When a member likes or comments on another member's photos, this activity appears on the Activity stream wall
The activity includes a copy of the picture that that was commented on or liked.

This activity is then visible to ALL members, irrespective of whether they are friends with either the commentor OR the member whose content is being commented on or liked.

The effect is that non-friends can see private photos on the wall, even if they are not friends with the member.
How do we stop this from happening. I don't mind if the comment activity is placed on the wall but the attached picture should either not be visible or visible only to people who are friends with the owner of the photo.

Maybe I just have a error in my settings.
Currently my default friends privacy is set to members.
Please confirm that if I set my default friends privacy to friends instead of members, then any activity of my friends on my profile will only be visible to me and my friends.
i.e if a friend likes my photo then that activity on the wall will only be visible to friends and not every member

Okay...so this is only half the solution.
I have 3 users....user A, B and C.
Default friends privacy is set to friends.

User A is friends with User B but not user C
User C is friends with user A but not user B

user A comments on a picture in user B's album marked friends only.
That comment, plus the picture, appears on the activity wall for user A, B AND C
Surely User C should not see the picture on the wall as they are not friends with user B?

Please can someone explain exactly how the privacy setting work.

Another example:

User A LIKES a picture in a private group that they belong to. This activity and the picture appears on the activity wall.
User D, who is neither a member of the group, nor a friend of the member, can now view that picture on the activity wall.
That means that ANY picture which is liked is visible to every member of the website irrespective of the privacy setting of the group, event or album.

The problem is not in the group or album or event, the problem is related to the activity stream

I create a private group because I want the content to be private and only visible to members of the group.
So if a member LIKES that content, it shouldn't be made public on the wall for non-group members to view.
eg, activities related to group photo's should ONLY be visible on the wall to group members irrespective of who LIKED the photo.
Currently, its visible to all members

This is hugely damaging to a site where member and content privacy is important

My privacy settings are:
Profile Privacy Members
Friends Privacy Self
Photos Privacy Friends
Video Privacy Friends
Group List Privacy Members

Hi Marc,

I think this is bug, I will report this issue to our developer.
thank you

Yes it will help if a fix can be found quickly.
Please understand that this is a major issue as it directly impacts on member privacy - in effect it null-and voids privacy on the website.

Hi Marc,

I will give you the patch, once the developer fix this issue.

thank you

Hi Marc,

Can you update to the latest version, please? because, seems this issue already fixed in newest package.

thank you

Unfortunately no it hasn't been completely fixed.
The problem is that wall activity is taken from what my friends have done. Privacy is restricted since i can only see my friends activity (which is good). However, the problem comes in with friends of friends.

For example:
User 1 (Nawteez) is friends with user 2 (Nitewalker) and commented on one of her private pictures, which are in an ablum set for friends only. All good so far.
When user 3 logs in (Tester12345) he is friends with user 2 (Nawteez), so he gets to see ALL of user 2's activities on the wall.
This includes the comment activity PLUS a copy of the picture commented on.
I have included a screenshot from user 3 (tester12345) activity wall....he is not friends with User2 (Nitewalker) and he shouldn't see this picture in his activity stream.
ie user 3 (Tester12345) who is not friends with User 1(Nawteez) now get to view pictures from a private album that he is not entitled to see.This then gets worse if user 3 comments of the activity stream, because then all his friends get to see the details etc.

Solution:
Remove the picture attachment from the activity wall by modifying the template or;
Place a separate rule in the system to prevent friends of friends seeing private content (ie do a check on the picture to see if the viewer is allowed to see the picture via a php if statement and display accordingly.

The problem is that this needs to be done for ALL private content. Its very difficult for us to test every option and every scenario and then go modify files just to achieve what is supposed to be built in to Jomsocial as standard.

This is also not something we can leave to Jomsocial 3.3, it needs to be addressed now.

I have included a matrix of the privacy effects in the attachments.
The ones highlighted in Red are the problems.

My privacy settings that i tested with are:
Profile Privacy Members
Friends Privacy Self
Photos Privacy Friends
Video Privacy Friends
Group List Privacy Members

Hi Marc,

Oh ya I am sorry, seems this issue is not fixed yet, i just reviewed again and the status of bug ticket is "unresolved" I will confirm with the dev for this one.

thank you

Hi Marc,

Can you update your jomsocial to version 3.2.1.3, please? because in that version we are not able to replicate this issue, which it means should be fixed..

Please let me know how it goes.

thx

Unfortunately this problem is still not properly resolved, even in HS 3.1.5.
Actually to be more correct, Jomsocial works correctly but the logic is flawed.

We still get a "friends of friends" problem in the activity when users comment on their friends Albums and photo's
The effect is the same as me sending you a personal picture and then you showing that to every one in the office.
They may be your friends but I don't know them and I certainly don't want them seeing my picture.

Currently, when a user comments on a friends photo or album directly, photo and album privacy is not respected in the stream.

Hi Marc,

Ehm, I bit confuse now.. Please give me the steps or logical info how can I test your issue, I will test it on my local

thank you