User privacy options and ability to disable public profiles
We have developed this as a separate module for the time being:
During the development we also noticed that it would be highly useful to have certain controls within the programming API to support all this and require less core overrides:
**Is your feature request related to a problem? Please describe.**
Some users are very cautious about their privacy and currently in Decidim it is not possible to create private user accounts. Once you create an account on the platform, it is public and available for everyone's eyes.
The person searching their name in Google (or other search engines) will find results on the Decidim platform. Some people are extremely worried about this functionality and some will even refuse to participate unless they can do it privately.
**Describe the solution you'd like**
I'd like to be able to configure per profile whether the public profiles functionality is active or disabled for that user. When disabled, the public profiles would not be accessible on the platform and the user's information would be completely hidden or otherwise anomymized on the platform.
This should be is configurable through the profile settings and the system administrator could decide the default (public or private). Under the profile pages we should have a new section named "Privacy settings" where we would provide the following options:
- "Profile publicity" - Enable public profile ON / OFF toggle
- "Private messaging" - Enable private messaging ON / OFF toggle
- "Private messaging" - Allow anyone to send me a direct message, even if I don't follow them ON / OFF toggle
- This option is currently under the notification settings but should be moved under the privacy settings
After the discussion below, it would be also required that the person's name is hidden in all activities that they have done on the platform. This would apply e.g. to the profile badge in comments and proposals as well as the data exports and the API where the name would appear.
If the user has decided to make their profile private, their name should not appear next to their comments anymore or next to anything that they have created on the platform, such as proposals, collaborative drafts, meetings, debates, etc. The profile badge should be completely hidden for people who decided to make their profile private afterwards.
The public profile option should be disabled by default when the user registers to the platform through the registration form or any OmniAuth authentication option. When the user is about to perform a publicly visible action on the platform, the user should be shown an explicit popup which states what consequences this has. The popup should be shown if the user has their public profile disabled at the moment and disabling the public profile should prevent the user from performing any public activity on the platform altogether. Only if they allow their profile to be public with explicit information about what is shown publicly in the profile pages, they are able to perform public activities on the platform.
From the popup, the user should be able to give their consent to publish their profile with all the information listed on the mentioned popup. After the consent is given, the user is able to perform the public action on the website. This consent should be stored in the users table with a timestamp when the consent was given.
If the user decides to make their profile private after performing the public action, again their public profile should disappear from the website and their information should be hidden or anonymized from every place where it can be shown on the platform.
**Describe alternatives you've considered**
We are going to implement this as a module that we can add to any Decidim instance. We are hoping that some of this work could be later on integrated back to the core to make these options more widely available for Decidim users.
It has been agreed with the product team that in case we need to add any abstractions to support this functionality to the core already today, we can create such PRs and they would be accepted as long as they maintain the current functionality by default.
Especially in Finland people can be extremely cautious about entering their details into any web platforms or having their name appear on public websites where other people can inspect what their neighbor is doing. After the discussion below, this is clearly not only Finland specific but this same problem appears in other contexts too.
Some people feel this is a violation of their personal privacy.
**Does this issue impact on users private data?**
Yes, it has a positive impact on users' private data as their private data won't become publicly visible on a website without them having full control over it.
We have funding to develop these features.
List of Endorsements
Report inappropriate content
Is this content inappropriate?