Privacy is out.

[mrqd9]

Topola ignores all privacy settings

[ungeahnt]

I had installed the topola-webtrees-addon as admin and then opened it directly in wt. After that I logged out of wt and opened the addon again as a visitor. When calling the addon as a visitor, I could see all pedigree-data, even those that should be locked due to the webtrees privacy settings. This also worked from another computer, so I could rule out local (browser)caching.

How could this be? Was all the data that the admin had access to transferred to a topola/cors-server on the first call and cached there - without privacy settings?

Please clarify!

Regardless of the above, I think that topola-addon needs to indicate during installation/configuration that data is being transferred to another server and there should also be an option to restrict the scope of data (e.g. no data with privacy settings).

[PeWu]

I added a note about respecting privacy settings to the readme.

I would gladly accept a pull request that would add this capability to the addon. PHP falls outside of my sphere of competence :wink:

The addon does not send any data to another server. The Topola Viewer application is indeed loaded from https://pewu.github.io/topola-viewer but all data from Webtrees is contained inside the user's browser. This is a common concern and the application is specifically designed not to send data to servers out of control of the user. See also a description for the Gramps addon: https://gramps-project.org/wiki/index.php/Addon:Interactive_Family_Tree

[hartenthaler]

This is very important because even Google search has access via Topola to all private data.