Suggestion for Improvement - set up system to allow 1st response to private message to be passed through anonymously

Question

There are frequent posts here from people who received private messages from non-members (or members who were not logged in at the time) and seek advice about whether the messages are legitimate or what to do about them.  Sometimes the messages were obvious spam; other times, they were suspicious in varying degrees.  These questions are very understandable - nowadays, an elevated consciousness about self protection when doing activity on the internet is unfortunately a realistic necessity.

When we receive a private message from someone other than a logged in member, it would be wonderful if our first response could be as private as the original message.  In other words, if our first reply could go through WikiTree, the same way the private message came, to protect us from revealing our email address to the sender, it would be a great help.

I know it would take programming effort to accomplish, as well as resources for the throughput, so I hate to ask, but I think it would provide great benefit to members who are trying to decide whether one of these contacts from out of the blue will turn out to be a newly discovered family connection or is someone looking for new victims of whatever scheme they're trying to perpetrate.

Comments

(Gaile, just a reminder that "the original message" -- assuming you mean what gets sent when one "sends a private message" -- is not at all private. It includes a reply-to with our email address.)

---

THANX, Jillaine.  I should have explicitly said that the "reply to" email address would be replaced with a checkbox for us to select whether or not to reveal our email address when sending the private message.

The way it is now, our email address is automatically filled in on the form we use to send a private message.  Athough I have never seen anything documented that says so, we do NOT have to leave our email address in that field.  I sometimes change it if I don't want my email address revealed.  When I do so, I include something in the message telling the person that they can reply by sending me another private message from WikiTree.  Note that this field must contain a validly formatted email address - in other words, it must be in the form something@someplace.ext.  You could enter something like nobody@noplace.com in there if you want - any valid-looking email address will do.  I usually use donotreply@wikitree.com when I do this (which I don't think is an actual email address).  EDITED TO ADD:  I forgot to mention that when you do this, you will not receive a copy of the message you sent because WikiTree will be sending your copy to the phony address you entered, so if you want a record of what you sent, you'll have to copy and paste it and save the file before you send the message.

To get down into how-it-would-work detail more than I really wanted to here, if we indicate that we want to reply privately, the message that is sent would have a reply-to address that goes to a WikiTree script that processes it the same way the initial private message was processed.  The message also has to include some means for WikiTree's server script to identify who we are (in order to pass the recipient's reply to us), but our WikiTree ID that is already included in the link to our profile at the bottom of the message would do that just fine.

---

As a person who values privacy, especially on the internet, I support your improvement suggestion, Gaile.

Personally, I don't know why WikiTree has chosen to expose our email addresses, not just to non-members, but to members, too.

I would like to see our email addresses hidden in-site, too, but I imagine that would be asking too much of our limited resources.

Thanks for addressing this issue for your privacy-obsessed fellow members!

---

I don't understand what you mean about "hidden in-site".  You can only see your own email address, plus on privacy page of profiles for which you are manager (maybe also just on the trusted list for - I'm not sure) you will see email addresses of other trusted list members.  Of course, folks with admin rights can see it all, but that's really as it needs to be on any website.

---

I agree with Lindy that ideally there would be methods not only for exchanging private messages (for which Gaile has offered a workaround) but also for making and approving Trusted List requests that did not require revealing one's email address to other members. The WikiTree ID could be used for the latter instead provided Trusted requests had to be confirmed by both parties before they went ahead. As Lindy says however there are probably insufficient resources to implement this.

---

I would LOVE it if we could use user IDs instead of email addressed for Trusted List requests.  Jim, perhaps you could start a separate thread on that.

---

Thanks Jillaine. Done.

---

As you surmise, Gaile, I refer specifically to the Trusted List. My opinion is that our email addresses should not be visible to fellow Trusted-List members any more than our addresses should be visible to non-TL members or to non-members.

Answer 1

I wholeheartedly egree with you Gaile. For instance, I never, as a rule, reply to these private messages. If I can determine that the person does have a WT account, I will post a message on their profile irrespective of the subject matter because I pay a lot for my e-mail address and I don't want someone with a grudge splattering that e-mail all over the internet. Some people can get very mean.

Comments

Louis, a suggestion ... set up an email account at one of the free places (like gmail.com, yahoo.com, etc.) to use for any websites you want to see that either have membership accounts that you want to have (like WikiTree) or merely require an email address in order to access their content (like some online stores, news services, etc.).  If it starts accumulating a lot of spam, simply open a new one and change to it on the sites where you're using it.

If you - or any other member - would like, for places that demand an email address but you don't ever want to get mail from, feel free to use the one I have for this same purpose - spam@gcube.us.  I guarantee that no mail ever reaches that account, although it will pass a check (by any sites that want to do this) to verify it is valid.

EDITED TO ADD:  For anyone interested in how I do this, I am the owner of the domain gcube.us and I use a blacklisting service (https://www.mxguarddog.com).  All incoming mail to my server is diverted to mxguarddog's server, where I set up filters for which messages to be discarded before passing incoming messages on to my mail server. For the "spam" account , the filter deletes all incoming messages, therefore nothing ever even reaches my mail server.

---

Thanks Gaile, I do have such an old email account and for specific that purpose which I give out to all those pesky sites that want's you to register. However it does not solve this WikiTree dilema, where my good email address is given out should I reply to a private message received through WikiTree. Unless you are suggesting that I log into and send a message from that old email account, which I don't monitor, which would make the point of replying, moot.

---

Louis, you could set up a third email account at one of the places that give them out free and use that for WikiTree or anyplace else where you think there is a risk of your address falling into the wrong hands.  Then, if that happens, you could close the account and set up a new account again and change your online subscriptions to it.

---

I don't think setting up another email account, changing my email on WikiTree, and then having to monitor that account seperately is going to be the appropriate course of action. WikiTree should require this at registration with a statement why it should be done like that.

Answer 2

I feel like this could be a privacy issue. In order to know who to send the response to we would have to store the emails of non-members somehow which could get super messy -- how long do we have to store it for? What sort of permissions do they need to grant the site before sending a message? How do they contact us to remove their stored information? Stuff like that.