Potential Privacy Fail

This topic contains 9 replies, has 2 voices, and was last updated by  Patrik 2 months, 1 week ago.

Tagged: ,

  • Author
    Posts
  • #6665

    identity
    Free User
    Post count: 432

    While I’ve set for the Display Name to be used, there is a case where First & Last Names are made public even if set to Private.

    If Display Name is optional and left blank, then the fall back is on First and Last Names, even if they are set to private.

    Cheers

    #6666

    identity
    Free User
    Post count: 432

    Also related, and maybe a bug….

    Username keeps changing to Public, even after selecting Private and saving, it reverts to Public.

    Maybe less privacy issue and more security issue as it publicly identifies a login credential.

    Cheers

    #6667

    identity
    Free User
    Post count: 432

    Okay…….

    Running into a wider issue here.

    Setting Email to private on the backend, yet after saving the form field info it reverts to Public. Maybe happening across other fields….don’t remember now after testing.

    Similarly, setting First Name to Private in the backend, kept reverting to Public after saving. Set it to “Let User Decide,” which stuck, however, on the front end after changing a user First Name setting to private, it too reverted to Public and was visible on the site.

    Now it seems that multiple settings on the backend may not retain Private setting, and likewise, changes on the frontend by the user may not stick either…..either remaining private or public based on their previous setting.

    Also, my browsers are set not to cache, so I’m assuming it isn’t client side but something on the backend/DB/etc.

    Cheers

    #6671

    Patrik
    Moderator
    Post count: 1899

    Hi,

    Have you checked if there are any JS errors in the console while saving fields? Also, provide admin details so that we can try to regenerate the issue and fix it. Showing usernames to the public will not create a security issue as it requires a password to log in. If you can provide the screenshot for each issue would help us to identify the issue as making first name private will not hide it from the user’s name displaying in profile. That privacy is for custom fields.

    Regards,
    Patrik

    #6678

    identity
    Free User
    Post count: 432

    Agree, password still required to login…I’m mostly referring to security obfuscation and the reason for using display names as opposed to login credentials.

    At one point here (just building this out on staging) the first and last name fields, I’m pretty sure, were being made private, or at the very least, honoring a “User Decide” private selection.

    Either way, if they can’t be made private, then the Form Builder shouldn’t present that as an option.

    As I try switching the First Name to Private, I do see the following Console report:

    bootstrap.bundle.min.js?ver=4.3.1:4 Uncaught TypeError: No method named “destroy”
    at HTMLSpanElement.<anonymous> (bootstrap.bundle.min.js?ver=4.3.1:4)
    at Function.each (load-scripts.php?c=1&load[chunk_0]=jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-position,jquery-ui-tooltip,jquery-ui-&load[chunk_1]=sortable&ver=5.3.2:2)
    at a.fn.init.each (load-scripts.php?c=1&load[chunk_0]=jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-position,jquery-ui-tooltip,jquery-ui-&load[chunk_1]=sortable&ver=5.3.2:2)
    at a.fn.init._jQueryInterface [as tooltip] (bootstrap.bundle.min.js?ver=4.3.1:4)
    at uwp_init_tooltips (users-wp-admin.min.js?ver=1.2.0.12:1)
    at Object.success (users-wp-admin.min.js?ver=1.2.0.12:1)
    at i (load-scripts.php?c=1&load[chunk_0]=jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-position,jquery-ui-tooltip,jquery-ui-&load[chunk_1]=sortable&ver=5.3.2:2)
    at Object.fireWith [as resolveWith] (load-scripts.php?c=1&load[chunk_0]=jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-position,jquery-ui-tooltip,jquery-ui-&load[chunk_1]=sortable&ver=5.3.2:2)
    at x (load-scripts.php?c=1&load[chunk_0]=jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-position,jquery-ui-tooltip,jquery-ui-&load[chunk_1]=sortable&ver=5.3.2:4)
    at XMLHttpRequest.c (load-scripts.php?c=1&load[chunk_0]=jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-position,jquery-ui-tooltip,jquery-ui-&load[chunk_1]=sortable&ver=5.3.2:4)

    Will follow up with credentials…

    Cheers

    #6679

    identity
    Free User
    Post count: 432
    This reply has been marked as private.
    #6733

    identity
    Free User
    Post count: 432

    Just checking on any follow up on this?

    Cheers

    #6747

    Patrik
    Moderator
    Post count: 1899

    Hi,

    First name, Last name, Display name, username, email and bio are the default fields. The “Is public” is used to target the custom fields created other than this. There are multiple places where we need to display the above fields and that’s why we could not make it private. We may hide the option for the above fields.

    Regards,
    Patrik

    #6752

    identity
    Free User
    Post count: 432

    Let me ask you this then…

    For these fields, if nothing is selected in “Show in what locations?” will they show up publicly anywhere or will that keep them hidden?

    Thanks

    #6757

    Patrik
    Moderator
    Post count: 1899

    Those fields will show publicly as it is the identity of the user and we can’t make it private.

    Regards,
    Patrik

Viewing 10 posts - 1 through 10 (of 10 total)

The topic ‘Potential Privacy Fail’ is closed to new replies, this may be for inactivity, please open a new topic if you have a similar question.