docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon sismics

Privacy issue - Users and groups are visible in public mode

Open vmario89 opened this issue 4 years ago • 2 comments

Hi, having Teedy with enabled guest mode allows all guests to see the complete user directory of the instance. Guests have possibility to gather data about group structure and their email addresses. I think this should be prohibited by some option/flag.

I think the public mode should get some redesign in terms of privacy. In my eyes the public mode should be a mode usable to see public documents only. I understand that for filtering we need some overview of tags and users to use them in the search field. But we should hide sensitive data.

This issue belongs to

  • https://github.com/sismics/docs/issues/452
  • https://github.com/sismics/docs/issues/410
  • https://github.com/sismics/docs/issues/409

vmario89 avatar Jan 20 '21 17:01 vmario89

I agree with hiding some sensitive informations in guest mode, however I don't like the idea of flags. It makes the configuration quite confusing for newcomers. This issue should provide specific actions instead of being so general.

jendib avatar Jan 20 '21 17:01 jendib

I think the public mode should get some redesign in terms of privacy. In my eyes the public mode should be a mode usable to see public documents only.

I just stumbled on this issue. I understand that 'Guest access' has many use cases and that there's a rationale behind showing users and groups: they act as filters too.

In my organization we're going to overcome this by creating "role users" instead of "person users", so no private info (like names) is made public.

We're also setting the guest upload quota to 0, so they can create documents but not populate them, which I hope is discouraging enough to not see any significant spam. Our only unovercomable issue is that a guest can create tags, which can be a burden to remove en masse.

I haven't been able to look at the code so I don't know if it's easy or hard to do, but I'd love to see the option to, if Guest Access is activated, have some additional toggles:

  • Allow guests to see users and groups ON/OFF (if OFF, only allow filtering by tags and remove the 'Users & Groups' item on the header)
  • Allow guests to create documents ON/OFF (if OFF, quota is set to 0 and document creation is disallowed)
  • Allow guests to create tags ON/OFF (if OFF, don't allow it, remove 'Tags' from header and only allow navigation from the navigation component on the left column).

Just my two cents. Thank you for your time and for developing Teedy. It's great!

borjarobert avatar Jun 21 '22 08:06 borjarobert