All user email addresses exposed in NC20+

Just updated from NC18/19 to 20 and I’m appalled to discover that all email addresses are visible to any logged in user by using the share dialogue and entering a part of a name or email.

Surely this is a major privacy/user security issue and should at the very least be an option which defaults to not revealing emails.

Or have I missed a new setting somewhere. They can be hidden using custom css - but this means they are still visible by inspecting the page source.

Emails are also visible elsewhere unless you take steps to hide them ( eg contacts list and user listings which we have already taken steps to remove). This may be ok for a small OwnCloud setup but with a large number of users this is hardly good practice is it?

How are other people concealing user email addresses - is there a plugin/app available?

Nextcloud is primary a collaboration platform - and the primary goal is to make the collaboration between the users of the system as easy as possible. Majority of the users would claim bad usability if they can’t easily share their work with colleagues. Depending on the you use case you may want to slit your users population into smaller chunks. I think “Circles” app is well suited for your needs.

Hi @wwe
I think you have missed the point here.
You might think NC is some kind of platform, other people might think it provides a secure private way to share files.

You might think that the majority of users need to see each other’s email addresses - although that is clearly not required in order to collaborate online if that is your primary use for NC.
I would say that a majority of our users are not happy with exposing their emails addresses to all other users, or in some cases even to other users with whom they work closely.

We already have groups for segmenting the userverse, but that is nothing to do with personal privacy issues.

I entirely agree that there will be instances (probably those with a relatively small number of users, or in a corporate environment) using NC where email privacy is not an issue and the users are happy for everyone to see their addresses. That should be a choice, either at the organisational level or at the user level - not imposed by the underlying software system being used - that is a design flaw - failing to account for a valid and common use case.

Almost every other “platform” I have encountered allows users to opt to reveal their personal details (including this Discourse “platform” that we are using) but doesn’t force anything beyond username/handle. NC has never been good at this, but the latest change to explicitly showing everyone’s emails is a spammers wet-dream !

1 Like

I completely disagree. Nextcloud is much more like Exchange - it provides a service for a closed user group. Each of the similar service i know Ms Exchange, lotus Domino has a concept of address book exposed to the users… Same as in Nextcloud. And no spammers can’t access this data as users must authenticate before they share files… it becomes an issue only in case you don’t trust the users and users don’t trust each other.

1 Like

I agree with @wwe. Also, I would not consider email addresses as secret information, at least not within the same organization. If you offer Nextcloud as a service and you want completely separate organizations or groups of users from each other, you have to spin up multiple Nextcloud instancees. That’s the right way to to do it anyways. The product is simply not designed to host a multi tenant environment on one instance.

1 Like

I’ll try to explain in a different way.
There is no reason why email addresses need to be visible in order for NC to be used for collaboration.
Occam’s Razor - therefore they should not be exposed unless there is an additional reason to make them available. It is just screen clutter at best, and harmful for some users at worst.

If you want to use NC as a platform for all sorts of work in a closed monolithic organisation using internal email addresses then that is fine. But what is needed in that world is not the same as what may be needed in a more fluid dynamic ‘organisation’.

At its core and its genesis NC (in the form of OwnCloud originally) was simply providing shared storage space. Admittedly a lot of bolt-ons have been added, but most of them can be categorised as feature-creep and are not really needed for the core functionality.

This is perfectly ok so long as all of the extra stuff remains optional extras. Once it starts being imposed it is intrusive. If you actually need all that stuff then you might be better off using MS Exchange or something else.

Unless your email address belongs to your employer then most people certainly do consider it private information. I would not say to users coming in to our organisation that they must make their email address available to everyone else - and a lot would certainly object if we did.

@rogerco there is pretty good reason to show the email address - display name could be dublicate while email is unique. But I understand your problem and can imagine scenarios when you want to prevent users from accessing the complete address book e.g. school cloud splitting access to individual classes…

really short test proofs the functionality you look for is built-in already!

  • create 3 test users test3, test4, test5
  • test3 can see all users and their mail address when this option is disabled
  • add test3 and test4 into group “sharing”
  • enable/check restrict users to only share with users in their groups (Admin settings > Sharing).
  • confirm test3 can only see test4 in the sharing dialog, and doesn’t see test5
  • confirm test3 can share with external users by email

after enabling this function test3 can only find test4 in the sharing dialog (and the user still can share to external users via email)


1 Like