. You don't seem to realize that, others WILL use this against you too.
This seems like a pretty clear-cut violation of their privacy policy. As Mr. Volokh has noted they have promised in their privacy policy to not share this information with third parties:
"We will not share individual user information with third parties unless the user has specifically approved the release of that information. "
Further, they have even explicitly stated that they cannot retroactively change the privacy policy to affect old comments:
"Of course, our use of information gathered while the current policy is in effect will always be consistent with the current policy, even if we change that policy later."
Given that, I don't see how this isn't a violation of their privacy policy. The FTC suggests that they are willing to enforce companies that mis-use personal information [1]. Given all of this, I highly encourage anyone who has posted anonymously on the MT Standard to report them to the FTC using the following form: https://www.ftccomplaintassistant.gov/Company#crnt
I hope this reinforces the idea that you should not give your real information to any source unless absolutely necessary (website or otherwise). Privacy is not a right in the digital age.
The legal exposure they're opening up is irresponsible to the business, aside from the betrayal of trust to their readership. All of us developers here know how easy of a workaround this is even without making mods to a SaaS app that they have no control over. Just convert all old legacy comments to new faux accounts. The SaaS provider can do this with a script, or the newspaper could just do this all my hand in an admin UI. None of this makes sense. It's pure laziness.
If commenters can opt out of having their old comments posted, then the Standard can opt out everyone who has not opted in. The only reason the Standard has this problem is because they want to retain old comments even though doing so would violate their privacy policy.
62 comments
[ 2.2 ms ] story [ 124 ms ] threadIs there actually any possible CMS where this problem cannot be solved in one line of code? It's either a terrible excuse/lie or one of those examples of why I'm so happy not to be working at a large organisation wrangling ancient legacy systems.
I remember one programmer that worked for a fairly popular newspaper telling me it was "simply impossible" to change the color of their navbar. They were on wordpress.
The news business doesn't think about their CMS that much; it's just a box for them to type into most of the time.
It's really simple too.
All you need to do is use a software package like wordpress and not employ any actual developers. CMS packages nowadays allow even large operations to run entirely on point-and-click configuration; but the kind of special case they're being asked for here would very likely require a programmer to actually write code. Note how the quoted person says "content-management software experts" and "configuration", not "developers" and "feature".
Welcome to software in the new millenium.
Case in point: the situation detailed in this article.
My sympathy is essentially at zero level here. In this situation their privacy policy, a legal contract, guarantees they won't reveal the names of contributors even if the privacy policy changes. There is no excuse whatsoever to violate such a legal document. If they find their software cannot handle what they want to do without violating this legal contract, what this means is they cannot take the action that will violate it.
Should the MT Standard take actions to wilfully violate their privacy agreement, then they open themselves to lawsuits. In some cases I wonder if a court might grant an injunction forbidding them from implementing their new policy?
Yes, doing this will cost you money, but it will be much, much cheaper than dealing with the inevitable shitstorm that is going to follow if they go through with this change.
It's probable that he or she was just simplifying things for you, and that you're just unaware of the actual underlying complexities; although changing the color on the wordpress site's navbar sounds pretty clearly trivial at first glance, the full spectrum of places to which that change would have to be manually copied might be extensive, undocumented, and tedious enough to alter that "No, that's impossible" is the go-to answer instead of spending time explaining why something sounding so trivial might actually amount to many hours of effort.
Imagining the logic and code is not hard. But if you are a non-programmer, this is not how you think about things. Most people are trained to use a CMS, and every other computing interface. They don't understand that computer software can be changed. For them, hearing that it is impossible to reconfigure a CMS is like hearing that it is impossible to reconfigure a 1998 Honda Civic to become a hovercraft -- that is, it sounds completely reasonable because "that's the way these things are".
Edit: Another factor...it seems that the Standard uses a hosted CMS solution...which yeah, would pretty much make it impossible for this fix to originate in-house: http://www.townnews365.com/
This is, unfortunately, not uncommon at all.
BLOX is advertised as "Cloud-based" with "No hardware or software to install & maintain".
This all suggests that they actually cannot make such a change, by virtue of using an SaaS solution they have no control over.
But do they really need those comments on old articles? Why not just delete them? This is a community paper. How often are people reading old articles and how often are those people reading the comments? I have to question if the management of the paper are motivated more by unmasking certain shitty commenters than by anything else.
UPDATE user SET realname=screenname WHERE screenname IS NOT NULL;
Done!
But remind me never to ever use BLOX. This seems like the MOST basic thing you'd want to be able to do.
It's not hard, however, it complicates the software leading to subtle non-obvious bugs, and then you need to support this features with all the other features you're adding, etc.
