bobbyfamilytree Posted May 20, 2020 Report Share Posted May 20, 2020 How do you keep a living individual's DNA results private? If you tick the ''keep name private'' it does this however, often the username is their actual name so this privacy setting can be useless. ''Keep Test Private'' isnt really private because it shows the username and Ancestral Names (not ticked in settings) So how do you keep living folks DNA profile private? Quote Link to comment Share on other sites More sharing options...
Rob Severijns Posted May 20, 2020 Report Share Posted May 20, 2020 Hello Bobby, I'm using TNG 12.3. I myself don't use the DNA options in TNG but there Is a checkbox option in the Setup / General Settings to keep the name private? When loggied in as a user, this hides all the dna data from that person (dead or alive). Don't know if this is also applicable to the rest of persons ancestors/children but you could give it a try. Kind regards, Rob Quote Link to comment Share on other sites More sharing options...
Ken Roy Posted May 20, 2020 Report Share Posted May 20, 2020 7 hours ago, bobbyfamilytree said: 'Keep Test Private'' isnt really private because it shows the username and Ancestral Names If you mark the DNA Test as "Keep Test Private" then only users who have the View Private information privilege should be able to see the tests. On the DNA Test record there is also a series of check boxes as to what Test Information To Display Quote Link to comment Share on other sites More sharing options...
bobbyfamilytree Posted May 21, 2020 Author Report Share Posted May 21, 2020 Thanks for replies. OK after further research it looks like I have to make every DNA test private If I copy a DNA URL profile (marked as private) into incognito then name/number (can be real name)and Ancestral names still appears and this being picked up crawlers, bots etc. (Whether you tick or untick Ancestral names it still appears in this regard) So if Jo Smith is listed as living in my tree then no one can see details on their profile page, as you would expect. If this same person then does a DNA test and is linked to his tree profile then his DNA details on the DNA page can be seen unless they are marked in DNA as Private. By default DNA testers should be private. Quote Link to comment Share on other sites More sharing options...
bobbyfamilytree Posted May 22, 2020 Author Report Share Posted May 22, 2020 Here is an example of a DNA profile that is viewed incognito. This profile is 'Private' (and living) At the very top it shows the (living) persons name. Number/Name - This Ancestry DNA profile name is their real name. Ancestral names - includes their surname and (living) ancestors Relevant Links - shows the link to their Ancestry profile even though it is not ticked. Notes - It shows the notes for this particular profile even though it is not ticked. The Private setting isnt really private. Quote Link to comment Share on other sites More sharing options...
Ken Roy Posted May 22, 2020 Report Share Posted May 22, 2020 20 hours ago, bobbyfamilytree said: If I copy a DNA URL profile (marked as private) into incognito Bobby, i have no clue as to what you mean by copying a DNA URL profile into incognito. Are you logged in to your TNG site at the time with View Private privilege. When I click on the My Site link in your signature and then select DNA Tests, I see not a single DNA Tests. Quote Link to comment Share on other sites More sharing options...
Ken Roy Posted May 22, 2020 Report Share Posted May 22, 2020 Best I can tell, incognito simply pertains to browsing history Quote Alternatively referred to as private browsing, InPrivate Browsing, or a private window, Incognito mode is an Internet browser setting that prevents browsing history from being stored. Marking a DNA Test "Keep as Private" means to only allow users who have the View Private privilege to view the DNA Test. If you are logged in as TNG Administrator, you would have the View Private privilege. The Private setting has nothing to do with incognito browsing. To test how DNA Tests marked as Private tests work, you need to access as a unlogged in visitor to your site. You could also test with a user that allows access to View Private restricted to a specific branch of your tree. Best i can tell your tests are now all marked Private, since I could not view any. Quote Link to comment Share on other sites More sharing options...
bhemph Posted May 22, 2020 Report Share Posted May 22, 2020 Ken, It looks like Bobby was using the incognito window to go to the same address as one of the DNA tests in order to test being a guest who is not logged in, no chance of it grabbing a prior admin session. So he is saying that if you can guess the right # for what test ID exists, or a computer tries to brute force it, the private results can be viewed. Brent Quote Link to comment Share on other sites More sharing options...
