I’ve been asked to support searching by email address in the Pownce API. This means that you could search for another Pownce user if you know their email address. Currently this doesn’t exist anywhere on the Pownce website or API - search is by name or username only.
I’m fine with allowing people and bots to search by email if the email is “public” in the user’s Pownce privacy settings. The problem is that by default your email is “friends-only” and very few people change it to “public”.
To me there’s also a difference between allowing another Pownce user to search for you by email address and allowing a bot to search by email address. Specifically, Google’s social graph API plans search other social sites by email address to find your other accounts. This would be very helpful in helping you create profiles and find friends faster, but also could give Google a more of your personal data.
I suppose search engines could also do this by full name or username, but an email address is considered a unique identifier and lots of sites have you validate your email address after registering (though Pownce doesn’t).
Flickr and Twitter allow searching by email address and Facebook actively tries to prevent it. What should Pownce do? Is Pownce obliged to try to protect user data that is flagged as private or friends-only? Does searching by personal data differ from displaying personal data? Comment below or on Pownce - I’ll let you decide.
27 Comments
Jeremy
I think that for most practical purposes regarding privacy, allowing searching is equivalent to publication. If someone intends for their email to remain private, and has indicated so with Pownce (even by not changing the default), then I think you have an obligation to preserve the privacy across all methods of access. What am I missing?
mark
no, unless poeple want it in which case absolutely use with a security image|audio clip to keep out spamming robots.
why not just ask the person?
gecko68
It would be helpful. I mean if someone has your email address then they were meant to have it.
People who do not know your email address wouldn’t know what to use.
But, it needs to be an exact search. Searching Leah, should not bring up your email address.
Otherwise this opens it up to spammers and other nasty web citizens.
mark
ok after reading your post.. in the case of searching by email.. I say absolutely.
Also post at sign in and in updates the benefit of setting security toggle to ‘public’ if wanted..
josé moreira
dont do it, its a (spammers) trap!!
Alcides Fonseca
I don’t to say something stupid, but if you know someone’s email address, it’s probable that you can find their name. And you’re not giving out emails to everyone, since they need the email address in the first place…
You can always have a checkbox for those privacy nuts
Ken Keiter
Long time no post! Good to hear from you again, Leah.
I agree with you — allowing people to search by email address is one thing, but bots are another matter. Either way, if other sites such as Twitter and Flickr support it than it’s probably okay. I think that Facebook’s lack of support stems from their original desire to identify people by their real names instead of pseudonyms such as those found on myspace (”<3 xX Jen El Crockhunter Xx <3″ Gag.) Note that back in the university-only days they used to require strict e-mail verification as well. As a good buddy of mine says: Whatever you do, don’t fuck up.
Good to see you blogging again!
Cheers!
-Ken
Jake
I agree with Jeremy, if the user wishes for their email to remain hidden, it should remain hidden. Maybe if the user who’s email is hidden receives a message saying so-and-so has entered your name and is looking for you, they should be able to decide whether they can be added.
im not sure if that makes sense, it did in my head.
Pownce is amazing, thank you for it.
-jake
Andrés Fuenzalida
i think it could be usefull in some situations…
auguafresca
Generally speaking it seems like a bad idea albeit one that is being adopted steadily by other sites. I know that every time I sign up for some site and I enter my email address and it tells me ‘Now people can find you via your email address’ I cringe for some reason. Follow the Facebook lead for now. There are PLENTY of ways for friends to find friends, I’m not sure the search via email is a necessity and it opens everyone up to (more) spam than is necessary.
Matt
Just don’t go the way of openpeople.us.
As when you try to find your friends on the site already by their email address, they end up sending an email to everyone in your address book who is not yet a member of the site.
moos3
I don’t personally think its a big deal to allow searching for user by email if your logged in and only if your logged in. I also think that you should allow the user turn it on and off in privacy settings. So if your email is public in privacy settings then people can find you by email if not public then you are not turned in the results. Make sense?
Mark J
I agree with Leah’s major point about Pownce’s obligation to protect privacy for unpublished information. Obviously, if a user doesn’t want their email address shared with the general user base, then it shouldn’t be included as a searchable field for all users.
I receive emails daily that include multiple recipients, and the sender usually doesn’t take the precaution of using a blind cc for them. This is especially true for forwarded items from friends who don’t bother to removed the previous lists of recipients before resending.
I don’t feel any urge to go snooping for users based on these randomly available addresses, but then I don’t feel any age to spam a bunch of random users either. Obviously, some do.
So I guess the question is, how much effort is it worth to add a feature that only a subset of users will enable? The most reassuring aspect of this is that Pownce is erring on the side of caution. If the user opts to make their address searchable, only exact matches should be disclosed.
Marcus
Do not allow it.
It may be handy to find someone that way.
It can open up a BIG can of worms to allow that crap.
Curtis Chambers
I agree with Ken. I think that logged in users should be able to search by e-mail, but not the public. I’m pretty sure all other social sites, even Facebook, allow registered users to do that. Making it public is an entirely different ballgame though.
For example, if someone knows your e-mail address and puts it into a form on a social networking site, wouldn’t they be a member of that social networking site to be doing that action in the first place? Why would someone search social networks anonymously for a person if they didn’t plan on adding them as a friend on that network?
