ChristophWurst
commented
2 years ago I'm not sure if that is possible with the CalDAV standard. The addresses are stored in the ics. They identify the attendees. I can't think of any alternative.
Open u451f opened 2 years ago
ChristophWurst
commented
2 years ago I'm not sure if that is possible with the CalDAV standard. The addresses are stored in the ics. They identify the attendees. I can't think of any alternative.
u451f
commented
2 years ago Thank you for your quick reply @ChristophWurst. So, does the Nextcloud calendar itself rely on the ics file or does it store the attendees separately?
Without knowing the code base, nor the CalDAV standard, I would suspect that the ics file that is sent out gets regenerated every time I click on "update (this/all) occurrence(s)". If that is so, then I would also suspect that at that precise point, if I have enabled a privacy option somewhere, the ics file could get generated in a way to not include all the attendees - while still sending out the invitation emails to every person in the list.
tcitworld
commented
2 years ago There is ready an (undocumented ?) invitation_list_attendees dav app setting, need to check if it covers this.
EDIT: No, that's just to add the list of attendees in the body of the message. https://github.com/nextcloud/server/blob/master/apps/dav/lib/CalDAV/Schedule/IMipPlugin.php#L580-L653
tcitworld
commented
2 years ago From what I can see there's no obligation for the organizer to send the invitation with all of the attendees included. https://datatracker.ietf.org/doc/html/rfc5546#section-6.3
It's not obvious where all attendees get added to the ICS data in SabreDAV's code (somewhere in https://github.com/nextcloud/3rdparty/blob/6176112be9428026897d958dc2b558d1bde4fec2/sabre/vobject/lib/ITip/Broker.php )
u451f
commented
2 years ago Thanks @tcitworld for researching that :)
JMoVS
commented
1 year ago At least I see regularly invites from Google Calendar that have an ics file attached and state in the email body that other participants are not shown
Is your feature request related to a problem? Please describe.
When I send out invitations to email adresses, aka non-Nextcloud users, then all the email addresses are all publicly visible in the email invitation to everyone, similar to a Cc: instead of a Bcc: in email. I consider this to be a privacy breach. The addresses are part of the .ics file that NC sends out.
Describe the solution you'd like
Email addresses of meeting invitees must not be shown in the invitation sent to other invitees.
Describe alternatives you've considered
Alternatively, there should be an option to hide these addresses and that should be the default option (privacy first).
Additional context
No response