Why do we have username attached? It not only not needed but also violates basic privacy. People will share this links in other places revealing their accounts on the forum for no reason.
Proposal: modify site to avoid adding username to the links.
TLDR.
It is used for badges (first share, nice share, great share).
You can still manually delete the username part of the link or just copy the url from the address bar.
I agreed with the proposal. It shouldnāt be default (too easy to not remember to manually delete the username).
Thank you for information and support of proposal. Now it is clear for me how it could be used at least somewhere. If I were making discource and wanted to have badges for sharing I would add some token, not username.
I am also happy that other people are also concerned about this issue. So concerned that they made PR/patches to upstream to allow turning it off.
Proposal update: change site settings to avoid adding username to the links.
@adw, @gonzalo-bulnes please tell who on the Forum should we contact to initiate possible considering of turning off this username leaks?
I dont understand this.
The Forum is a public space.
If the link is followed then your account on the forum will be
ārevealedā, whether the link contains the username or not.
How does this violate basic privacy?
Thanks a lot for fast reaction! I checked it works.
Now letās hope nobody will ask to turn it back (joking, the chance is almost zero).
Well, links provided by @szz9pza above probably also have some cases, but I was talking about cases like that:
User wants to use Qubes OS and has hater/hacker that follows them on social networks and other places.
User shares some link to some forum post or comment (not even theirs post) in their twitter.
Everybody in the internet knows that User with that social media account (usually connected to real name) is owning username account on Qubes OS forum.
Now everybody can target real person based on forum posts and comments:
investigate what custom software they use, modify this software or use known vulnerabilities of this software,
maybe know about traveling plans,
and a lot of other stuff.
There can be a million ways to target personās infrastructure if you have their posts on the related forum.
If you share a link on another forum and you donāt have the same username,
you may not want these two separate usernames to be correlated.
Isnāt there a setting to enable this in the user preferences (disabled by default) ?
With this global setting, the related badges are useless and disabled.
(unless you do the other way and manually add the ?u=username )
Itās ok with a global setting, itās better than having the username in the shared link.
Itās this step that I dont follow.
(I dont have any problem with removing the name from links at all. Iām
indifferent.)
But I dont follow how you get from Step 1 to Step 3.
It would be different if Step 1 was:
User posts to twitter - āJust commented on Qubes Forumā - which
obviously ties their twitter account to their Forum account.
But how does sharing a link with some user name attached reveal the link to the Social media account?
I feel Iām missing something important.
I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
Please forgive me, but Iām working blind here.
This suggests thereās some āShareā button on a post, that does something
(perhaps copies a link to that post) and ADDS YOUR USERNAME to that
post?
In email format, Iām used to seeing the username of the user who sent
the post, in quotes etc, and I dont have these āusefulā features.
I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
Imagine that I have another anonymous account on Twitter. In that account, I want to share a link to this post of yours: https://forum.qubes-os.org/t/taking-link-for-the-post-should-not-add-username-to-it/20530/9?u=fsflover
If I forget to remove my Qubes username, I reveal the connection between my two anonymous accounts, which harms my privacy. I see no reason to add my username to every link by default, forcing me to be careful every time.
Only there I understood your struggle, that you are explicit mail person
Yes, on each post on forum there is a button share a link to this post, but link provided by default has username of the User clicking (not the author of the post, not the author of the topic). I had to remove this part of the link manually each time.
Yes, it was strange and kind of stupid for me, too.
Not good default beahvior. I dislike many things in discourse. Their whole stance on collecting tons of metrics for gamification purposes. But itās the best we have currently. This is just one more of their games, I guess.
Tip
If you want to share a particular reply, just copy the link in the URL bar. It will be for the post youāre currently seeing.