First of all: user data stored by PrivMX server are encrypted on the client-side and even server’s root user can not read it. On the level of PrivMX accounts (on the client side), the situation can be configurable – by default PrivMX admins CAN NOT decrypt and read data of other PrivMX users, but there are also so-called “managed” PrivMX accounts which can be read and modified by PrivMX admins.
Standard type of PrivMX user accounts can be called “private”, because nobody but the owner can access data, change password etc, on their own computer, using their password or mnemonic (of Recovery Key).
When admin wants to create a new “private account”, only an unique link (URL) is created which gives new user rights to connect to the server and create new account …which is created, in fact, on their own computer, where new password is entered, cryptography keys are generated and other important setup is performed. All those important data is unavailable for PrivMX admins and that’s why they can not access new account’s data. Even the owner of the account won’t have access to their data, if they forget password and mnemonic.
“Managed” accounts introduced in version 1.2.0 of PrivMX are encrypted in the same way, have the same functionality but are created differently. When admin wants to create a new “managed account”, their computer creates new account by itself and set a temporary password in it (which should be given somehow to new user). Recovery Key for the new account is saved automatically in encrypted admin files on the server. This gives the admin theoretical possibility to login to such account, read its data, etc. In practice, admins do not even see those saved Recovery Keys, but some admin functions of PrivMX can use them.
In version 1.2.0 the only admin function which uses saved Recovery Keys is resetting “managed” users’ passwords. Read about it here: resetting passwords in PrivMX. It is possible that future versions of PrivMX will introduce some other admin functions for managing “managable” accounts.
How managed accounts can be created? In version 1.2.0 there is no dedicated user interface for this function. However, you can set private/managed mode globally in the
server/config.php file. Just add there
and all new accounts will be created as “managable”. After that, always comment this line when you want to create “private accounts”.