747524 - Implement Privacy Controls

Status: VERIFIED FIXED

(Participation Infrastructure :: Phonebook, defect)

Description

[Owen Coutts [:tallOwen]]

This has been talked about a lot but I couldn't find a bug to implement privacy controls.

What we want to do is allow mozillians to make some parts of their profile public. People would be able to access links like mozillians.org/tallowen without being logged in if tallowen has set his privacy settings to public.

Weather this will be done on a field group basis or per field seems to still be up in the air based on current talks with bram.

Comment 1

[Bram Pitoyo [:bram]]

Some thoughts about implementing privacy in a useful but not heavy-handed way:

* The “Show only to me” option can probably be taken out, because it begs the question “If you don’t want your details to show up, why are you putting it in?”. So we will only have “vouched users” and “everyone”

* However, email is required for registration and user cannot leave it blank. So email can have a separate setting, that is visible to “only me”, “vouched users” and “everyone”.

* The settings page had a lot of fields already. Even though I originally mocked up a per-field privacy control, actually having all those fields on the page can lead to an overwhelming interface. The mobile version will function even worse

* However, having privacy controls right next to the field is the best way to implement it. It means that the feature is self-explanatory. We will have to explain what the Privacy tab does, and what field is impacted by what setting, if we put Privacy on a separate tab

* Grouping things into three categories makes sense:
** Personal information (about you)
** Contact information (how to get in touch with you)
** Skills/groups (what you can do, it also allows visitor to view you in context of other Mozillians with the same groups)


So how are we going to implement privacy on a fieldset basis with controls that are right next to the fields? 

* First, we group the relevant fields together
** Photo, name and bio is personal info
** Homepage and IRC is contact info
** Skills/groups are in a separate tab
** Email is also in a separate tab, but it cannot be left blank, so it will be given its own field

* Second, separate fieldsets using vertical spaces and horizontal rulers

* Third, now that the fieldsets are visually distinctive, we put the privacy control either on top or on the side of each fieldset

Comment 2

[Bram Pitoyo [:bram]]

Attachment: Proposed per-field privacy controls implementation

This is attached simply to document our thought process. The final UX will be grouped by fieldset.

Comment 3

[Owen Coutts [:tallOwen]]

aakash: what bram is saying doesn't match what you said here: https://github.com/mozilla/mozillians/pull/217#issuecomment-5247658.

Do we want groups or per field privacy?

Comment 4

[Aakash Desai [:aakashd]]

(In reply to Owen Coutts [:tallOwen] from comment #3)
> aakash: what bram is saying doesn't match what you said here:
> https://github.com/mozilla/mozillians/pull/217#issuecomment-5247658.
> 
> Do we want groups or per field privacy?

Per field, por favor.

Comment 7

[Ben (:bensternthal)]

Removing this as a blocker for the API. Per-field permissions do not block the API.

We will implement: https://wiki.mozilla.org/Mozillians/Privacy-Specification
to support the API.

Comment 8

[William Reynolds [:williamr]]

The requirements are documented here:
https://wiki.mozilla.org/Mozillians/Releases/1.4/Privacy

We are looking to have three visibility options for each profile field:
- Public
- Mozillians (note: this refers to Vouched Mozillians)
- Admin

Also, administrators should be able to set the default privacy level for each field.

The mock up shown in comment 2 can be used for UX, keeping in mind we'll need a privacy dropdown box for each field. The UX for profiles will likely be updated in the next couple months, so we can improve the Privacy Controls UX then if needed.

Comment 9

[Giorgos Logiotatidis [:giorgos]]

(In reply to William Reynolds [:williamr] from comment #8)
> Also, administrators should be able to set the default privacy level for
> each field.

You mean define the privacy level for each field globally? So if an admin decides the 'Full name' is public to all then for all profiles it's public to all.

In any case defining dynamically the privacy level per field, even if it's the admin who's deciding or the user, can be of great code and UX complexity.

If we only allow admin to decide, then can we make this decision now and code it inside the project, instead of allowing changes through the admin interface? I guess we're not going to change our minds every next day about the privacy rules, so coding them in should provide the same results, without spending too much resources on something that's not changing that often (or ever).

Comment 10

[Mike Hoye [:mhoye]]

"If you don’t want your details to show up, why are you putting it in?"

In many cases we'll want to know what somebody's specific address is, so we can send them relevant information (Meetups, summits, information about regional advocacy, other stuff in their area, for example) and mail various kinds of swag to them, but we'll still want offer them the ability to keep that information privately between Mozilla and themselves.

"Also, administrators should be able to set the default privacy level for each field."

Default privacy setting should be "hidden from view" in all cases except name and email, in my opinion. For other classes of information (mailing address, photo, webpage, other contact info (irc, etc)) the user should have a checkbox option to reveal the data, but that option shouldn't default to "public".

Comment 11

[Justin Crawford [:hoosteeno] [:jcrawford]]

We're firing up a project to tackle this one, hopefully in 2013Q1. When (tracking) bug 843870 is done, this bug will be done, too.

Comment 12

[Matt Brandt [:mbrandt]]

QA verified - bug 843870 is resolved