docs: add privacy hardening docs
All checks were successful
Flake checks / Check (pull_request) Successful in 4m45s

This commit is contained in:
Benjamin Bädorf 2024-01-07 00:32:59 +01:00
parent 9bde9237d2
commit 9cf04fd710
No known key found for this signature in database
GPG key ID: 1B7BF5B77A521346

11
docs/privacy-hardening.md Normal file
View file

@ -0,0 +1,11 @@
# Privacy hardening
Some default options in the services we run are not as privacy friendly as they can be. Oftentimes, services assume they are running for an organization in which everyone knows (or wants to know) everyone else. However, when running a public service accounts should be hidden from other users.
## Nextcloud account leaking
By default, accounts are visible globally across the instance. To prevent this, go into the administration settings -> Sharing. Check the option saying "Restrict users to only share with users in their group".
## Forgejo email leaking
By default, emails are visible on the explore page for other logged in users. We have disabled this in the config by setting `service.DEFAULT_KEEP_EMAIL_PRIVATE` to `true`.