Attention! Attention! Review info on your public Trello boards!

Hi community! 

 

Trello is awesome product, but we need to consider security. 

If you have use the public boards publicly available on Internet you might be exposing more information than intended! See below :)

 Everyone knows the Google indexing so much info from web sites.
In fact, if you write the correct request you can get sensitive information from Trello user boards.

For example:

Also you can find for other domain and interesting phrases.

 

Conclusion:

  1. Please, review info on your boards.
  2. Change passwords any other credentials
  3. Don't put sensitive info on trello boards!
  4. And push Trello support to remove indexed page from Google cache, and other search platforms like Yandex, Yahoo.
  5. If you have the Premier support, let's raise issues about stop indexing and remove from Google cache.


Hope it helps!
I will be happy if you send to other users this info.
In my opinion, so much users from the it world parse info.
Also you can help to prevent use the sensitive data just suggest some static checker on Trello side like Sonar (popup window if find word password), also stop indexing ( I mean review robots.txt).

 

 

 

Thanks
Cheers,
Gonchik Tsymzhitov

6 comments

Cassie Mayes Atlassian Team May 11, 2018

Hi Gonchik,

When a board is made public, Google is pretty good at getting the content of that board into their index. They're less good about coming back and checking that the board is still public. Once the board is made private, we are reporting the right status to Google (i.e., 404), but they need to be told that this is a permanent state of affairs, not a one-time glitch or programming error.

The request has more weight coming from a non-owner of the site than it does when it comes from the owner. You can help them realize a board is no longer public with the instructions in this article:


http://support.google.com/webmasters/bin/answer.py?hl=en&answer=1663691


Submitting that de-listing request is going to be the best way to remove that listing from Google.

I hope that helps!

I see Trello does warn people about their site being indexed by Google, but maybe the default should be that the robots.txt file tells Google *not* not index the site?

@Matt Doar to my understand public boards should not be indexed. 

I hope these a few steps will be good for next step.

0. Stop indexing any boards, only blog, marketing and documenation can be indexed

1. Therefore the better way is remove from google cached indexed pages. 

2. Also I think nice feature is implement some js script which will check static phrases like ( password, credit card number, emails)

3. And the end sometime shows the good practices for the security https://help.trello.com/article/789-changing-the-visibility-of-a-board-to-public-private-or-team

 

@Cassie Mayes thank you for the answer!

 

Cheers, 

Gonchik Tsymzhitov

Hi Gonchik!

Public boards are meant to be indexed. Many organizations use them to house public development boards, planning, and more. A public board is meant to be seen by the public, and removing them across all of Trello from Google would severely impact many use cases. 

In the past, Trello has forced public boards containing login information to become private (or team visible). I am unsure if this is a regular thing they do, or if it was only done the one time. 

However, Trello is pretty clear that the boards will be visible in Google when made public. Unfortunately, many organizations don’t have great security practices and run big risks like this. It’s always good to make sure the organizations using Trello take the time to make sure our boards don’t contain sensitive information :) 

But in my opinion, it would do more harm than good to remove Trello public boards from Google’s index. Many groups use and need this feature. Instead, let’s all spread the word so we are responsible for the sensitive information we manage :)

Gonchik Tsymzhitov Community Champion May 18, 2018

Hi! 

 

Looks like not many person wants to clear and conert to the private board with sensitive data. 

And Trello support did not get for me any answer. 

 

 

Cheers,

Gonchik Tsymzhitov

I do understand the reason why some people need indexing of their public boards, but there are at least as many reasons not to index it. If I want to be able to quickly share a board with 10 people and not add the 10 people to the board and ask them to create account/login, I need to use a public board. But I may not want to have the info indexed for everyone else to see. Why not simply have the option at board creation? It's just about adding a no-index tag to the board which have it enabled...

Comment

Log in or Sign up to comment
Community showcase
Published Sep 11, 2018 in Trello

There’s a Power-up for That!

So you’re using Trello at work, at home and to track your new DIY crafts. The family and co-workers are all on board and everything is organized, color coded and has a due date. But still, there’s so...

602 views 2 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you