Needinfo should perhaps show username rather than email address, for consistency and to avert users concerns about web scrapers
Categories
(bugzilla.mozilla.org :: User Interface, enhancement)
Tracking
()
People
(Reporter: dholbert, Unassigned)
Details
Attachments
(3 files)
screenshot showing the email address under the needinfo-initiating comment and at the bottom
STR:
- Needinfo someone on a bug.
- Compare how that shows up underneath your bug comment vs. how they're shown most-everywhere else on the bug.
ACTUAL RESULTS:
Needinfo displays with the email address, whereas in most of the other user-facing UI on the bug, we show the user's username.
EXPECTED RESULTS:
Show "needinfo requested from [username]" rather than email address, for consistency.
This came across my radar because a user was concerned that a needinfo was exposing their email address in plaintext on a bugzilla page, and so they flagged their bug as security-sensitive just because they wanted to protect their email address from web-scrapers. I know we only show email addresses to signed-in users, but this wasn't obvious to the user in question. It might help prevent this sort of confusion/concern if we used usernames rather than email addresses when displaying needinfo requests.
|
Reporter | |
Comment 1•2 years ago
|
||
Needinfo'ing myself so I can take a screenshot to demonstrate this.
|
|
Reporter | |
Comment 2•2 years ago
|
||
This is what the user-in-question saw from Bugzilla's UI which raised alarms about their email address being shown in plaintext on the bug page.
|
|
Reporter | |
Comment 3•2 years ago
|
||
(Just for completeness, here's a screenshot in a private browsing window, to demonstrate that full email addresses are in fact not shown to web scrapers / not-signed-in users.)
|
|
Reporter | |
Comment 4•2 years ago
|
||
|
|
Reporter | |
Updated•2 years ago
|
This would have to be fixed as part bug 218917
Oops, that is not the right bug. One moment.
|
|
Reporter | |
Comment 8•2 years ago
•
|
||
Is it a dupe because login_name is the thing that we show in needinfo requests?
(I wasn't envisioning "allow users to change login_name", but rather just to have needinfo flag-requests (as shown in comment 1) unconditionally change to look like Flags: needinfo(dholbert) or Flags: needinfo(Daniel Holbert [:dholbert]), exactly matching either the UI that we show at the top of each comment, or the UI that we show for the assignee/triage-owner. This would avoid giving users the mistaken impression that we're publishing their email address in plaintext to any not-signed-in viewer of the page.)
I can also imagine a world where we let users add further customizations to their account per bug 1372631, but that's not quite what I was getting at here.
Is it a dupe because login_name is the thing that we show in needinfo requests?
Yes; login_name holds the email address, and all things that deal with flags use the username part of the email address.
It's non-trivial to make it work or display in any other way.
|
|
Reporter | |
Comment 10•2 years ago
|
||
Got it, thanks.
Description
•