Start a new topic

Tags used on private pages are leaked in tag search and tag completion

Using a tag on a post will index it for global tag search and for tag completion, visible to any user. It seems that this applies even to posts on private pages.* Since tags can be arbitrarily long and may be used for tumblr-style commentary, this has the unwanted side-effect of leaking potentially private information in full sentences to any user, simply by chance of them typing a tag into the post compose box that has the same prefix.


*I briefly checked whether un-/following the private page affects this. After I unfollowed the private page, the unique tag was still listed for tag completion in the post compose box, so I assume this behavior is global.


15 people have this problem

 Cosigning. Via a tag search I was shown a tag that was clearly...... well. gossipmongering about someone, but I nor others I know can see the post. Seems in poor taste to air dirty laundry!

this happened to me just now! neither deleting the original post or removing the original tags prevents them from being suggested either. really not comfortable with tags from my locked page forever being suggested to others, or others' private tags being shown to me, so hoping this gets fixed.

co-signed, this still happens and is definitely a big privacy issue. a friend saw this happen for their private blog and so i checked to see if i could see a tag from a private blog that wasn’t my own (because i thought maybe it could just be across your account) but no, the tag from someone else’s private blog still popped up to autofill on my non private blog when i typed it in. this is potentially exposing minors (+ others who just are uncomfy with it) to people’s nsfw commentary that they typed on accounts they thought would be private so i hope it can be fixed quickly

chosigned. dont really like my private tags showing up globally, they use a fairly notable character name and it sheds some weird light when you go to search said character

cosigned

Login or Signup to post a comment