Ability to hide email address

[pedroldk]

Would it be possible to hide the email address from the profile? I believe it is a breach of security that any logged-in user can check the email address of any other user. If this is the case of being able to contact that user, then there are other ways to do it. (GitHub profile, Twitter account, direct message, etc.)

[mathjazz]

Hey @pedroldk, thanks for filing the issue!

Pontoon Terms of Use and Mozilla Commit Access Requirements both state: "Your name and email address, or a derivative of it, may be attached to your contributions and so be visible worldwide."

In practice, that means Pontoon (which is designed to work with VCS systems as translation storage) sets the commit author to user's email address when translation are sent to VCS (example). We also use email addresses to represent users in Pontoon UI (e.g. for translation attributions) in case they don't set a display name, because that's the only identifier we have.

I don't see a lot of room for change in any of these use cases. We could probably hide the email address from the user's profile page if the user explicitly requests it. Although in this case we jeopardize the ability (or at least make it more difficult) for a Locale manager to get in touch with a prosperous new user they might want to mentor/promote etc.

[pedroldk]

Hi @mathjazz, thank you for taking the time to answer. I do understand the advantages, and it's not like nowadays there are more ways to secure your email address. Closing the issue ;)

[mathjazz]

I think this is still a valid issue. :)

In the profile page, we could hide the email address, unless the user accessing the page is an Admin or Locale Manager (who might want to get in touch with the user). Also, hiding an email address should be optional, because some users (especially admins and managers) might want others to be able to get in touch with them easily.

We could also point out that hiding an email address does not apply to VCS and link to the Terms page with explanation.

[pedroldk]

@mathjazz seems like a great solution, it preserves the hability for admins to contact directly and gives more privacy to users ;)

[avm99963]

GitHub allows users to hide their email address when committing by using an address of the form ID+username@users.noreply.github.com. I don't know how difficult it would be to implement this but I think it would be a good solution for hiding the actual email address in commits.

[LilianaMoore]

Bots are harvesting email addresses from contributors subpage. You don't have to be logged in. https://pontoon.mozilla.org/ru/mozillaorg/contributors/ This is a serious privacy/security flaw.

[flodolo]

Bots are harvesting email addresses from contributors subpage. You don't have to be logged in. https://pontoon.mozilla.org/ru/mozillaorg/contributors/ This is a serious privacy/security flaw.

This is unrelated, and possibly a different issue. Users have the possibility to pick a username that has nothing to do with their email, and that will show up in that page.

In the profile page, the email address is hidden if you're not logged in, e.g.
https://pontoon.mozilla.org/contributors/Ia-ei3AiMfLnsvApB2cstaDhRuQ/

[mathjazz]

Users now have the ability in settings to make their email address on their profile page visible to either Translators or Logged in users. Which effectively makes this bug resolved. Email addresses of team and project managers are visible to all logged in users.