Privacy concern with user summary

privacy

(Charles Walter) #1

A user mentioned to me that on the the user profile page (i.e. https://meta.discourse.org/users/charleswalter/summary). that the top links section was pulling in links from messages that she had sent privately.

Can someone please confirm the logic for this fragment?

Thanks!


(Dean Taylor) #2

Duplicate of this closed fixed topic?


(Jeff Atwood) #3

Probably we need to update you to a newer version. Now is not a good time because the header is quite buggy.


(Mittineague) #4

I don’t know as it is much of a privacy concen, depending on what you consider privacy I guess.

I have one test user that posts only in a private category.
I have another test user that posts only in messages.

In both cases, the counts “leaked” to the Users page - as they also did to those users Profile pages.

However - except for the user, no other non-Admin members could get access to any more information other than the counts and Liked By on the Profile Summary
They could not get to the posts the counts were associated with.


.


EDIT
after realizing she hadn’t made any posts containing any links, she did.
The post isn’t leaked, but the link is


(Charles Walter) #5

K. I’ve hidden the section for now via CSS. Will unhide after the next upgrade :wink:


(Mittineague) #6

When this does get worked on, please have the links adhere to the “nofollow” setting.


(Jeff Atwood) #7

That’s already the case, isn’t it? Pretty sure it is.


(Mittineague) #8

D’oh!! So it is. I was looking at the internal link in the inspector not the external link