From 9cf04fd7109708ebc1dcafeb5467a1030012f9de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= <hello@benjaminbaedorf.eu>
Date: Sun, 7 Jan 2024 00:32:59 +0100
Subject: [PATCH] docs: add privacy hardening docs

---
 docs/privacy-hardening.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 docs/privacy-hardening.md

diff --git a/docs/privacy-hardening.md b/docs/privacy-hardening.md
new file mode 100644
index 0000000..f3f4850
--- /dev/null
+++ b/docs/privacy-hardening.md
@@ -0,0 +1,11 @@
+# Privacy hardening
+
+Some default options in the services we run are not as privacy friendly as they can be. Oftentimes, services assume they are running for an organization in which everyone knows (or wants to know) everyone else. However, when running a public service accounts should be hidden from other users.
+
+## Nextcloud account leaking
+
+By default, accounts are visible globally across the instance. To prevent this, go into the administration settings -> Sharing. Check the option saying "Restrict users to only share with users in their group".
+
+## Forgejo email leaking
+
+By default, emails are visible on the explore page for other logged in users. We have disabled this in the config by setting `service.DEFAULT_KEEP_EMAIL_PRIVATE` to `true`.
-- 
2.44.1