Mantis Bug Tracker
Main | My View | View Issues | Change Log | Repositories
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000131Friendicaunknown/otherpublic2011-09-01 15:012012-12-21 14:36
ReporterErkan Yilmaz 
Assigned Tomacgirvin 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Fixed in Version2.4 
Summary0000131: message when visiting group: indicates that my server is insecure (only 1 member: myself)
DescriptionI've just created a new group, called: testing (1)

just added myself so far.
When I visit this group, I get following message:

Warning: This group contains 1 member from an insecure network. (2)
Private messages to this group are at risk of public disclosure. (3)

I can agree with (3)
but (2) indicates that my network is insecure :-(
is this true (if so, can you tell me, how to fix this?) or just a method to scare people on my server?

what needs to be checked:
- if also other members see this message

(1) http://friendika.skilledtests.com/network/1 [^]
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0000189)
macgirvin (administrator)
2011-09-01 17:04

 We have to provide a warning when a private group contains a statusnet/identi.ca member.

Our private groups are meant to be truly private - and this works for many of our networks (Friendika, Facebook, email, Diaspora, etc.). If you send messages to these groups, they will _only_ be shared with the people in those groups and cannot be seen by anybody else.

However, if you send a message to a group which includes even one statusnet person, the post is made public and is searchable in public archives because the statusnet protocols have no privacy protection. The "private" post has completely lost all privacy. We need to warn you that this can happen. You may choose to ignore it, but we respect privacy and failure to warn people of this situation and let them think a given message was private when it isn't would make us negligent and nobody would trust Friendika with anything.
(0000190)
macgirvin (administrator)
2011-09-01 17:08

 To answer the question - it is not hte Friendika network that is insecure. It is the statusnet network which is being used to convey the message to the statusnet person. It cannot be made secure.

Nobody will see this message but you.
(0000191)
Erkan Yilmaz (reporter)
2011-09-01 17:50

 OK, I understand the situation better now.

Do you think changing the sentence in (2) helps newcomers more?
e.g. like this:

Warning: This group contains 1 member from (or who's additionally part of) an insecure network.

because I registered on this server with OpenID first
(+ later allow through the StatusNet plugin forwarding to identi.ca where I am also a member)
the change above would make clear that not the internal network is insecure
(0000274)
macgirvin (administrator)
2011-10-18 01:27

 Tracked this through with Tobias and found the warning was being emitted when it shouldn't have. That issue was resolved a couple of weeks ago. We will display this when a private group contains StatusNet members, but should not display it otherwise.

- Issue History
Date Modified Username Field Change
2011-09-01 15:01 Erkan Yilmaz New Issue
2011-09-01 17:04 macgirvin Note Added: 0000189
2011-09-01 17:08 macgirvin Note Added: 0000190
2011-09-01 17:50 Erkan Yilmaz Note Added: 0000191
2011-10-18 01:27 macgirvin Note Added: 0000274
2011-10-18 01:27 macgirvin Status new => resolved
2011-10-18 01:27 macgirvin Fixed in Version => 2.4
2011-10-18 01:27 macgirvin Resolution open => fixed
2011-10-18 01:27 macgirvin Assigned To => macgirvin
2012-12-21 14:36 macgirvin Status resolved => closed

Copyright © 2000 - 2010 MantisBT Group
Powered by Mantis Bugtracker