Can non-members access a profile's change page?

Question

I realize that the profile is open, however I thought that non-members can only see the public view page of profiles.  I just saw, however, that I was "thanked" by an IP address via a link on the change page:

21:49: 73.1.77.233 thanked You for this 23:13: You edited the Biography for Chawa (Kanowicz) Dyman (1868-). [1 thank-you received]

EDITED:  Walking on eggshells because I feel intimidated, plus fearing inadvertent violation of the new discussion rules, I will not respond further in this question.  I am very appreciative of all the answers and comments of those who further researched to clarify the conditions under which the problem exists and I feel no need for further discussion, however I am not going to close the question because I want to be sure that Jamie gets to see it, since I am concerned about an unintended back door in the software.

Comments

Judging by responses so far in this discuss non-members can access not only the Profile Manager's Contributions but also Changes on individual profiles.  

And if they can do THAT much, then they can also access info on a Unlisted (Living) person's file.  And if so, what DOES that do for Privacy?

---

No, Susan, I don't think they can access any pages of an Unlisted profile.  Those pages are hidden from everyone except the trusted list.  I think protections are working properly for profile privacy levels, which limit the change pages to the trusted list.  This situation is a "back door" that allows anyone to see change pages for open profiles.  I have not tested, but I expect that it would not work on public or private profiles.  My opinion is that it needs to be closed up for open profiles so that only logged in members are able to see the change page.

---

Gaile, I just checked a green-locked profile as not logged in on a different browser - and not only can I see the change log, I have access to information on that profile that is supposedly hidden behind <!-- -->

This really bothers me because that information is sensitive.

---

Sigh. Gaile, it looks like others are discovering that "only open profiles" -- the white padlock-- isn't the case, but that even a green padlock was accessed

I think the imposed Privacy Levels are ineffective 

Ales and Chris W. need to address this back-door access ASAP.  

---

Green is public, just not open for edit.

---

@ Tommy - we know that.  That's why we were testing to see if the change log on something other than an open (white)lock was accessible to people who are not logged in.  Answer : YES.

---

If you have private or sensitive info, I don't believe it should be entered (even temporarily) on a publicly viewable profile.

And restricting access to such info to any logged-in users vs the general public still doesn't protect the privacy/sensitivity of the info.

---

Melanie, now I'm scared that we might be able to get to change pages for private profiles through this back door - even members (other than trusted list) aren't supposed to be able to see contents of the edit page, which are partially displayed on the change pages.  I'm not gonna go test it, though - it's late, I'm tired, and also in the midst of trying to finish up a profile I'm working on.

---

@ Rick - but there is the belief that those who are logged in have signed the Honor Code.  The same belief has been that the coloured locks prevent certain access.  This is not true, if anyone who is not logged in can see the entire change log down to the last crossed t and dotted i.

---

Rick, I never display the temporarily parked sources on the public view page of a profile - they're always in a comment that restricts them to the edit page and if/when the person turns out to be living (or possibly living) I delete those sources.

I see no reason to be concerned about revealing a source citation to members for information (even if it is about a possibly living person) that is freely accessible to the world at familysearch or ancestry, especially when it ends up only visible on a change page after it has been deleted.

---

If the profile is open to the public to see, why wouldn’t the change log be open to the public to see regardless of whether you are logged in or not?

---

Tommy, for privacy levels "open" (white) and "public" (green), the public view page of the profile (that everyone can see) shows everything, exactly the same as the private view page (that is restricted to the trusted list) does.  The only difference between "open" and "public" is for logged-in members.  For "open" profiles, logged-in members see tabs for Edit, Family Tree&Tools, Changes, and Privacy pages, but for "public" profiles, logged-in members still see only the Public View.  Of course, this is for non-trusted list - people on the trusted list see all the tabs for all profiles (including Private View), regardless of profile privacy level.

---

If your own bio is set to private, other members can see your contribution list but if they click on your own contributions to your profile they won't see anything.  

If they click on a change you have made on another profile they will only be able to see the change if that profile is public.  If the profile you've changed is private no one will be able to see what change you've made.

---

SJ, all members' own profiles have the same privacy setting - private - with the only difference being whether the member has chosen to make visible their biography, their family tree, both, or neither.

I have no issue with a member being able to see all the changes on open profiles.  I would not even mind if all members could see changes on public profiles, although they don't see the tab to access the change page on public profiles (unless they are on the trusted list).  My concern is that it seems wrong for everyone (including non-logged-in persons) to have a way to see all changes ever made on all open and public profiles.

---

Hi Melanie and others,

This is not a reply to the original question, but I just want to say that anything you write in a HTML comment (<!-- -->) on any page that is accessible online can always be seen by everyone, if they choose to "View source" on that page.

Kind regards,
Maria

Answer 1

Gaile, non-members can see members' contribution logs, and send thank yous from there.  You can verify by logging out and going to a member profile.

