Hubzilla - Getting Started: Privacy Controls
Advanced privacy controls
Hubzilla has very advanced privacy controls, which can be daunting for new users.
Channel role and privacy
At the most basic level is the "channel role", which you can set from /settings .
I already went into some detail in a previous article, and you can always read up on the different roles from the help section of your hub.
Most hubs default to "Social - Mostly public", which is the Hubzilla default setting. The admin of a hub can change this, though.
The most private setting is "Social - Private". I'm going out on a limb here and assume that those are the two most commonly used settings.
However, if you want some more fine-grained control, you can use "Custom / Expert". This will give you more settings:
Before we get into the "Channel Permission Limits", let's take a look at the more obvious ones.
- Default Privacy Group
(Note: Privacy groups will be covered further on in this article.)
If you set a group here, this will be the default audience for new items. If you set this to "Use my default audience for the type of object published", it will depend on your settings for individual types, like posts and photos. Note that you can still change this for each individual item.
- Add new connections to this privacy group
All new connections will be automatically added to this group.
- Hide my online presence
If you leave this switch off, visitors looking at your profile or channel will see a red asterisk next to your name if you're online:
- Publish your default profile in the network directory
Now, let's look at the Channel permission limits.
This will let you create limits for every type of item you can post The most permissive is "Anybody on the internet" (obviously). Whatever you set here will the absolute maximum you can choose for individual items. It will also affect previously posted items; if you change anything here from "Anybody on the internet", the limit will also apply to all of your old content.
Some types have an "Anybody on the internet" option, others don't, and for obvious reasons - in order to send you a private message, for instance, people need a Hubzilla account. In this particular case, the most permissive setting is "Anybody authenticated".
Since this is a matter of personal preference, I can only give you some general recommendations.
You should leave the setting for "Can view my channel stream and posts" at "Anybody on the internet", since this is more easily controlled with a default privacy group or individually on each post. The same is true for viewing your web pages and wikis, as well as file storage / photos.
If you want those to default to anything other than "Public", you can set a Default Privacy Group instead. Otherwise you won't be able to post publicly at all. For example, here's what happens when creating a new post if you set "Can view my channel stream and posts" to "Anybody authenticated":
Versus leaving it at "Anybody on the internet" and setting the default privacy group to "Friends":
For everything else that people get to do on your channel, I find that "Only those you specifially allow" is a good setting, as it will let you configure each connection individually or through the Permission Categories app (which I will address later on in this article). The only exception I'm making here, personally, is "Can post on my channel (wall) page"; I set this to "Nobody except yourself", since this gets forwarded to your default audience. You can, of course, choose "Only those you specifically allow" here, as well, and give individual permission to those you trust.
Individual connection settings
When you go to your Connections, you will see that every connection has an "Edit" button.
When you click on that and then on "Individual Permissions", you will see the same list you will get from "Channel Permission Limits" in the previous section.
Some settings you can't change here - the ones that say "Inherited". That's because the "Channel Permission Limit" setting takes precedent. The ones that you can change here are those that are set to "Only those you specifically allow" in your channel privacy settings.
Privacy groups allow you to set permissions on individual items. In order to use them, you need to install the Privacy Groups app. Then you can go to /group and create some groups. If you chose "Social - Restricted" or "Social - Private" as your channel role, the "Friends" group already exists.
You can add a new group by clicking on - surprise - "Add Group":
After you created it, it will show in the list (where in the screenshot above it says "Friends".)
If you want to add connections to a group, just click on its name. This will let you edit the group as well as adding members:
Just click on a name in the left column, and it will move to the right:
Now when you post something, you can share this to the whole group at once by clicking on the little lock icon at the bottom:
(If you click on "Custom selection" in the dialog above, you can select individual connections.)
The same principle applies to every other type of item you can publish, for example when uploading pictures:
One important thing to note is that you can use privacy groups for access control only on individual items. For example, when you edit the Channel Permission Limits in your channel privacy settings, you can't just select a privacy group there. The reason for that is probably the same as in this answer to the question of showing a specific profile to a certain group:
The reason there is a problem is because people can belong to multiple groups and we can only show each person one profile. It isn't clear how you determine which profile "wins" in a conflict. Perhaps you could just grab the first one that matches but this isn't very elegant or logical. A tradeoff was made. We're much more likely to get complaints about why this person was shown profile 'x' instead of profile 'y' than we are likely to get complaints that groups aren't supported as a multiple profile target.
The same would be true for permission limits; people can belong to multiple groups, so which one should apply?
This is another app that needs to be installed. After you do, you will have another new setting in the privacy section:
There are several built-in categories, from "follower" (least permissive, can't even comment on or like you posts) to "publisher" (most permissive). You can't edit those, but you can create new ones from the app page.
Give it a name, then then click on "Individual Permissions":
This is the same list you get when editing individual connections, and the same limit applies - Permission Limits from your channel privacy settings take precedence, and you can only edit those that you set to "Only those you specifically allow" there. After you're done, don't forget to click "Submit".
Now there are two ways to apply this new category:
- You can edit individual connections and use the permission category setting
- Or you can set a default permission category in your privacy settings. The new category we just created now shows up on the list:
This setting will apply to all new connections.
If you want to know the settings for the built-in categories, you can go and edit any existing connection and choose a permission category for it. You will then see the list update, and you don't need to save your changes.
Yes, when you first start to look into the privacy controls Hubzilla offers, it can be very intimidating. I know. I've been there. But I also found it well worth the effort.