This is a really good observation and I think the security risk applies not just to mods of groups. Suppose I don’t like somebody in my group and I want access to all their subscriptions to do bad things. All I’d have to go is change the email address of their whole account.
toggle quoted message
Show quoted text
I’ve always felt queasy about the ability of a group owner to change the account address of anyone at all. That piece of data belongs at a higher level than the individual group. As a member of several premium groups, I’m wondering now whether group owners might do this to me. Prior to this I’d only thought about it as a group owner. I’d push for eliminating this ability entirely.
On Feb 3, 2021, at 8:55 AM, Mark Fletcher <markf@corp.groups.io> wrote:
--
J Messages are the sole opinion of the author, especially the fishy ones. |
|