Member websites, members only? August 15, 2013 5:27 AM Subscribe
My little pony request. Can we have the option for our websites to be available to members only? It makes sense, in that we have the visibility option for members/everyone for Twitter/FB/other social media, can we just add website as a field for that as well?
This was briefly discussed at a meetup and a few folks chimed in saying it sounded like a good idea, so I figured I'd throw it out there.
This was briefly discussed at a meetup and a few folks chimed in saying it sounded like a good idea, so I figured I'd throw it out there.
I'm curious, if your website URL can be googled, what's the point of making it private here?
posted by HuronBob at 5:50 AM on August 15, 2013
posted by HuronBob at 5:50 AM on August 15, 2013
What is the reasoning behind the idea?
Probably the ability to only share your website with select people, instead of the entire web.
posted by Brandon Blatcher at 5:58 AM on August 15, 2013 [4 favorites]
Probably the ability to only share your website with select people, instead of the entire web.
posted by Brandon Blatcher at 5:58 AM on August 15, 2013 [4 favorites]
What is the reasoning behind the idea?
I suppose the reasoning behind the option of keeping all your social stuff "members only" here? Or your email address? What's one more field?
posted by nevercalm at 6:11 AM on August 15, 2013
I suppose the reasoning behind the option of keeping all your social stuff "members only" here? Or your email address? What's one more field?
posted by nevercalm at 6:11 AM on August 15, 2013
I would ride this pony.
posted by pointystick at 6:29 AM on August 15, 2013 [4 favorites]
posted by pointystick at 6:29 AM on August 15, 2013 [4 favorites]
It isn't really a high theashold to clear though. With email you can opt out in different ways, making fpp content 'members only' just means someone has to pony up $5 and they are a 'member', so it's not really exclusive. I guess when I asked 'what is the reasoning' I meant 'what is the justifcation?' Which is not meant as a combative question, just a request for more detail. Seems like a big shift so I was hoping for a little more meat to the argument.
posted by edgeways at 6:31 AM on August 15, 2013
posted by edgeways at 6:31 AM on August 15, 2013
making fpp content 'members only'
Not FPP content, members' personal web pages as posted in their profiles.
posted by Admiral Haddock at 6:35 AM on August 15, 2013
Not FPP content, members' personal web pages as posted in their profiles.
posted by Admiral Haddock at 6:35 AM on August 15, 2013
Can there be an opt-in/out checkmark for this? I can see reasons for people wanting one or the other. Back in the olden days when I couldn't get an account, I found a lot of cool websites made by MeFites through their profile pages. I really enjoyed that.
posted by Kattullus at 6:35 AM on August 15, 2013 [2 favorites]
posted by Kattullus at 6:35 AM on August 15, 2013 [2 favorites]
Despite my meaningless comment above I don't really think it's a big shift. Certainly couldn't hurt to give people the option.
posted by h00py at 6:36 AM on August 15, 2013
posted by h00py at 6:36 AM on August 15, 2013
I don't think I'd use this pony, but I'd support its use by others.
posted by gauche at 6:41 AM on August 15, 2013
posted by gauche at 6:41 AM on August 15, 2013
I like this pony, and here's why: I'd like to be able to share my "real" stuff with Mefites, but I don't want to make it too easy for coworkers and family to find my profile here. I suppose this implies that I trust Mefites more than people I know in the real world, something something anonymous intimacy something.
I also like the idea of this being an option, as Kattullus mentions.
posted by Metroid Baby at 6:43 AM on August 15, 2013 [16 favorites]
I also like the idea of this being an option, as Kattullus mentions.
posted by Metroid Baby at 6:43 AM on August 15, 2013 [16 favorites]
Yeah, I always have trouble understanding disagreement with requests for profile features that are opt-in. Somebody wants it. If you don't, then you won't opt in. And then everybody will be smiley!
Having said that, I know absolutely nothing about coding and I'm curious: would this be an easy thing to do? My uneducated guess is that it might not.
posted by cribcage at 6:47 AM on August 15, 2013
Having said that, I know absolutely nothing about coding and I'm curious: would this be an easy thing to do? My uneducated guess is that it might not.
posted by cribcage at 6:47 AM on August 15, 2013
It seems consistent with the way that most of the other personal information in user profiles is only visible when logged in. I'd personally prefer it as an option to display it or not to non-members, but if that's a pain for pb to build, I'd also be fine with simply not displaying it.
posted by Horace Rumpole at 6:54 AM on August 15, 2013 [3 favorites]
posted by Horace Rumpole at 6:54 AM on August 15, 2013 [3 favorites]
I'm curious, if your website URL can be googled, what's the point of making it private here?
