Tags used on private pages are leaked in tag search and tag completion
caaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaat
started a topic
6 months ago
Using a tag on a post will index it for global tag search and for tag completion, visible to any user. It seems that this applies even to posts on private pages.* Since tags can be arbitrarily long and may be used for tumblr-style commentary, this has the unwanted side-effect of leaking potentially private information in full sentences to any user, simply by chance of them typing a tag into the post compose box that has the same prefix.
*I briefly checked whether un-/following the private page affects this. After I unfollowed the private page, the unique tag was still listed for tag completion in the post compose box, so I assume this behavior is global.
caaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaat
Using a tag on a post will index it for global tag search and for tag completion, visible to any user. It seems that this applies even to posts on private pages.* Since tags can be arbitrarily long and may be used for tumblr-style commentary, this has the unwanted side-effect of leaking potentially private information in full sentences to any user, simply by chance of them typing a tag into the post compose box that has the same prefix.
*I briefly checked whether un-/following the private page affects this. After I unfollowed the private page, the unique tag was still listed for tag completion in the post compose box, so I assume this behavior is global.
4 people have this problem