Default security settings for tags

[syderia]

Title:
Default security settings for tags

Area:
security settings

Summary:
Journals would still have a global default access setting, but it would be possible to set other access settings for specif tags - those settings would then override the default when chosen on an entry.

Description:
In case two tags were chosen with different settings, the more restrictive one would be picked.
The possibility to manually set the access level for the entry would stay there and would override any tag-specific level.

This might be a nice paid feature. The number of tags that could be associated to another access setting could be limited (and scaled depending on the type of account).

Poll #11555 Default security settings for tags

Open to: Registered Users, detailed results viewable to: All, participants: 45

View Respondents

This suggestion:

View Answers

Should be implemented as-is.
11 (24.4%)

Should be implemented with changes. (please comment)
2 (4.4%)

Shouldn't be implemented.
15 (33.3%)

(I have no opinion)
16 (35.6%)

(Other: please comment)
1 (2.2%)

Comments

[jjhunter]

Yeessssssss. (I do believe this is the cleaned up version of my original suggestion, no?)

ETA: ah, no, there's the rejection email from D saying 'Great minds think alike'. The element from my version that isn't present in this one is that I suggested that tags that have a particular associated security level not be viewable by other users who don't have access to entries with that particular security level.

Or in other words:

Summary:
Have option for users to associate a minimum or custom security level with certain tags such that a.) any new post that has such a tag or tags added will default to the most secure of the tag-associated security levels present, and b.) tags that are associated with a particular access filter will only be visible to users on that access filter regardless of where tags are shown ('Tags' page, 'Most Popular Tags' section, etc.).

Description:
As someone who uses multiple custom access filters on a regular basis, I am keenly aware that my tagging for such is visible to the general public on the Tags page & 'Most Popular Tags' section even when the actual access-locked posts are only visible to those on the relevant access filters. I also sometimes run into the problem of tagging a particular post with a tag I associate with a particular security filter and then forgetting to also change the security level to match. For both improved privacy and organizational sanity it would be a delight to have the option to associate a particular default minimum or custom security level/access filter with particular tags such that:

a.) any new post that has such a tag or tags will automatically default to the most secure of the security levels associated with the tags present, and
b.) tags that are associated with a particular access filter will only be visible to users on that access filter regardless of where tags are shown (Tags page, 'Most Popular Tags' section, etc.)

In terms of implementation, I could see this starting out as a paid user-only perk, and then maybe eventually being available to everyone.

[aedifica]

That, I would be all over!

[kaberett]

+1

[subluxate]

I like this.

[jjhunter]

Making sure this comment from swaldman re: the 'b' element of the above suggestion doesn't get lost:

I agree that a user shouldn't be able to see tags that refer only to things that they don't have access to, but I think it's a separate issue (and IMHO a bug). It may or may not be covered by bug 1723.

[anaraine]

I'm sorry, could you explain this better please? It might be because I'm currently lacking sleep, but I don't understand this suggestion at all.

You are asking... to be able to change the security/privacy settings for tags? So that if you add a tag that is "public" it makes the journal entry public, if you hadn't specified if the journal was supposed to be public or private? Is that what I'm reading?

[syderia]

I think you understood correctly.

I'm thinking of the case where your journal's default is friend-only, but you post publicly on some subject (fanworks, for example). Today, you have to post the entry, then go back and manually edit the security setting to make it public.

The aim of my suggestion is to be able to set that every entry tagged "fanwork" should be public.

[jjhunter]

There's an alternate version of this suggestion further up in the comments. Does that version make more sense?

[anaraine]

That... makes a bit more sense. I guess it's just a case of "does not compute" for me, because I can't understand why you would want to adjust your entries' privacy settings according to your tags. It feels like that would be far too easy for me to mislabel an entry with the wrong tag, and then have said entry out in the open for everyone to see when I didn't want it to be.

I could understand wanting to have a tag that you went in manually to make private - so that only you (or an access group) could access that tag to be able to collect similar entries to view, but that's not what this is suggesting, right?

Thank you for trying to explain, though!

[jjhunter]

My version of the suggestion is geared towards increased privacy, "so that only you (or an access group) could access that tag to be able to collect similar entries to view", etc.; the problem I've been running into is tagging an entry that I associate with a particular security level and then forgetting to manually change the security level to that more secure setting. (My journal defaults to public, but occasionally I post things that are very private/confidential, and I find remembering to change the security level nerve-wracking. It isn't intuitive the way adding a tag is to me.)

Hope that helps.

[aedifica]

I'm not sure I understand the suggestion properly. Is it that you'd be able to set the security setting on a certain post by adding a tag to the post?

[kaberett]

That's my understanding, and that's influenced how I've commented.

