Replacing registered e-mail address in message body with link to Profiles
From:
Michael JasonSmith
Date:
Jan 16 21:51 UTC
Short link
As a strict answer to your question, no we have not thought about redacting
email addresses ☺ Let me finish my coffee…
Steve, I will mirror your post back to you, to ensure that I understand it. In
the case you cite there were two privacy breaches:
1. A user's email address was disclosed when the user
posted a message to a group (a dissemination breach)
2. The user received an off-list message from another
group member (an invasion of privacy) — which was
possible because of the first breach.
Your proposal, Steve, is that we provide the option of redacting the user's
email address from the From line, and replacing it with the address of the
group. Then the only way to contact other members off-list (on most sites)
would be through the Request Contact page on the profile. This page does not
allow the user to enter in any text in order to *mitigate* the effect of the
invasion of privacy.
A down-side to redacting the email addresses is that it would be more difficult
for recipients to tell who posted the message. Whenever a post is made to the
group, the recipients' privacy is breached (invasion), and they have a right to
quickly and easily know who breached it. It is not a big privacy problem, but I
would rather not create more!
In addition, Email is a *heavily* used system, and altering fundamental parts
of it — such as redacting the From address — would create usability problems.
For example, leaving a message unread, depending on who sent it. I suspect that
redacting the From address would be as aggravating as moving the main
light-switch in your bedroom a couple of centimeters ☺
I see another, larger, problem in the case you cite, Steve: the user was
surprised that his or her email address was disclosed. I encourage all
GroupServer sites to have a public, and clear, privacy statement. On OGN our
privacy statement explicitly states that “Your name and email address will be
disclosed to all members of a group when you post a message to the group.” The
prototype registration pages that I am writing have the privacy policy repeated
on the Request Registration page, and on the Edit Profile page, as well as
linked from the standard footer. It does not mean that the users will read it,
but it is a start.
I am also surprised that the user was surprised. Normally people receive
messages from a group for a while before posting. A user would normally notice
the email addresses in the messages from the group… unless he or she was
Web-only. In this case, the user would *have* to rely on the privacy statement
on the site.