Privacy of members only pages (Dec 15 Recurrence)

Site SupportPrivacy of members only pages (Dec 15 Recurrence)
DanTheDev Staff asked 1 year ago

The problem:

It was identified that non-logged in users (non-members) could access logged in users (members) pages such as profiles and members feed. However to protect privacy, content belonging to members should not be discoverable to non-members. In the new system, while it removed the ability of non-members to find members content on the site, this content was not innaccessible to search engines like Google which resulted in non-members being able to access this content via that route. After the community indicated this was not good enough the system was upgraded.

Update: 15/12/19 Recurrence

There was a recurrence of this issue on 15 December. Urgent investigation showed that one of the rules that enforces the earlier fix had disapeared. We do not know why this occured. It’s possible but unlikely that recent updates to various parts of the system were the cause. Attatched is a screenshot of the page restriction rules for non-logged in users (non-members). The * refers to all pages with anyting after the "/". Looking forward, we have established a regular privacy check of this feature for an indefinite period.

Licensed by NZ Drug Foundation under Creative Commons 4.0 2021. Built by Bamboo Creative and powered by Flywheel.

Forgot your details?

Create Account