Hi,
I worked out that our most private data is the
- user's email address and
- their name and
- age and
- id number.
The ID number we can get around by How could we increase the security on the other data?
Can we hide the field from teachers, but still allow them to email students ?
regards Paul
Hi,
Is no one else concerned about email address security ?
Is this something I should raise as a tracker OR is this something no one else is concerned about ?
regards Paul
Why would you need to hide email addresses?
I'm not sure I understand the reasoning behind your request and I guess from the lack of replies, that other people do not see it either.
If you really want to prevent tutors knowing anybody's real email addresses, give them all dummy emails and make the tutors use Moodle's inbuilt messaging instead. But an email address is a public form of communication, its whole point is that people know it to be able to communicate with whoever, so I for one do not see the logic in then hiding it.
If you don't trust your tutors not to abuse it and spam your students, or do something else unprofessional, then you are hiring the wrong tutors.
You can go to Site administration ► Users ► Permissions ► User policies and remove email address from show user identity
Also go to Site administration ► Users ► Accounts ► User default preferences and set email display to "Hide my email address from everyone" so that people's emails will not be shared by default.
You can set fullnamedisplay to "Anonymous" if you want to hide names from other users. You can set alternativefullnameformat to Anonymous to hide it from teachers too. But that's just for basic display purposes and there may still be some ways to view the name.
As Richard said, if you want to hide this information, what is the point of adding it to moodle? Unless you want some users to be able to see it and others not to. Then you can simply modify the appropriate capabilities.
Could you be more specific as to what information you want to display and hide and to who? Then we can give a good solution. If you want to hide emails from teachers but still allow them to send emails, you can create a news forum in a course with forced subscription. To send an email, simply create a post in that forum.
Can I ask, why is ID number a private piece of information? It means nothing outside of moodle.
Hi John and RIchard ,
Thank-you for your reply
> As Richard said, if you want to hide this information, what is the point of adding it to moodle?
My concern is email privacy legislation, https://en.wikipedia.org/wiki/Email_privacy the risk of our Moodle being hacked and users being spammed OR the user's password and email address being tried on other sites ( Mass attack type hack).
I think the email address is still needed for some communications such as 2 factor authorisation and for teachers to contact studnets who have not logged on
>Unless you want some users to be able to see it and others not to. Then you can simply modify the appropriate capabilities. Could you be more specific as to what information you want to display and hide and to who? Then we can give a good solution. If you want to hide emails from teachers but still allow them to send emails, you can create a news forum in a course with forced subscription. To send an email, simply create a post in that forum.
I would like
- the admin to see all and the
- user to see their own
and maybe
- the teacher to be able to see a link to create a BCC email which can be replied to, without the user knowing the teacher's email address
> Can I ask, why is ID number a private piece of information? It means nothing outside of moodle.
We connect up to many other Moodles using LTI/Open Auth/Shibboleth, so we have no need to store the email address except we send some mail on email addresses. Sometimes the id is unique to the source and target, but sometimes is is shared across a federation or is their private Id from a University
regards Paul
Hi Vivanath,
Ashley Madison has a poor reputation except for its target market of people who want to have affairs
It is amazing that people are dumb enough to trust them with data after they get hacked
We depend on our good reputation and professionalism to sell radiation and biosafety courses and dangerous chemical courses.
After being hacked we would have to tell our clients which would cause us damage
Then there is the whole privacy legislation which varies by country
regards Paul
Email addresses should not be considered private. Ever. They are public, they need to be public so people can contact each other. If you're trying to hide them, it is likely you have misunderstood the problem.
Moodle itself follows good practices when storing passwords; i.e. they're correctly salted and hashed so should a hacker be able to get the contents of your user table, the data it contains in the password field is not easily accessible.
Two-factor authentication requires, as the name suggests, two-factors to perform authentication - something you know (password), and something you have (often a token generated on a device such as a dongle or smartphone). The email address is NOT one of these factors. This simply identifies the user to the system. Again, considered public.
During that period banks managed not to empty customers bank accounts to strangers. Now it seems banks cannot manage this. Considering emails to be private within an organisation seems to be missing the point of their use.
Thanks for your valuable discussion i'm new in this field.Its helpful to improve my knowledge.Thanks again.
Hello,
I need to secure email addresses from everyone except Administrators, for legal reasons. Here in Italy legislation prevents teachers from having access to any personal contact information of minors. With about 65% of our students falling into that age bracket it is important for us to ensure that email addresses are not visible to teachers to comply with the law. Using a parent's / guardian's email address is not always practical.
I have made all the administrative changes I can find within moodle but if a teacher looks at the student's profile page the email address is still there.
Any further suggestions or help would be very welcome. Thank you,
Richard
