https://bugs.kde.org/show_bug.cgi?id=486836
Bug ID: 486836
Summary: more privacy for event invitees when sending out
calendar invitees or share ICS files
Classification: Applications
Product: korganizer
Version: 6.0.2
Platform: Other
OS: Linux
Status: REPORTED
Severity: wishlist
Priority: NOR
Component: invitations
Assignee: kdepim-b...@kde.org
Reporter: rob...@riemann.cc
Target Milestone: ---
I tagged this as a feature request. However, in some regions with strict
privacy laws demanding "data minimisation" and privacy by default, this could
be interpreted as a legal obligation that would merit a classification as bug.
SUMMARY
KOrganizer allows to share event details with invitees using two ways:
1. add people as participants
2. right click on event and click on "send as iCalendar..."
In both cases, the names and mail addresses of invitees are revealed to other
invitees, thus impacting their privacy.
Note that in all cases, the actual contact data sharing is not made transparent
to the event organiser.
STEPS TO REPRODUCE
1. create a new event
2. add two people as invitees
3. see that each invitee can see in the email all other invitees
4. go back to Korganiser and click right on an event in the month view, choose
in the context menu "send as iCalendar" and add two mail addresses
5. find in the sent mail folder that both mail addresses are in the "to"
instead of "bcc"
OBSERVED RESULT
Invitees see mail addresses and names of other invitees.
EXPECTED RESULT
Invitees can only see mail addresses and names of other invitees if the event
organiser has made an explicit choice to share this data.
Linux/KDE Plasma: 6.0
I am using Kontact flatpak 6.0.2 from the fedora repository. According to some
Matrix channel, the fedora flatpak is built the same way like the KDE kontact
flatpak on flathub.
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are watching all bug changes.
