moderated Re: Changing email address security issue #misc


Bruce Bowman
 

On Wed, Feb 3, 2021 at 11:55 AM, Mark Fletcher wrote:

I have changed the feature so that you cannot change the email address of a member who is a moderator or owner of a group.

Mark -- Thanks. This has bothered me for awhile now.

Should I make other changes? Should the change only affect that one subscription? That is, if someone is subscribed to 2 groups, and the moderator of one of those groups changes that person's email address, should I then create a new Groups.io account, splitting off that one subscription?

Correct me if I'm mistaken, but I think the most common scenario behind the existing feature is when someone simply gets a new email address, leaving the old one inactive. In such a case, the current behavior -- having the change occur account-wide -- strikes me desirable. 

If the account was to be split into two, it raises the question of how to subsequently merge them...especially if the previous address is no longer accessible. Generally, it seems to me that if an account holder is struggling to change his own address, he isn't going to be any more adept at merging them.

A third option (which probably won't be popular but I'd like to throw out for consideration) is the elimination of this feature altogether. As group Owners, we cannot edit a subscriber's profile, but we can change their login credentials? That combo has never quite added up to me. 

Regards,
Bruce

Join main@beta.groups.io to automatically receive all group messages.