Jump to content
TNG Community
bobbyfamilytree

DNA Privacy

Recommended Posts

bobbyfamilytree

How do you keep a living individual's DNA results private?

If you tick the ''keep name private'' it does this however, often the username is their actual name so this privacy setting can be useless.

''Keep Test Private'' isnt really private because it shows the username and Ancestral Names (not ticked in settings)

So how do you keep living folks DNA profile private? 

 

Share this post


Link to post
Share on other sites
Rob Severijns

Hello Bobby,

 

I'm using TNG 12.3.

I myself don't use the DNA options in TNG but there Is a checkbox option in the Setup / General Settings to keep the name private?

image.png

 

When loggied in as a user, this hides all the dna data from that person (dead or alive). Don't know if this is also applicable to the rest of persons ancestors/children but you could give it a try.

Kind regards,

 

Rob

Share this post


Link to post
Share on other sites
Ken Roy
7 hours ago, bobbyfamilytree said:

'Keep Test Private'' isnt really private because it shows the username and Ancestral Names

If you mark the DNA Test as "Keep Test Private" then only users who have the View Private information privilege should be able to see the tests.  On the DNA Test record there is also a series of check boxes as to what Test Information To Display

Share this post


Link to post
Share on other sites
bobbyfamilytree

Thanks for replies.

OK after further research it looks like I have to make every DNA test private

If I copy a DNA URL profile (marked as private) into incognito then name/number (can be real name)and Ancestral names still appears and this being picked up crawlers, bots etc. (Whether you tick or untick Ancestral names it still appears in this regard)

So if Jo Smith is listed as living in my tree then no one can see details on their profile page, as you would expect. If this same person then does a DNA test and is linked to his tree profile then his DNA details on the DNA page can be seen unless they are marked in DNA as Private.

By default DNA testers should be private.

 

 

 

Share this post


Link to post
Share on other sites
bobbyfamilytree

Here is an example of a DNA profile that is viewed incognito.

This profile is 'Private' (and living)

At the very top it shows the (living) persons name.

Number/Name - This Ancestry DNA profile name is their real name.

Ancestral names - includes their surname and (living) ancestors

Relevant Links - shows the link to their Ancestry profile even though it is not ticked.

Notes - It shows the notes for this particular profile even though it is not ticked.

Screenshot 2020-05-22 at 9.jpg

 

The Private setting isnt really private.

Share this post


Link to post
Share on other sites
Ken Roy
20 hours ago, bobbyfamilytree said:

If I copy a DNA URL profile (marked as private) into incognito

Bobby,

i have no clue as to what you mean by copying a DNA URL profile into incognito.  Are you logged in to your TNG site at the time with View Private privilege. 

When I click on the My Site link in your signature and then select DNA Tests, I see not a single DNA Tests.

Share this post


Link to post
Share on other sites
Ken Roy

Best I can tell,  incognito simply pertains to browsing history

Quote

Alternatively referred to as private browsing, InPrivate Browsing, or a private window, Incognito mode is an Internet browser setting that prevents browsing history from being stored.

Marking a DNA Test "Keep as Private" means to only allow users who have the View Private privilege to view the DNA Test.  If you are logged in as TNG Administrator, you would have the View Private privilege.

The Private setting has nothing to do with incognito browsing.  To test how DNA Tests marked as Private tests work, you need to access as a unlogged in visitor to your site.   You could also test with a user that allows access to View Private restricted to a specific branch of your tree.

Best i can tell your tests are now all marked Private, since I could not view any. 

Share this post


Link to post
Share on other sites
bhemph

Ken,
     It looks like Bobby was using the incognito window to go to the same address as one of the DNA tests in order to test being a guest who is not logged in, no chance of it grabbing a prior admin session.  So he is saying that if you can guess the right # for what test ID exists, or a computer tries to brute force it, the private results can be viewed.

Brent

Share this post


Link to post
Share on other sites
Ken Roy

Thanks Brent,

Your assessment might be correct.  Since he did not provide the URL that he pasted, I cannot test whether I can access it without being logged in with no View Private privilege. 

