Can view other users data without permission

[jivandabeast]

Describe the bug

I can calculate affinity between myself and other users on the instance without their permission. This can also be bypassed to see their data without logging in via my share token, so if i share my stats page with someone they then can calculate affinity with other users on the instance.

Expected behavior

I expected listen history to be private by default, unless explicitly permitted by a user. Also for guests to NEVER be able to see another users data.

Screenshots

PM me for screenshots if you need them, I don't want to post my or my users data.

[Yooooomi]

Hello. I can totally understand your need about not willing to share data between the users on your instance. I originally did not plan to restrict the option since the instance is meant to be shared between people of trust. However I totally agree with you that a guest should not be able to compute affinity on your behalf. In a first time, I will restrict the ability to compute affinity when logged as guest since it's quite quick to implement. I will think further about the ability to opt in and out of the affinity feature per user. Thanks a lot for your feedback

[jivandabeast]

Yeah, I can understand the part about sharing the instance with people of trust -- that's who I share with anyway. So I don't think it's a huge deal if that part stays.

But thank you for the quick response about locking that ability for guests!

[Yooooomi]

Fixed in latest release :)