locked Email Hide And Seek Final


 

Hi All,

Thank you for the discussion over email hiding. I think a slightly modified E option is the way to go:

- A new option in the Settings page: Hide Email Addresses In Archives, with the help text of "Mask email addresses posted in a message body. Note: they will be masked only in the archives, not in emails."
- This will default to OFF for new groups. It will be set to ON for existing groups (so no behavior will change unless the moderators want it to).
- Regardless of this setting, for messages emailed to groups, I will look for quoted message headers, such as "On [date/time], [email address] wrote:", and replace [email address] with the subscriber's full name or user name (in that order), if we have it. This will happen before the message is stored in the archives and before it is sent back out to the group. This will match the change I just made to the 'Insert Quoted Message' feature when replying on the website. Note: because there are an infinite number of quoted message headers out there, this will be imperfect and I will probably miss some, especially in non-English languages.

Did I miss anything? Speak now or, umm, speak later. :-)

Thanks,
Mark


Brian Vogel <britechguy@...>
 

Mark,

         Just so I am (and anyone else will be) completely clear here:  If we wish to request that message body e-mail addresses not be masked for an existing group, we should send an e-mail to the group owner to ask that they consider turning masking OFF?
--
Brian

A lot of what appears to be progress is just so much technological rococo.  ~ Bill Gray


 

On Fri, May 27, 2016 at 3:24 PM, Brian Vogel <britechguy@...> wrote:

         Just so I am (and anyone else will be) completely clear here:  If we wish to request that message body e-mail addresses not be masked for an existing group, we should send an e-mail to the group owner to ask that they consider turning masking OFF?

That is correct (but wait until after I implement it.. :) ).

Thanks,
Mark 


Brian Vogel <britechguy@...>
 

Mark,

         Certainly!   I probably won't think about it again until I post something with an e-mail address in it and it's masked.  That or someone else will post an e-mail address I need, and since I only read via the web interface, it will be masked.

--
Brian

A lot of what appears to be progress is just so much technological rococo.  ~ Bill Gray


 

Mark,

Sounds good. 
--
J

It's dumb to buy smart water.


Cacky B
 

By all means, let us know as my group definitely communicates one with another as well as through the group.

Cacky


On 5/27/2016 5:46 PM, Mark Fletcher wrote:
On Fri, May 27, 2016 at 3:24 PM, Brian Vogel <britechguy@...> wrote:

         Just so I am (and anyone else will be) completely clear here:  If we wish to request that message body e-mail addresses not be masked for an existing group, we should send an e-mail to the group owner to ask that they consider turning masking OFF?

That is correct (but wait until after I implement it.. :) ).

Thanks,
Mark 



 

Mark,

- Regardless of this setting, for messages emailed to groups, I will
look for quoted message headers, such as "On [date/time], [email
address] wrote:", and replace [email address] with the subscriber's full
name or user name (in that order), if we have it.
I presume you mean the Display Name in the subscriber's profile (vs. full name).

What do you leave if the user has set neither Display or User Name? It would be best if there was some unique moniker so that one could tell which member was quoted; or at least that it was the same person as quoted in some other message.

Shal


 

On Fri, May 27, 2016 at 8:56 PM, Shal Farley <shals2nd@...> wrote:

> - Regardless of this setting, for messages emailed to groups, I will
> look for quoted message headers, such as "On [date/time], [email
> address] wrote:", and replace [email address] with the subscriber's full
> name or user name (in that order), if we have it.

I presume you mean the Display Name in the subscriber's profile (vs. full name).

Correct.

 
What do you leave if the user has set neither Display or User Name? It would be best if there was some unique moniker so that one could tell which member was quoted; or at least that it was the same person as quoted in some other message.

It occurs to me that the algorithm will have to be more complex:

- Find the quoted message header, and in that find the email address (and possible name).
- Look up that email address and see if they're a subscriber to the group.
- If they are, then replace both the email address and name in the quoted reply header with either Display Name or User Name as set on their subscription. If display name/user name are not set, do no substitution.
- If that email address is not a subscriber, do no substitution.

That leaves some quoted reply headers with email addresses in them, but I think that's ok. The fig leafing happens if the group is configured for that. If not, there will be other email addresses exposed anyways.

Have I got this figured out right?

Thanks,
Mark


 

Maybe this is naive, but isn't it possible to do the fig leaf thing in that case, just like you do in the archives? Why suddenly try to substitute the user or display name or deal with it if it doesn't exist?
--
J

It's dumb to buy smart water.


