No way to completely disable public profiles

[meltingrobot]

I've done a fair bit of looking through the documentation, settings, and searching issues through here and I do not see any way of completely disabling public profiles. This is a serious security issue in that usernames are part of the URL combined with just not wanting to put user information out on the internet in general. There needs to be a way to require authentication to access all locations and turn off the fully public portions of Mconf.

[daronco]

This is a good suggestion, but there are several ways to do it. Do you have some thoughts on how you think it should be done?

For example, all profiles could be private by default. Or they could be public as they are today, but there could be global configuration that makes them private.
Private profiles can have different levels of privacy. What should be visible if the user is private? Nothing at all (and the website would return a 404 to hide it even further)? Would the names of these users appear in, for example, the list of users of a space?

It's definitely worth thinking about it, I'm just querying you for ideas, if you have thought of any.

[meltingrobot]

Private by default would be my preference for security reasons, but that may not be everybody's ideal default. But yes, I think a global setting that is controlled by an admin that can make all profiles private and require a login to access would be ideal. If set to private, then yes, it should return a 404 if not logged in.