Hello fellow answerers,
it happened to me recently, that during answering some question I found out, that the user also provided some sort of information, which should be secret (anybody with this information will be able to get to his system).
Please, how do handle these situations? I didn't seem right to me to edit his question, so I only let him know, what he had done, and gave him some advice, but he didn't answer back.
Thank you for sharing your opinions...
You can’t message a Community member privately. I have conveyed in my answers recommending removing.
I also do what Jack suggested above.
If you have the ability to edit the question, I would replace all occurrences of revealing information with generic references. When I submit a question that involves scripting, for instance, I use generic references to certain items. For instance "<my_company>", or "<my_address>", I suppose if we aren't talking about scripting, the references could be even more generic, "company", "address", etc. That doesn't detract from the question, but protects the privacy of any references that were overlooked.
There's not a lot we can do about it. If people choose to post private or secured information, then that's their mistake and they probably need reminding about compliance, privacy and security laws.
I think you've done the right thing - tell them, but don't edit without giving them a chance to remove it themselves. (Editing isn't of that much help though, you can always look at the history).
I do think it's ok to edit without asking if the information published is about someone else though.
so if editing is of no help, doesn't the discussion show that the community software here is not safe to use?
No, it's showing that people need to think about security and privacy before they post stuff.
The community is no more or less safe than any other public forum that lets people post anything they want.
I meant this in the sense that the user can control the data posted. A secure system knows that this is user-generated data and offers a process for that. Some information may have been safe at time of posting even well thought but may turn out not to be later. Just these kind of things.
Btw., I was not aware that the history of edits can be seen publicly.
Eh? You expect software that is explicitly intended for publishing content to not allow posting of stuff that might be private when it has no way of knowing that it should not be posted?
There is no issue of "safety" in the software, it's the humans you need to be fixing.
The edit history is not entirely public. Atlassian Staff and Community Leaders (i.e. moderators) are able to view it, as well as the original author. But non-moderator users are not able to view the history on posts they did not author.
Thanks for the clarification @Daniel Eads this sounds reasonable.
---
@Nic Brough -Adaptavist- No, I would consider it more human if interaction is possible to correct a mistake. Like editing / redacting some information. It's not ideal as something has already been published but it would be worse if edits would not be possible. I was under the impression that the edit history would also be public after an earlier comment, and that I would consider an issue. As Daniel explained, this is not the case.
I think that a big part of the issue is that a lot of people see the community as the Atlassian support and don't always understand that this is a public forum.
They tend to throw information out there to get their issue/question solved as fast as possible without always considering that this is just the internet and not an internal ticketing system where only the vendor has access to.
As to what I would do, depends a bit on the use case.
if it is just some company information that you think shouldn't be there, just add a comment.
However, if they are posting login and password details well I would edit this just so it doesn't show up at first glance. I know history is still there but at least it's a bit hidden (security through obscurity?)
If it's just personal information.. well people see what they post and they should have some self awareness..