Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

What if user provides credentials with his post

Hana Kučerová Community Leader Feb 06, 2021

Hello fellow answerers,

it happened to me recently, that during answering some question I found out, that the user also provided some sort of information, which should be secret (anybody with this information will be able to get to his system).

Please, how do handle these situations? I didn't seem right to me to edit his question, so I only let him know, what he had done, and gave him some advice, but he didn't answer back.

Thank you for sharing your opinions...

3 comments

I think the best approach would be to inform the user privately, pointing the user the sensitive information, a brief explanation of the reason it shouldn't be disclosed and a link for further reading, if the user is interested.

 

Posting as an answer that everyone could read might make the user feeling exposed and inhibit this user from further interactions with the community.

 

So, it will be his/her decision to edit the given question/post or not. No interference/censorship  on the user's writing.

 

However, I think we can't directly or privately message any user. Do you know if is it possible ?

 

Regards.

Like Hana Kučerová likes this
Jack Brickey Community Leader Feb 06, 2021

You can’t message a Community member privately. I have conveyed in my answers recommending removing. 

Like # people like this
Ismael Jimoh Community Leader Feb 08, 2021

I also do what Jack suggested above.

Like Hana Kučerová likes this

If you have the ability to edit the question, I would replace all occurrences of revealing information with generic references. When I submit a question that involves scripting, for instance, I use generic references to certain items. For instance "<my_company>", or "<my_address>", I suppose if we aren't talking about scripting, the references could be even more generic, "company", "address", etc. That doesn't detract from the question, but protects the privacy of any references that were overlooked.

Like Hana Kučerová likes this

There's not a lot we can do about it.  If people choose to post private or secured information, then that's their mistake and they probably need reminding about compliance, privacy and security laws.

I think you've done the right thing - tell them, but don't edit without giving them a chance to remove it themselves.  (Editing isn't of that much help though, you can always look at the history).  

I do think it's ok to edit without asking if the information published is about someone else though.

Like Hana Kučerová likes this

so if editing is of no help, doesn't the discussion show that the community software here is not safe to use?

No, it's showing that people need to think about security and privacy before they post stuff.

The community is no more or less safe than any other public forum that lets people post anything they want.

I meant this in the sense that the user can control the data posted. A secure system knows that this is user-generated data and offers a process for that. Some information may have been safe at time of posting even well thought but may turn out not to be later. Just these kind of things.

Btw., I was not aware that the history of edits can be seen publicly.

Eh?  You expect software that is explicitly intended for publishing content to not allow posting of stuff that might be private when it has no way of knowing that it should not be posted?  

There is no issue of "safety" in the software, it's the humans you need to be fixing.

Like # people like this
Daniel Eads Atlassian Team Feb 08, 2021

The edit history is not entirely public. Atlassian Staff and Community Leaders (i.e. moderators) are able to view it, as well as the original author. But non-moderator users are not able to view the history on posts they did not author.

Like Hana Kučerová likes this

Thanks for the clarification @Daniel Eads this sounds reasonable.

---

@Nic Brough _Adaptavist_ No, I would consider it more human if interaction is possible to correct a mistake. Like editing / redacting some information. It's not ideal as something has already been published but it would be worse if edits would not be possible. I was under the impression that the edit history would also be public after an earlier comment, and that I would consider an issue. As Daniel explained, this is not the case.

Like Hana Kučerová likes this
Dirk Ronsmans Community Leader Feb 07, 2021

I think that a big part of the issue is that a lot of people see the community as the Atlassian support and don't always understand that this is a public forum.

They tend to throw information out there to get their issue/question solved as fast as possible without always considering that this is just the internet and not an internal ticketing system where only the vendor has access to.

As to what I would do, depends a bit on the use case.

if it is just some company information that you think shouldn't be there, just add a comment.

However, if they are posting login and password details well I would edit this just so it doesn't show up at first glance. I know history is still there but at least it's a bit hidden (security through obscurity?)

If it's just personal information.. well people see what they post and they should have some self awareness..

Like # people like this

Comment

Log in or Sign up to comment
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you