I found the solution, just after posting this ticket, thanks for checking anyway....

thank you for your update :)

Hi,

could you please share with us? about the issue :)
maybe jomsocial can put it into next release.

Regards

As you can see from the settings page below, the Admin visibility can be globally overridden by this TAB. Here's a list of potential threat situations where this switched option can cause security vulnerabilities.

1) With this option ENABLED, the admin profile is visible at all times irrespective of frontend profile privacy setting, Mine is currently set to DISABLED on the profile privacy options. Yet my account shows as online even if I only sign into the backend administration control panel.

2) Administrators should be able to create Super user accounts that do NOT generate a frontend profiles, this issue relates to SU accounts being brute forced for passwords. It doesn't take long for a hacker to potentially identify admin and SU accounts from frontend activity early in a sites development and use that to solve one part of the SU sign in process on the backend.

Especially if the site developer has not deployed sign-in restriction like Akeeba AdminTools. I'd like to be able to create SU accounts that at no time become visible from frontend or JomSocial automatically generate a profile for SU accounts.

For monetised (subscription based) sites this amongst other security considerations this is essentially an unknown vulnerability that needs addressing. Super Admins don't normally require access to the frontend let alone have a publicly viewable profile. You can however safely demote the current SU accounts, generating new SU accounts with NO visible frontend presence.

I hope this explains my concerns, not only in the JomSocial admin visibility override switch, which forces an online visibility.
and the possibility of generating stealthy 'Super User' accounts.

Hi,

this is not issue, but more likely as feature request to make stealthy 'Super User' accounts.
I will marked this topic as feature request.

Regards

I raised a few points and although some of it can be seen as a feature request, you have overlooked the real issue.

ADMIN ACCOUNTS ARE VISIBLE REGARDLESS OF FRONTEND PRIVACY SETTINGS, THE ONLY WAY TO PREVENT THIS IS TO DISABLE THE JOMSOCIAL ADMIN VISIBILITY SWITCH. HOW IS THIS NOT A SECURITY/PRIVACY ISSUE?

Please do not be so quick to dismiss this as just a feature request....

Hi, Zurkster.

It seems that your post contains both issue report and feature request. As for feature request (2) please, spot here: www.jomsocial.com/uservoice
As for issue report (1) you mean that if "Show Administrator on Member Lists" is ENABLED then it overrides profile privacy settings? So let's say I set Admin profile privacy to Friends only (so no one that is not my friend can't see details of my profile) and I enable "Show Administrator on Member Lists" - then Admin profile details become accessible?

This switch has opposite meaning - if it's disabled then Admin shouldn't appear on members list but it shouldn't (no matter if enabled or disabled) influence profile provacy settings (e.g photos or events or profile privacy view).