1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Not Planned Privacy for Avatar image

Discussion in 'Closed Suggestions' started by erich37, Nov 9, 2012.

  1. erich37

    erich37 Well-Known Member

  2. digitalpoint

    digitalpoint Well-Known Member

    The only way to do something like that would add quite a bit of resources being used and here's why...

    Avatars are stored in the file system, and are shown by directly calling that file with an HTTP request. For example your avatar is this file: http://xenforo.com/community/data/avatars/m/0/764.jpg

    In order to do end user permissions checking, you would need to block direct access to the avatars folder and make requests through some sort of avatar script which checks permissions and based on those permissions reads the file from the file system and serves it up. So every request for every avatar is going to need to do at least 1 extra query to check the permissions (since they are specific to the user viewing/making the HTTP request). This means that pages that show 20 avatars (like forums or threads), you just added 20 queries needed to build the page (you can't consolidate them into a single query for the page since each permission check is unique to the one HTTP request for the avatar).

    While it's certainly not ideal for those that are super anal about privacy, the resources required to implement such a thing (which ultimately would be VERY rarely used/needed) would just be too great.

    As a side note, XenForo does it *exactly* like Facebook does. For example, this is a picture from one of my photo albums that not even my Facebook friends can view...

  3. erich37

    erich37 Well-Known Member

    I am not a coder or an expert in this area, but what about putting the avatar-images into a "hidden folder" (e.g. something like ht-access protected or any other thing like that) ?

    So once the Admin decides to run a "Private Community", the avatar-images will be moved into a "secured or hidden" location which is not accessible by guests or search-engines.
    So literally not act "per the privacy setting" of each specific user, but based on the Admin-setting in ACP. So if Admin decides to have his Forum-community set to "private", then the folder containing ALL avatar-images gets hidden from guests.

    By doing so, I guess the additional queries you are mentioning will not be necessary.

    FB lost several lawsuits in Europe regarding its false "Privacy" behaviour.....
  4. digitalpoint

    digitalpoint Well-Known Member

    I suppose you could do something like that... make a script that reads the files based on if the person viewing it has a user cookie set (although you start running into the same issues I outlined before if you actually *validate* the cookie). But for the most part then no one could see it unless they were a logged in user or spoofing as a logged in user.
  5. MagnusB

    MagnusB Well-Known Member

    If you put it into a password protected folder, every request would make a prompt for the password. I am pretty sure all my users would leave if that happened.

    Besides, private avatars does not make sense (at least not to me). Avatars is meant as an identification or persona related to your account, it is something to identify you by. Making it private kinda defeats the purpose.
  6. erich37

    erich37 Well-Known Member

    it is different if you run a "dating"-site.

Share This Page