Comments

I checked on this very thing last week .. and on three separate browsers, while NOT logged in, I was able to access the activity lists etc.

---

WOW!  I didn't realize that everyone (meaning the public) can see the change page.

There are times I have depended on change pages being limited to members.  I have often put temporary information on a profile that is about a relative, typically source citations for sources about the relative that I happen to come across while researching the profile.  That way, it's available to me later when I get up to adding the relative.  The problem is that sometimes the relative turns out to be living and I don't add the profile and delete the source.  If the public can see the change pages, then everyone can see information that I removed because it's about a living person … this is *NOT* a good thing!!!

EDITED - Oops - I mis-read the first time and thought you said everyone can see the change page - as long as it's only the contribution page, that's ok - it doesn't show the data that got changed.

---

Yeah ..I have left sensitive info on a profile to be dealt with later, and started to wonder how safe it was.

---

I have not checked whether a non-member can drill down on a particular edit entry from a contributions list, and enter a Changes page that way.  It's an experiment you might try.  Just log out, and WT thinks you are a non-member.

Thanks for the star, Melanie!

---

although … I suppose we need to be careful when adding the "explain your change" to make sure it's only stuff that's ok for public view, since the public can see that on the contributions list.

---

What can be seen by someone not logged in :

Full version on click.

---

Uh-Oh … I just used a browser where I'm not logged in, went to my profile, clicked the contributions link, then clicked one of the "edited the Biography" links on that.  I got to the change page that showed the change and, even worse, I could navigate from there to all the rest of the changes for the profile.

I hope Jamie weighs in on this.  I would like to see privacy protection for the change page added to the to-do list, and hopefully at a high priority level.

This is not a good thing - for me, at least, because it means that things I have deleted because they don't belong in public view are still publicly accessible.

---

If you have potential sources and/or other info which may include info on living individuals or which may disclose potentially sensitive info, I don't believe that info should be entered (even temporarily) on a publicly viewable profile.

I use Unlisted Free Space pages to store such info, if I feel the need to save it on WikiTree at all. My understanding of Unlisted Free Space Pages is that the only thing revealed about them is the Space Page name (name it carefully!), if you hover over the edit or page links in the contribution logs (similar to Unlisted living profiles). But the changes should not be viewable. As someone already mentioned, I also avoid adding comments on the edit contents of such changes, since it can also be viewable in the contribution logs.

Also from the WikiTree Privacy Policy ...

Information that you have publicly shared about non-living people using the "Public" and "Open" privacy levels can be corrected if there are mistakes but it cannot be deleted unless it reveals Personal Information about living people.

Not sure if you would need to email info at wikitree dot com with the specifics of any living individual personal info that's still being revealed in contribution/change logs, even though the info has already been deleted from a profile, to have any traces of that info deleted, or if you could still use the PRIVACY TAKE-DOWN REQUEST for that.

---

Public visibility of your change log shows the log but not the changes.  Those changes visibility is dependent on the privacy of the profile that was changed, not dependent on your own profile's privacy settings.

---

SJ, please see my response to your comment on Chase's answer.  This has nothing to do with a member's own profile and, by the way, the privacy settings of all member profiles is private (our only choice is which of the four subsets of private).

---

Thanks for the star Gaile!

---

Sorry, Herbert - it looks like someone doesn't agree with Melanie and me that your answer is best - it's now been de-selected twice and I'm not inclined to get into a best answer selection war, even though as the asker of the question I believe I am best able to decide which answer I find most helpful.

---

Thanks Gaile that's very kind.  And thanks again Melanie!

Answer 2

Maybe it was a person who saw that change in their activity feed, but wasn't logged in.

Comments

doesn't matter if it was a member - if they saw it in activity and clicked the link when they weren't logged in then they shouldn't have gotten to see the page … unless, as Herb said below, non-members are permitted to see changes.

---

From any of the Activity Feed emails that show changes being made to any page, it has a Thank You link.  If I used that link in an incognito mode browser, so I wasn't logged in, it has a button 'Thank anonymously'.  I don't see the Changes Log.

If I click the Edited the Data / Biography, I do see that one change entry when I am not logged in, so I can then go through all of the Changes Log.

I would agree that if they are requiring G2G to be logged in now to post anything, they should also require Log in to see the Changes Log or any individual entry.  They should only be able to 'view' profiles in Public Mode

Answer 3

I don't think so. Unless you are a logged in member, you only see the public page and you don't see any link/tab for Edit, Images, Family Tree & Tools, Changes, or Privacy. (Come to think about it, the inability to see the Family Tree or use other tools is a huge drawback to not being a member. I had thought the only difference was the nonmembers couldn't edit.)

Comments

That's what I thought, but this is a case of a non-logged-in person clicking a link that can only be seen on the change page.

---

Check the privacy setting of the profile that is linked in the change page.  The visibility is dependent on that profile's privacy, not the activity feed of another profile.