Same logic for physical location. Not everyone wants a two-way street of information, but I agree, this one isn't something I care about, but I do understand the interest.
I don't think it's a worry about people finding your website, but rather that your website might out you here to non-members.
posted by cjorgensen at 6:59 AM on August 15, 2013
Same logic for physical location. Not everyone wants a two-way street of information, but I agree, this one isn't something I care about, but I do understand the interest.
I don't think it's a worry about people finding your website, but rather that your website might out you here to non-members.
posted by cjorgensen at 6:59 AM on August 15, 2013
I don't think it's a worry about people finding your website, but rather that your website might out you here to non-members.
Ah, so we're riding this pony backwards...
That actually makes sense, I hadn't thought about it from that direction...
posted by HuronBob at 7:10 AM on August 15, 2013
Ah, so we're riding this pony backwards...
That actually makes sense, I hadn't thought about it from that direction...
posted by HuronBob at 7:10 AM on August 15, 2013
Yes, sorry, was commuting so couldn't tap back in...in case it wasn't clear I was hoping that the website portion of the profile page could be opt-in/out for whether your website it public to non-members, precisely because some here might not be comfortable providing info which might connect profiles here with profiles elsewhere to the world at large.
posted by nevercalm at 7:27 AM on August 15, 2013
posted by nevercalm at 7:27 AM on August 15, 2013
One of the things that was brought up last night (at the same meetup, but I think in different conversations) is that many of us compartmentalize our identities online for a variety of reasons. So our participation on Twitter, Facebook and other social media sites may not be overtly linked to our activity on Mefi. This allows some of us to ask personal or perhaps intimate questions in askme using our screen names -- identifiable to other mefites on this site, but perhaps not to our co-workers, certain friends or relatives.
posted by zarq at 7:28 AM on August 15, 2013 [2 favorites]
posted by zarq at 7:28 AM on August 15, 2013 [2 favorites]
So our participation on Twitter, Facebook and other social media sites may not be overtly linked to our activity on Mefi.
Yep, this. Actually, I'd also like the location field to be opt-in/out too, but let me not saddle two ponies in one thread. Or, worse, one pony with two saddles.
posted by nevercalm at 7:31 AM on August 15, 2013
Yep, this. Actually, I'd also like the location field to be opt-in/out too, but let me not saddle two ponies in one thread. Or, worse, one pony with two saddles.
posted by nevercalm at 7:31 AM on August 15, 2013
If you put your website URL in the free form comment section of your profile it will be members only.
posted by Mitheral at 7:37 AM on August 15, 2013 [1 favorite]
posted by Mitheral at 7:37 AM on August 15, 2013 [1 favorite]
Historically, a website is your public face to the entire world. It's typically a public site available on the world wide web that anyone can see. If you don't want to link your public online identity with your MetaFilter online identity, I think you'll end up frustrated. Keep in mind that MetaFilter is not a closed community. Everything you type into the site is publicly available to everyone on the Internet. That's not going to change.
Also, there are many, many MetaFilter members. ~10,000 are active in any 7 day period, but there are more than that. And the only thing that keeps someone not yet a member from becoming a member is the willingness to spend $5. So the barrier between member and non-member is not the solid wall that it seems. If you really need to keep your identities separate, I'm not sure this distinction will be enough
The social sites contain links to places that are more personal in nature: dating sites, hobbies, photos, music sharing, etc. So having a little barrier there makes a bit more sense to me. Though I still think the member/non-member wall is not insurmountable. So I'd still only share there what you're willing to connect publicly.
If you put your website URL in the free form comment section of your profile it will be members only.
No, the free-form comments section is available to everyone.
posted by pb (staff) at 7:44 AM on August 15, 2013 [2 favorites]
Also, there are many, many MetaFilter members. ~10,000 are active in any 7 day period, but there are more than that. And the only thing that keeps someone not yet a member from becoming a member is the willingness to spend $5. So the barrier between member and non-member is not the solid wall that it seems. If you really need to keep your identities separate, I'm not sure this distinction will be enough
The social sites contain links to places that are more personal in nature: dating sites, hobbies, photos, music sharing, etc. So having a little barrier there makes a bit more sense to me. Though I still think the member/non-member wall is not insurmountable. So I'd still only share there what you're willing to connect publicly.
