How do I log out of the Community website?

Of all the web sites; banks, service suppliers, governments, vendors, personal communication you are worried about your forum account being used for dark purposes? This is not at the top of my list of security concerns and as it is the first mention in 6 years not that of many other members.

Some people have put effort into finding excuses for not addressing this issue.
If the Choice Community’s administrators were to put the same amount of effort into addressing this issue, it would be fixed.

Risks are extremely low, next to zero, if the website has been set up properly and is well managed. Remaining logged in or logging out for each session both have some risks, but any risk is very low unless one’s computer has been compromised or it is lost (used by someone who isn’t authorised).

Where risks lies is tracking cookies (and tracking pixels) which can collect data including sites one logs in to or visits (hence the recommendation by Choice in the link you posted), which is used for targeting advertising, collecting personal information and such like. These trackers exist irrespective of when one is logged in or not.

I don’t believe Choice’s advice in the posted link is to log out after every session. This can be painful/frustrating and if it was a high risk, Choice and millions of other websites wouldn’t offer it as an option when logging in. The advice is more about removing the opportunity for trackers to capture information stored within the browser history.

It is more challenging to manage trackers, but these can be done in part by using incognito function of a browser (closing the browser between opening a new webpage), setting browsers to remove cookies automatically when the are closed (as recommended by Choice in the link you posted), using scanning and removal programs (such as Spybot), not installing apps on smart devices etc.

Other strategies is not to have accounts with Google, Apple, Microsoft, Facebook or any other companies which have an interest in data collection.

It is near impossible to prevent data collection, as it is collected by a large number of different ways, both online and in the physical world.

Now you’ve got me confused: have you raised the security risk issue with the choice community administrators who have put effort into finding excuses?

As far as this thread is concerned we have just heard of it, going from ‘where is the log out function’ to 'where are the instructions on how to find the log-out’ to it’s a security risk to not log-out. It could help to be clearer on exactly what your basic issue is?

It is rather minor; I don’t need an excuse to pass over it.

Many Apps and web pages rely on the user closing the open TAB or Browser window if web based or the App directly if on a smart device. I close the tab, browser or App as necessary in addition to logging out. Assumes the App has a logout option.

I’ve found many Web resources and Apps provide limited or no instructions on how to use them. It’s as if we are all expected to have learnt how to interpret/navigate intuitively the offerings. As an older Aussie I was taught in youth how to lay out the address on an envelope and the headers for different types of hand written letters. Also how yo correctly affix a stamp! The modern tech world makes similar assumptions about the basic skills necessary for interaction with tech. I’m not saying it’s how we all see it. Just how it has evolved.

Most who frequent the Community and Choice might be aware that there is a project to change the entire content management system. The first effort was abandoned - no comment on that - but Choice web-IT staff have been behind the curve with a building in-box for years.

There are many things on their to do list. I am not privy. But in their prioritisation even a more extensive and visible help facility mentioned as highly desirable in previous posts, that should seem low hanging fruit, has not risen yet.

It is probable that Choice ‘knows’ taken a a broad context, but it also seems an inability to execute in their current situation where all focus is on the underlying necessary basics prior to getting on to what are in comparison, desirables.

I’m not aware of anybody putting effort into finding excuses for not addressing this risk, other than those who have responded to this thread.
On Gaby’s advice, I have raised the issue with one of the Choice Community administrators.

A side note, for contacting Choice staff outside the Community message function, the better email address is community@choice.com.au, a more collective inbox rather than an individualised personal one.

It might be that ‘community@’ is monitored by Choice staff even when @BrendanMays (who is the primary contact anyway) is on holiday or otherwise not available. As with many bits of information, that is included in an in-obvious place, About - Community

Maybe I am old-fashioned, but I think that all computer applications should provide application level obvious controls to:

1. End the application. Synonyms, exit, logout, logoff.
2. Access context level help.

The Community application provides neither, so is a fail from me. I am in total agreement with @LeonArundell on this issue and from the world of IT I have been supporting would never get past user acceptance testing.

I suspect user acceptance testing is a rare undertaking in the online world. Every website has a different user navigation interface, and quite a few tuck the logout function several clicks away - if there is a logout function at all. Not all of them even co-locate logout with one’s account details.

