Home → Problems →

Exposing email addresses a privacy concern

• Edit

Xavier Shay

02 Feb, 2009 04:39 PM

people don't like having their email address displayed for all to see (see attached for just one example)

this is a really big problem using SSO - people have chosen not to reveal their email address anywhere else on our site. I presume the same is true of other sites using tender.

Thoughts?

• pastedGraphic.png 52.1 KB

1. 1 Posted by Bill Zeller on 03 Feb, 2009 02:08 AM

   

   This is a make or break issue for me as well. Also, could I have a link to your TOS about the email addresses you get in our use of the system? We take our user's privacy extremely seriously and want to be able to know that their data (email addresses) is protected when in your hands.

   • Edit

2. Support Staff 2 Posted by Courtenay on 03 Feb, 2009 02:09 AM

   

   OK, we'll address this ASAP.

   • Edit

3. 3 Posted by rick on 03 Feb, 2009 04:42 PM

   

   We need something to be displayed, otherwise people that don't specify a name will just have a blank.

   • Edit

4. 4 Posted by Xavier Shay on 03 Feb, 2009 04:45 PM

   

   Display email address to support staff only, "Anonymous" to other punters if no name specified.

   Also!

   In many cases, a "Display Name" could be provided via SSO.

   • Edit

5. 5 Posted by rick on 03 Feb, 2009 04:54 PM

   

   Okay, I'll change it to just the first part of the email address. "rick (anonymous)". We already show the actual email address to the supporters. And I'll add support for tender_name. We also have some other supporter-only options coming for external_id and external_url. This way you'll be able to provide a direct link to an internal user admin if you wanted.

   • Edit

6. 6 Posted by Xavier Shay on 03 Feb, 2009 04:55 PM

   

   ace, that sounds good

   • Edit

7. 7 Posted by Bill Zeller on 03 Feb, 2009 05:29 PM

   

   This works for me, as long as tender_name is authenticated (by added it to the hmac).

   • Edit

8. 8 Posted by rick on 04 Feb, 2009 09:09 AM

   

   tender_name isn't used yet, but will be. So go ahead and start using it. I've tweaked this so that the email domain isn't shown anymore.

   • Edit

9. rick closed this discussion on 04 Feb, 2009 09:09 AM.

10. Courtenay re-opened this discussion on 06 Feb, 2009 09:42 AM

11. Support Staff 9 Posted by Courtenay on 06 Feb, 2009 09:42 AM

    

    We just deployed tender_name and it's part of the hmac. When you sign your URL, please sign the string "host/email/expires/name". The old way will still work.

    • Edit

12. Support Staff 10 Posted by Courtenay on 06 Feb, 2009 09:57 AM

    

    Make sure you're using the latest tender_multipass if you want to set the name. For now the code is in my fork.

    http://github.com/courtenay/tender_multipass/tree/master

    • Edit