If you put your website URL in the free form comment section of your profile it will be members only.
No, the free-form comments section is available to everyone.
posted by pb (staff) at 7:44 AM on August 15, 2013 [2 favorites]
Whoa! So it is. Guess I had its behaviour when you disable your account confused with just being logged out.
posted by Mitheral at 8:29 AM on August 15, 2013
posted by Mitheral at 8:29 AM on August 15, 2013
I don't give a shit about random individual people making metafiter accounts to look at my profile page. But I do give a shit about every potential employer googling me and coming up with results that lead them right to this account. So I put my email address in my profile but I don't have a link to my website which is the same domain name (or was back when I could be bothered paying for hosting) because they're both linked to my real name and I don't want the link between that and my mefi account popping up in google. Someone who knows me can figure it out, but I
If you don't want to link your public online identity with your MetaFilter online identity, I think you'll end up frustrated.
And yet I've managed to do it perfectly well since 2006. This profile setting would just allow a little more personal sharing without compromising the current set up.
I don't have a dog in this fight because I no longer have a personal webpage. But I also see no reason why my webpage has to be some kind of internet CV or branding exercise. It can be fun to make something and share it with people here without also wanting to discuss it at job interviews. I don't need to have just one 'face to the world' despite what that facebook guy wants us to think.
posted by shelleycat at 8:36 AM on August 15, 2013 [4 favorites]
If you don't want to link your public online identity with your MetaFilter online identity, I think you'll end up frustrated.
And yet I've managed to do it perfectly well since 2006. This profile setting would just allow a little more personal sharing without compromising the current set up.
I don't have a dog in this fight because I no longer have a personal webpage. But I also see no reason why my webpage has to be some kind of internet CV or branding exercise. It can be fun to make something and share it with people here without also wanting to discuss it at job interviews. I don't need to have just one 'face to the world' despite what that facebook guy wants us to think.
posted by shelleycat at 8:36 AM on August 15, 2013 [4 favorites]
I like this pony.
No, the free-form comments section is available to everyone.
It is? It shouldn't be.
I have always been under the impression that our profiles -- with the exception of the contribution stats and whatnot -- were private. I'd bet a lot of other people, most of whom won't ever read this thread, are also under that impression.
I had also assumed that about the website link.
posted by Sys Rq at 8:39 AM on August 15, 2013 [1 favorite]
No, the free-form comments section is available to everyone.
It is? It shouldn't be.
I have always been under the impression that our profiles -- with the exception of the contribution stats and whatnot -- were private. I'd bet a lot of other people, most of whom won't ever read this thread, are also under that impression.
I had also assumed that about the website link.
posted by Sys Rq at 8:39 AM on August 15, 2013 [1 favorite]
I'd like to voice that this ought to be considered (and am maybe a bit surprised it doesn't already work this way?). What's the point of making the 'occupation' field, for example, hidden to non-members if the link to your professional-life site isn't?
(Huh, after doing some logged-in/logged-out comparisons I'm even more surprised that the 'full name' field is apparently exposed to all. I've never attached a name here, and until recently only linked to a website that was equally pseudonymous, so I guess I just never thought it through. I'd say both 'website' and -- even more so -- 'full name' should at least have the option of being visible to members only?)
posted by nobody at 8:39 AM on August 15, 2013
(Huh, after doing some logged-in/logged-out comparisons I'm even more surprised that the 'full name' field is apparently exposed to all. I've never attached a name here, and until recently only linked to a website that was equally pseudonymous, so I guess I just never thought it through. I'd say both 'website' and -- even more so -- 'full name' should at least have the option of being visible to members only?)
posted by nobody at 8:39 AM on August 15, 2013
Someone who knows me can figure it out, but I apparently had something else to say here and now don't remember what it was?
posted by shelleycat at 8:39 AM on August 15, 2013
posted by shelleycat at 8:39 AM on August 15, 2013
Hmm, but now I'm not seeing my profile page at all in google? Are they indexed? I thought they were but it seems I'm wrong. In which case I don't see the problem with showing/hiding whatever really.
posted by shelleycat at 8:44 AM on August 15, 2013
posted by shelleycat at 8:44 AM on August 15, 2013
I think this is getting into existential territory. This expectation of privacy leads to: why is MetaFilter public? Why do we have public profile pages at all?