[ninetydegrees]

I don't think it's a good idea to link entry security level and tags this way. Plus you'd have to add a way to specify that these special tags can't be used by other users if you've allowed them to tag your entries. I'm not sure what would be the benefit from this as it doesn't make you save any time.

[jjhunter]

Does the alternate version of this suggestion in the comments make more sense to you in terms of how such a feature would be a benefit?

[ninetydegrees]

I don't think it's something I'd use but yep! Thanks!

[ciaan]

Yes, allowing other people to change the security settings on your entries is a big deal.

[silverflight8]

You know, I always thought that tags defaulted to displaying to only those who could see the entry, if I'm understanding your suggestion rightly...? Can you explain a bit more clearly?

[syderia]

I'm thinking of the case where your journal's default is friend-only, but you post publicly on some subject (fanworks, for example). Today, you have to post the entry, then go back and manually edit the security setting to make it public.

The aim of my suggestion is to be able to set that every entry tagged "fanwork" should be public.

[jjhunter]

There's an alternate version of this suggestion further up in the comments. Does that version clear up your confusion?

[ciaan]

If I go to your tag page I will see a list of every tag you have. Even if some of those tags have only ever been used on locked, filtered, or private entries. So if a user had a tag "i hate my boss" and a tag "hot gay sex" then their boss could view those on their tag list, even if said boss couldn't access any of the tagged entries. Which, in some cases, might give away information the user did not plan to make public.

[denise]

No, silverflight8 is correct -- tags take the security of the least-restrictive entry they were used on. So if you have a "hot gay sex" tag that's only ever used on access-locked posts, someone not on your access list will not see it.

[ciaan]

Oh, good! I am glad to be wrong! :)

[matgb]

I'm not sure I'm understanding the suggestion, or the why of the suggestion.

It seems to have two purposes-one is to help people not making mistakes about custom filtered entries and tagging, somethign I don't do so I can't relate to how this would help but it does look like it's an unneccessarily complicated helper feature that would be better solved by checking what you're doing.

The other use case I can see-if your default is friends only, but you sometimes post public stuff public, you have to go in and edit the post to make it public, which can mess up feedreaders and reading page presence, etc.

So if it was a "everything's trusted only except posts tagged PUBLIC" and they automatically appeared publicly, that I can see making sense, and actually be useful, but it doesn't appear to be what you're actually suggesting?

[syderia]

The other use case I can see-if your default is friends only, but you sometimes post public stuff public, you have to go in and edit the post to make it public, which can mess up feedreaders and reading page presence, etc.
This is what I have in mind.

[jjhunter]

There's an alternate version of this suggestion further up in the comments. Does that version help clarify the potential benefits of this suggestion?

[matgb]

Honestly? Not really, it's so different from my standard use case I can't really relate to it-it's why I ticked no opinion, it sounds like a feature that's of no use to me at all, but I don't want to vote it down just becuase I think it's pointless.

[jjhunter]

Fair enough. Thank you for the feedback!

[swaldman]

I think that this would be a nifty bit of automation ("All entries that I post on this topic should be restricted"), but I have voted against because I think it's extra complexity for little actual gain, on a site that I think is already pretty intimidating with complexity for new users.
I'd also be a little wary of encouraging myself to pay less attention to the access level - I think that knowing that it should be automated might lead to me not checking it myself when I post.

[jjhunter]

If it was an opt-in feature only available to paid users, that might reduce the 'wha?' factor for new users. Also, not sure if you saw the alternate version of this suggestion further up in the comments, but there's an additional possible privacy benefit for those of us who use only use certain tags with certain access filters - as things stand now, anyone can see such tags on the 'Tags' page, 'Most Popular Tags' section, etc. even if they aren't part of such a filter.

[swaldman]

I agree that a user shouldn't be able to see tags that refer only to things that they don't have access to, but I think it's a separate issue (and IMHO a bug). It may or may not be covered by bug 1723.

[jjhunter]

Good point, and thank you - I wasn't aware there was already something in Bugzilla that covered that aspect.

[ciaan]

I agree that using tags to set entry security levels is a different question from privacy settings on viewing tag lists. I support tighter privacy on tag lists. I wouldn't use tags to set my entry security options, but I also wouldn't block other people from having that feature, so long as it was totally opt-in and none of my tags started changing my entry settings.

[musyc]

This is a tagging change I support. It bothers me immensely that I can see total tagged-post numbers on a user's journal even if I can't see the posts themselves. If a poster has a mix of locked/public posts all tagged "things that are purple", I shouldn't be able to see that there are 40 usages of the tag when I can only view 4 public posts.

[alexbayleaf]

+1