---

SJ, Chase's answer is correct about what tabs are displayed (therefore what other pages can be accessed) on the public view page of a profile, but that does not apply to this situation.  I am not talking about what tabs you see when you are on the public view page of a profile.  My problem is that when you look at the public view page of a member's profile and click the link to see his/her contributions, everyone - members and non-logged-in persons - can see links to each change page.  Anyone who clicks one of those links can see the change page detailing the information that was changed.  In addition, from that change page, they can navigate to all the other change pages, enabling them to see everything that was ever entered in that profile.

I believe that WikiTree does not intend non-logged-in persons to have access to the change page of any profile (including open and public ones) because they do not see the changes tab when they are on the public view page.  Thus, the contribution list of any member, which everyone (not just logged in members) can see, gives non-members a back door they can use to access the change page for open and public profiles, and from there they can see everything that is now and ever was in that profile.

Melanie had beat me by a couple of seconds to selecting Herbert's answer as best earlier and, especially after all the discussion in its comments that further clarified exactly how the software is working for this, I feel the need to change SJ's selection of this as best answer back to the original selection.  Chase, I apologize for doing this because I appreciate your answer, which is absolutely correct and has relevance, but just is not as responsive to this issue.

---

My problem is that when you look at the public view page of a member's profile and click the link to see his/her contributions, everyone - members and non-logged-in persons - can see links to each change page.

This is correct.

My problem is that when you look at the public view page of a member's profile and click the link to see his/her contributions, everyone - members and non-logged-in persons - can see links to each change page.

When you click on the links to the change pages:

* If the profile in question is public you will be able to see the change log.

* If the profile is private or unlisted you will be routed to the profile page, not the change log.

Answer 4

I did a little testing on this. I logged out of my account and tried to access the details of one of my contributions for a specific profile. Here are the results:

• Red Privacy: I can click on the "edited biography" change entry in my contributions, and I am taken to the edited profile, but it doesn't show the details of the change. It only links me to the profile page. From that page, if I click on the "edited the biography" link, it just reloads that same profile page, not the details of the change that was made.
• Orange Privacy (public biography): Same result as above
• Light Orange Privacy (public tree): Same result as above
• Yellow Privacy (public bio & tree): Same results as above
• Green Privacy (public): Change log is also public.
• White Privacy (open): same as Green

This appears to be consistent with the descriptions of the privacy levels here: https://www.wikitree.com/wiki/Help:Privacy

Edited for clarity.

Comments

Julie, thank you for the organized description of what who can/can't see on the different privacy levels.

The only thing the help page says about it is that anyone can view all the information on an open or public profile.  I interpret that as meaning the public view page.  The help page does not address who can see change pages for open and public profiles.

Since non-logged-in persons do not see the changes tab on any profiles - including open and public - they cannot get to see the change page that way.  

This led me to assume that only logged in members could see the change page for open profiles and only the trusted list could see the change pages for public profiles.  That is why I became concerned when I discovered that anyone can see the change pages for open and public profiles by clicking the link that is shown on the contributions page for a member.

---

I don't believe most of us would have considered that

Anyone can view all the information on a Public profile.

. . . meant that every single edit made was included.  I believe most of us take that sentence to mean "what you see when clicking the public view tab" as opposed to what is seen on the private view tab. 

Answer 5

Information on a public or open profile is public, including the change history for that public information.

Only showing the change histories to logged in members would do nothing to protect privacy, since anyone can sign up for an account.

People should not be putting private, sensitive information in public profiles, even temporarily.

Comments

I agree with Gaile's concerns and feel that non-member access to Changes logs is a post-GDPR/post-Genealogist Section/post-"explain your changes" privacy loophole that should be closed.

While direct access to Unlisted profiles does not appear to be possible, indirect access does appear to be possible. This indirect access is possible not only from Public/Open profiles; access appears to be possible from profiles up to non-member Private/Red Lock profiles. Explanations of changes and specific change pages all appear to be accessible. The Changes log also may allow information regarding family connections to Unlisted individuals to become public to non-members.

That we should not be placing private/sensitive information/connections on any profile is moot once that information and those connections have been added. That information/those connections may be accessible even if they are deleted from the related profiles.

---

The privacy help page states that the activity items are viewable by anyone. That would include people not logged in, as well. Seeing the details of the changes however, depends on the privacy level of the profile and the trusted list status of the viewer.

---

But when were those guidelines established (guideline pages state when a page was last edited, but not when it was established or what was edited)?

Have they been reviewed and/or updated since we went GDPR compliant (end  of May, 2018, if I am not mistaken)?

We have made various policy/procedure changes/updates since 2018. Have we integrated these changes/updates properly into related guidelines?

That we have such statements in our current Help:Privacy page does not negate the possibility that allowing Changes log summary/details access risks privacy violations for information that other current Help pages obligate us to protect.