16 Replies Latest reply on Aug 17, 2013 11:29 AM by agrahambell

    personal information leakage

      You force users to enter a first and last name in their profile, but then allow that to be masked by setting the visibility to 'yourself' in the privacy settings.

       

      However, the emailed notifications of a new private message will contain the senders private details.

       

      Also, If I reply to one of my own posts in any public discussion area, any quote included will start with a line of the form "foobar wrote:" where 'foobar' is replaced with the full firstname/lastname that I've configured to be private.

       

      Privacy settings need to work properly or else there's little point in having them at all.

       

      • Reply
        • Re: personal information leakage
          John Beetem

          "selsinork" wrote:

           

          However, the emailed notifications of a new private message will contain the senders private details.

          It's also confusing to receive notification of a PM from someone I've never heard of before, because up until that point I only knew the pseudonym.  The problem definitely should be fixed.

          • Re: personal information leakage

            I've also seen at least one example where an E14 mod will reply to a message using

            the person's real name even though that was supposedly hidden.

             

            I think I've also seen webinar transcripts use hidden real names.

              • Re: personal information leakage

                coder27 wrote:

                 

                I've also seen at least one example where an E14 mod will reply to a message using

                the person's real name even though that was supposedly hidden.

                It would be constructive if they adhered to their own guidelines

                http://www.element14.com/community/docs/DOC-55168/l/participation-guidelines

                 

                Content Not Tolerated

                [...]

                o   Private Information

                §Sharing personal information of other members without their consent (addresses, phone numbers, email ect…)

                  • Re: personal information leakage

                    coder27 can you PM the link to this instance please.

                      • Re: personal information leakage

                        We take your private information very seriously, I will escalate these concerns immediately.

                          • Re: personal information leakage

                            John, are you recieving PM from someone outside of your contacts? If so can you confirm that your "general settings"

                             

                             

                            are set to Contact and Admins ..if so please PM me an example so I can report as a bug.

                              • Re: personal information leakage

                                element14Dave wrote:

                                 

                                John, are you recieving PM from someone outside of your contacts? If so can you confirm that your "general settings"

                                 

                                 

                                are set to Contact and Admins ..if so please PM me an example so I can report as a bug.

                                I do have that set to Anyone, but first noticed it when someone on my contacts list sent a PM.   Personally I have less of a problem with people already on my contacts list getting these details, but others may not agree with my feelings here.

                                • Re: personal information leakage
                                  John Beetem

                                  element14Dave wrote:

                                   

                                  John, are you recieving PM from someone outside of your contacts? If so can you confirm that your "general settings"

                                   

                                   

                                  are set to Contact and Admins ..if so please PM me an example so I can report as a bug.

                                  Hi Dave,

                                   

                                  Both messages were received from contacts.  It's just that the e-mail notifications gave the contact's real name (which should be private) instead of the public user name that I'm used to seeing.  When I went to the PM page at element14.com the message only had the user name.

                              • Re: personal information leakage

                                coder27 can you PM the link to this instance please.

                                 

                                done.  (two cases)

                              • Re: personal information leakage

                                Selsinork,

                                  You wrote:

                                It would be constructive if they adhered to their own guidelines

                                http://www.element14.com/community/docs/DOC-55168/l/participation-guidelines

                                 

                                That appears to be new.  So new in fact that it apparently isn't referenced in the "Terms of Use"

                                http://www.element14.com/community/static/legal/e14fullterms

                                 

                                So it doesn't appear to be binding on anyone.

                                It may be some sort of draft or trial balloon.   Some parts don't appear to have been well thought out

                                at all.  For example:

                                If further reports are filed against the member, the content will be deleted and the member will be banned from the Community permanently.

                                I can't imagine that permanent banning would result simply from "if further reports are filed".

                                Certainly there would need to be some sort of vetting of such reports.

                                 

                                I also can't imagine they are serious about:

                                o   Non-Productive and Off-Topic Conversation

                                §Conspiracy theories, and topics not related to product, projects or technologies

                                Does this mean we can't discuss the companies that are making and/or distributing these products?

                                Does it mean we must have all the evidence on a topic before any evidence can be discussed?

                                A topic recently wandered off to discussing IKEA.  But nobody apparently got banned for it,

                                so whatever "off topic" means it apparently doesn't mean IKEA.  Maybe this thread just wandered.  Oops.

                            • Re: personal information leakage

                              Hi Selsinork, we've changed the settings for now, so now any PM that a user gets from another member will not display a name it will display as "element14" in order to protect user privacy.  Thanks for letting us know about this!

                               

                              8-16-2013 4-58-55 PM.png

                                • Re: personal information leakage
                                  mcb1

                                  Nicole

                                  Well done thats excellent.

                                   

                                  Selsinork also made this comment

                                  Also, If I reply to one of my own posts in any public discussion area, any quote included will start with a line of the form "foobar wrote:" where 'foobar' is replaced with the full firstname/lastname that I've configured to be private.

                                  As for the other comment

                                  I've also seen at least one example where an E14 mod will reply to a message using

                                  the person's real name even though that was supposedly hidden.

                                  I've been guilty of using the first name occasionally only because it felt less personal, so I can see how it comes about.

                                   

                                   

                                  Mark

                                    • Re: personal information leakage

                                      Mark Beckett wrote:

                                       

                                      Selsinork also made this comment

                                      Also, If I reply to one of my own posts in any public discussion area, any quote included will start with a line of the form "foobar wrote:" where 'foobar' is replaced with the full firstname/lastname that I've configured to be private.

                                      just tried it and that one is still there, but that's much less of a problem as you can edit that yourself

                                    • Re: personal information leakage
                                      morgaine

                                      Top marks to everyone involved for a fast response as soon as the problem was detected and reported.

                                       

                                      I agree with Mark that the different names displayed depending on whether one is logged in or not does cause problems of leakage.  It's a pity that the full name cannot be limited to the profile alone, rather than displayed with every post.  If done this way then accidental leakage would be less likely to occur.

                                        • Re: personal information leakage

                                          Morgaine Dinova wrote:

                                           

                                          If done this way then accidental leakage would be less likely to occur.

                                          True.  Personally I'm not too bothered, I'd also accept it if the setting was removed, the name couldn't be made private and was always shown to everyone. As long as you know that's what's happening.

                                          Having a setting that doesn't really do what it says and may leak details without your knowledge is a problem though.