Rather than user acceptance there are a few things common sense would dictate as good practice. A subset includes:

• help including contact information when applicable
• obvious logout button (not always done, especially on apps where it is often hidden away).

and for we purists, consistency of operation,and look and feel across the site.

With the proliferation of open source few want to expend effort because of lack of control over updates to the ‘product’ that would require local updates to help, assuming the local admins or technical content creators know all the differences between he old and new in any case. Thus it often becomes a low or non-priority as a practical matter. A net search returns very few site specific help tutorials, this being one.

It is not so different from our own ‘Welcome’ that every new user receives, linked for completeness.

Can phb confirm:

• how well the Choice Community website has been set up;
• how well the Choice Community website is managed; and
• how his/her response relates to my comment about putting effort into finding excuses for not addressing this issue?

These are questions for Choice to answer.

I personally not worried about being logged into the community, and not logging out. I am unsure why there seems to be a bit of a ‘storm in the teacup’ in relation to Choice selection of Discourse as the forum platform. No information has been provided which indicates there is a security risk with Discourse/Choice Community. Discourse also actively patches its software when potential security issues are identified, including by third party testing. I know that Choice installs patches, as community moderators can see warnings when outstanding, newly issued patches are available for install. This is the current dashboard display (2 January 2024 at 8.19pm):

Screenshot_2024-01-02-20-19-48-5231157×249 42.6 KB

showing Discourse version used for the community is updated to the latest available version.

If one is concerned for some reason, one can log out if it makes them feel more comfortable or at worst, choose not to become a member of the community.

It is worth noting the information used to become a member is limited to name and email. Both of which could be aliases if one choses and wishes to be more discreet. Discourse also records IPs, that at registration and used for last login.

Why does phb think anybody is concerned about Choice’s selection of Discourse as the platform for the Choice Community?

Not sure. For what it does, Discourse is very good software, and Choice has done an admirable job of customising it for their content and user base.

But the user interface lacks basic controls, and don’t even get me started, again, on the appalling search function.

It would be more germane if out of the thousands of users over seven years of operation somebody could point to an instance of remaining logged in causing a real problem.

It is fine to talk about theoretical possibilities but if you want action you need to have solid evidence that a real problem exists to get resources given to it. I mean this app (or web page) and here and now and over its history, not somewhere in the world somebody was harmed by remaining logged in to some other app or web page.

If we accept that logic, we would not devote resources to preventing phb from driving through school zones at 150 km/h until there is solid evidence that phb’s speeding was causing harm.

Agree. I am sure if there were problems, many of the 1000s of reputable businesses using Discourse would not be using it. If one was worried about using the Community or being logged in/logged out, they shouldn’t be using the internet.

Every website, piece of software, operating system, connection etc has potential security vulnerabilities. Any layperson using them doesn’t know if vulnerabilities exist, if they are known by others or are exploited by others.

Software etc also don’t have detailed ‘instruction manuals’ about every aspect of their use. Some is available in areas like ‘help’ or in FAQs, and others are available online or through posting questions in forums/support channels. The Community/Discourse is no different.

One would anticipate if there were concerns about the Community and Choice should be providing information to satisfy these (hypothetical) concerns, that likewise is done for every website visited, every piece of software used, every piece of hardware used and so on. The practicalities of doing this is unrealistic.

I am not the one which has raised undefined allegations or security issues with the Community/Discourse. Please let us know what the issues you have with the Community. Until such is provided, there isn’t any reasonable or practicable way to respond.

Your concern about not being able to find the logout button has been addressed. If it is believed that security risks exist if one stays logged into the community, there isn’t any information indicating this is the case. If one still believes an acceptable risk exists, as outlined above, one has the choice to log out each time one leaves the Community webpage.

Creating fear by posting unfounded allegations of security risks is a disservice to Choice and other members of the community. It is also may be considered disinformation which is against the terms and conditions of use of the Community.

Only if you permit inductive fallacies and argument by analogy in your logic. I am not fond of those. Employing those methods will never lead to good problem solving.

All you have is the claim that remaining logged on is a security risk. You have no examples of it happening and no idea how big the risk is in this particular case so you have no idea how important it would be to deal with it. Simply declaring there is some risk does not warrant action.