osf.io icon indicating copy to clipboard operation
osf.io copied to clipboard
verified publisher icon CenterForOpenScience

In anonymized view-only link, GitHub information is not anonymized

Open umhan35 opened this issue 1 year ago • 7 comments

What you did (step by step)

  1. Connect GitHub to a project
  2. Create a view-only link to share the OSF project (check off "Anonymize contributor list for this link (e.g., for blind peer review)")
  3. Go to the view-only link

Where does this happen on the OSF?

Anonymized view-only homepage of a project, e.g., https://osf.io/ga9w8/?view_only=3ec356c101944ec092c6badfbb0fb593

What you expected

The open button should not appear for people to go to the GitHub link

image

What actually happened

One can click the open button and find out information about the contributors of the OSF repo

Potential causes

Related code that may have caused this:

https://github.com/CenterForOpenScience/osf.io/blob/3920a29ff5c92a45229e618931661cc5d0c8a08d/addons/github/static/githubFangornConfig.js#L283-L291

Suggest a solution

Similar to the hidden GitHub repo (username/repo-name) in a view-only link, as seen below, the Open button should also be hidden.

Not view-only View-only
image image

Final words

I think the branch list should also be hidden in a view-only link

umhan35 avatar Aug 23 '24 19:08 umhan35

This appears to be a significant issue with using GitHub for OSF. I'm adding a comment here to highlight this concern.

@umhan35, it seems that the issue with accessing your OSF view-only repository has been resolved. Was this fixed, or is it working correctly for you now?

follhim avatar Oct 31 '24 00:10 follhim

@follhim I just reproduced this issue with the view-only link in the description, so it is not fixed.

umhan35 avatar Oct 31 '24 01:10 umhan35

@umhan35 I see, and to be specific, it's not that the link can be opened (I cannot open the repository on github), but even when it says Not found error 404, it shows essentially the repository by looking at the website address:

https://github.com/umhan35/weka-dt/tree/main

when ideally, the link shouldn't be accessible at all. Right?

follhim avatar Oct 31 '24 01:10 follhim

when ideally, the link shouldn't be accessible at all. Right?

Right. Because the GitHub username/profile reveals the identity of the OSF contributors.

(BTW, I think the branch list should also be hidden in a view-only link)

umhan35 avatar Oct 31 '24 01:10 umhan35

hi @umhan35 , can you try checking this again? I think they may have fixed it?

follhim avatar Feb 21 '25 19:02 follhim

hi @umhan35 , can you try checking this again? I think they may have fixed it?

Just kidding, I lied, it still doesn't work (i.e., still not anonymous).

follhim avatar Feb 21 '25 19:02 follhim

I was wondering if we can expect a fix for this issue. Thx!

santoshbs avatar May 16 '25 08:05 santoshbs