I’ve disabled the user directory for anonymous users. This is to add some privacy, I did this with hide_user_profiles_from_public, which does: Disable user cards, user profiles and user directory for anonymous users.
However, the badge system is still public when this option is enabled. So someone can still check e.g. TL[1-4] to see most users without an account. Of course seeing the details of the users such as their cake day, bio and other details like that are still hidden. But establishing a user directory and a general idea about the users is still possible.
I think that when this option is enabled, the badge overview should be hidden as well, as well as the badges in the user cards.
Recategorizing to ux as this is not a bug. Badges and profiles aren’t the same thing, there are lots of other places that user accounts can be surfaced even if their profiles aren’t visible.
Badges are a gamification tool - part of that means letting users see which badges exist and who else might have them. If you aren’t interested in the gamification aspect have you considered just disabling badges completely?
I think the suggestion is to have a similar progression of visibility to the badge section as the user directory, whether coupled or as a separate setting. Currently the user directory can be disabled | visible to members | public, whereas the badges are simply disabled|enabled.
I grasp that - but having the badge counts (or listed users) vary between logged in/out doesn’t make a whole lot of sense. Extrapolating the same logic, users should be able to control whether their topics and responses should be visible to anonymous users.
At some point we have to accept that public participation is going to leave some form of a footprint. For communities which are privacy-centric disabling the badge system would be the way to go.
Isn’t there a middle ground here? E.g. having the badges for the logged in users only? Now the option to disable user listings is like a half fix I can sell to the users. Since the TL badges give mostly the full overview as well. At least groups can be hidden. If those were also still there, then the TL0 group would be there as well for the full overview.
Having the option to hide the badge overview for anonymous users would go a long way.
Ok, so you’re proposing that either the badge counts are lowered for anonymous users, or that the count doesn’t match the users listed?
By that token should said users also not have access to the flair and titles associated with badges?
What’s the privacy issue here precisely? Hiding profiles eliminates the ability to PM or chat with a user, you can no longer track their activity across a forum. Badges may link to one or two topics where a user has interacted, but you could as easily find some of their interactions by using search (or the google cache of public topics).
Sure, and their names are also listed when they start/participate topics. There’s also a profile page which says the user has hidden their profile, which also confirms an account exists?
Can you explain the risk?
You need to draw a straight line from a tangible problem to your proposed solution here.
Ok, so you’re proposing to hide specific badge overviews from some/all users? Or all?
Badges are markers of participation, like starting or responding to topics. Why is one ok, and not the other?
There is no risk. It’s just a courtesy to the users. The topics are public. But there is no need to have an easy way to zoom in on certain users. If there was a real risk, the forum would be behind a VPN and only allow invited users and the rest is hidden.
But that’s extreme. The already existing feature offers a way to hide some user details for anonymous users very well. The badge overview for anonymous users cancels out that feature since it allows listing TL1-4 users, which is mostly a user directory again.
The goal is to have a public forum, but have some layer of protection for the users. Which is fixed if the badge overview is only visible by logged in users.
I hope you understand this protection is only against anonymous users. I get the idea you may not have read that detail correctly so far. Logged in users may see everything.