Closed l-emele closed 1 year ago
Related to #1240
We have just updated the OEP with a hotfix that hides sensitive information like e-mail from other users (registered/public). Users are still scrapable, but this doesn't seem to be a problem as long as no private data is affected. Wht do yu think?
Even the fact that you are registered is private data. We mention nowhere in the privacy policy statement that the fact that you are registered will be publicly available. The statement not even mentions a profile page. Therefore I still regard this as a major issue of privacy.
Please check again if my last correction is sufficient for you. The profile pages are still accessible, but appear empty if the user is not logged in or if the current user is not the owner of a profile.
This solution is fine to me.
Great :) I'll close this issue now and we'll continue the discussion once we've agreed on the next steps.
Description of the issue
With the current pattern of the URLs of the profile pages it is very easy to scrape a full list of all people that are registered to the OEP.
Steps to Reproduce
Ideas of solution
Describe possible ideas for solution and evaluate advantages and disadvantages.
Context and Environment
Workflow checklist