RC 1 ..
Well .... don't know if it is a bug or by design but it seems wrong to me, that guests can view a members profile. The profiles show members login times, etc. and probably should not be available for viewing to the world at large.
I did look to see if there were a permission setting but did not find one. If there, then let me know. :)
Yeah, I'm seeing this behavior as well. I see the guest permissions that are set, lemme take a screenshot and attach it.
See the screenshot, lower-right corner, for the permission in error.
Well good heavens! I missed seeing the permission for sure. Probably looked at it 3 times! O:-)
It is enabled by default, I suppose that should not be.
Thanks for pointing out the permisson to me old eyes. :)
I thought they were since SMF 1.1, and went back searching why it was changed... I discovered that it was never actually changed and it has been like that since probably day 1. LOL
No hard feelings about it, I see on my forum is disabled (so I assume the original admin set it up like that, or the importer from phpBB did the magic, or any combination of the two).
Actually as a casual lurker I find a bit annoying when I can't see the profile, not because I care about the profile, but because there are useful pages like for example the list of posts and topics, that are public, but are hidden to the world just because of the "last login" info (that is really the only thing you can't find directly in any topic of the forum, this and the registered date, unless the theme puts it next to each post).
My view is that in the interest of member privacy, no profile views should be permitted by default to guests. Members should have the say as to what is shown on their public profile to other members and to guests.
Profiles that show member login/logout times, location, etc. are easy for data mining. Sounds petty unless you are a female that is being stalked by an ex or some psycho. Probably does not happen much but why provide the opportunity. Members should have to opt in to their profile information being made public and not opt out.
So profiles not visible to guests?
From the perspective of privacy issues, I belive it is better to not permit guests to view profiles. Most of us have nothing to hide... yet, :) but still, there are employers, psychos and neer-do-wells that data mine for reasons that are not always for higher ground reasons.
Why not block the privacy-sensitive information (like IM contacts, last login info, etc) and allow the public-facing information like signature, stats and links to their posts? PhpBB has done this for YEARS.
Yes, Eliana, that's what I'd like to have, but is a bit more than just "a small thing", because to do it properly a new option for custom fields is required as well.
Yes, we could just hide them "for now"... could be an option as well.
Though, hide them to guests doesn't solve the issue either (like remove the permission): one can just register and have all the data.
At the moment there is no such a thing like "privacy" implemented in Elk, and it requires a bit more than just change a permission or hide a field to guests.
That's a fair point. You thinking about some of the more comprehensive profile privacy solutions, such as vB or IPB have? Honestly, I hope you make it as dead simple as you can, like don't take inspiration from
Elk's SMF's permissions screen. ;)
Honestly I still have not thought about anything.
The "best" I can think of while writing is something like the "contact" setting: show my personal details to => everybody, => only to buddies, => only admins.
And that's all.
Well, maybe another voice to the list "only registered members" (we know it doesn't change much, but better have it).