Lack of interest Privacy permissions for all user info

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.

rfc0001

Well-known member
I think it's time XF extend privacy permissions to all user info. right now, the only options are to allow the profile page or not, but really the permissions should be based on information, not location, since the same information displayed on the profile page can be displayed on the message user info block (on each post) and/or the member tooltip (also on each post), thus exposing this potentially personal information, despite locking down the profile page. Here is a summary of all user information, existing permissions and where the information is located:

1566758847622.webp

A simple change would be to re-purpose the allow_view profile permission to control the privacy of the avatar, birthdate, age, title, location and customer user field by modifying the corresponding macros for message user info, member tooltip, and profile page to check this permission prior to displaying any of these. Similarly, allow_view_identities could control privacy of website, and allow_receive_news_feed (all activity) could be used to control privacy of online/last seen and current activity. This would not require any new permissions (just changing their phrases to clarify their new expanded meaning), and would only require modifying three templates (or in XF core ideally so that the logic doesn't have to be duplicated in multiple templates).

Seems like with GDPR and other regulations it is high time XF provide more granular (and easier to understand) permissions.
 
Upvote 0
This suggestion has been closed. Votes are no longer accepted.
Some items should be inherently public. When you select an avatar, enter a title or location then you are choosing to share that information.
 
Top Bottom