Issue #5599 resolved

Add ability to make profile private (BB-6901)

Humanaut
created an issue

Profile information is public by default. This should be private by default or at least give the option to make it private.

Also, it would be appropriate to include a privacy option to not show people's followers to the public.

Comments (33)

  1. Marcus Bertrand staff
    • changed status to open

    Thanks for the request. At the moment, there is no way to do this. As a workaround for now, you can remove your information such as your name, website etc from your profile to keep it off the public view. There isn't anything to be done about followers.

    We'll consider this for the future though.

  2. Irene Lau

    Someone accidentally granted me access to their private repo. Clearly they were looking for someone with the same name as me and they persistently kept adding me again even after I removed myself from their repo.

    If I had any ill intention I could have pulled down their whole repo. I would really like to avoid the possibility of getting into this kind of potential compliance issue ever again by making my own profile private.

  3. Nilesh Bansal

    This is a blocker issue for us too.

    Right now anyone can see a list of employees of our company under members for a team. Who codes for us is our private business.

  4. smartwave

    Bitbucket cannot be considered as a target for our Fisheye/SVN migration as long as we don't have some control over privacy (eg. team members).

    This feature is mandatory!

  5. Zach Davis staff

    There is now a "Private profile" checkbox in the account admin section. It is still possible to ascertain that an account with a private profile exists, but no additional information is given.

  6. Jack Jones

    Zach Davis Thanks for the response. When I look at members from the public view of a public team, I can still see the person (with name and avatar image) even though their profile is set to private. This seems like a potential bug.

    More importantly, though, It would be nice to have the option of both a team and its members having public profiles, but having certain members of the team able to be hidden as being members. This avoids the potential issue of a company (team), with a mixture of public and private repositories, that does not want to expose certain (or any) members of their development team.

    I hate to say it, but the GitHub model for handling this is fairly elegant. Each individual member of an organization has their own privacy settings (via conceal/publicize membership).

  7. Zach Davis staff

    Hi Jack,

    Thanks for your honest, measured feedback. You're right that this is neither an elegant nor a complete solution. I'm not interested in making excuses, but the fact of the matter is that we had no time scheduled for this in the immediate future, and I believed (and still do) that this solution is vastly better than no solution at all. So I squeezed it in between my other work. I'm happy to re-open this issue if you truly find it inadequate (or perhaps create another that more accurately addresses your concerns), but I hope that what I've provided is of some value until we have the time to dedicate to a more holistic privacy approach.

    Cheers, Zach

  8. Jack Jones

    Zach Davis Your solution works for me! Sorry if I didn't make it clear enough above - having the ability to make the team profile private is a fully adequate solution, and should be able to hold everyone over until there is time to implement more. I was just suggesting further enhancement.

    I really appreciate your candor and prompt reply. I'll be using BitBucket now, and look forward to whatever comes!

  9. Aditya Rajgarhia

    Zach Davis does this require each team member to set their profile as private, or can it be done by the team administrator?

    If it does only the former, then it's certainly a nice feature to have, but for organizations the latter is what would be more useful, as you can see from the comments above. Should there be a separate issue for it since this is marked resolved?

  10. Zach Davis staff

    Any team administrator can set the team profile to be public -- that was the main goal of this feature, to allow teams to hide their members and other information.

  11. Aditya Rajgarhia

    Zach Davis Ok, I found the Account Settings page for the team, changed the profile to private, and verified that it works. The team page no longer lists the members.

    There is still one part left in order to truly make the members private. Currently, a team member's profile still lists the team that he is part of, and the number of members of that team. One can simply run the following query on Google to view the individual members, and thus compile the complete list:

    "team name" site: bitbucket.org

  12. Jesse Yowell staff

    To add to this:

    It still seems private users can be found when added through repositories. If someone with a private profile is added to a team, they won't be seen through the 'teams' dropdown, however, if the repository is selected then all the teams members can be seen.

    A possible workaround could be a switch to make all team members invisible..

  13. rsully

    I would prefer the option where as a team member I can decide which teams I appear publicly as a member in. While a user's profile may be private, they still appear in a public team list that they might not have any control over.

  14. Log in to comment