|Anonymous | Login | Signup for a new account||2013-12-10 05:29 PST|
|Main | My View | View Issues | Change Log | Repositories|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000131||Friendica||unknown/other||public||2011-09-01 15:01||2012-12-21 14:36|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Fixed in Version||2.4|
|Summary||0000131: message when visiting group: indicates that my server is insecure (only 1 member: myself)|
|Description||I've just created a new group, called: testing (1)|
just added myself so far.
When I visit this group, I get following message:
Warning: This group contains 1 member from an insecure network. (2)
Private messages to this group are at risk of public disclosure. (3)
I can agree with (3)
but (2) indicates that my network is insecure :-(
is this true (if so, can you tell me, how to fix this?) or just a method to scare people on my server?
what needs to be checked:
- if also other members see this message
(1) http://friendika.skilledtests.com/network/1 [^]
|Tags||No tags attached.|
We have to provide a warning when a private group contains a statusnet/identi.ca member.
Our private groups are meant to be truly private - and this works for many of our networks (Friendika, Facebook, email, Diaspora, etc.). If you send messages to these groups, they will _only_ be shared with the people in those groups and cannot be seen by anybody else.
However, if you send a message to a group which includes even one statusnet person, the post is made public and is searchable in public archives because the statusnet protocols have no privacy protection. The "private" post has completely lost all privacy. We need to warn you that this can happen. You may choose to ignore it, but we respect privacy and failure to warn people of this situation and let them think a given message was private when it isn't would make us negligent and nobody would trust Friendika with anything.
To answer the question - it is not hte Friendika network that is insecure. It is the statusnet network which is being used to convey the message to the statusnet person. It cannot be made secure.
Nobody will see this message but you.
Erkan Yilmaz (reporter)
OK, I understand the situation better now.
Do you think changing the sentence in (2) helps newcomers more?
e.g. like this:
Warning: This group contains 1 member from (or who's additionally part of) an insecure network.
because I registered on this server with OpenID first
(+ later allow through the StatusNet plugin forwarding to identi.ca where I am also a member)
the change above would make clear that not the internal network is insecure
|Tracked this through with Tobias and found the warning was being emitted when it shouldn't have. That issue was resolved a couple of weeks ago. We will display this when a private group contains StatusNet members, but should not display it otherwise.|
|2011-09-01 15:01||Erkan Yilmaz||New Issue|
|2011-09-01 17:04||macgirvin||Note Added: 0000189|
|2011-09-01 17:08||macgirvin||Note Added: 0000190|
|2011-09-01 17:50||Erkan Yilmaz||Note Added: 0000191|
|2011-10-18 01:27||macgirvin||Note Added: 0000274|
|2011-10-18 01:27||macgirvin||Status||new => resolved|
|2011-10-18 01:27||macgirvin||Fixed in Version||=> 2.4|
|2011-10-18 01:27||macgirvin||Resolution||open => fixed|
|2011-10-18 01:27||macgirvin||Assigned To||=> macgirvin|
|2012-12-21 14:36||macgirvin||Status||resolved => closed|
|Copyright © 2000 - 2010 MantisBT Group|