MetaFilter isn't Facebook. You can't choose who to share information with here. I understand the need to disclose certain information to certain groups. It could be that MetaFilter is not the right place to blend your online identities, and that's disappointing. But I don't want to set unrealistic expectations for privacy here either.
The way profile pages work now is not new, they've always been public for the most part. That changed slightly when we added Social Services a few years ago and added a toggle for those. But profiles are still mostly public.
posted by pb (staff) at 8:46 AM on August 15, 2013 [1 favorite]
MetaFilter isn't Facebook. You can't choose who to share information with here. I understand the need to disclose certain information to certain groups. It could be that MetaFilter is not the right place to blend your online identities, and that's disappointing. But I don't want to set unrealistic expectations for privacy here either.
The way profile pages work now is not new, they've always been public for the most part. That changed slightly when we added Social Services a few years ago and added a toggle for those. But profiles are still mostly public.
posted by pb (staff) at 8:46 AM on August 15, 2013 [1 favorite]
pb: " If you don't want to link your public online identity with your MetaFilter online identity, I think you'll end up frustrated."
That's an assumption that really doesn't apply to me, and I suspect many, many other mefites. I've been a member of Metafilter for nearly nine years. My public identities on this site and on various social media that I haven't chosen to link to here are kept almost completely separate. No frustration here. In fact it's not all that difficult to consciously keep them apart if you choose to.
pb: "Everything you type into the site is publicly available to everyone on the Internet. "
Wait, no, it's not? Some of the things we type into this site are not publicly available to everyone: specifically certain information that we type into our profiles. They are member-facing only, and our profiles are explicitly not crawlable/indexed by web search engines By deliberate design.
$5 and non-google-ability may seem like a low hurdle to you, but to a potential employer searching to determine our public presence online, it's not.
posted by zarq at 8:47 AM on August 15, 2013 [7 favorites]
That's an assumption that really doesn't apply to me, and I suspect many, many other mefites. I've been a member of Metafilter for nearly nine years. My public identities on this site and on various social media that I haven't chosen to link to here are kept almost completely separate. No frustration here. In fact it's not all that difficult to consciously keep them apart if you choose to.
pb: "Everything you type into the site is publicly available to everyone on the Internet. "
Wait, no, it's not? Some of the things we type into this site are not publicly available to everyone: specifically certain information that we type into our profiles. They are member-facing only, and our profiles are explicitly not crawlable/indexed by web search engines By deliberate design.
$5 and non-google-ability may seem like a low hurdle to you, but to a potential employer searching to determine our public presence online, it's not.
posted by zarq at 8:47 AM on August 15, 2013 [7 favorites]
I think this is getting into existential territory. This expectation of privacy leads to: why is MetaFilter public? Why do we have public profile pages at all?
No, it's leading to: why have y'all been telling us our profiles are private when they're not?
posted by Sys Rq at 8:48 AM on August 15, 2013
No, it's leading to: why have y'all been telling us our profiles are private when they're not?
posted by Sys Rq at 8:48 AM on August 15, 2013
Wait, no, it's not?
You're right. I was referring to posts and comments. But there is MeFi Mail and certain parts of profile pages that are not entirely public.
posted by pb (staff) at 8:48 AM on August 15, 2013
You're right. I was referring to posts and comments. But there is MeFi Mail and certain parts of profile pages that are not entirely public.
posted by pb (staff) at 8:48 AM on August 15, 2013
No, it's leading to: why have y'all been telling us our profiles are private when they're not?
Take a look at the top of the Preferences page. It says, "note: Items with a highlighted background are only shown to other logged-in members, and won't be seen by the general public or search engines."
posted by pb (staff) at 8:50 AM on August 15, 2013
Take a look at the top of the Preferences page. It says, "note: Items with a highlighted background are only shown to other logged-in members, and won't be seen by the general public or search engines."
posted by pb (staff) at 8:50 AM on August 15, 2013
See also: What profile fields are viewable by someone who is not a Metafilter member?
posted by pb (staff) at 8:51 AM on August 15, 2013 [4 favorites]
posted by pb (staff) at 8:51 AM on August 15, 2013 [4 favorites]
Not being indexed in google does change things, for me at least (which, again, probably means nothing!) because someone would have to be specifically looking at your profile page to see what's there. I still don't get why email and twitter handle etc are allowed to be private and webpage has to be less private and I still think the assumption that people only have webpages to somehow publicise or profile themselves is wrong, but meh. None of it is indexed by search engines regardless so I'm in splitting hair territory now.
posted by shelleycat at 8:51 AM on August 15, 2013 [1 favorite]
posted by shelleycat at 8:51 AM on August 15, 2013 [1 favorite]
"note: Items with a highlighted background are only shown to other logged-in members, and won't be seen by the general public or search engines."
