Can i ask you if you have 'integrity.check.disabled' => true, in you config.php?
if yes , i can provide a quick and dirty solution what we have implemented on our cloud infrastructure
Ah, so you’re talking about an enterprise installation… Sure, I agree, there it makes no sense. But this forum is for and about home users - if you have this problem in a large installation, contact the Nextcloud support team and if you have no support contract - realize you are using software without support → never a good idea.
Yeah this example (that would hit my company) refers to an enterprise installation. I thought it would be the strongest argument here 
I have to point out that the initially reported issue is solved with 12.0.4 just like other privacy related issues or some will be solved in 13.0 in the next weeks. So I can’t complain and just wanted to explain.
However I would like to explain why it affected me on a personal server as well.
I have a server primarily for my family (8 people). With the server far oversized for the current workload I allowed all these family members to invite their friends to the server (and create user accounts for them).
Each family member is now a group admin for their personal groups.
With the mentioned (now solved) issues friends of family member “A” could see all the friends of every other family member. That was too much leakage of personal data.
For me the only issue that needs to be fixed is that the chat app ojsxc still shows all users on the server. It’s already worked on here, but still needs to be finished:
Hope that explains it a bit. But as said: no complains. Most privacy issues are solved and I’m very much looking forward to update to NC13 as soon as it’s released.
1 Like
Yeah, that’s an interesting scenario for sure. And of course the enterprise argument is relevant - but that is a more complicated point, for simple reasons of motivation. Can I rant about that for a minute?
Our team, we, we care about privacy. Humans need privacy, it’s needed for freedom, democracy. We all started to do this to give people a way to take control over their data, because we’re unhappy about surveillance and so on. So we care about home users, a lot. As much as we can afford - it is why we keep Nextcloud super easy to install and use. Remember Spreed, the Go app? Home users don’t have time to figure out how to install that, so we rewrote it in PHP. Companies wouldn’t care anywhere near as much… They have people paid to spend time on this, after all.
For companies there is no ‘privacy’, privacy is a human thing. Of course companies need security and have to protect the privacy of users by law - but they make money and should be transparent otherwise, not have privacy.
It doesn’t mean we don’t care about enterprises: for Nextcloud to succeed, we need to make it better.We can do that in our free time, but it obviously goes faster if we can pay people. That is why we started the company in the first place, as a tool to make Nextcloud better, faster. Bring privacy to everybody. So we care about customers: they pay the bills to improve Nextcloud. We couldn’t do any of this without them.
And we want to hire more community members (we just hired Julius, the author of Deck, a few days ago, yay, btw). But companies that use Nextcloud, save or earn money with it, but don’t contribute - they are a lost opportunity to improve Nextcloud. If we spend time on them, they have less reason to become customer and we effectively make Nextcloud worse 
Sorry for the long answer. And on a personal note: we’re all happy with EVERY Nextcloud user, also companies. But we’re also every day asking our finance guy if we can hire that community guy and that documentation writer and that great coder and if we can organize more events and support more students to come to FOSDEM and so on. We have a lot of good resume’s of people (many on this forum, and in github) who we’d LOVE to hire. And we can only do that with more customers…
EDIT: this was NOT meant to make anyone feel bad, really. We write open source code, and with that come rights for users. Including, of course, not paying us! We choose that for a reason, we believe in it, and we love all of you 
paying or not. It is just money… 
But we want to change the world, 
bring privacy to everybody - that ambition sometimes makes me post a bit more aggressive than I mean to 
Hope you can forgive me! 
6 Likes
Well, that was a rant allright. Not sure what to take from it, except that this is maybe a feature reserved to paying customers because, well, you need more paying customers.
Anyway, i would like to keep the autocomplete menu as well, but would like it to only give results from within the users groups back.
Is this a feature i can get in the paid version?
At Nextcloud there is no paid versus unpaid version. Everything is available to everybody - at least that’s the promise from the team. Sure hope they deliver on it.
As already stated, there is no free or paid version. The desired feature is available (or put in other words: the bug is fixed) since Nextcloud 12.4.
For users who use an LDAP backend, this problem was fixed with NC13.
1 Like
solved now.
i still have this same issue in NC 16.0.7
any way to solve this ?
I still have this issue in NC 20.0.1.
Indeed the problem is still present. Everyone can see everyone in contacts menu. Since years now! I think it should be possible to either remove the contacts menu or to give the users the possibility to hide their contact information from other users!
This issue is being discussed since years now, here and at GitHub. And still there is no solution…
@yo8aiv @Kde35 @g-work
guys (and girls, maybe)
I can’t state your claims. It doesn’t show anything on the contacts menu on NO NC I have access to (there are a few, indeed).
So either you’d give out some more informations about your instances (setup, environment, config, etc) or you most probably won’t see any solution for your problem.
I had a look at my NC instance today and I think, I found the issue:
I use LDAP as user-backend and all users of the LDAP-server who are allowed to use Nextcloud, are in one group (on the LDAP-server). This group isn’t imported into Nextcloud via the LDAP/AD-Setting “Groups”, but it seems, as the contact menu does consider this group as a Nextcloud group.
This is odd, because the sharing dialogue only shows users that are in the same group (LDAP and local groups) while contact menu seems to refer to the group on the LDAP-server that isn’t even imported and which (correctly) doesn’t show up in Nextcloud group management.
I created a local user and it isn’t capable of seeing other users outside of his group. So the problem seems to be the LDAP group integration or my configuration of it. Does anyone has a hint concerning the handling of LDAP groups in Nextcloud? In my understanding, groups for administrational purpose on the LDAP-server, that aren’t configured to be available in nextcloud shouldn’t be taken into account by the contacts menu.
Can anyone reproduce this?
I’ve used the workaround - but users can still see each other through the backend or “Talk” app. I am on NC 21.0.4 and used the NextCloudPi image to install.
EDIT:
None of my users are in any group and there is only one admin (me). Normal users can see all other users too, which is problematic.
This is a problem that keeps on giving. Been around a long time it seems. I just set up next cloud and noticed the same thing. It takes control away from the admin if the users can all see each other many reasons why at home or a business would want this on by default.
Maybe they take the model used by FACEBOOK, share everything and even more with everyone.
I have to believe they have fixed this, maybe you just overlooked it a setting someplace. It would be crazy if its been unfixed since version 10.xxx o
hmm, interesting to read,
on NC 26x & 25x as of today i am facing the same issues
not fun thing users on NC-A can see all users from NC-B and vice versa
caused by federate connect
no chance to avoid this …
gonna look deeper into …
and dont, get me wrong this is not a feature this is a bug (in may-2023)
if this is a config i only get in a paid subscription version … hell yeah send me an offer
NP
The thread is very old. Please open an own thread with configuration details, examples and screenshots. Thanks.
Point taken…
For those that end up here looking for a solution. This Link might be helpful in resolving your issue. You will of also want to create groups and put your users into them of course.