[openstreetmap/openstreetmap-website] Add allow_read_email oauth permission (#1431)

[Ilya Zverev]

Isn't allowing an app to modify the map more dangerous than sharing an e-mail?

The list of permissions is usually quite small, so users tend to read it. The e-mail permission goes second, right after the master setting for getting all other data.

Instead of making the permissions list more pretty by including warning signs and strong text, I'd put up a blog post highlighting the new permission, as we did with the notes a few years ago. I dropped the idea of universal privacy some time ago, because you have to give out your email address so often now, it makes to sense trying to patch all the holes.

As a protective measure, we can introduce a "never share your e-mail with apps" setting in the profile.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/1431#issuecomment-281646399
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20170222/e32f9e3e/attachment-0001.html>