    Just noticed a privacy concern (likely known about but I had not observed it before)

    Logged in as my normal user not admin I was going through my account after accepting a friend request and happened to view my Activity > Friends screen what I saw was discussions that have taken place in a group I designated as Private Hidden for would you believe Hidden discussions It has a handful of select members one of whom I happened to be friends with in my general user guise due to that friendship I am being shown all the discussions – albeit snippets – that he has had in that group.

    This clearly is really not great as I believed private hidden would be just that and am now rather concerned.

    Does anyone have a quick and dirtty? solution to filtering out any mention of hidden groups from ANY activity stream? At worst I would rather hidden groups simply never showed up at all in the activity stream anywhere.

  • Jeff Sayre



    I would post that in Trac as a possible bug.

    It isn’t a bug as much as it’s just not implemented yet. There isn’t any real privacy controls with buddypress which is it’s huge downfall. Still a great product in it’s infancy so not need to be too upset. But a game-plan as to how it’s addressed moving forward would be nice. I think it should be priority number 1 for 1.3. Anyone else?

    Thanks Jeff, I will when I get a minute.

    @ajohnson possibly it’s not a bug , in fact I would say it’s not a bug but rather a design flaw or oversight, however I’m afraid that saying it’s just not implemented yet is not right. Private Hidden groups are described as just that, hidden and private therefore one expects that content posted in one would NOT show up publicly and it doesn’t mostly just in this one instance or at least that I have stumbled upon, and it DOES need addressing and pretty quickly otherwise it’s probably ought to be pointed out to people not to consider setting groups private and hidden until such time as they really are.

    Jeff Sayre


    As this is not an issue of overall BuddyPress privacy, but rather a malfunctioning action of hidden groups, I would call this a bug.


    As far as privacy in BuddyPress, there are many threads about that topic that will provide you with an answer.

    You can start here for a hint:

    Ok we’ll call it a bug then :-)

    I’ll add a Trac ticket on it later.

    I don’t suppose that there is any short term emergency solution is there?

    Edit/ it occurs that I omitted to mention that this occurs on a installation and that I ought to check a 1.2.3 test install and /or check Trac first for prior tickets and fixes for this.

    Also there are not “private hidden” groups. There are “private groups” that are private but not hidden, and “hidden groups” that are both private and hidden.

    Also there are not “private hidden” groups

    Ouch slapped wrist! :) sorry

    So Andy is this something you are aware of before I test in 1.2.3 and hunt though Trac for tickets or add one?

    I have added a ticket #2293 to Trac on this but might well not have added it to incorrect milestone, would Andy or someone else kindly check and move if necessary.

    This issue has become a little more serious as I have now discovered that it’s not just a matter that the updates/posts can be viewed but that it’s possible – as a non group member – to add a reply and that reply shows in both the activity stream view and IS posted to the hidden group.

    Jeff Sayre


    The milestone you have set is okay. Also, I bumped the priority up to critical.

    Thanks Jeff.

    Hopefully a patch may be workable for 1.2.* stream?



    Thanks for the post here, I just noticed this “bug” as well!