Ken Roy Posted May 22, 2020 Report Share Posted May 22, 2020 Thanks Brent, Your assessment might be correct. Since he did not provide the URL that he pasted, I cannot test whether I can access it without being logged in with no View Private privilege. I do not think that copying the URL is a valid way to test whether access to the DNA Tests are being protected. As I indicated, I cannot access the DNA Tests on Bobby's site, whereas I was able to when Jeff and I were developing some of the code that was turned over to TNG. Quote Link to comment Share on other sites More sharing options...
bobbyfamilytree Posted May 25, 2020 Author Report Share Posted May 25, 2020 I made all DNA tests on my site private since writing this. I guess I should of really researched a bit more rather than making the assumption they would be hidden, however, here is one of my Private DNA tests. (Keep Test Private - Yes) Relavent Links, Media Links, Notes & Admin notes - none are ticked. There are 109 test profiles on my site, if you use other random numbers at the end of the URL you can see other testers info. Quote Link to comment Share on other sites More sharing options...
Ken Roy Posted May 25, 2020 Report Share Posted May 25, 2020 Bobby, I think there is a misunderstanding on how this all works DNA Tests marked as Private are not displayed if users select DNA Tests from the TNG menu. I do not think there is anything within TNG that prevents direct URL display of any data if some one knows a URL. Quote Link to comment Share on other sites More sharing options...
Chris Lloyd Posted May 25, 2020 Report Share Posted May 25, 2020 8 hours ago, bobbyfamilytree said: I made all DNA tests on my site private since writing this. I guess I should of really researched a bit more rather than making the assumption they would be hidden, however, here is one of my Private DNA tests. (Keep Test Private - Yes) Relavent Links, Media Links, Notes & Admin notes - none are ticked. There are 109 test profiles on my site, if you use other random numbers at the end of the URL you can see other testers info. You can use htaccess to rewrite all urls to go to one. That means anyone visiting can't copy/save/find the specific url for dna or other info. This link gives some ideas..... Quote Link to comment Share on other sites More sharing options...
bobbyfamilytree Posted May 25, 2020 Author Report Share Posted May 25, 2020 10 hours ago, Ken Roy said: Bobby, I think there is a misunderstanding on how this all works DNA Tests marked as Private are not displayed if users select DNA Tests from the TNG menu. I do not think there is anything within TNG that prevents direct URL display of any data if some one knows a URL. I think this is a serious oversight. Within our trees we mark people as living and their details are kept private, but if they have a DNA test that information including their name it will be crawled and eventually searched and found by anyone. (in other words, you do not need to know the URL of a test because it will be eventually crawled and found) What do I tell my users, sorry even though your tree profile is hidden, your DNA information is not and I cannot do anything about it - they wont be happy. The privacy link between trees and DNA tests should be the same, it is not. The use of the word privacy in the DNA settings is misleading. I hope this is rectified. 2 hours ago, Chris Lloyd said: You can use htaccess to rewrite all urls to go to one. That means anyone visiting can't copy/save/find the specific url for dna or other info. This link gives some ideas..... Thanks i'll take a look at that. Quote Link to comment Share on other sites More sharing options...
Ken Roy Posted May 26, 2020 Report Share Posted May 26, 2020 1 hour ago, bobbyfamilytree said: Within our trees we mark people as living and their details are kept private, but if they have a DNA test that information including their name it will be crawled and eventually searched and found by anyone. (in other words, you do not need to know the URL of a test because it will be eventually crawled and found) How can their DNA Tests be crawled? I cannot access any of your DNA tests marked as "Keep Private" I suspect that if I have a direct URL to a living or person marked Private, the same thing is possible. I have no idea on how to prevent anyone accessing your site if the know the URL. 1 hour ago, bobbyfamilytree said: Within our trees we mark people as living and their details are kept private, but if they have a DNA test that information including their name it will be crawled and eventually searched and found by anyone. (in other words, you do not need to know the URL of a test because it will be eventually crawled and found) If a person is marked Living or Private then their information is not available to the crawlers as far as I know. So I do not know what you mean by the above statement, Quote Link to comment Share on other sites More sharing options...
bobbyfamilytree Posted May 27, 2020 Author Report Share Posted May 27, 2020 I'll finish off here, suspect we will go around in circles. My TNG access log shows applebot.apple.com crawling quite a few of my pages, including about 7 private DNA Tests over the last couple of days The word privacy and the reasonable expectation as to what that should do (within the DNA tests) is misleading, it is not as the word is intended because the contents of the URL is accessible. Quote Link to comment Share on other sites More sharing options...
Leroy Posted May 27, 2020 Report Share Posted May 27, 2020 Have you tried robots.txt? User-agent: * Disallow: / Quote Link to comment Share on other sites More sharing options...
Ken Roy Posted May 27, 2020 Report Share Posted May 27, 2020 Maybe the Apple bot is just refreshing its indexes from when your DNA Tests were not marked private. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.