ory
Add Support for Masking Identifiers (Email and Phone) in Settings and Interfaces
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [X] I have joined the Ory Community Slack.
- [X] I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe your problem
The current implementation of Ory Kratos displays full email addresses and phone numbers in various settings and user interfaces, such as profile settings. his can potentially expose users' sensitive information, leading to privacy and security risks.
Describe your ideal solution
I would like to request a feature that allows for masking email addresses and phone numbers in all relevant settings and user interfaces. The solution should include:
Settings and Profile Pages:
Mask email addresses and phone numbers when displayed in profile settings (e.g., "j***@example.com" and "+***1234").
Code Sending Interfaces:
Mask identifiers in interfaces where verification codes are sent (e.g., "A verification code was sent to j***@example.com" and "A verification code was sent to +***1234").
This masking should be consistent across all relevant interfaces and should ensure that users' sensitive information is adequately protected.
Workarounds or alternatives
Currently, there are limited workarounds available, such as manually masking identifiers before displaying them in custom interfaces. However, this approach is not scalable and can lead to inconsistencies.
Implementing this feature directly within Ory Kratos would provide a standardized, reliable, and maintainable solution, ensuring that all users benefit from enhanced privacy and security by default.
Version
v0.13.0
Additional Context
No response
Hello contributors!
I am marking this issue as stale as it has not received any engagement from the community or maintainers for a year. That does not imply that the issue has no merit! If you feel strongly about this issue
- open a PR referencing and resolving the issue;
- leave a comment on it and discuss ideas on how you could contribute towards resolving it;
- leave a comment and describe in detail why this issue is critical for your use case;
- open a new issue with updated details and a plan for resolving the issue.
Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic.
Unfortunately, burnout has become a topic of concern amongst open-source projects.
It can lead to severe personal and health issues as well as opening catastrophic attack vectors.
The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone.
If this issue was marked as stale erroneously you can exempt it by adding the backlog label, assigning someone, or setting a milestone for it.
Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!
Thank you 🙏✌️
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hello @VoDmAl
I think this would be a good feature to have in the built-in UI, but not in Kratos itself.
manually masking identifiers before displaying them in custom interfaces. However, this approach is not scalable and can lead to inconsistencies.
Can you explain why this is not a good approach? To me it sounds like exactly what you are looking for - if you have a custom interface you can reuse it at scale - what am I missing?
