Site Privacy Issue: Disclosure of users' real names

I noticed recently after creating a topic which had a lot of activity that the email notifications which I received included the real names of the users who had replied in the thread.

This is a very fundamental forum mis-configuration which affects users’ privacy in a way they will not be expecting and needs to be resolved. By simply subscribing to all topics, a rogue user could quickly harvest the real names of many users.

The proper fix is for the site admin to amend the email notification template to include ‘username’ rather than ‘name’.

Meanwhile, I would recommend any users who do not want their real names disclosed to edit their profile and make ‘name’ the same as ‘username’.

CB

1 Like

Real names are also visible in user’s info pages. So the mail notifications don’t disclose anything that isn’t disclosed by the forums already in the first place.

Kinda defeats the point of usernames.

Am I the only person who doesn’t expect real names to be exposed in these ways?

CB

1 Like

I found it strange that “Full Name” was a required field for signing up.

The info label at the e-mail field says “never shown to the public”, which is missing at the Full Name field … which could be argued to be a ‘hint’.

I agree with you, I wasn’t expecting this behaviour either and would even say that, in some cases, exposing the full name can do more damage than exposing the e-mail address.

1 Like

if u were so concerned w/ your privacy
why would u put your actual real name in your profile ?

even if it was completely private someone can prolly still access the information relatively easily

@docshermsticks

It’s a fairly well rehearsed pattern to provide information when registering for fora, that will not be made public, but available to site admins only. That’s one driver for the ‘username’.

Some people may expect their real info to be made public. Many do not. I’m one of the latter category, hence I provided only a username.

CB

oh for sure, i get it. some ppl may not be aware that this is happening on here.
i wasn’t

i wouldn’t want my personal information to be made public either,
but its 2019. it should be common knowledge that
anything anyone puts on the internet could be made public.
or be used in some way that they have no control over or be even aware of.

after all the internet nowadays is mostly just about harvesting peoples information/preferences/etc
and selling/passing it around

Quite.

However, regarding the comment that anything put on the Internet could go public…

I would argue that this being 2019, the technology exists to provide appropriate protection for information which has been classified as private rather than public. And it’s very easy to implement by system owners who follow a structured security model and keep their systems well patched. So whilst private data COULD be exposed, I expect, when providing this info, that the likelihood will be LOW.

I expect ‘username’ to be publicised. I do not expect ‘Name’, ‘eMail Address’, ‘Password’ etc to be publicised.

CB

expectation and reality are often different
just b/c they can do it and u expect them to
doesn’t mean they will
seems a bit naive to assume that others are looking out for your best interests.

i mean this is a music forum its not like your signing up for a bank account or something
theres no reason why they need any of your information other than a username and password
but they still ask u for more. full name, email, location etc.
its seem harmless but i would bet that its likely that someone is doing something with this information. prolly the ppl who built this forum platform for demographics or something.

anyway my main point was just that i was surprised that someone would put their actual name in there just b/c someone asked them to.
a lil extreme but would you give someone your social just b/c they asked?

I see where you’re coming from. It would make sense for them to point out that the “real name” field is publicly accessible.

As for me, my real name would be really easy to find out, because I use the same username wherever I can. I’m always sad when somebody has already taken “haslo” somewhere I want to register. I’m lucky that I’m in a situation where I couldn’t imagine that being any kind of problem - not everybody is in that same boat.

2 Likes