Jump to content
TNG Community
bobbyfamilytree

DNA Privacy

Recommended Posts

bobbyfamilytree

How do you keep a living individual's DNA results private?

If you tick the ''keep name private'' it does this however, often the username is their actual name so this privacy setting can be useless.

''Keep Test Private'' isnt really private because it shows the username and Ancestral Names (not ticked in settings)

So how do you keep living folks DNA profile private? 

 

Share this post


Link to post
Share on other sites
Rob Severijns

Hello Bobby,

 

I'm using TNG 12.3.

I myself don't use the DNA options in TNG but there Is a checkbox option in the Setup / General Settings to keep the name private?

image.png

 

When loggied in as a user, this hides all the dna data from that person (dead or alive). Don't know if this is also applicable to the rest of persons ancestors/children but you could give it a try.

Kind regards,

 

Rob

Share this post


Link to post
Share on other sites
Ken Roy
7 hours ago, bobbyfamilytree said:

'Keep Test Private'' isnt really private because it shows the username and Ancestral Names

If you mark the DNA Test as "Keep Test Private" then only users who have the View Private information privilege should be able to see the tests.  On the DNA Test record there is also a series of check boxes as to what Test Information To Display

Share this post


Link to post
Share on other sites
bobbyfamilytree

Thanks for replies.

OK after further research it looks like I have to make every DNA test private

If I copy a DNA URL profile (marked as private) into incognito then name/number (can be real name)and Ancestral names still appears and this being picked up crawlers, bots etc. (Whether you tick or untick Ancestral names it still appears in this regard)

So if Jo Smith is listed as living in my tree then no one can see details on their profile page, as you would expect. If this same person then does a DNA test and is linked to his tree profile then his DNA details on the DNA page can be seen unless they are marked in DNA as Private.

By default DNA testers should be private.

 

 

 

Share this post


Link to post
Share on other sites
bobbyfamilytree

Here is an example of a DNA profile that is viewed incognito.

This profile is 'Private' (and living)

At the very top it shows the (living) persons name.

Number/Name - This Ancestry DNA profile name is their real name.

Ancestral names - includes their surname and (living) ancestors

Relevant Links - shows the link to their Ancestry profile even though it is not ticked.

Notes - It shows the notes for this particular profile even though it is not ticked.

Screenshot 2020-05-22 at 9.jpg

 

The Private setting isnt really private.

Share this post


Link to post
Share on other sites
Ken Roy
20 hours ago, bobbyfamilytree said:

If I copy a DNA URL profile (marked as private) into incognito

Bobby,

i have no clue as to what you mean by copying a DNA URL profile into incognito.  Are you logged in to your TNG site at the time with View Private privilege. 

When I click on the My Site link in your signature and then select DNA Tests, I see not a single DNA Tests.

Share this post


Link to post
Share on other sites
Ken Roy

Best I can tell,  incognito simply pertains to browsing history

Quote

Alternatively referred to as private browsing, InPrivate Browsing, or a private window, Incognito mode is an Internet browser setting that prevents browsing history from being stored.

Marking a DNA Test "Keep as Private" means to only allow users who have the View Private privilege to view the DNA Test.  If you are logged in as TNG Administrator, you would have the View Private privilege.

The Private setting has nothing to do with incognito browsing.  To test how DNA Tests marked as Private tests work, you need to access as a unlogged in visitor to your site.   You could also test with a user that allows access to View Private restricted to a specific branch of your tree.

Best i can tell your tests are now all marked Private, since I could not view any. 

Share this post


Link to post
Share on other sites
bhemph

Ken,
     It looks like Bobby was using the incognito window to go to the same address as one of the DNA tests in order to test being a guest who is not logged in, no chance of it grabbing a prior admin session.  So he is saying that if you can guess the right # for what test ID exists, or a computer tries to brute force it, the private results can be viewed.

Brent

Share this post


Link to post
Share on other sites
Ken Roy

Thanks Brent,

Your assessment might be correct.  Since he did not provide the URL that he pasted, I cannot test whether I can access it without being logged in with no View Private privilege. 

I do not think that copying the URL is a valid way to test whether access to the DNA Tests are being protected.  As I indicated, I cannot access the DNA Tests on Bobby's site, whereas I was able to when Jeff and I were developing some of the code that was turned over to TNG.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×