Privacy has been a big topic in the tech world over the past few months, with the news surrounding Facebook and Cambridge Analytica, the deadline for the GDPR, and all those Privacy Policy e-mails we've all be getting/sending out. We've written about this recently.

Today's release of Review Board 3.0.7 is focused on enhancing privacy options and protection in Review Board, improving defaults and adding optional GDPR-compliant privacy settings for servers. There's also the usual assortment of bug fixes.

Better Private Profiles

7 years ago, we introduced Private Profiles in Review Board. When enabled by a user, their full name and e-mail address would be hidden in the API when accessed by other users. In this release, we've expanded the protections of Private Profiles:

  • Enabling Private Profiles now hides full names and e-mail addresses throughout the UI and API
  • Private Profile behavior is always on when viewed by anonymous users (keeping information from public servers off of search engines)

Users can enable Private Profiles through the My Account -> Profile page.

User Consent and Privacy Rights

Consent Options

Some features making use of personal information now require consent before that information can be used. This is managed in the My Account -> My Privacy Rights page, and decisions on consent can be changed at any point. If configured, users will also be prompted for acceptance of a Privacy Policy and Terms and Conditions on this same page.

By default, Review Board only requests consent for Gravatars, but extensions can register their own features requiring consent. We'll be providing guides on incorporating this soon.

Review Board administrators can enable this support for consent, acceptance of Privacy Policies and Terms of Services through the new...

GDPR-Compliant Privacy Settings

Privacy Admin Settings

These new privacy settings can be changed in Admin UI -> User Privacy Settings:

  • Terms of service URL and Privacy policy URL can be set to the URLs of the server's respective URLs.

    When either of these are set, users will be prompted to view and approve the terms before they can use the server next, or when registering a new account.

  • Privacy information is a text field for providing privacy details specific to your server or organization.

    This will be shown to users in the My Account page or when prompted for terms or consent. It accepts HTML, letting you provide links to important information in your network.

  • Require consent for usage of personal information enables GDPR-compliant consent checks for features.

    Which enables the new consent management seen above.

Bug Fixes Aplenty For

  • A handful of crashes when bad data is fed into the URLs for the dashboard and internal diff viewer URLs (usually caused by search bots)
  • Some more crashes when avatars aren't available when configuring users in review groups
  • Regressions when configuring bug trackers
  • Communication problems with newer versions of Gerrit
  • Bad error messages when failing to find files on local Git repositories

See the release notes for the complete list of changes.