Topic: Potential Privacy Fail |

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket

Tagged: GDPR, privacy

Author

Posts
January 16, 2020 at 11:43 pm #6665

identity
Free User

Post count: 445

While I’ve set for the Display Name to be used, there is a case where First & Last Names are made public even if set to Private.

If Display Name is optional and left blank, then the fall back is on First and Last Names, even if they are set to private.

Cheers

January 16, 2020 at 11:58 pm #6666

identity
Free User

Post count: 445

Also related, and maybe a bug….

Username keeps changing to Public, even after selecting Private and saving, it reverts to Public.

Maybe less privacy issue and more security issue as it publicly identifies a login credential.

Cheers

January 17, 2020 at 1:09 am #6667

identity
Free User

Post count: 445

Okay…….

Running into a wider issue here.

Setting Email to private on the backend, yet after saving the form field info it reverts to Public. Maybe happening across other fields….don’t remember now after testing.

Similarly, setting First Name to Private in the backend, kept reverting to Public after saving. Set it to “Let User Decide,” which stuck, however, on the front end after changing a user First Name setting to private, it too reverted to Public and was visible on the site.

Now it seems that multiple settings on the backend may not retain Private setting, and likewise, changes on the frontend by the user may not stick either…..either remaining private or public based on their previous setting.

Also, my browsers are set not to cache, so I’m assuming it isn’t client side but something on the backend/DB/etc.

Cheers

January 17, 2020 at 12:19 pm #6671

Patrik
Moderator

Post count: 1971

Hi,

Have you checked if there are any JS errors in the console while saving fields? Also, provide admin details so that we can try to regenerate the issue and fix it. Showing usernames to the public will not create a security issue as it requires a password to log in. If you can provide the screenshot for each issue would help us to identify the issue as making first name private will not hide it from the user’s name displaying in profile. That privacy is for custom fields.

Regards,
Patrik

January 17, 2020 at 3:23 pm #6678

identity
Free User

Post count: 445

Agree, password still required to login…I’m mostly referring to security obfuscation and the reason for using display names as opposed to login credentials.

At one point here (just building this out on staging) the first and last name fields, I’m pretty sure, were being made private, or at the very least, honoring a “User Decide” private selection.

Either way, if they can’t be made private, then the Form Builder shouldn’t present that as an option.

As I try switching the First Name to Private, I do see the following Console report:

bootstrap.bundle.min.js?ver=4.3.1:4 Uncaught TypeError: No method named “destroy”
at HTMLSpanElement.<anonymous> (bootstrap.bundle.min.js?ver=4.3.1:4)
at Function.each (load-scripts.php?c=1&load[chunk_0]=jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-position,jquery-ui-tooltip,jquery-ui-&load[chunk_1]=sortable&ver=5.3.2:2)
at a.fn.init.each (load-scripts.php?c=1&load[chunk_0]=jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-position,jquery-ui-tooltip,jquery-ui-&load[chunk_1]=sortable&ver=5.3.2:2)
at a.fn.init._jQueryInterface [as tooltip] (bootstrap.bundle.min.js?ver=4.3.1:4)
at uwp_init_tooltips (users-wp-admin.min.js?ver=1.2.0.12:1)
at Object.success (users-wp-admin.min.js?ver=1.2.0.12:1)
at i (load-scripts.php?c=1&load[chunk_0]=jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-position,jquery-ui-tooltip,jquery-ui-&load[chunk_1]=sortable&ver=5.3.2:2)
at Object.fireWith [as resolveWith] (load-scripts.php?c=1&load[chunk_0]=jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-position,jquery-ui-tooltip,jquery-ui-&load[chunk_1]=sortable&ver=5.3.2:2)
at x (load-scripts.php?c=1&load[chunk_0]=jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-position,jquery-ui-tooltip,jquery-ui-&load[chunk_1]=sortable&ver=5.3.2:4)
at XMLHttpRequest.c (load-scripts.php?c=1&load[chunk_0]=jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-position,jquery-ui-tooltip,jquery-ui-&load[chunk_1]=sortable&ver=5.3.2:4)

Will follow up with credentials…

Cheers

January 17, 2020 at 3:24 pm #6679

identity
Free User

Post count: 445

This reply has been marked as private.

January 21, 2020 at 4:04 pm #6733

identity
Free User

Post count: 445

Just checking on any follow up on this?

Cheers

January 22, 2020 at 10:53 am #6747

Patrik
Moderator

Post count: 1971

Hi,

First name, Last name, Display name, username, email and bio are the default fields. The “Is public” is used to target the custom fields created other than this. There are multiple places where we need to display the above fields and that’s why we could not make it private. We may hide the option for the above fields.

Regards,
Patrik

January 22, 2020 at 3:46 pm #6752

identity
Free User

Post count: 445

Let me ask you this then…

For these fields, if nothing is selected in “Show in what locations?” will they show up publicly anywhere or will that keep them hidden?

Thanks

January 23, 2020 at 4:53 am #6757

Patrik
Moderator

Post count: 1971

Those fields will show publicly as it is the identity of the user and we can’t make it private.

Regards,
Patrik
Author

Posts

Viewing 10 posts - 1 through 10 (of 10 total)

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket

Potential Privacy Fail

How to open a new support ticket

Support Policy

Support Forum Search