Tutorial/TNG/Privacy and Security
Privacy, Consent, Cookies and Data Policy
Because of current concerns on private information on websites, the criteria for protecting on-line information has become stricter. New legislation, such as the European GDPR, now requires us to be a bit more conservative in our family history storage and display.
With the release of TNG version 12, there are three new features to assist us with this challenge. You can find them in the privacy section, at Admin >> Setup >> General Settings >> Privacy. And it is easy to manage.
Log in as Administrator and go into the privacy section.
Note the five new lines of information selections and information.
Cookies are small text files that can be stored on your home computer. Harmless on good websites, they help you with pre-stored information.
Ever wonder how a website, on a revisit, seems to remember your favourite names and selections, and can auto-fill some of the blank text entries? Cookies.
Cookies on your TNG site will make it a bit easier for your users and visitors to fill in name searches, for example. However, you now should, or even need to, inform your visitors and users that cookies are in play, and that to use them, they have to give permission. The cookie popup message, shown right, is what your visitor will see in the lower-right of the TNG webpage. Once the visitor clicks the “I understand” button, the message will disappear, and a cookie will be set to remember the action. From then on, that visitor will not see the popup again on subsequent visits.
Data Protection Policy
Having a data protection policy on your site that visitors can review is a good idea. In fact, it is becoming a requirement in a number of countries, so you might as well have one in place. If you select yes to “Show link to data protection policy”, a new link will appear at the bottom of every TNG page.
The link is also shown on the cookie popup (see the View policy link in the cookie image, above), on new account registration and on suggest/contact us pages.
The Data Protection Policy is not editable.
Personal Info Consent
Checking this box, “Prompt for consent regarding personal info:”, will add a question to the pages for submission of comments, suggestions or new user registration. Site visitors will then be required to check a box indicating they consent to the information in the form being recorded. If the box is not checked, the submit button will be disabled. If the button is clicked anyway, a popup will advise the visitor that the box must be checked before the form can be submitted.
The reCAPTCHA is that little tool that determines that “you are not a robot”. The TNG Team looks after the Site Key and Secret stuff for you, so you do not need to add this yourself.
Security and users
Your family tree site is a very personal part of doing your family research. Years of work usually go into it. This is your set of family photographs, your interviews with family members and the countless hours of hunting down sources. So you do want to ensure anyone else coming into your site is trusted enough to take care of family business.
The <a href="http://tng.one-name.net/tng-setting-up-users/">User setup screen</a> in TNG is where you “interview” potential candidates for this task, where you determine their “job role” and where you can “promote” visitors into becoming valuable editors.
So let’s go back to the User screen. You are logged into your site and you are an Administrator. Go to Administration >> Users. First, note whether there are any user registration requests to process. Those would be under the Review tab. If there were any requests, the tab would show as “Review *”. The next steps work for either the Review or the Add New tab.
In the previous article, <a href="http://tng.one-name.net/tng-setting-up-users/">TNG: Setting up users</a>, the text entry boxes were discussed, so let’s move down to roles and rights.
A Right is something a user may do when they are logged in. A Role is a predefined set of rights. When you select a role for a user, the rights will be switched to a preset list, which you can modify.
Guest is the first role and the lowest level of access. In fact, all that a guest can do is to view the information. If you have login set to required, then unlike Public, at least a Guest can log in and view the information (except for living and private information, generally).
A Submitter gets to make suggestions, but not changes. You can review all such suggestions and accept or ignore.
Then we have Contributor and Editor. An Editor can add, edit and delete but a contributor can only add information, including media. A media contributor and media editor is limited to working with media only.
Normally, setting a role for a new user works well with the default rights. If you want to raise or diminish the powers for an individual user within the role, then use the Rights selections on the right-hand side. You can also limit a user’s rights to any one tree and even down to a tree and branch.
Just below the Rights list, there is a set of checkboxes for further user allowances. These include the privilege of viewing living and private information, downloads and editing of one’s profile page.
So you have a lot of flexibility over controlling visitors and contributors to your family tree site. Be conservative in giving out these privileges. That is not just a matter of trust, but also letting your new users to get familiar with the TNG features before they go crazy in overwriting your research.
How to stop spam registration requests
How exciting when you get a new request for access to your TNG site by a new user. Perhaps it is someone very new to you. Perhaps it is someone emailing you from email@example.com, that is, has a country code of Russia, and has an address allegedly in Thailand. So, not likely this is a serious researcher of your surname.
How do you make sure your TNG site has some protection from such intruders? You set automatic approval of new users to “No”. You will still get requests, but you get to block their access before you review the request.
Log into your TNG site as administrator. Open the Administration panel and select Setup. Then go to General Settings.
Open the Mail and Registration section. Find “Auto approve new users:” and set it to “No”. Click the Save button.