 

Mark,

- If they are, then replace both the email address and name in the
quoted reply header with either Display Name or User Name as set on
their subscription. If display name/user name are not set, do no
substitution.
On further consideration, I think in the case where neither name is set, then you should use just the username portion of the email address. For example, convert:" Shal Farley <shals2nd@example.com>" to just "shals2nd" or "shals2nd@...". I think this would be the least surprising choice as it matches the kind of masking that occurs elsewhere.

And I see now that J has had this idea also.

I think you should avoid leaving the display portion of the email address ("Shal Farley") because that is usually set in one's email user interface, and may not have been chosen carefully for use in groups.io messages.

- If that email address is not a subscriber, do no substitution.
Fair enough.

That leaves some quoted reply headers with email addresses in them, but
I think that's ok. The fig leafing happens if the group is configured
for that.
Right.

If not, there will be other email addresses exposed anyways.
Small consolation for the member that tried not to post their email address. However I recognize that there will be limits to how good your matching algorithm for quote headers can be.


Shal
https://groups.io/g/GroupManagersForum


 

Maybe someone has already suggested this (I just thought of it): this morning I wanted to post my email address in a group other than my own. When the masking option comes into effect, I will have no way of knowing, short of laboriously looking through posts or just taking my chances, whether or not my email address will be masked when I want to post it, unless I am already very familiar with that group. I think this is a big detriment to providing the option (and one I hadn't thought of before). Essentially, unless posting to a group that's well-known to the poster, you have to fake out the address anyway. One way of mitigating this would be to state on the group home page whether or not masking posted email addresses in the archives is in effect for the group.
--
J

It's dumb to buy smart water.


Brian Vogel <britechguy@...>
 

J_catlady brings up a good point.  It might be helpful, if possible, to have one of those "pop-up" type warnings the when someone attempts to post an e-mail address in a message body on the forum interface, or the equivalent response e-mail, telling the user that this address will (or will not) be visible in full in the online archive.  These would, of course, have to include one of the handy little "Do not show me this message again" checkboxes and "Do not e-mail me this warning again" response options.

This would only apply on non-anonymous groups, of course.

It will also most likely generate messages to the group owners of existing groups with regard to what "the group setting" should be as far as message body e-mail addresses.
--
Brian

A lot of what appears to be progress is just so much technological rococo.  ~ Bill Gray


 

I think a real-time warning like this (in addition to, or instead of, a notice on the home page, which would probably not be read much) is a good idea, because when you post an email address and masking is in effect, you have no way of knowing it's masked on the site until you read the archived message. (And email-only users might never find out.)

--
J

It's dumb to buy smart water.


Brian Vogel <britechguy@...>
 

Another thought regarding the possibility of this sort of real-time warning.  It would have to be sensitive to the group setting being reset in either direction.  If someone got the warning and gave the "don't show this to me again" response they would still need to get that warning again if the group setting were to be changed since "what they know" is no longer accurate.  
--
Brian

A lot of what appears to be progress is just so much technological rococo.  ~ Bill Gray


 

LOL. That's true. I was tempted to say it's not a big deal or a serious concern, but I think it is.

I wonder, after the option is implemented, what percentage of groups are going to use it. I think it's wise of Mark not to make it the default (although existing groups will be 'grandfathered" in). I almost see the option as causing more problems than a simple policy one way or the other. 
--
J

It's dumb to buy smart water.


 

Although perhaps, like all privacy settings (using the term "privacy" loosely in this case), the option should be a one-way street  - which would solve that problem. 
--
J

It's dumb to buy smart water.


 

J,

One way of mitigating this would be to state on the group home page
whether or not masking posted email addresses in the archives is in
effect for the group.
Sounds reasonable to me. Also whether the group is "Anonymous". Those are both in line with the other Group Settings already displayed there.


Shal
https://groups.io/g/GroupManagersForum


Nightowl >8#
 

Mark Fletcher wrote:>>Did I miss anything? Speak now or, umm, speak later. :-)<<

Sorry I'm speaking so much later, but I think this is a good idea. It will protect e-mail addresses from being quoted in full, or sent out in full when the user doesn't want them to be.

Thanks,

Brenda


Nightowl >8#
 

Mark,

Can we request that you use a handle or name but not have to have a profile set up?

I want to make sure my e-mail address is altered.

Brenda


Nightowl >8#
 

Here is what concerns me about profile name:

"Your short profile name. Must be unique, with no punctuation or spaces. If you set a profile name, your profile becomes public; people will be able to view your profile at groups.io/profile/profilename."

This is what appears in the Profile tab.

I have not, to my knowledge, set a profile name, but featheredleader is in the box for the profile name.

I'm fine with featheredleader being my shortened name to use, but I am not fine with my profile becoming public.

Please explain this to me, thanks.

Brenda