Beware: your personal files are visible by all users on Ubuntu, by default !!

I just discovered this after years of using Ubuntu: every user account you have created on your Ubuntu computer (during installation or afterward) have Read and Execute permission to everything in the /home/ directory of EVERY users, by DEFAULT !!

(just type ll /home/ in a terminal and you'll see drwxr-xr-x !)

This is outrageous, it means that any user account could read every documents, every pictures, every-things of any user, even if that user is supposed to be protected by a password !!

This behavior should be fixed since release 21.04 but it DOES NOT FIX PREVIOUSLY CREATED USER ACCOUNTS !

How to fix

You can manually remove the read and execute permission for other users with this command :

sudo chmod 750 /home/*

And to fix the new account creation process, you have to do this too :

sudo sed -i s/DIR_MODE=0755/DIR_MODE=0750/ /etc/adduser.conf
echo "HOME_MODE 0750" | sudo tee -a /etc/login.defs

After that you should be good to go.

To make sure everything is working, just try to access the home directory of any other user (ex: ll /home/other_user_name_here/Documents/, it should say Permission denied.

More info & a personal note

The only explanation I could find for this unsafe and unintuitive default was :

This default was chosen in the early days of Ubuntu, to support use-cases like multiple family members sharing a single PC and wanting to easily share files with one another or within university environments to support easy collaboration.

But to me that's not a good excuse ! In the past, I might have created a "guest" account (with no password) on a laptop to let other peoples try Ubuntu... or I might have created an other user account on a personal computer to run apps or scripts that I did not trust, thinking it would be unable to access my personal files... WRONG !