1. Describe the bug/issue you’re running into?
As I use the @ feature on my figjam file I am suggested people I don’t know and have access to their email address
2. Are you able to consistently reproduce it? If so what are the steps?
Yes
Create a figjam
Start a comment somewhere
@ someone
As I type characters I am suggested users which are not part of my org
3. Share a screenshot, recording, console log, link to the file, etc.
I reported this a while ago (this is the same in FigJam and Figma) and here is the answer:
Our general model is that we won’t share emails of owners or viewers by just having someone visit a link. Unfortunately, when we did that, that meant too many cases of benign interaction were affected. So, we have a heuristic where if a file has < 10 people, then viewers get the owner added to their contact; and the owner gets each viewer added to their contact.
So if you opened these people’s files or if they opened yours that you shared by link, you will have them in your contact list (search).
thanks for your answer. I was worried if that was a data leak.
On the other hand there is nothing that is forcing you to display the email in the UI?
We would then reduce the visibility of sensitive info
The main issue why the emails are shown in the first place is identification of people, e.g. you can have multiple people with the same name and you would want to only authorize specific ones to access the file. Building on top of the idea shared above, maybe the items could show which items you have in common (why the person is in contacts in the first place) and their email domain name.
ship it