On Jan 24, 2009, at 9:33 PM, Charmian wrote: > Re: hiding the watch list and the community membership list. > > Under the current system, IIRC there are still ways to find who is on > your friends-of list even if you suppress this information on the > profile page, for example, through directory search. Will these ways > be closed off in DW for the watched-by or watching list? Also, in the > case that the person chooses to hide their watch-list, though, their > public watching feed will still be visible, as > "user.dreamwidth.com/watch," right? (Not sure if this is as much a > privacy issue as a 'public presentation' one, because the link may be > visible from the other side. If I recall correctly the rationale for > hiding the friends-of list was over the serial adder thing, and how > people didn't want to see the names of the serial adders on their > friends-of list, because they had no control over who friended them.) > > Will we also be able to hide the "trusted by" list on the profile? (I > assume there will be one?)
Okay -- and Charmian, I apologize for your message being the one to prompt this, but the series of questions/discussions/etc we've been getting about this lately, both on the ML and privately, have been detracting from actually getting the system finished -- it's time for a temporary moratorium on questions about how WTF security is going to work until we have the feature coding finished and can write up the site FAQs. At that point, most of the questions should be answered and we can take feature requests/change requests at that point. For the record: 1). The "watching" list will be hideable on the profile, but yes, people will be able to see public posts on your reading list. (You can get around this by making your Default View public, but this will not stop anyone who's really determined from figuring it out.) 2). The "trusted" list will not be hideable on the profile, as there's significant social value for people to know who else can read your locked posts. (ie, if my friend makes a locked post, I want to know who else can read the comments before I comment there.) 3). All ability to hide various lists on your profile should NOT be construed as security. Someone will always be able to piece together your lists, even if just by a lot of screen-scraping and cross- tabulation. Both Mark and I are against anything that will give the impression of security-through-obscurity, because security-through- obscurity isn't secure at all. Again, I'm asking that everyone *please* wait until the feature is coded and implemented before asking any further questions. We will document all of the changes from how LJ behaves, friends-list-wise: what portions have migrated to using "watch" vs. what portions have been migrated to using "trust", and what options you can select for each list. Until then, we run the risk of getting bogged down in constant questioning, when the answers will be very obvious once Mark's finished coding. (At which point, if anyone is seriously bothered by how something's implemented, we can discuss changing it. But we're making choices in what we feel is the best fashion.) --D -- Denise Paolucci [email protected] Dreamwidth Studios: Open Source, open expression, open operations. Coming soon! _______________________________________________ dw-discuss mailing list [email protected] http://lists.dwscoalition.org/cgi-bin/mailman/listinfo/dw-discuss
