moderated Re: Changing email address security issue #misc


Jeremy H
 

As I mentioned in another thread, the Groups.io ecosystem is formed of three groups of stakeholders: "Service provider (Groups.io, Inc, i.e. Mark)", "Group Owners" and "Group Members" - each of whom has a relationship with both of the others. In particular, Group Members do have a direct relationship with Groups.io. Inc, separate from whatever relationship they have with Group Owners. And it is because of their realationship with Group.io Inc, that they can be members of groups.

From this it follows, that Group Owners should only be able a Member's settings that are, specifically, part of their membership of that owner's group.

And that any Member Settings that apply to no specific group, or multiple groups, should only be able to be changed by the member, or (if really necessary) by Groups.io support.

As a user's (Group Member's) e-mail address is used to logon to Groups.io, and for all messages from all their groups, it follows that only they, or Groups.io support, should be able to change it. (If they had a separate e-mail-address-for-posts-from-this-group, than that group's owner should be able to change that - but (AIUI) that's not how Group.io works)

The one area where this might not apply is for Enterprise groups, which - possibly - can have a different set of relationships, with a group owner, potentiall,y having the ability to prevent their members joining other groups.

Jeremy

Join main@beta.groups.io to automatically receive all group messages.