I love Oxwall for it's simplicity and functionality. It looks great and works really well, but there's a major privacy issue.
I found that even if a user selects the option within their privacy settings for entries in their personal newsfeed to be seen by friends only that these will still appear in the newsfeed of any user's dashboard. This seems crazy but apparently is just the way it is. The only way to prevent this is to remove the newsfeed widget from the dashboard page, which I have reluctantly done.
However, I've found that any user can "follow" someone and that when they do, the followed user's private newsfeed entries will appear in their own private newsfeed. This makes a mockery of the privacy settings and ultimately makes them completely redundant. Furthermore, a user has no way of knowing who's following them and has no way to prevent this from happening.
This is surely a massive privacy flaw and means that the "friends only" setting is meaningless and pointless. I can't see how that isn't a major bug.
Are there any plans to fix this flaw?
We build. You grow.
Get best community software hereStart a social network, a fan-site, an education project with oxwall - free opensource community software
Privacy issues | Forum
Michele
Sep 17 '15
I've always thought the Privacy Issues with the user roles and private messaging seemed like a bug, just because it seems like a *not thought out* Discrepancy. It's my only major problem with oxwall.
If you click a certain user role to uncheck "Read Mails". It works- they can't Read Mails. And we need this... we are going to have admins that aren't going to be using their PMs (instead users will have to use the appropriate contact / ticket links), and LA celebrities too that NEED a level of privacy.
Yet what good is this if there's No Indication that the messages aren't being read.
You just create an environment where everyone is upset with the admins and celebs for not responding to their messages . . as they have NO IDEA they're not BEING READ. This could be so easily fixed --- Just if this box is unchecked take away the send private message button on these user roles.
If you click a certain user role to uncheck "Read Mails". It works- they can't Read Mails. And we need this... we are going to have admins that aren't going to be using their PMs (instead users will have to use the appropriate contact / ticket links), and LA celebrities too that NEED a level of privacy.
Yet what good is this if there's No Indication that the messages aren't being read.
You just create an environment where everyone is upset with the admins and celebs for not responding to their messages . . as they have NO IDEA they're not BEING READ. This could be so easily fixed --- Just if this box is unchecked take away the send private message button on these user roles.
Michele
Sep 17 '15
But I agree, Joe. . . it seems like there needs to be a bit of a privacy revamp. Another thing, what good is it to give the choice to Users that strangers can't start private 'chats' with you (you can have no one, only friends). . but there's no way to control and chose as to whether strangers message you. I'd think at least a "Just friends" option here too would be helpful?
(Like facebook has? )
I for one would be *willing to donate* (as the donate page says sponsor an hour of development time) for some of these privacy features / or discrepancies to be fixed. :)
(Like facebook has? )
I for one would be *willing to donate* (as the donate page says sponsor an hour of development time) for some of these privacy features / or discrepancies to be fixed. :)
Stan
Sep 17 '15
I have very little php experience (although I can tweak the odd file to change or remove basic functions) but I would have thought this privacy bug and the issue you described would be a relatively easy fix.
Besides, tweaking the files isn't ideal because when you update your website, you lose those changes.
Team ross
Sep 17 '15
Joe, as to the seeing activity of a user in the profile newsfeed by another user who just follows - this is not possible, profile newsfeed shows only activity of the user not the people he/she follows. Dashboard does that.
As to this one:
I found that even if a user selects the option within their privacy settings for entries in their personal newsfeed to be seen by friends only that these will still appear in the newsfeed of any user's dashboard. This seems crazy but apparently is just the way it is.
Well, you set the privacy to Friends only which is why your activity is displayed in the friends dashboards and they can see your activity on your profile newsfeed- everything is correct.
Team ross
Sep 18 '15
As to the follow issue, that non-friends can follow you private newsfeed and see your activity in their dashboard, I'll report that to the devs, it will be fixed asap.
Stan
Sep 18 '15
Thanks for your reply.
However, I set up some dummy users who WEREN'T friends with someone they followed and that person's feed appeared in their private feed (not the dashboard newsfeed, which I have now removed as a widget on the dashboard).
Team ross
Sep 18 '15
Please provide screenshots.
1. screenshot of the user's newsfeed who is been followed.
2. screenshot of the user's newsfeed who follows but not a friend.
Stan
Sep 18 '15
I can do that but won't be able to until the weekend. In the interests of replicating this, would it not be better for you or the devs to replicate and see for yourselves? This will be more beneficial than screenshots, which won't confirm from your point of view that the two users AREN'T friends.
Team
Stan
Sep 18 '15
Please see the screenshots as requested. These are screenshots obtained from being logged in as either Bob or John. Neither Bob or John have any friends on the site, but both have "followed" each other. Both had set all privacy settings to "friends only" before posting anything in their newsfeed whatsoever. The views in these screenshots are from /dashboard and as far as I can tell, they Bob and John shouldn't be able to see each other's personal newsfeed entries.
Team ross
Sep 20 '15
Joe, these are both dashboard newsfeeds. See my reply here: http://www.oxwall.org/forum/topic/41176?page=1#post-160490
Team
Stan
Sep 21 '15
I've enabled the dashboard newsfeed view for admins only, so they can see everything.
Why isn't there an option to have a personal newsfeed (friends and followees only) that normal users can access?
There should be a feature which allows for users to see who's following and to have greater control over what followers can actually see.
Thanks for your help with this.
Team ross
Sep 21 '15
There's no such setting where you can enable viewing dashboard newsfeed for admin only.
Let me explain what newsfeeds we have in Oxwall software.
Index newsfeed: shows activity of all websites users
Dashboard newsfeed: shows activity of your friends and users you follow and it is visible to the user only. Other users can't enter or see your dashboard newsfeed
Profile newsfeed: shows your activity.
We have reported the issue to our devs, some privacy controll will be added for the followers too.
As to seeing who is following you, there's a plugin in the store allowing you to do that. Please do the search.
Stan
Sep 24 '15
I have just updated my Newsfeed plugin to the latest version, which I understand includes the "follow" feature, yet the issue is still there.
Would this issue be resolved in a core update or is it a plugin issue?
Do we know how long these type of issues take to get resolved, as I'm concerned about making my installation live due to this...
Team
Stan
Oct 19 '15
Are there any updates on when the upcoming update is likely to be pushed out? Unfortunately, my whole site is on hold because I can't roll it out with this privacy bug.
Are there any temporary fixes I can implement until the issue is resolved?
