Guidance

Users’ account details and activity visible to others: improve the safety of your online platform

Practical steps to manage the risk of online harms if your online platform makes users’ account details and activity visible to others.

If your users’ account details and activity are visible, this means some or all of them can be seen by other users, or by the general public. These details may include:

  • personal details, like their name, age or location
  • comments they have made
  • content they have viewed

This page will help you understand how making users’ account details and activity visible on a platform can create a risk to users’ safety, and how to manage those risks.

New online safety legislation is coming which will aim to reduce online harms. If you own or manage an online platform in scope of the forthcoming legislation, you will have a legal duty to protect users against illegal content. You will also have to put in place measures to protect children if they are likely to use your service.

Harms caused by users’ account details and activity being visible

Example of a harm that can happen if users’ account details or activity are visible

On an app that allows users to interact with each other, users are required to tick a box to confirm they are over the age of 16. Users can only get messages from approved ‘friends’, but their account details - including username, date of birth, location and biography - are publicly visible.

Because users can verify their own ages, the app is used by children whose personal details could be exploited by offenders.

How harms can happen if your users’ account details and activity are visible

When a user’s activity and details are visible to other users or to the general public, they are more vulnerable to being tracked, targeted or groomed. Their personal information may be shared without their permission, and it is easier for strangers to contact them offline as well as online.

The most likely harms relating to visible account details and activity include:

  • cyberstalking and cyberbullying

  • hate crime

  • child sexual exploitation and abuse

  • terrorist content

How to prevent harms relating to visible account details and activity

1. Know your users

If you allow your users to create accounts, you could:

  • make users verify their accounts during account creation - for example, using two-factor authentication (2FA)

  • establish how old your users are, using age assurance technology such as age verification

Find out more about safety technology providers

2. Set safety settings to high by default

Doing this when a user creates their account will stop their account details and activity from being visible inadvertently. If you do this, you should do it for all users.

The highest safety level you offer should make sure that:

  • users’ content, contacts and activity are only visible to friends

  • users cannot share their location with strangers

  • automatic face recognition is turned off

For users under the age of 18, you may want to (one of the following):

  • stop them from reducing their safety levels

  • require additional authorisation before they can reduce their safety levels - for example, from a verified parent or guardian using parental controls

You can use it to prompt or nudge users when they want to change their safety settings. You should also ask users to confirm they understand the risks associated with changing them before allowing them to continue.


Part of Online safety guidance if you own or manage an online platform

Updates to this page

Published 29 June 2021

Sign up for emails or print this page