I do not think that copying the URL is a valid way to test whether access to the DNA Tests are being protected.  As I indicated, I cannot access the DNA Tests on Bobby's site, whereas I was able to when Jeff and I were developing some of the code that was turned over to TNG.

Share this post


Link to post
Share on other sites
bobbyfamilytree

I made all DNA tests on my site private since writing this. I guess I should of really researched a bit more rather than making the assumption they would be hidden, however,  here is one of my Private DNA tests. (Keep Test Private - Yes) Relavent Links, Media Links, Notes & Admin notes - none are ticked. 

There are 109 test profiles on my site, if you use other random numbers at the end of the URL you can see other testers info.

Share this post


Link to post
Share on other sites
Ken Roy

Bobby,

I think there is a misunderstanding on how this all works   DNA Tests marked as Private are not displayed if users select DNA Tests from the TNG menu. 

I do not think there is anything within TNG that prevents direct URL display of any data if some one knows a URL.

Share this post


Link to post
Share on other sites
Chris Lloyd
8 hours ago, bobbyfamilytree said:

I made all DNA tests on my site private since writing this. I guess I should of really researched a bit more rather than making the assumption they would be hidden, however,  here is one of my Private DNA tests. (Keep Test Private - Yes) Relavent Links, Media Links, Notes & Admin notes - none are ticked. 

There are 109 test profiles on my site, if you use other random numbers at the end of the URL you can see other testers info.

You can use htaccess to rewrite all urls to go to one. That means anyone visiting can't copy/save/find the specific url for dna or other info. This link gives some ideas.....

Share this post


Link to post
Share on other sites
bobbyfamilytree
10 hours ago, Ken Roy said:

Bobby,

I think there is a misunderstanding on how this all works   DNA Tests marked as Private are not displayed if users select DNA Tests from the TNG menu. 

I do not think there is anything within TNG that prevents direct URL display of any data if some one knows a URL.

 

I think this is a serious oversight.

 Within our trees we mark people as living and their details are kept private, but if they have a DNA test that information including their name it will be crawled and eventually searched and found by anyone. (in other words, you do not need to know the URL of a test because it will be eventually crawled and found)

What do I tell my users, sorry even though your tree profile is hidden, your DNA information is not and I cannot do anything about it - they wont be happy.

The privacy link between trees and DNA tests should be the same, it is not. The use of the word privacy in the DNA settings is misleading. 

I hope this is rectified.

 

2 hours ago, Chris Lloyd said:

You can use htaccess to rewrite all urls to go to one. That means anyone visiting can't copy/save/find the specific url for dna or other info. This link gives some ideas.....

Thanks i'll take a look at that. 

 

Share this post


Link to post
Share on other sites
Ken Roy
1 hour ago, bobbyfamilytree said:

Within our trees we mark people as living and their details are kept private, but if they have a DNA test that information including their name it will be crawled and eventually searched and found by anyone. (in other words, you do not need to know the URL of a test because it will be eventually crawled and found)

How can their DNA Tests be crawled?  I cannot access any of your DNA tests marked as "Keep Private"

I suspect that if I have a direct URL to a living or person marked Private, the same thing is possible.   I have no idea on how to prevent anyone accessing your site if the know the URL.

 

1 hour ago, bobbyfamilytree said:

Within our trees we mark people as living and their details are kept private, but if they have a DNA test that information including their name it will be crawled and eventually searched and found by anyone. (in other words, you do not need to know the URL of a test because it will be eventually crawled and found) 

If a person is marked Living or Private then their information is not available to the crawlers as far as I know.  So I do not know what you mean by the above statement,

 

Share this post


Link to post
Share on other sites
bobbyfamilytree

I'll finish off here, suspect we will go around in circles.

My TNG access log shows applebot.apple.com crawling quite a few of my pages, including about 7 private DNA Tests over the last couple of days

The word privacy and the reasonable expectation as to what that should do (within the DNA tests) is misleading, it is not as the word is intended because the contents of the URL is accessible.

Share this post


Link to post
Share on other sites
Leroy

Have you tried robots.txt?

User-agent: *
Disallow: /

 

Share this post


Link to post
Share on other sites
Ken Roy

Maybe the Apple bot is just refreshing its indexes from when your DNA Tests were not marked private.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×