[openstreetmap/openstreetmap-website] Add allow_read_email oauth permission (#1431)

[Frederik Ramm]

I think that "let's treat users as grown-ups" is not necessarily a good idea. Many of our users simply are not grown-ups. And even grown-ups fall prey to exploits all the time (how often have you read instructions like: "to install this software, perform the following steps, ignore all warnings, check the box that says 'i know that this makes my computer insecure', then when asked 'are you sure' click 'yes'...).

Now an email address not the most sensitive bit of personal information but I think we've been entrusted with something here and we should not carelessly participate in schemes to relieve users of their personal information in the name of convenience.

I have a technical question: Once we offer some kind of permission that users can grant - can *all* applications ask for that permission, or would it be possible to limit that permission to certain applications that we have somehow specially authorized?

Would it perhaps be possible to implement the share-email feature, but only allow its use to such providers/applications that have convinced us that they are trustworthy? I'm sure that there will be some pre-existing "ethics code" for the handling of email addresses (don't sell them, don't spam, don't go big-data on your pool of email addresses to find out stuff about people) that we could request anyone to follow who wants us to enable this feature for them. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/1431#issuecomment-286402254
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20170314/e3bdae33/attachment.html>