secret circles may give users an incorrect assumption of security

[jmcclelland]

We recently discovered that if a user searches for a secret circle using part of the circle name, it will not show up in the search resuts (as expected).

However, if the user can guess the exact name of a secret circle and types the full name in the search menu, the secret circle will appear and the user can join it without owner approval, thus immediately gaining access to all shares and the list of other members.

Is this intended behavior? It was surprising to us and because we did not expect this behavior it presented a security breach.

My expectations would be:

• The secret circle will never appear to someone who is not already a member (I think this is the intended behavior and what I'm experiencing is a bug).
• It is not possible for someone to either join or even request permission to join a secret circle (I'm not sure if this is the intened behavior, but it seems consistent with the first point - if it is not possible to find a secret circle, then it should not be possible to join one)

With this behavior, a secret circle would be similar to a personal circle except:

• Users who belong to a secret circle would see the secret circle in the list of circles they belong to (which does not seem to be the case with personal circles)
• Users would have the ability to leave a secret circle (also not possible with private circles)

The circles app is amazing and has made it possible for us to operate a Nextcloud instance for our entire membership - so many thanks for all of your hard work, including the work of balancing everyone's interests.

[rms-joe]

Even worse: if u share a deck board with a secret circle plus others, the circle name shows up in the 'assign to' drop down menu. So u don't even need to guess the secret circle name.