Zorak (evwhore) wrote in suggestions,

on the tag counts page, exclude entries the viewer doesn't have access to

on the tag counts page, exclude entries the viewer doesn't have access to

Short, concise description of the idea
The http://username.livejournal.com/tag/ page shows a list of tags that 'username' has used, and the number of entries employing each tag. The count of entries ought not to include any entries which are hidden/protected from the person viewing the page.

Full description of the idea
Suppose I use a tag, 'foo' in a single friends-only entry. Someone browsing to http://username.livejournal.com/tag/ would only see the 'foo' tag appear if they are on my friends list (and logged in). This is great -- I was actually pleasantly surprised to see that the tags page gets this right.

However, suppose I have 4 'foo' entries, of which 3 are friends-locked. Someone visiting http://username.livejournal.com/tag/ will see 'foo' appear with 4 entries, regardless of whether they are on my friends list or not. If they then look at the entries and see only 1, they can deduce that there are 3 private 'foo' entries.

I don't personally consider this a huge deal, since I don't mind people being able to figure out that I have some friends-locked entries, but others might be more paranoid, and since LJ bothers to get the behavior described in the first paragraph correct, it seems like a defect not to remedy the information leakage described in the 2nd paragraph.

An ordered list of benefits
  • Readers will not have indirect evidence of entries they are not permitted to access.
  • Consistency in how friends-locked and other protected entries are handled in calendar display, next entry/previous entry buttons, etc. (If you click "next entry" and the next entry is protected from you, it *used* to be the case that you got an error "You are not allowed to view that entry" but now it simply skips over it to the next one that you *are* allowed to view, which is also the "correct" behavior.)
An ordered list of problems/issues involved
  • Other than requiring development work, I can't think of any drawbacks to implementing this request.
Tags: security, tags, § migrated
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded