- edited description
Personal photo album reveals first name of hidden profile
Issue #56
resolved
When viewing a year page in the almanac as a non-admin member, hidden profiles (everything is hidden for everyone) are shown as unknown. When clicking such a profile, it is possible to open the personal photo album, which reveals the first name of the member. Try for example: https://www.svcover.nl/profiel.php?lid=1004 while impersonating an inactive member.
Suggested solutions:
- Hide these members completely everywhere
- Add privacy settings for personal photo album
- Respect privacy settings in photo albums
- Change policies on privacy settings: make it impossible to hide ones name and tell google not to index the almanac.
Comments (6)
-
reporter
-
reporter
While typing this issue, I realized that people show up on the year view of the almanac, regardless of their privacy settings of their starting year. As we keep finding (minor) issues like these, it is probably the best to change policies and make it impossible to hide ones name and starting year. If we do this, I also like the idea of implementing a default name@member.svcover.nl email address for people who want to keep their personal email address private, as discussed previously.
-
reporter
- edited description
Add suggested solution
-
reporter
One more thing that does not go too well: Hide all details and comment on a photo. In the overview of recent comments in the main photo album, your comment is posted by "Unknown", when viewing the photo, your name is displayed.
-
I think the main reason people want to hide their name is to hide their Cover profile from Google (as they do score quite high
) but I also think that hiding all profiles from Google is a bit overblown. I can also imagine people wanting to hide their complete profile, but hiding it for other members I find a bit odd and not something I would strongly support (e.g. how would you handle a committee member that wants to check if one of their participants is a member of Cover, or how would you handle displaying their info when they become part of a committee?)Another problem is that the name of a member is used pretty much everywhere on the website. Hiding it in such a way that it cannot be guessed is difficult, and it will be shown in lists (such as who is on a mailing list) to who has access to these. This is more or less what we currently do (although I haven't checked for a while if all calls still follow the privacy rules.)
I would suggest to indeed drop the 'naam' privacy preference, but add a 'Only show my profile to logged-in members' preference. But even this will be difficult to implement, e.g. how do you show these profiles on a committee page, or how do you tell visitors that some of them are hidden?
For now I'll search for all uses of member_full_name again and update the defaults to take privacy settings into account. They were opt-in because of the many places where member_full_name is used in the old admin parts of the site, but I think that more sane defaults are worth breaking some admin stuff.
-
- changed status to resolved
Problem mentioned in the issue title has been solved. Further discussion should probably be done elsewhere where it has more exposure to more opinions.
- Log in to comment
