On Sat, Nov 15, 2025, 17:36 Jelte Fennema-Nio <[email protected]> wrote:
> On Sat, Nov 15, 2025, 07:05 Magnus Hagander <[email protected]> wrote: > >> Yes, IIRC we had security complaints about people being able to enumerate >> all users without being logged in. Since it's not just users who submitted >> any data, it was enough to just having clicked a link once... >> > > I think the "without being logged in" is a pretty tiny hurdle for anyone > interested in this data. It's trivial to create one. IMO pretending that > locking it down behind a login improves security/privacy is actively > unhelpful to anyone worried about that. And at the same time it breaks the > experience for non-logged in users, without letting them know that they > should log in. > Agreed in principle, but it does make it a lot easier for scrapers. And I think that was the main concern at the time (it's been a while so my memory could be off on the details of course). I'm kinda curious who's actually worried about that data being public > though. It's only names and usernames. > Again with the bad memory, but could it be that it at one point included emails, and we have independently changed that? > > If it was restricted to only show those that had actually submitted into >> it would've probably been considered OK - but at the time it was not >> considered to be worth the effort to split those up. >> > > I might just go and do that. > I think that would remove the whole argument so yeah if that ends up not being too hard it's probably the easiest way out. /Magnus