So that's why I was confused. It seems that the rest won't be seen by search engines either? So maybe that should be corrected?
posted by shelleycat at 8:52 AM on August 15, 2013
So that's why I was confused. It seems that the rest won't be seen by search engines either? So maybe that should be corrected?
posted by shelleycat at 8:52 AM on August 15, 2013
The rest won't be seen by good search engines like Google that respect search engine directives not to index pages. But there could be search engines that ignore those.
posted by pb (staff) at 8:54 AM on August 15, 2013
posted by pb (staff) at 8:54 AM on August 15, 2013
specifically certain information that we type into our profiles.
By design the pages themselves are not indexed but the information on them is available to anyone who clicks through to them with the exception of a small number of things.
why have y'all been telling us our profiles are private when they're not?
We have very much not been telling people that. What we do tell people that it's against the rules of the site to bring people's profile page information on to the rest of the site. Different people care more or less about this but we look at it this way
- having profile pages makes it easier for people to get more information on a user. People in this instance means anyone reading MetaFilter
- having members have ways to contact other members is good for community cohesion (MeMail, social stuff, location, meetups)
- having certain items not viewable to the general public has always been indicated in the same way on the Preferences page since we started having a Preferences page. It's also in the FAQ as pb has linked.
We're totally fine explaining how the stuff works and explaining what our thought process is on the whole setup. However we're also really mindful that generally speaking your profiles are, to our mind, public. People who need or want to keep certain information private can keep that stuff one step removed by linking to it via a social site or just telling people directly.
posted by jessamyn (staff) at 8:58 AM on August 15, 2013 [1 favorite]
By design the pages themselves are not indexed but the information on them is available to anyone who clicks through to them with the exception of a small number of things.
why have y'all been telling us our profiles are private when they're not?
We have very much not been telling people that. What we do tell people that it's against the rules of the site to bring people's profile page information on to the rest of the site. Different people care more or less about this but we look at it this way
- having profile pages makes it easier for people to get more information on a user. People in this instance means anyone reading MetaFilter
- having members have ways to contact other members is good for community cohesion (MeMail, social stuff, location, meetups)
- having certain items not viewable to the general public has always been indicated in the same way on the Preferences page since we started having a Preferences page. It's also in the FAQ as pb has linked.
We're totally fine explaining how the stuff works and explaining what our thought process is on the whole setup. However we're also really mindful that generally speaking your profiles are, to our mind, public. People who need or want to keep certain information private can keep that stuff one step removed by linking to it via a social site or just telling people directly.
posted by jessamyn (staff) at 8:58 AM on August 15, 2013 [1 favorite]
But there is MeFi Mail and certain parts of profile pages that are not entirely public.
Sure. On our profile pages it's things like our birthdays, location, gender, links to social media, etc. Info that might be considered personal.
A quick check of the ol' random 100 mefite sites button shows a few Tumblrs, Twitterers, Livejournalers, Blogspotters or Bloggers. While I'm sure some of those present a public, real life face with real names, I suspect many don't. When I had an LJ, mine did not. As shelleycat notes, the rise of social media has created a different sort of norm.
posted by zarq at 9:01 AM on August 15, 2013 [1 favorite]
Sure. On our profile pages it's things like our birthdays, location, gender, links to social media, etc. Info that might be considered personal.
A quick check of the ol' random 100 mefite sites button shows a few Tumblrs, Twitterers, Livejournalers, Blogspotters or Bloggers. While I'm sure some of those present a public, real life face with real names, I suspect many don't. When I had an LJ, mine did not. As shelleycat notes, the rise of social media has created a different sort of norm.
posted by zarq at 9:01 AM on August 15, 2013 [1 favorite]
Tumblrers? Tumblr-ers? Tumblrites? Tumblreses?
People who Tumble. Er.
posted by zarq at 9:03 AM on August 15, 2013
People who Tumble. Er.
posted by zarq at 9:03 AM on August 15, 2013
Anyway.