The other reason I like the e-mail search feature for logged in users is because when I did the Gmail contact import with Pownce, it found a lot of people with the same names as my friends, but they weren’t actually the people I knew. Just matching on name alone doesn’t do so well when searching for “Liz Smith.” Having the unique ID search could be a powerful feature in terms of helping people connect.
Jan
Hi Leah!
I like it that you ask your users for their opinions!
It takes a lot of people a lot of time to really get into the Pownces/Twitters/Facebooks, just because you have to re-build your network. But that’s common sense, and when you can shorten that time your business will obviously benefit from that.
I agree with most of the comments here: E-Mail data is sensitive stuff. I would never never never ever share my user’s addresses of any kind with anyone. I would never ever allow a search on my e-mail database. Noone should ever get an E-Mail address if they didn’t know that address in the first place. I’m not even sure about searching people by their username if they didnt actually enabled that on their own.
But _matching_ addresses is something completely different. If you get a list of addresses, hash them, and then compare it to hashes in your database, that’s cool with me! I’d like that!
Then again, you should prohibit people from checking hundrets of thousands of email addresses they gathered on the net to find Pownce profiles. So I’d allow just a few addresses at once and would make people type in captchas for every 100 addresses or so.
I maintain a couple of addresses for various services I sign up to, because not everyone should know everything about me. I’m cool with people finding me on Pownce for the E-Mail address I used to register. But I’d always let people opt-out of that search.
I’d add a new email hash field to my Django model and make Django automatically calculate that hash based on a config value. If that profile doesnt want to be found the save() function would just not add that hash value, and with an additional (internally hash-based) index for that column it should be plenty fast.
Hope I could help,
Jan
Arvid
Pownce is nice, only the search options to see whether you know people is pretty minimalistic. Adding the option of using the email address would already help although I sometimes don’t even know the email address of these people. I would rather see an option to list people in the neighborhood or same age etc.
But erm.. Pownce is down (again)
Eldin
I agree with Auguafresca.
Pownce already has the Find Friends feature, which is already “good enough” feature when it comes to Importing from other places.
Noah
You should allow for a user to enter in the email, and then return a message saying if the email exists then the user will be notified of a friend request.
Isaac
Because being searchable by your email address and publishing the address aren’t exactly the same thing but both could potentially be privacy issues, I suggest that you create a new preference bit that allows users to decide if they want to be found by their email address.
Then insert a small header into every page on the site saying something like “Pownce has introduced the option to be searchable by your email address. Do you want others to be able to find you using you email address?” with Yes and No buttons.
Leave the default as “no” in their user record unless they click on that Yes button. Problem solved.
I don’t see a realistic way to keep this out of the API but I guess that’s up to you guys. I think people understand that if they allow something on a site it can also be done by applications and tools that work with that site.
j
Go ahead allow it
It’s a great way for automated bots to find email addresses that will work.
@gecko68: “People who do not know your email address wouldn’t know what to use”. Please. If your email address is shorter than 20 characters, a bot will eventually find it.
Dictionary attacks, anyone?
Even the captcha idea is defeated by OCR, just observe how good bots are nowadays at beating captchas.
Edward Slipszenko
I don’t think it should be done. Imagine if someone tried to get all the friends of the “Pownce” user (the one that is used for making announcements) and got all there email addresses listed? Is that not going to be possible still? Surely username is enough identification?
Derek
I haven’t sat down to think about it for more than 10 minutes of reading the post & comments, but I think you should open it up for anyone via the API/Website. If someone has your email, there’s a reason why they have it, and I don’t think there’s any harm in saying “user with email X has a pownce account here“. Beyond that, it is up to the pownce user to determine whether or not to make their pownce updates available to the world, or just their friends.
The reason for not sharing your email via the pownce website has nothing to do with not wanting people to find you via your email address. Don’t tie the two together.
Going one direction it is using someone’s pownce account to determine their unique identifier (email). Going the other direction it is someone using your unique identifier (email) to determine your pownce account.
Andrew Hallock
Published and search-able email addresses are two different things. Simply add a new privacy setting for whether or not your profile can be searched by email address. Turn it on by default, but let users know there’s a new privacy setting. And I agree with Curtis, you should be logged in to search.
You have most of your bases covered by providing the address importer mechanism for the major email providers - but a lot of people store their contacts in Outlook.
andrew woods
I agree with the majority in that it should never be displayed. However, I think it would be ok to to use it internally for matching addresses of existing pownce users, but only displaying the names of the friends that match. that way you get the best of both worlds. btw you would not expose this in the public api. this matching would be internal only. As a developer that’s how I would do it.
hope that helps.
Daniel Cedilotte
Don’t allow it. If I trust you with my emails, it’s not for you to turn around and hand it to 90 million spammers on the other side. Don’t add a search by emails.
Mick
Hey Leah,
I think that since you have added authentication to the Pownce API go ahead and allow an email search function, just make sure that it is from a registered account. Beyond that I assume that you track API usage by account / API key. So keep an eye on the largest users of the email search, as I’m sure you keep an eye on other API functions.
As for on the site, again, make sure that it is a registered user that is preforming the search, and again keep track of extreme usage.
However I think that you have to respect the user’s privacy, if they have there email set to friends only they cant be included in the search.
That is just my 2 cents.
Also it is great to see you blogging again, keep it up