Server: Allow to set email address to private independent of sharing settings

Hey, this issue has been closed because the label stale is set and there were no updates for 14 days. Feel free to reopen this issue if you deem it appropriate.

(This is an automated comment from GitMate.io.)

No one was looking on this issue but the bot closed it. That's also a way to keep the issue list small...
Very disappointed 👎

@Somebodyisnobody Sorry for this - we are just in the transition and thus it caused sometimes the wrong closings.

Let me label it and ask some people.

The option disappears while the "Public"-option disappears.
The problem is that users can see the email address of other users in the contacts menu.

cc @schiessle @ChristophWurst

Hi, NC14 went by and the problem is still there.
I was using OC9 and switch to NC15 and i am shocked to see such a privacy leak being here since 2 major releaes and almost 1 year...

All users publish their mail adress per default and i don't see a way to change this default setting.

At the current rate, to comply with GDPR, i have to tell users "you will share your contact information with everyone else using this cloud. Go to the settings menu To change that".
Or i will just cancel switching to NC and just stay with OC.

Is there really no intention of fixing this? Or did we just terribly understand how to set up Nextcloud?

Greetings

This issue has been automatically marked as stale because it has not had recent activity and it seems to be missing some essential informations. It will be closed if no further activity occurs. Thank you for your contributions.

There are no essential informations missing and @MorrisJobke and co. should work on this one year after reporting. I have doubts about the balance between profit and support. @stale is an insult to my efforts!

@Somebodyisnobody please keep it polite. I don't like the tone this thread have.
I will ask you to read our code of conduct https://nextcloud.com/code-of-conduct/

We're a team that work on a lot of sections of nextcloud and this is a collaborative project. Your will to have a feature to be implemented is not the same to others.

@schiessle @ChristophWurst @blizzz what shall we do?
When disabling the Allow users to publish their data to a global and public address book, I'm guessing we stop sharing all the data by default?

Or do we still comply to the old setting a user had?

Unchecking "Allow username autocompletion in share dialog. If this is disabled the full username or email address needs to be entered" would prevent unknown users/mail addresses to be shown. Otherwise there is no specific switch to disable only display of the mail address. I don't think extending the mentioned switch to the local instance as well would be a good idea, because in organisations it's rather normal that email addresses are known and should be displayed, but perhaps not exposed to the outside.

So what do you reckon? Closing this?

Unchecking "Allow username autocompletion in share dialog. If this is disabled the full username or email address needs to be entered" would prevent unknown users/mail addresses to be shown. Otherwise there is no specific switch to disable only display of the mail address. I don't think extending the mentioned switch to the local instance as well would be a good idea, because in organisations it's rather normal that email addresses are known and should be displayed, but perhaps not exposed to the outside.

Hi there, thanks for replying again!
imho:

• auto-completion is a must-have (most users may not know other peoples usernames)
• seeing all users external mail adresses is a no-go (most users may not want to share there email)

i think, nextcloud shall enable seamless teamwork while protecting the users data without trade-off, especially since nectcloud seems to be dedicated to communities.

i would not want to share my email adress to all github-users, do you?
ofc i want to interact with other github users, i guess same on your side?

noone would srsly say "you need to share you mail adress with all github users or you cannot interact with them".

Greetings :-)

Okay but think about a setting (maybe in a local club) where users should not see other e-mail addresses.
I am not sure but by default it's not set to "private".

Why I have the possibility to change the privacy setting when "Allow users to publish their data to a global and public address book" is active but when it's disabled I don't have this possibility? The value "Allow users to publish [...]" means to give the possibility to publish their data. If it's unchecked, it's published anyway...

In my opinion the user needs to have the possibility to hide his email address.

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

Okay that's how issues marked as bugs are handled.

seems to be missing some essential information.

The issue was closed the second time (by bot) without discussing the arguments by @yasuoiwakura and me. A bit like "Just don't answer if you run out of arguments." 😢

I'm out; that was the last time I wasted time here.

my only workaround is to <!--comment out --> the adress book in the upper right corner to make this security leak not too obvious to the users while looking for a safe cloud solution.

@yasuoiwakura so, what would be the best solution for you?
How do you think it should look like?

thanks for replying @skjnldsv !

The userlist is transfered to the browser when a clients opens the adress book or uses the share-feature. This is also needed for a smooth workflow and totally okay imho.
But i think the server should not include the email information whe sending the userlist to the browser unless there is

• a server setting or
• a profile setting
  wich would allow to transfer such data.

imho users should be able to see each others usernames and also share files without knowing each others mail adress.
That's common practice for most B2C and community platforms since 20 years or so.
There was always a checkbox [ ] i want to share my email with other users.
And it was always unchecked. (Thats why that checkboy disappeared - no one wants to share their email)

greetings

So if I properly understand, you have the "Allow users to publish their data to a global and public address book" option checked on your sharing settings, right?

I think everything should be private then yes. Otherwise it doesn't make sense.
@schiessle you're our federation master, we need you :)

So if I properly understand, you have the "Allow users to publish their data to a global and public address book" option checked on your sharing settings, right?

Yes it is activated.
Grammy does not know that the username of Mister Walton is "WaltonF" so she needs autocomplete.

the privacy settings on your profile page are at the moment only related to other Nextcloud servers (federation). The setting was introduced when we introduced the trusted server concept and the lookup server, back then the people menu didn't exist at all . We never had user on the same server in mind while implementing it. Until now there is no option to say "i don't want that other people on the same server can see my email address".

I think it could make sense, to allow people to set for example the email address to private and hide it from all other users.

This would be a future/enhancement of our current privacy settings.

I think it could make sense, to allow people to set for example the email address to private and hide it from all other users.

This would be a future/enhancement of our current privacy settings.

I think that's not only a nice to have feature, but actually a mandatory thing if you want to run nextcloud in any environment where not all users are using email addresses that the cloud provider is providing as well.

Right now the only option to have Nextcloud working for a group with private email addresses is to disable the autocomplete function. While all it would take would be to have a setting to only allow searching (and display) of the username.

future/enhancement of our current privacy settings
"Don't call it a bug - call it a feature!"