I like this pony and do prefer to have more control over my privacy, even if it might be a slightly illusory one, because I tend to think most HR departments aren't necessarily going to go the extra mile to do a full background check and massive net search to determine if their prospective employees are secretly *gasp* fans of The Real Housewives of Lancaster County. Unless they know what to look for it's unlikely they'd find my profile page on mefi, even if they were members.
Of course y'all are right that the best prophylactic to keeping your information from prying eyes is to keep it offline. Or to not link to it in places where there's a low bar for membership. But this community can be a huge, helpful resource and it's nice to have additional privacy guard options to work with.
posted by zarq at 9:13 AM on August 15, 2013 [3 favorites]
I like this pony and do prefer to have more control over my privacy, even if it might be a slightly illusory one, because I tend to think most HR departments aren't necessarily going to go the extra mile to do a full background check and massive net search to determine if their prospective employees are secretly *gasp* fans of The Real Housewives of Lancaster County. Unless they know what to look for it's unlikely they'd find my profile page on mefi, even if they were members.
Of course y'all are right that the best prophylactic to keeping your information from prying eyes is to keep it offline. Or to not link to it in places where there's a low bar for membership. But this community can be a huge, helpful resource and it's nice to have additional privacy guard options to work with.
posted by zarq at 9:13 AM on August 15, 2013 [3 favorites]
This is just me thinking out loud, because I've thought about this a bunch in the past but it's never really come up precisely this way, but:
It's funny, I've sort of felt for a long time (but haven't explicitly proposed this and don't plan to) that the simplest thing we could do with profile pages was get rid of the members-only distinction altogether.
Given that we already noindex profile pages (and have forever), further modal hiding of this stuff creates a tissue-thin impression of privacy that I worry creates a greater expectation of constrained content than can practically be expected on a site where five dollars is all it takes for a bad actor to do something crappy, whether (a) a directed strike like following up on a hunch and checking the members-only content of a profile they suspect to be Person X or (b) a generic, total scrape of all content, members-only or otherwise, on profile pages from a logged-in web client.
I haven't proposed removing all the modal members-only field stuff mostly because I think it'd end up upsetting people, not because I think the change would have any practical effect on anyone's security of privacy under the current scheme. That security exists pretty much entirely on the basis of Google and other major search engines respecting the noindex directive; that people cannot type in the content on your profile page, members-only or not, and be directed to your page is the thing. That's the thing. That's the biggie.
Compared with the impact of non-indexed profile pages on this, a modal members-only field manages only to protect an attempt at partitioning one's identity from a tiny sliver of bad luck and bad actors who are both (a) willing to try and act proactively irresponsibly with your user info but (b) unwilling to spend five dollars while doing so. It's not a very big practical domain; I would certainly never stake any serious life-partitioning issue I had on it, because I don't believe it'd be that reliable. As mods, we try and up the reliability on the more incidental bits of mostly-well-meaning onsite disclosure of profile page stuff in public indexed discussions, and folks are good about letting us know when there might be an issue there, but, again, that's effective on normal behavior on the site, not against some notional bad actor moving with intent to exploit information that's not literally locked-in-a-safe private.
We're not a paranoia-grade website, as we've discussed a number of times regarding e.g. anonymous questions, but even the anonymous ask metafilter process has a lot more roadblocks to a bad actor (it would require compromising multiple independent systems) than does anything members-only on the profile page (it would require logging in to the site).
I think it's an especially complicated thing because we have a wide variety of approaches to privacy on the web at this point and something like Facebook has been responsible for both (a) promoting the idea of finely-managed per-person privacy and (b) establishing a sense of distrust of privacy management by constantly changing the nature of the game for shitty design/revenue reasons.
I am glad we have kept our setup fairly simple—we noindex the pages to hobble general searchability; we reinforce that on the site by having, and enforcing, a guideline of not revealing other member's nonindexed profile page stuff in indexed threads; you think practically about what things you're okay having potentially get out there if things go wrong, because neither you nor we can 100% prevent bad actors from acting badly—and I feel like making more things members-only suggests some sort of increase in total privacy/compartmentalization that wouldn't practically be there, because it's trying to address a concern in a way that doesn't actually service that concern more than very trivially.
