Open da2x opened 2 years ago
I have started taking Hashover into use and the missing unsubscribe function is a big issue. If a user subscribes to thread, he/she will receive notification emails forever - no way to unsubscribe.
Maybe we need two more tables: users (with uid and all user-related attributes) and subscriptions (with uid and thread name). And a link to every notification email which removes the user's subscription from a specific thread. A user-facing management page would then be unnecessary.
Subscription emails should also be sent only when a comment status changes from pending to approved.
It's been two years. Any plans to implement this?
I'm deploying Hashover, and I've already made some changes which I will turn into PR's soon, changes that have to do with privacy notices. A way to unsubscribe is necessary for GDPR compliance. I'll need to handle it manually for now.
A 2-step confirmation isn't strictly necessary by law, AFAIK. It's enough to send an email saying they're now subscribing and providing a way to unsubscribe.
Emails must contain unsubscription links to comply with the CAN-SPAM Act and similar regulations worldwide. The largest email providers also strongly recommends the use of the unsubscription email header (
List-Unsubscribe: http-management-linky
) too.So, a few things are needed:
subscribers
with two columns (uid
andemail_hash
) for this purpose.uid
as a GET parameter and looks up all subscribed comments from the correspondingemail_hash
. The page should have an unsubscribe all button at the top, and then a list of subscribed titles and checkboxes for unsubscribing from individual threads.This is a two-step confirmation opt-out. Ideally, the user should also be required to do a two-step confirmation opt-in before they ever receive any emails. That’s yet another issue, and one that might be better addressed by #312; serving two purposes in one.
This shares a lot of properties with #312, except that the security requirements are different. Worst-case scenario, someone can get a hold of your email management token from your inbox and unsubscribe you from every discussion.