jelhan / croodle

Croodle is a web application to schedule a date or to do a poll on a general topics.
MIT License
187 stars 24 forks source link

Feature request: Notification by e-mail #549

Open brknkfr opened 2 years ago

brknkfr commented 2 years ago

As a creator of a poll I'd like to have mail notifications when someone submitted a vote. This means I'd first have to supply an e-mail address.

austinhuang0131 commented 2 years ago

But then the email address wouldn't be encrypted (visible to the server)? Doesn't this defeat the point of Croodle?

jelhan commented 1 year ago

I share the privacy concerns raised by @austinhuang0131. Actually sharing the email address with the server may not be the most problematic aspect.

If the user opts in to sharing the email address with the server explicitly, I wouldn't have much concerns. The user already shares some personal information like IP address and browser used with the server when using Croodle. I don't think it would defeat the point of Croodle unless it affects encryption of the data in the poll.

I don't see any valuable content, which could be included an unencrypted email:

Such a notification only makes sense in two scenarios:

  1. If the email can include the relevant information because it is end-to-end encrypted as well. This would be possible using GPG. A user would not only share an email address but also a PGP key, which is used to encrypt the content of the notification email. Generating and encrypting the content of the notification email would need to happen when the user subscribes for notification. That means the email could only include information about the poll but not about the participation, which triggered the notification.
  2. If the notification is processed by an application, which can securely store the encryption passphrase. This would be the case for a native application. In that case it would be enough to inform the application that a new participation for a specific poll has happened. The app could use the locally stored encryption key to look up all other information about the poll and the new participation.

GPG is only used by a few. Copying a key for your email address is an user experience nightmare even for those few using GPG at all. I don't think spending time on that option is worth it.

The second option looks more promising. Croodle hat the potential to be locally installed as a progressive web app (PWA). Technically there is not much left to make that possible. But for that case it wouldn't be a notification via email. The notification must be processed by a specific app. Only that guarantees that encryption passphrase is available. Push notifications would be the way to go.

Having that said, I feel other topics have a higher priority when (and if) I have time to pick up Croodle development again.

brknkfr commented 1 year ago

Thank you very much for the detailed explanation which absolutely makes sense. I just thought, it would be nice to be informed, when someone adds a vote to a poll, otherwise all those comfortable people out there just forget about the poll and don't check it again. Couldn't it be a possibility to add a selectable notification by mail with a big fat warning about the consequences? I could imagine that privacy aware people would use an appropriate mail address for this function.