I know it sucks to be frustrated when trying to compartmentalize a place you like to hang out from parts of your life you don't want it conflated with or connected to. I firmly believe that finding a way to manage that at the border of what you ever put on mefi in the first place is a far, far more reliable approach to the actual dealbreaker "this cannot be connected to my RL idenity" stuff than depending on e.g. a members-only flag on the profile page. I don't begrudge folks who want to use those anyway because, hey, not a huge deal, but it also leaves me feeling like adding more of them is borderline counterproductive since it doesn't do much but may unreasonablly convince some folks that it does and exposes them to feeling all the more frustrated down the line if something goes wrong after all or if they get overly casual about their compartmentalization out of a sense of false security.
posted by cortex (staff) at 9:34 AM on August 15, 2013 [8 favorites]
It's funny, I've sort of felt for a long time (but haven't explicitly proposed this and don't plan to) that the simplest thing we could do with profile pages was get rid of the members-only distinction altogether.
Given that we already noindex profile pages (and have forever), further modal hiding of this stuff creates a tissue-thin impression of privacy that I worry creates a greater expectation of constrained content than can practically be expected on a site where five dollars is all it takes for a bad actor to do something crappy, whether (a) a directed strike like following up on a hunch and checking the members-only content of a profile they suspect to be Person X or (b) a generic, total scrape of all content, members-only or otherwise, on profile pages from a logged-in web client.
I haven't proposed removing all the modal members-only field stuff mostly because I think it'd end up upsetting people, not because I think the change would have any practical effect on anyone's security of privacy under the current scheme. That security exists pretty much entirely on the basis of Google and other major search engines respecting the noindex directive; that people cannot type in the content on your profile page, members-only or not, and be directed to your page is the thing. That's the thing. That's the biggie.
Compared with the impact of non-indexed profile pages on this, a modal members-only field manages only to protect an attempt at partitioning one's identity from a tiny sliver of bad luck and bad actors who are both (a) willing to try and act proactively irresponsibly with your user info but (b) unwilling to spend five dollars while doing so. It's not a very big practical domain; I would certainly never stake any serious life-partitioning issue I had on it, because I don't believe it'd be that reliable. As mods, we try and up the reliability on the more incidental bits of mostly-well-meaning onsite disclosure of profile page stuff in public indexed discussions, and folks are good about letting us know when there might be an issue there, but, again, that's effective on normal behavior on the site, not against some notional bad actor moving with intent to exploit information that's not literally locked-in-a-safe private.
We're not a paranoia-grade website, as we've discussed a number of times regarding e.g. anonymous questions, but even the anonymous ask metafilter process has a lot more roadblocks to a bad actor (it would require compromising multiple independent systems) than does anything members-only on the profile page (it would require logging in to the site).
I think it's an especially complicated thing because we have a wide variety of approaches to privacy on the web at this point and something like Facebook has been responsible for both (a) promoting the idea of finely-managed per-person privacy and (b) establishing a sense of distrust of privacy management by constantly changing the nature of the game for shitty design/revenue reasons.
I am glad we have kept our setup fairly simple—we noindex the pages to hobble general searchability; we reinforce that on the site by having, and enforcing, a guideline of not revealing other member's nonindexed profile page stuff in indexed threads; you think practically about what things you're okay having potentially get out there if things go wrong, because neither you nor we can 100% prevent bad actors from acting badly—and I feel like making more things members-only suggests some sort of increase in total privacy/compartmentalization that wouldn't practically be there, because it's trying to address a concern in a way that doesn't actually service that concern more than very trivially.
I know it sucks to be frustrated when trying to compartmentalize a place you like to hang out from parts of your life you don't want it conflated with or connected to. I firmly believe that finding a way to manage that at the border of what you ever put on mefi in the first place is a far, far more reliable approach to the actual dealbreaker "this cannot be connected to my RL idenity" stuff than depending on e.g. a members-only flag on the profile page. I don't begrudge folks who want to use those anyway because, hey, not a huge deal, but it also leaves me feeling like adding more of them is borderline counterproductive since it doesn't do much but may unreasonablly convince some folks that it does and exposes them to feeling all the more frustrated down the line if something goes wrong after all or if they get overly casual about their compartmentalization out of a sense of false security.
posted by cortex (staff) at 9:34 AM on August 15, 2013 [8 favorites]
Historically, a website is your public face to the entire world. [...] The social sites contain links to places that are more personal in nature
i totally see this point of view, but i don't think it's one that can be applied to everyone. i know lots of people who feel the exact opposite about which is more public and which is more private to them.
posted by nadawi at 10:16 AM on August 15, 2013 [2 favorites]
i totally see this point of view, but i don't think it's one that can be applied to everyone. i know lots of people who feel the exact opposite about which is more public and which is more private to them.
