What if user provides credentials with his post

Hana Kučerová
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 6, 2021

Hello fellow answerers,

it happened to me recently, that during answering some question I found out, that the user also provided some sort of information, which should be secret (anybody with this information will be able to get to his system).

Please, how do handle these situations? I didn't seem right to me to edit his question, so I only let him know, what he had done, and gave him some advice, but he didn't answer back.

Thank you for sharing your opinions...

3 comments

Comment

Log in or Sign up to comment
Tiago Machado
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 6, 2021

I think the best approach would be to inform the user privately, pointing the user the sensitive information, a brief explanation of the reason it shouldn't be disclosed and a link for further reading, if the user is interested.

 

Posting as an answer that everyone could read might make the user feeling exposed and inhibit this user from further interactions with the community.

 

So, it will be his/her decision to edit the given question/post or not. No interference/censorship  on the user's writing.

 

However, I think we can't directly or privately message any user. Do you know if is it possible ?

 

Regards.

Like Hana Kučerová likes this
Jack Brickey
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 6, 2021

You can’t message a Community member privately. I have conveyed in my answers recommending removing. 

Like # people like this
Ismael Jimoh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 8, 2021

I also do what Jack suggested above.

Like Hana Kučerová likes this
Chris Annal February 8, 2021

If you have the ability to edit the question, I would replace all occurrences of revealing information with generic references. When I submit a question that involves scripting, for instance, I use generic references to certain items. For instance "<my_company>", or "<my_address>", I suppose if we aren't talking about scripting, the references could be even more generic, "company", "address", etc. That doesn't detract from the question, but protects the privacy of any references that were overlooked.

Like Hana Kučerová likes this
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 6, 2021

There's not a lot we can do about it.  If people choose to post private or secured information, then that's their mistake and they probably need reminding about compliance, privacy and security laws.

I think you've done the right thing - tell them, but don't edit without giving them a chance to remove it themselves.  (Editing isn't of that much help though, you can always look at the history).  

I do think it's ok to edit without asking if the information published is about someone else though.

Like Hana Kučerová likes this
ktomk
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 6, 2021

so if editing is of no help, doesn't the discussion show that the community software here is not safe to use?

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 7, 2021

No, it's showing that people need to think about security and privacy before they post stuff.

The community is no more or less safe than any other public forum that lets people post anything they want.

ktomk
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 7, 2021

I meant this in the sense that the user can control the data posted. A secure system knows that this is user-generated data and offers a process for that. Some information may have been safe at time of posting even well thought but may turn out not to be later. Just these kind of things.

Btw., I was not aware that the history of edits can be seen publicly.

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 7, 2021

Eh?  You expect software that is explicitly intended for publishing content to not allow posting of stuff that might be private when it has no way of knowing that it should not be posted?  

There is no issue of "safety" in the software, it's the humans you need to be fixing.

Like # people like this
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 8, 2021

The edit history is not entirely public. Atlassian Staff and Community Leaders (i.e. moderators) are able to view it, as well as the original author. But non-moderator users are not able to view the history on posts they did not author.

Like Hana Kučerová likes this
ktomk
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 8, 2021

Thanks for the clarification @Daniel Eads this sounds reasonable.

---

@Nic Brough -Adaptavist- No, I would consider it more human if interaction is possible to correct a mistake. Like editing / redacting some information. It's not ideal as something has already been published but it would be worse if edits would not be possible. I was under the impression that the edit history would also be public after an earlier comment, and that I would consider an issue. As Daniel explained, this is not the case.

Like Hana Kučerová likes this
Dirk Ronsmans
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 7, 2021

I think that a big part of the issue is that a lot of people see the community as the Atlassian support and don't always understand that this is a public forum.

They tend to throw information out there to get their issue/question solved as fast as possible without always considering that this is just the internet and not an internal ticketing system where only the vendor has access to.

As to what I would do, depends a bit on the use case.

if it is just some company information that you think shouldn't be there, just add a comment.

However, if they are posting login and password details well I would edit this just so it doesn't show up at first glance. I know history is still there but at least it's a bit hidden (security through obscurity?)

If it's just personal information.. well people see what they post and they should have some self awareness..

Like # people like this
TAGS
AUG Leaders

Atlassian Community Events