Jump to content
TNG Community

DNA Privacy


bobbyfamilytree

Recommended Posts

bobbyfamilytree

How do you keep a living individual's DNA results private?

If you tick the ''keep name private'' it does this however, often the username is their actual name so this privacy setting can be useless.

''Keep Test Private'' isnt really private because it shows the username and Ancestral Names (not ticked in settings)

So how do you keep living folks DNA profile private? 

 

Link to comment
Share on other sites

Rob Severijns

Hello Bobby,

 

I'm using TNG 12.3.

I myself don't use the DNA options in TNG but there Is a checkbox option in the Setup / General Settings to keep the name private?

image.png

 

When loggied in as a user, this hides all the dna data from that person (dead or alive). Don't know if this is also applicable to the rest of persons ancestors/children but you could give it a try.

Kind regards,

 

Rob

Link to comment
Share on other sites

7 hours ago, bobbyfamilytree said:

'Keep Test Private'' isnt really private because it shows the username and Ancestral Names

If you mark the DNA Test as "Keep Test Private" then only users who have the View Private information privilege should be able to see the tests.  On the DNA Test record there is also a series of check boxes as to what Test Information To Display

Link to comment
Share on other sites

bobbyfamilytree

Thanks for replies.

OK after further research it looks like I have to make every DNA test private

If I copy a DNA URL profile (marked as private) into incognito then name/number (can be real name)and Ancestral names still appears and this being picked up crawlers, bots etc. (Whether you tick or untick Ancestral names it still appears in this regard)

So if Jo Smith is listed as living in my tree then no one can see details on their profile page, as you would expect. If this same person then does a DNA test and is linked to his tree profile then his DNA details on the DNA page can be seen unless they are marked in DNA as Private.

By default DNA testers should be private.

 

 

 

Link to comment
Share on other sites

bobbyfamilytree

Here is an example of a DNA profile that is viewed incognito.

This profile is 'Private' (and living)

At the very top it shows the (living) persons name.

Number/Name - This Ancestry DNA profile name is their real name.

Ancestral names - includes their surname and (living) ancestors

Relevant Links - shows the link to their Ancestry profile even though it is not ticked.

Notes - It shows the notes for this particular profile even though it is not ticked.

Screenshot 2020-05-22 at 9.jpg

 

The Private setting isnt really private.

Link to comment
Share on other sites

20 hours ago, bobbyfamilytree said:

If I copy a DNA URL profile (marked as private) into incognito

Bobby,

i have no clue as to what you mean by copying a DNA URL profile into incognito.  Are you logged in to your TNG site at the time with View Private privilege. 

When I click on the My Site link in your signature and then select DNA Tests, I see not a single DNA Tests.

Link to comment
Share on other sites

Best I can tell,  incognito simply pertains to browsing history

Quote

Alternatively referred to as private browsing, InPrivate Browsing, or a private window, Incognito mode is an Internet browser setting that prevents browsing history from being stored.

Marking a DNA Test "Keep as Private" means to only allow users who have the View Private privilege to view the DNA Test.  If you are logged in as TNG Administrator, you would have the View Private privilege.

The Private setting has nothing to do with incognito browsing.  To test how DNA Tests marked as Private tests work, you need to access as a unlogged in visitor to your site.   You could also test with a user that allows access to View Private restricted to a specific branch of your tree.

Best i can tell your tests are now all marked Private, since I could not view any. 

Link to comment
Share on other sites

Ken,
     It looks like Bobby was using the incognito window to go to the same address as one of the DNA tests in order to test being a guest who is not logged in, no chance of it grabbing a prior admin session.  So he is saying that if you can guess the right # for what test ID exists, or a computer tries to brute force it, the private results can be viewed.

Brent

Link to comment
Share on other sites

Thanks Brent,

Your assessment might be correct.  Since he did not provide the URL that he pasted, I cannot test whether I can access it without being logged in with no View Private privilege. 

