disable comments, tasks, and version history when "Hide collaborators and their activities from non-owners" is enabled
We would like a Function to disable comments, tasks, and version history when "Hide collaborators and their activities from non-owners" is enabled in the "Privacy" folder settings.
We want this because If you invite multiple external collaborators, we don't want external people to detect who you are inviting.
There is a function to hide collaborators, but if invited external users use comments, tasks, version history, it will be possible to see who is invited, so we would like to disable these functions as well.
-
Anonymous commented
Unbelievable a company that sells itself ostensibly as a secure way to collaborate did not consider how the Tasks feature completely blows the security of hiding participants from one another and then does nothing for years to fix the problem. What the heck?! We have to configure separate identical repositories when we want to share information with groups of people who should remain unknown to one another. Had I realized this when we invested in Box, I would have found a different product. This blind spot is the #1 reason why we would leave Box for a competitor. There should be warnings on the feature to hide participants from one another that it doesn't work fully because people can find one another in the Tasks feature. As I work for a law firm, not realizing the problem with Tasks could have led to a malpractice suit.
-
mike.westley@avisonyoung.com commented
Two weeks to go to the 3rd anniversary of this pulse idea's share by moderator. Rather, this is a major bug - an identification of security flaw which prevents the collaboration of folder content to more than one 3rd party/client at a time. This loophole should have been resolved before spending time on some new features.
-
mike.westley@avisonyoung.com commented
Please can you update us all on the status of this request for change - particularly as it relates to security and makes the current feature of sharing with 3rd parties incomplete (allows them to see other users names in Version History etc).
We were advised that it was being considered - yet the last note here from Box/Moderator is April 2020!!
-
mike.westley@avisonyoung.com commented
SECURITY ALERT!! The purpose of a folder's Privacy settings (Collaborators) "Hide collaborators and their activity from non-owners" is for (and I quote) "only the folder owner and co-owners will be able to view collaborators and their activity in the folder".
This is not the case - because, unlike in other areas where a name or email address is replaced by "Someone", when a collaborator views the File Version History, for a file uploaded or edited by someone else, it STILL shows the other collaborator's name - contrary to the Privacy Setting.
In other words, this feature currently does not anonymize any names shown in the Version History. The names of any non-owner collaborators who upload a new version will be visible to other collaborators in the file's Version history.
Box should urgently rectify this, replacing the collaborator's name with "Someone"
Box should also move the 'Commenting' section of folder settings to BELOW Privacy, and highlight the possible need to disable Commenting also when collaborating with 3rd parties/clients
-
mike.westley@avisonyoung.com commented
Whilst I would not necessarily wish to hide comments, tasks and version history in these circumstances, Box SHOULD hide ALL the names and email addresses associated with collaborators when the Privacy settings are ticked to 'Hide collaborators and their activity from non-owners'. In this regard, the Privacy settings are NOT doing this - with regard to a) being able to see collaborators details in File Version History, and b) being able to add a comment, and type @A ... or @B.... through to @Z.... and being able to identify other collaborators (because Box offers the name(s) when typing @.. in comments
I am creating a SPECIFIC suggestion/bug that failing to hide collaborator details in File Version History (by replacing name with "Someone") defeats the object of the Privacy feature