All posts in the topic Group Members Page
Summary
- There are 6 posts — by 3 authors — in this topic.
- Latest post made by Michael JasonSmith at 2007 Oct 02 03:57 UTC
This post carries on from the posts by Steve and Richard in the “Validating feeds from searches, post by/about person, Latest posts” topic http://groupserver.org/r/post/3zTY3txKr4FyeF22vYurZT http://groupserver.org/r/post/E7MWs12qK6WyZdYkqzPzf where they discuss the Group Members page. There are two basic principals that govern the members page: 1. Group members should be able to “lurk”, and 2. Group members should be able know who will read the posts. To be able to lurk, your name should never be mentioned, which is in conflict with the second principal. In addition to the above requirements, the main use of the members page is to answer the question “who is in this group”. We suspect the user will ask this question as part of the evaluation of a group, before joining. To support these requirements we have devised the following rules for the default GroupServer discussion and announcement groups. * In secret, private, and public groups, group members can view the group members page. All members of the group are visible to all the other members. Where appropriate, the number of posts made by each member is shown, along with a link to the appropriate search for that user in the group. For example, all posts by me in GroupServer Development http://groupserver.org/s/?g=development&a=michaeljasonsmith&t=0&p=1 * In secret and private groups, the group members page is not visible to anonymous (logged out) users. * In public groups that are viewed by logged out users, only the users who have posted are shown on the group members page. The posting statics are shown, as well as the link to the appropriate for that user in the group. In the generic case, the visibility of the group members page will be based on the visiblity of the messages area. Alice and I are working at rewriting the back-end code that is used to generate the Web pages for a group. This is the “Creation of group-classes, so the templates contain no logic” item in the roadmap http://groupserver.org/groupserver/roadmap/ We are working from the simple tasks — encoding the rules for joining and leaving a group — towards the more complex, such as posting. Alice and I naïvely asked Dan what the rules for the members page. It turns out that the rules are (or should be) far far far more complex that you would imagine at first!
For edem and dowire, these spaces are about "public life." Listing names - all
names - is an important virtue. With public groups people always have choice
not to join to remain invisible. Trust is built by treating all members equal
and not institutionalizing different rights for members.
I do think it would be good for group admins to have a choice about when to
disclose both the member names list and member profiles in GS.
Steve, this is the wrong place to discuss the specific implementation of a site. This group is for discussing the generic implementation of GroupServer, which may be altered according to particular (and understandable) needs of a site. In the default configuration of GroupServer, users have control of their own privacy, not the administrators. The user consents to exposing information, rather than having an administrator arbitrarily exposing the user's data, such as group membership. There are two reasons for this. First, in countries in the OECD, other than the United States of America, the more private stance is required by law. http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html http://www.direct.gov.uk/en/RightsAndResponsibilities/DG_10028507 http://www2.parl.gc.ca/HousePublications/Publication.aspx?pub=bill&doc=C-6&parl=36&ses=2&language=E&File=41#7 http://www.privacy.gov.au/publications/ipps.html http://www.privacy.org.nz/library/fact-sheet-no-2-information-privacy-principles There is no reason that the default GroupServer behaviour could not be changed in countries that do not follow the OECD recommendations. Second, GroupServer sites send out massive amounts of email, as do spam implementations. We want to make GroupServer pure, whiter than white, beyond reproach — to distinguish it from the systems run by nefarious organisations.
Are you suggesting that it is illegal for someone hosting a group to let be known that by joining a group on their site that there name would be listed? In the UK, Newham for example folks said only collect public information because if we collect private information or promise that certain information is private than as a host your liabilities increase. I can understand creating strong privacy options, but to cripple openness options and essentially require customized GS to have full member lists is a mark against take-up. This is in particular the case if you compare the tool to other e-mail group tools with a full range of openness and privacy options for all. I'd rather see GS be competitive. Steve Michael JasonSmith wrote: > Steve, this is the wrong place to discuss the specific implementation of a site. This group is for discussing the generic implementation of GroupServer, which may be altered according to particular (and understandable) needs of a site. > > In the default configuration of GroupServer, users have control of their own privacy, not the administrators. The user consents to exposing information, rather than having an administrator arbitrarily exposing the user's data, such as group membership. There are two reasons for this. > > First, in countries in the OECD, other than the United States of America, the more private stance is required by law. > http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html > http://www.direct.gov.uk/en/RightsAndResponsibilities/DG_10028507 > http://www2.parl.gc.ca/HousePublications/Publication.aspx?pub=bill&doc=C-6&parl=36&ses=2&language=E&File=41#7 > http://www.privacy.gov.au/publications/ipps.html > http://www.privacy.org.nz/library/fact-sheet-no-2-information-privacy-principles > There is no reason that the default GroupServer behaviour could not be changed in countries that do not follow the OECD recommendations. > > Second, GroupServer sites send out massive amounts of email, as do spam implementations. We want to make GroupServer pure, whiter than white, beyond reproach — to distinguish it from the systems run by nefarious organisations.
