metta
Just now discovered all of my private thoughts in a public brain are not private when I am logged out.

In light of this, be sure to check the display status of your private thoughts before using the new embed feature.

Will be looking forward to an update from TheBrain staff on the status of this important issue.
Quote
mctrexler
I have posted on this point repeatedly.  TB finally made it possible to hide private thoughts on the desktop (rather critical for Skype or other screen-sharing), but have left private thoughts visible in web client? If that's the case, that's . . . . .  odd.  What definition of privacy are they using?  
Quote
metta
Update: Logged in and logged out again, and now my private thoughts are hidden again.

In light of this, I'm not sure how easy it will be to replicate this issue.

If there's any history of this happening, or any hints/tips for preventing this from happening, I'll be interested to learn more since I don't want to start sharing any brains created in TB until I know that private thoughts can be trusted to remain private.
Quote
ruudhein
Most browsers have an incognito mode nowadays: this uses no existing cookies and, once exited, doesn't leave cookies either. That's the best way to check.

Find your browser here and check for the appropriate instructions on how to launch private browsing mode:  https://www.computerhope.com/issues/ch001378.htm
Using: Evernote | FilterizeDynalist | InstaPaper | Liner | TheBrain v10.0.30.0
Quote
Harlan
@metta: You must have still been logged in when you saw the private thoughts. When you are not logged in, private thoughts are never displayed.

Private thoughts were originally designed to allow you to share your Brain on the web while keeping some information private but still connected to the thoughts you are sharing publicly. It was not intended for use on the desktop. Now that more people are using presentation tools like Skype that let them use the desktop client to share their brain we added ability to hide private thoughts in version 9 with a single menu option. In version 8, it was possible to do this, but it required many steps.
Regards,
-Harlan
Quote
Harlan
ruudhein wrote:
Most browsers have an incognito mode nowadays: this uses no existing cookies and, once exited, doesn't leave cookies either. That's the best way to check.

Find your browser here and check for the appropriate instructions on how to launch private browsing mode:  https://www.computerhope.com/issues/ch001378.htm


Another easy way to test is to use a different browser. For example: I use Chrome mostly but when I want to check how something looks when I have never logged into it or otherwise left digital footprints, I open the page in Firefox or Safari.
Regards,
-Harlan
Quote
metta
Harlan, I was NOT logged into the web client at the time my private thoughts appeared, as evidenced by the "Log In" option available in the web client while my private thoughts were on display.

NotLoggedIn.png 

This is precisely why I reported this issue as a bug.

In addition, as I indicated previously, the problem corrected itself later when I logged in and then logged back out again. Obviously, it would not have been possible for me to login (and out again) if I had already been logged in.

As for testing this issue using another browser or incognito mode, this will be helpful when the problem occurs again. In the meantime, though, since I've only observed this issue once, I have no idea how to replicate.

FYI, I was using Chrome at the time my private thoughts appeared while I was logged out.
Quote
metta
Since I didn't manage to capture any screenshots of the private thoughts displaying in the web client while I was logged out, I decided to check my browser history, and I found several examples illustrating this privacy issue.

The first set of screenshots below shows several private thoughts taken from my desktop brain. As you will see, the "private" icon is clearly visible on each the thoughts in each of these images.

PrivateThoughts_DesktopBrain1.png PrivateThoughts_DesktopBrain2.png PrivateThoughts_DesktopBrain3.png PrivateThoughts_DesktopBrain4.png 

The next set of screenshots reveals each of these thoughts displayed in the web client while I was clearly logged out:

PreLaunchAnnouncement.png UpdateMZWebSites.png ReferencesAll.png GrowingCollectionReferences.png Content.png Collections.png 
AdminAll.png 
At one point, the web client even displayed the very top of my private thought tree [Admin] with ALL the private child thoughts visible.

I will be looking forward to feedback from TB staff in light of this additional data.
Quote
Harlan
Thanks for the screenshots and information. I just did some testing here and there are two different problems that are happening here.

1. If you open a link to a thought new a new tab (by copying the URL and pasting it into a new tab for example), the app incorrectly shows you as being logged out even though in reality your session is still valid.

2. If you really are logged out and go to a link containing the GUID for a private thought, the thought name is displayed, but without links to any of the related thoughts.

Issue #1 is really a display problem. Issue #2 is a problem if somehow someone were to learn the GUID of your private thought. We will prioritize fixing #2 and look into #1 after that.
Regards,
-Harlan
Quote
metta
Thanks for your prompt and helpful feedback, Harlan. I very much appreciate your investigation and support on this issue during the weekend, and I'll be looking forward to learning more about the results of your troubleshooting.

In the meantime, would the first issue you identified account for the fact that at I one point I could view and access my entire private thought tree even though TB9 interface said I was logged out?
Quote
metta
I forgot to mention that while these private thoughts were visible in the web client, it was also possible to access them through the web client search -- in case this additional information might be helpful.
Quote
Harlan
Yes, when you were able to see and access everything the server session was still logged in even though the client did not correctly show you are being logged in.

Issue #2 is now fixed. 😉

I'll have someone fix issue #1 on Monday most likely.
Regards,
-Harlan
Quote
metta
Thanks again for your feedback and help, Harlan. Glad to hear issue #2 is already resolved. Many thanks for your ultra prompt support! :-)

Just to clarify about issue #1: if I was already logged in (in spite of the web client display saying I was logged out), how I was able to log in again?

I thought it would be impossible to initiate and go through the login process if I was already logged in -- and yet that is exactly what I did when it looked like I was logged out:
> I logged in again exactly as I would under normal circumstances and
> then I logged out again to see if the private thoughts would still be visible.

However, there was no sign whatsoever of anything being strange with the login process -- which surprises me, if (as you've suggested) I already was logged in.

Any additional clarification you can provide will be appreciated.
Quote
Harlan

I analyzed the code on the server and incoming requests. The requests show that when the client is showing that you are not logged in, the session you are using to talk to the server is actually logged in. The basic summary is:

1.The web client thinks that you are not logged in so it displays all of the controls allowing you to log in (saying you are not logged in, showing the login button, etc). However, the server session is still valid, meaning that requests from the client are handled as if you are logged in (showing private thoughts for example).

2. When you click the login button, you are asking the client to log in, which the server takes in stride as it does not prevent logging in even though the session is already logged in. Once you complete this login, the client and server now both agree that you are logged in. If you click the log out button, both will also agree.
Regards,
-Harlan
Quote
metta
Very helpful, Harlan. Thank you for taking time to provide this additional clarification.
Quote

Newsletter Signup  Newsletter        Visit TheBrain Blog   Blog       Follow us on Twitter   Twitter       Like Us on Facebook   Facebook         Circle Us on Google+  Google         Watch Us on Youtube  YouTube       

TheBrain Mind Map & Mindmapping Software     Download TheBrain Mind Mapping Software