I do not think that copying the URL is a valid way to test whether access to the DNA Tests are being protected.  As I indicated, I cannot access the DNA Tests on Bobby's site, whereas I was able to when Jeff and I were developing some of the code that was turned over to TNG.

Link to comment
Share on other sites

bobbyfamilytree

I made all DNA tests on my site private since writing this. I guess I should of really researched a bit more rather than making the assumption they would be hidden, however,  here is one of my Private DNA tests. (Keep Test Private - Yes) Relavent Links, Media Links, Notes & Admin notes - none are ticked. 

There are 109 test profiles on my site, if you use other random numbers at the end of the URL you can see other testers info.

Link to comment
Share on other sites

Bobby,

I think there is a misunderstanding on how this all works   DNA Tests marked as Private are not displayed if users select DNA Tests from the TNG menu. 

I do not think there is anything within TNG that prevents direct URL display of any data if some one knows a URL.

Link to comment
Share on other sites

Chris Lloyd
8 hours ago, bobbyfamilytree said:

I made all DNA tests on my site private since writing this. I guess I should of really researched a bit more rather than making the assumption they would be hidden, however,  here is one of my Private DNA tests. (Keep Test Private - Yes) Relavent Links, Media Links, Notes & Admin notes - none are ticked. 

There are 109 test profiles on my site, if you use other random numbers at the end of the URL you can see other testers info.

You can use htaccess to rewrite all urls to go to one. That means anyone visiting can't copy/save/find the specific url for dna or other info. This link gives some ideas.....

Link to comment
Share on other sites

bobbyfamilytree
10 hours ago, Ken Roy said:

Bobby,

I think there is a misunderstanding on how this all works   DNA Tests marked as Private are not displayed if users select DNA Tests from the TNG menu. 

I do not think there is anything within TNG that prevents direct URL display of any data if some one knows a URL.

 

I think this is a serious oversight.

 Within our trees we mark people as living and their details are kept private, but if they have a DNA test that information including their name it will be crawled and eventually searched and found by anyone. (in other words, you do not need to know the URL of a test because it will be eventually crawled and found)

What do I tell my users, sorry even though your tree profile is hidden, your DNA information is not and I cannot do anything about it - they wont be happy.

The privacy link between trees and DNA tests should be the same, it is not. The use of the word privacy in the DNA settings is misleading. 

I hope this is rectified.

 

2 hours ago, Chris Lloyd said:

You can use htaccess to rewrite all urls to go to one. That means anyone visiting can't copy/save/find the specific url for dna or other info. This link gives some ideas.....

Thanks i'll take a look at that. 

 

Link to comment
Share on other sites

1 hour ago, bobbyfamilytree said:

Within our trees we mark people as living and their details are kept private, but if they have a DNA test that information including their name it will be crawled and eventually searched and found by anyone. (in other words, you do not need to know the URL of a test because it will be eventually crawled and found)

How can their DNA Tests be crawled?  I cannot access any of your DNA tests marked as "Keep Private"

I suspect that if I have a direct URL to a living or person marked Private, the same thing is possible.   I have no idea on how to prevent anyone accessing your site if the know the URL.

 

1 hour ago, bobbyfamilytree said:

Within our trees we mark people as living and their details are kept private, but if they have a DNA test that information including their name it will be crawled and eventually searched and found by anyone. (in other words, you do not need to know the URL of a test because it will be eventually crawled and found) 

If a person is marked Living or Private then their information is not available to the crawlers as far as I know.  So I do not know what you mean by the above statement,

 

Link to comment
Share on other sites

bobbyfamilytree

I'll finish off here, suspect we will go around in circles.

My TNG access log shows applebot.apple.com crawling quite a few of my pages, including about 7 private DNA Tests over the last couple of days

The word privacy and the reasonable expectation as to what that should do (within the DNA tests) is misleading, it is not as the word is intended because the contents of the URL is accessible.

Link to comment
Share on other sites

Maybe the Apple bot is just refreshing its indexes from when your DNA Tests were not marked private.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...