On Mon, 2007-10-01 at 19:05 -0500, Steven Clift wrote:
> Are you suggesting that it is illegal for someone hosting a group to let
> be known that by joining a group on their site that there name would be
> listed?
I have the same question (and I'm sure I've raised it before). I have
*never* seen a principle of either our privacy act, or any others, that
could be interpreted as preventing this.
Surely if they are told about the privacy settings of the group (they
are), and they are given an option to reverse the situation (they are --
they can leave).
If we want to do something about it, the appropriate option is at the
*user* level: "Do you wish your name to be shown in the membership of
public groups, to non-logged in viewers?". This could be asked at
account creation time, as part of the profile settings. The help text
should let them know that they will *always* be visible if they post.
In e-democracy, this option could be replaced by supplementing the
account creation conditions, to say that users agree to be shown as a
member of all public groups.
The fact is that in a public group it is moot, IMO. If the user *posts*,
the fact they are a member is visible. Another user could disclose that
they are a member. A user with an account can discover the membership
then leave the group. That takes 4 clicks (join, membership, group home,
leave).
I hope I am not upsetting anyone. I take an extreme stance with privacy, as it gets everyone to clearly state their cases, and I do not want any slip ups. I do not mean anything harsh by it, and I am also very concerned with the usability and utility of GroupServer. Firstly to Steve's point about the take up of GroupServer. I strongly believe that being *more* private will help us, rather than hinder. In our experience, most groups are secret or private groups, rather than open ones. Indeed, the public groups on http://forums.e-democracy.org/ and this group are unusual. For OnlineGroups.Net this is a bit annoying, as it tends to make the sites look dead! It is quite amusing that we can spend so long arguing about something that effects so few sites ☺ My concerns with Steve's suggestion is about change. The basic principal of privacy is that you can disclose anything you want, so long as you ask. In Steve's post, I implied the ability for the administrator being able to change the privacy of the users without consent, which I object to. Richard's suggestion about the user being able to explicitly set the privacy level is where we do want to be in the end, but it is a long way off, unfortunately. All in all we are in an excellent place, and I deeply appreciate the help you are all giving me in sorting this out. There are two things that we agree on. 1. No one is arguing about the visibility of Secret and Private groups. 2. No one is worried about public announcement groups. This leaves two cases of members-page visibility to sort out: public discussion groups that anyone can join, and public discussion groups that have joining by invitation only. I will discuss the latter case first, as it seems easy! In a public discussion group, with joining by invitation only, the members page has the following visibility. * All members are shown to group members. * All members that have made a post are shown to non-members. For the most part, the two sets will be the same, but it does allow for the possibility of private lurking. The overall privacy is controlled by the group administrator, who approves or disapproves invited members. Public discussion groups with invitation only is an incredibility rare type of group, but it is one we should support. For public groups, that anyone can join, we have two options: 1. The same as invitation-only groups, or 2. All members are shown. As Richard says http://groupserver.org/r/post/4fwZZc2O6eMV7t3fmC2LVo it is quite easy to join a public group, which makes the first option silly. So, for public groups I propose that all members are shown. The visibility of profiles is another question entirely. I mention it, as we should only show links to the users' profiles if the profile is visible. As I said, the rules for the members page is more complex than you would imagine at first ☺
This site is provided by OnlineGroups.Net, where you can start your own free online groups site, using the open source web-based mailing list manager GroupServer.