I’ve disabled the user directory for anonymous users. This is to add some privacy, I did this with hide_user_profiles_from_public, which does: Disable user cards, user profiles and user directory for anonymous users.
However, the badge system is still public when this option is enabled. So someone can still check e.g. TL[1-4] to see most users without an account. Of course seeing the details of the users such as their cake day, bio and other details like that are still hidden. But establishing a user directory and a general idea about the users is still possible.
I think that when this option is enabled, the badge overview should be hidden as well, as well as the badges in the user cards.
Recategorizing to ux as this is not a bug. Badges and profiles aren’t the same thing, there are lots of other places that user accounts can be surfaced even if their profiles aren’t visible.
Badges are a gamification tool - part of that means letting users see which badges exist and who else might have them. If you aren’t interested in the gamification aspect have you considered just disabling badges completely?
I think the suggestion is to have a similar progression of visibility to the badge section as the user directory, whether coupled or as a separate setting. Currently the user directory can be disabled | visible to members | public, whereas the badges are simply disabled|enabled.
I grasp that - but having the badge counts (or listed users) vary between logged in/out doesn’t make a whole lot of sense. Extrapolating the same logic, users should be able to control whether their topics and responses should be visible to anonymous users.
At some point we have to accept that public participation is going to leave some form of a footprint. For communities which are privacy-centric disabling the badge system would be the way to go.
Isn’t there a middle ground here? E.g. having the badges for the logged in users only? Now the option to disable user listings is like a half fix I can sell to the users. Since the TL badges give mostly the full overview as well. At least groups can be hidden. If those were also still there, then the TL0 group would be there as well for the full overview.
Having the option to hide the badge overview for anonymous users would go a long way.
Ok, so you’re proposing that either the badge counts are lowered for anonymous users, or that the count doesn’t match the users listed?
By that token should said users also not have access to the flair and titles associated with badges?
What’s the privacy issue here precisely? Hiding profiles eliminates the ability to PM or chat with a user, you can no longer track their activity across a forum. Badges may link to one or two topics where a user has interacted, but you could as easily find some of their interactions by using search (or the google cache of public topics).
Sure, and their names are also listed when they start/participate topics. There’s also a profile page which says the user has hidden their profile, which also confirms an account exists?
Can you explain the risk?
You need to draw a straight line from a tangible problem to your proposed solution here.
Ok, so you’re proposing to hide specific badge overviews from some/all users? Or all?
Badges are markers of participation, like starting or responding to topics. Why is one ok, and not the other?
There is no risk. It’s just a courtesy to the users. The topics are public. But there is no need to have an easy way to zoom in on certain users. If there was a real risk, the forum would be behind a VPN and only allow invited users and the rest is hidden.
But that’s extreme. The already existing feature offers a way to hide some user details for anonymous users very well. The badge overview for anonymous users cancels out that feature since it allows listing TL1-4 users, which is mostly a user directory again.
The goal is to have a public forum, but have some layer of protection for the users. Which is fixed if the badge overview is only visible by logged in users.
I hope you understand this protection is only against anonymous users. I get the idea you may not have read that detail correctly so far. Logged in users may see everything.
Personally, I think you raise quite a valid point. The hide user profiles from public removes public ‘user lists’, yet leaves something similar viewable via the badge overview.
i sort of feel like badges should be hidden or disabled for anonymous users by default. to me it’s a members only privilege to qualify for badges. i don’t believe badges should be a feature to draw in members either, so i don’t know why they need to exist for non-members.
Their sheer presence is there to encourage participation, the very first barrier to which being registration.
Take a look at the recent liquorice topic. Would it have made sense to have a topic visible publicly without any context? How would it be preferable that the link 404’s?
I think that the way Discourse is set up there will always be links knocking about in posts that could be inaccessible to certain viewers due to category permissions or admin settings. A link to the user directory, for instance if it was disabled for anonymous, or something from the Lounge.
I suppose the crux would be whether you viewed badges as encouraging participation through signups, or participation from existing members. I would probably lean towards the latter as I don’t think anyone really joins a community for the badges.
I still think if you’re looking to make user lists a ‘members-only’ feature of your site it makes sense to also include the badge lists in that somehow.
just to be clear, i am not arguing from a privacy or security perspective. in my humble opinion, it just makes no sense that the badges would by default be accessible or even of interest to non-members, unless the gamification aspect was an essential part of your forum’s purpose. i don’t actually want people joining my forum for the badges and to beat other members at whatever game, i want them to join for the content and discussion. that isn’t to say i don’t see a scenario where a particular forum may find it useful to let non-members see badges, like one designed with gamification as an essential part of the user experience.
