Don't display account info or repurpose the Account info section

image

I don’t like that the email is displayed in the front page (for privacy concerns), as I think it should be something that’s buried in the settings.
Also the username is redundant as you can see it in the top right corner.

Trello link:

Completely agree. I understand that the email isn’t shown to anyone but me, but it being on this page makes me concerned since bugs do happen and it could be revealed accidentally at some point.

6 Likes

Fair enough. Honestly, the ‘account section’ is mostly a place holder to provide a link to your profile & editing your settings. The fact that I now verify your email makes surfacing the email less relevant as well.

I can take a look at what other websites are doing for an ‘account’ section or how they link to your profile from a dashboard.

FWIW, i’ve made it very hard for me to accidentally surface email information about a user. Whenever object data is surfaced to the website, the database object is converted into data for the website by a ‘serializer’ which I have to define and specify. By default, the serializers for users do not surface emails… and the only one that does has a very long identifier string haha.

Only in one place in the code do I surface the email data… and that’s only for the requesting user who’s logged in (yourself). Never a non-requesting user.

And all this is very well tested.

In summary, I fully know emails are the only sensitive information I have in my database… and treat them very carefully :slight_smile:

5 Likes

For me, is just that I have taken screenshots of the frontpage and accidentally leaked my email, because I don’t expect to have to censor information from a frontpage of a website. I’m pretty sure the database part of the data is being handled well.

That, and also that doesn’t seem to be that relevant of an information deserving to be on the frontpage.

Bookmeter has a quick profile section with some summary stats? Maybe something like that?

image

6 Likes

I would expect the email to be visible only on a settings page, not a profile/account page. Some websites also display something like never shown to anyone else in small font when it is on a public page so it’s clear. I’ve seen other places have it hidden, with a button/link to reveal it. Personally I would just remove it from the page though.

Did you name it SerializerThatRevealsEmailAddressWhichYouProbablyDontWantToUse? :joy:

5 Likes

I think that might work well.

Fair.

Yes, something similar to that :joy: :joy:.

Sometimes stupid things are effective…

5 Likes