User search during abstract submission

I have noticed an interesting aspect of Indico’s behavior. If a user goes to the screen to submit an abstract for an event, they will be prompted to supply one or more author’s information. The search screen can be trivially used to obtain the name, email, and any other information entered by every user who has ever registered on the site.

This seems like a privacy violation, so I have to ask if that’s the intended behavior? It must be, since the instance at also allows that. Is there any way to turn this feature off?

(What would be ideal for us would be to have the person submitting the abstract simply be entered as the author/speaker and not prompt for that information at all. I don’t suppose that’s possible now?)



It’s intended behavior (and I think it’s always been like this) but you are not the first person suggesting to make this configurable and I’m quite sure that we will do that at some point - or maybe allow admins to specify which users (e.g. only those in certain groups) can search for users.

1 Like

I’d suggest we discuss this in the GDPR GitHub issue thread:

1 Like