Private profile is not private

Currently, most of the information on the User Profile form is public on the user's profile page.

Companies purchase GitLab SaaS subscriptions with the expectation that their employees can access the service privately. Certain pieces of information are public by default, and cannot be made private.

Some companies have corporate policy which states that employment there is confidential -- that is, the company does not share the fact that an individual works there. In that case, to use GitLab SaaS, the company would have to:

  • Assign unidentifiable usernames (i.e. numeric or cryptic)
  • Tell employees to leave all the profile fields blank
  • Periodically run an external script to confirm that employees comply
  • ... guess at the authors of issues, MRs, and comments because of a lack of names etc

The requirement is to add the ability to make user profile information truly "private".

By "private", most companies would mean that only other employees of the same company can see that information. Obviously, that's tricky within GitLab's data model.

As an MVP that would address a common use case, consider aligning "profile privacy" with the Enterprise users feature set (SCIM with domain veification). The rule could then be that only signed-in users within that enterprise/domain can see profile information about other users within that enterprise/domain.

"Privacy" would apply to:

  • The user's namespace page (i.e. gitlab.com/myusernamehere)
  • Features within the UI (i.e. avatar next to comments, rollover tooltip, etc)
  • API results
  • Anywhere else that information is output

Information in question includes:

  • User Profile form content such as full name, promouns and bio
  • Avatar image
  • Email address - already has a user-configurable privacy setting, but under the MVP would be enforced at the "enterprise" level
  • username - Ideal case, but for the MVP, I suggest leaving out username. Companies would still have to create unidentifiable usernames in order to create strict privacy.

Original Description

I want to have my company profile with full name and photo for internal clarity, so I have uploaded a photo and filled in some personal details:

https://gitlab.com/knyttl

However, despite the fact my profile is private, I can still see the details in anonymous window.

Screenshot_2023-07-31_at_14.10.12

Is there a way to hide it? This is personal and I want to avoid ALL MY DETAILS being public.

Edited by Francis Potter (GitLab)