posted by nadawi at 10:16 AM on August 15, 2013 [2 favorites]
If I can make my Twitter handle “private”, why can't I make my website just as “private”?
posted by oceanjesse at 1:12 PM on August 15, 2013
posted by oceanjesse at 1:12 PM on August 15, 2013
I don't want to make this a big deal, it's a pretty trivial ask in terms of a feature. It may be technically hard to code in, but that's a different discussion. I don't agree that this pony would not add more "privacy" mostly because we already have demonstrated data on how effective the 5 buck hurdle is for other things. Privacy much like security isn't a single level/layered thing, look at it as the onion model/etc. An incremental hurdle is still a hurdle to cross.
I think it's a pretty reasonable pony to request the ability to hide any/all profile data from non logged in folks. It's not the greatest privacy option but when you participate in a site where you can go hang out with people IRL, it kind of makes sense you'd want to share some things with them and not the internet at large who wasn't even willing to toss 5 bucks at the site to find out more.
posted by iamabot at 4:12 PM on August 15, 2013
I think it's a pretty reasonable pony to request the ability to hide any/all profile data from non logged in folks. It's not the greatest privacy option but when you participate in a site where you can go hang out with people IRL, it kind of makes sense you'd want to share some things with them and not the internet at large who wasn't even willing to toss 5 bucks at the site to find out more.
posted by iamabot at 4:12 PM on August 15, 2013
I can understand why people would be comfortable with sharing information with MeFites specifically, but not the wider world. This web community has built up a strong sense of inter-member trust. We trust the community with very thorny personal problems, just to give one obvious example. And we also go to meet-ups with total strangers, trusting that they are fun, interesting, non-serial-killing people. And the community almost never lets us down. That's quite special and creates a strong social cohesion which isn't found in many web communities of similar size. We trust MeFites even when we don't trust random internet strangers.
But I think we shouldn't do anything to close ourselves off. MetaFilter has historically been a very open and welcoming community, and we should stay that way. I think that while an opt-out toggle would be good for those people who are very uncomfortable with letting non-members find their website, I think that it's generally a bad idea to take steps to close a community off from the wider world, even if it's as incremental as making websites member-facing only.
posted by Kattullus at 6:00 PM on August 15, 2013 [1 favorite]
But I think we shouldn't do anything to close ourselves off. MetaFilter has historically been a very open and welcoming community, and we should stay that way. I think that while an opt-out toggle would be good for those people who are very uncomfortable with letting non-members find their website, I think that it's generally a bad idea to take steps to close a community off from the wider world, even if it's as incremental as making websites member-facing only.
posted by Kattullus at 6:00 PM on August 15, 2013 [1 favorite]
I would pet this pony despite the fact that my domain name and my username have all the same letters in them, in the same order, with just one extra bit of punctuation differentiating them. And actually, I put my website URL on my resume.
Also, as an HR type - as far as I can tell, what really matters is the first page of Google results and whatever is linked to your LinkedIn profile. There's also quite a few HR types who don't think of using the internet at all, though, and I wouldn't really place my bets on the relevant recruiter in any given situation being that kind of HR person.
posted by SMPA at 6:14 PM on August 15, 2013
Also, as an HR type - as far as I can tell, what really matters is the first page of Google results and whatever is linked to your LinkedIn profile. There's also quite a few HR types who don't think of using the internet at all, though, and I wouldn't really place my bets on the relevant recruiter in any given situation being that kind of HR person.
posted by SMPA at 6:14 PM on August 15, 2013
This reminds me of the recent Chrome password kerfluffle. Maybe the current MetaFilter threat model needs to be updated. I agree with this pony, particularly if there is infrastructure already in place to handle this that can be adapted to work with the website field.
I have a back door that could literally be kicked in by seven year old child. Stiff breezes can be a problem. I still lock it.
posted by jsturgill at 9:32 AM on August 16, 2013
I have a back door that could literally be kicked in by seven year old child. Stiff breezes can be a problem. I still lock it.
posted by jsturgill at 9:32 AM on August 16, 2013
Well personally for me, I just put it in the "Location" field. It's not clickable, but it's hidden enough.
posted by nevercalm at 11:16 AM on August 16, 2013
posted by nevercalm at 11:16 AM on August 16, 2013
You are not logged in, either login or create an account to post comments
posted by edgeways at 5:40 AM on August 15, 2013