Do not expose usernames by default in public shift view

[MKyhos]

Is your idea or feature request related to a problem? Please describe.

With an increased attention to the volunteer planner (and thus, increased sign-ups), it can be problematic that user names are shown by default for any kind of task-workplace combination, even in such cases where it might not be necessary (for example: shifts with 30+ volunteers).

In very dynamic (and per se open to anyone) volunteer environments as we are observing right now, this by design opens the door for stalking etc, in particular when the username is chosen in such a way that it identifies a person directly (e.g. I observed cases where the e-Mail was used as a username, with full identifiable name).

I acknowledge that there is already a respective warning in the sign-up form (visible to others). However, I would really put emphasis the point that some sort of design solution here is necessary. Volunteers might sign up in stressful situations without the time to read carefully, so a protective design should be in place.

Describe the solution you'd like

From my limited point of view, there are multiple solutions to this problem, ordered from most effective/complex to least complex/ad-hoc:

1. Implement a toggle on shift template level, with two modes: Show usernames, Hide usernames, whereby the latter should be the default. Side effect: This would also avoid the situation where the shift overview tables are getting really stretched because of many displayed usernames, without real added value for those signing up.
2. On user (volunteer) level, add an attribute to the settings to show/hide the usernames on public shift view, with hide being the default.

Thank you very much for your past and ongoing work! :green_heart:

[pitpalme]

One of the founding ideas was transparency. Hiding usernames will be discussed and we'll try to find an appropriate solution.

[MKyhos]

Yes, I already assumed that those are the initial thoughts behind the current design! My concerns just evolved around the very dynamic situation we have right now (and was forwarded to me from some fellow volunteers, who preferred to be rather cautious here).

Thank you very much for discussing it! :pray:

[MKyhos]

Update from our side: we advised volunteers to choose user names that do not identify them in person (if there are security concerns on their side / when in doubt), which somewhat works for the moment. Occasionally, full names or mail addresses still show up, but I saw that this is addressed already here: https://github.com/coders4help/volunteer_planner/issues/494

[christophmeissner]

I think, we should not show any information about volunteers to anybody, except shift, facility and organization managers.

[Doca]

I think its good to somehow identify also co-helpers. Maybe I want to work with the same persons or just some of them. If we allow to decide as proposed by @MKyhos in 1. we should be fine. Also it is possible to change the username this might be also prevent stalking. Thats totally enough I would say.

[christophmeissner]

In favor of better protecting the users privacy, I'd suggest to remove showing, who is helping in a shift to the other users for now and add a more privacy respecting opt-in/opt-out mechanizm to let the users decide, whether it should be visible to other helpers, where they are signed up.

If two users want to work together in the same shift, they still might want to agree to both sign up on a specific shift (using a private communication channel outside of the platform).

[Doca]

Do you know what volunteers use the list of names for? Maybe they coordinate stuff based on that. I would suggest to create a better privacy setting as you proposed but not hiding something that was possible to see since the beginning. If there is a known case of stalking we should change immediately. But just because it can happen I wouldn't change a feature that could help volunteers to coordinate.

[christophmeissner]

Yes, that's my point: I don't think, there is a strong use case in showing the users information for shifts to other users than to organizers.