PS. What happens when they turn if off? ...and then back on? And then the 20 other subtle bugs that this feature introduces... And how many other features that lots of customers want are we delaying while we implement this?
All this work for $24.95 a month... yeah... no, 86'd.
If it's anything like most small town newspapers, there are probably about a dozen people with nothing better to do, who argue and snipe at each other in the comments section of every story, and rarely add any insight or additional newsworthy information. Just deleting them would be the safest way forward and cause no loss of anything really important.
The mistake here is assuming that the news organization has
a) a developer
b) access to the code
Quite simply, most are far too cash-strapped and rely on third-party services.
Here's one option:
If they run that on their CMS database's Users table (with appropriate adjustments for actual column names)They destroy the old users' real name by replacing it with their Avatar name.
This would preserve all old comments' anonimity. Active users could edit their names back to "real" if they wanted.
There's no way there's a CMS where a fix is impossible.
The result in this case might be a little unsavory but its far from the only option... Just the cheapest guaranteed one that I can think of.
"[x] Display Screen Names [] Display Real Names"
http://docs.townnews.com/kbpublisher/Comment-Manager-Setting...
So what? If it is impossible, then your privacy policy was clear you will protect the identity of posters.
Heaven help journalistic sources if they apply the same policy to anonymous sources!
Here are your options:
1. Tell the CRM writers the situation is unacceptable, and force them to fix the issue
2. Get a new, sane CRM that can actually do something that should be a complete no brainer: allow previous posts to remain as-is. Then fire the person who chose the unbelievable bad CRM you actually forked over money for.
3. If neither of those options are possible, then do not proceed with you new policy until which time you make the impossible, possible.
Frankly, you have Paul Levy on your tail. Be prepared for some substantial lawsuits from an incredibly tenacious and effective lawyer.
[1]: My bet's on people who can barely use a computer stood up a wordpress or joomla site, and only really understands how to edit configs, not actually change the programming.
What's your name, btw?
Threats on the other hand should suffer exposure. Being politically incorrect isn't hateful or mean but there many who will claim in. The danger is we are basically going to silence some who have real reason to fear persecution.
2) If you think that ONLY mean/hateful stuff needs to be attached to a real name, who gets to be the arbiter of this policy?
3) What about the legally binding promise made in the MT Standard's privacy policy where they said they would NOT share that information with third parties? And they further said that updates to the privacy policy could not affect comments retroactively? Are we willing to let a company get away with flagrantly violating their privacy policy so that we can win the war against "mean/hateful" stuff that is said online?
Edit: I also notice that you are posting here under the anonymous screenname "killface", while I'm posting with my first initial and last name. Ironic.
Not that I consider your comment mean (it has some merit), but for the MY Standard they gave certain legally binding guarantees around anonymity. They can make new posts applicable to the new privacy policy (which I actually think is a good idea - if you want to be anonymous, contact the reporter and request anonymity, if it's important then they can report on it and you become a news source), but you can't retrospectively change the old comments.
The language in the old privacy statement is pretty ironclad!
Not that I necessarily think these comments are so wrong that you would remotely deserve such an outcome for thinking or saying them, but that's the point: if it came down to it, that wouldn't be my judgement to make. And would you have unreservedly said all the things you have, if they were going to be permanently and publicly tied to your real identity?
In fact, after a few more pages of your history, applied to some leet cyberstalking skills, I know your real identity and where you work and live. How would you feel about being outed, even over such nominally innocuous things?
I would never do that, because it would be wrong.
You commented with the assumption of a certain degree of anonymity. So did the people you're saying there would be nothing wrong with stripping a similar anonymity from.
Says killface?
That said, I agree that (some) online communities profit from real-name policies. C. f. the difference between youtube and Facebook. But that is no argument for retroactively changing the policy.
How about it? What's that? You don't want to give your real name? Why not? LOL.
The irony. You think that this will only applies to others. You don't seem to realize that, others WILL use this against you too.
Overall, this is a very bad idea.
"We will not share individual user information with third parties unless the user has specifically approved the release of that information. "
Further, they have even explicitly stated that they cannot retroactively change the privacy policy to affect old comments:
"Of course, our use of information gathered while the current policy is in effect will always be consistent with the current policy, even if we change that policy later."
Given that, I don't see how this isn't a violation of their privacy policy. The FTC suggests that they are willing to enforce companies that mis-use personal information [1]. Given all of this, I highly encourage anyone who has posted anonymously on the MT Standard to report them to the FTC using the following form: https://www.ftccomplaintassistant.gov/Company#crnt
[1] https://www.ftc.gov/news-events/media-resources/protecting-c...
In any other case the answer is like in the real life: it depends.