Increase privacy of guest email addresses #178
Comments
lowercasename
added
bug
|
Hi, thanks for the detailed report! This is a very valid note and should definitely be fixed. I don't have any spare time at the moment unfortunately but this is a great first issue for anyone who wants to get involved in Gathio. ❤️ |
|
I forked the repo onto my git server, made the changes. The commit I'm proposing to be upstreamed. (forgejo.kasanwa.name) Direct link for a patch file (forgejo.kasanwa.name, downloads file) If you feel the changes are ready to include, here's the instructions. |
In the current implementation, when an event is updated, it sends a single email out to all people who included an email address on their RSVP.
While the email addresses aren't publicly displayed on the event page, the email sent when an event is modified includes every email address of event attendees on the "TO:" line, meaning that all recipients of the email can see each other's email addresses.
I think the default behavior of the application should be to use "BCC" for each participant, and allow participants to opt-in to being included on the "TO" line for these emails.
Showing the current behavior of the application, I've included a screenshot. This screenshot is of the "FROM" and "TO" lines of an event update email for an event where 6 participants provided their email addresses when signing up. I've censored the username portions of each email address to be the first and last letter only, and censored personal domains to first and last letter of domain + full TLD.
The text was updated successfully, but these errors were encountered: