Disable public user's contact information (domain.tld/index.php/u/<user>)

Nextcloud version: 23.0.0
Operating system and version: FreeBSD 13.0-RELEASE
Apache version: 2.4.52
PHP version: 7.4.27

Issue summary:
Nextcloud shows private user information on domain.tld/index.php/u/<username> by default. This seems to be hard coded. I’m looking for a maintainable (i.e. without having to edit php files with every update) method to disable this anti-feature or to limit all personal data from this page to nothing.

Info that is exposed by default:

Full name
Profile picture

Steps to replicate:
Install a fresh Nextcloud instance, create a user and browse to domain.tld/index.php/u/<username> in another/private browser.

I’m a day job privacy and security officer/DPO who is using his free time to set up a few Nextcloud instances for two privacy conscience non-profit organizations that are in need of a cheap (because of money constraints) privacy-friendly collaboration tool. Nextcloud is a logical choice: open source, well maintained and also user-friendly.

Unless I’m completely blind and missed a setting in the GUI, there is just one big problem. In the context of the GDPR and privacy by design the exposure of personal data by default is a anti-feature. You are only allowed to show this publicly when 1) there is a defined purpose for exposing this data and 2) when you have a lawful basis. We don’t have a purpose and legal basis for showing this information, on the contrary even: we have a purpose for not showing this information. This also means it’s automatically unlawful to expose this information to the outside world. But even if the GDPR wasn’t implemented and its national predecessor (Netherlands) didn’t exist, we find privacy to be important and thus don’t want to expose this information to the public anyway.

I’m not going to lie, I feel like I’m missing some completely obvious setting here. I can’t think of a good reason why this is set to these defaults (which for sure isn’t privacy by design) and why these settings aren’t configurable from the GUI. It doesn’t make sense in a post GDPR world.

Possible solutions:
What I’m hoping for is some maintainable/robust way to disable the availability of /u/ completely. If I missed some setting in the GUI/config.php for this, please show me :wink: .

Disabling it might be done by editing a php file, but this won’t be robust since it requires manual php edits with every update (and shows a warning about file integrity that loses its purpose when it becomes a default error).

Another method may be to set the default settings for all users to “Hide” or “Show to logged in users only”. But it seems these are hard coded as well and thus have the same drawback of needing manual php edits with every update. Also this might not change the current settings for already created users.

And thirdly I can think of a solution (which feels more like a hack) where a Apache rewrite rule or htaccess directive makes sure people can’t access the user profile pages.

Any thoughts on this from some more experienced Nextcloud users? Did I miss something obvious? How would you go about this?

Thanks in advance.


Did you log out from your Nextcloud instance and access the user details then?
I’m still on NC21 and not 100% sure that there has not changed something regarding the user details, but I assume, that these details are only visible for logged in users.

In the personal profile settings users can share the details they want to share with other NC users and can even configure with whom the details are shared (local, federated servers, public). Default is “local”.

In companies who fill these details by default via an external service, sharing this information locally on the NC instance shouldn’t be an issue, because this information can be gathered within the company anyways, I guess.

For me personally this behavior is not an issue for me. (Since you asked).

I wrote an issue. Perhaps it is a bug … perhaps it is a feature. :wink:

Additional information:
If someone share something with public share it is easy possible to get the username in the cloud.

Hi o/,

Yes I tested this when I’m not logged in to Nextcloud. The profile pages are all public with the following entries in the profiles set to public ("Show to everyone") by default:

Full name
Profile picture

I also tested this on a fresh install of Nextcloud 23.0.0 yesterday, in order to see whether I could have changed something that allowed this to happen or that it’s part of Nextcloud. And it’s really the default behavior in Nextcloud.

Additional information:
I now tested it on four Nextclouds.
It only works for me on Nextcloud 23.
I have updated my issue.

I don’t know this for sure, but might it be the case that this feature wasn’t available in Nextcloud 22.0.0 yet? I spoke to a colleague who runs Nextcloud for years already and he says he doesn’t have this feature on his instance.

edit: I did find a earlier similar issue, so I guess this isn’t a new feature. Maybe the default settings were different before or my colleague forgot he had set the settings in his profile to the privacy default manually already.

Yes. That is possible. Perhaps someone knows the feature and can post a link. Thanks.

Found some more related issues:

Seems that there is no real fix for this yet. Maybe the apache rewrite rule will be best for now?

For other people who can’t wait for Nextcloud to make the user profile exposure settings configurable, I think this should work:

# Nextcloud disable profile page
RewriteRule ^(.*)index.php/u/(.*)$ https://domain.tld/index.php [R=301,L,NC]

Is someone has a better suggestion to go about this, let me know :slight_smile: .