W3C home > Mailing lists > Public > www-tag@w3.org > February 2010

Re: ACTION-278 Hiding metadata for security reasons

From: Mark S. Miller <erights@google.com>
Date: Sun, 7 Feb 2010 08:30:38 -0800
Message-ID: <4d2fac901002070830gf170524o1e28af5616728911@mail.gmail.com>
To: Jonathan Rees <jar@creativecommons.org>
Cc: Larry Masinter <masinter@adobe.com>, "www-tag@w3.org" <www-tag@w3.org>, Tyler Close <tyler.close@gmail.com>
On Sun, Feb 7, 2010 at 8:18 AM, Jonathan Rees <jar@creativecommons.org>wrote:

> 1. The user may not know he/she is subscribed to the list (either
> forgot, or was added speculatively), in which case it's unlikely
> they'd have kept track of a password
> 2. Legitimate businesses want to make unsubscription as easy as
> possible, to minimize the chance they'll be accused of sending spam.
> Thus the password recovery step (and even, I would argue, the
> copy/paste step) is unacceptable overhead to them
> 3. The user may not have the ability to send email from the account
> that is subscribed (it may just be a forwarding address)
>
> I'm going to mark my action 'pending review'.
>

Despite Google having one of the world's largest investment in accounts with
passwords and cookies, their guidelines for bulk sender unsubscription <
http://mail.google.com/support/bin/answer.py?hl=en&answer=81126#unsub>
agrees with Jonathan.



> Jonathan
>
> On Sat, Feb 6, 2010 at 11:57 AM, Larry Masinter <masinter@adobe.com>
> wrote:
> > Design 3:
> >
> >   1. The user is subscribed message to a mailing list.
> >      There is a "subscription password"; the user can pick it
> >      when subscribing or the system can generate one.
> >   2. The list processing software sends an email message to the user,
> >      providing advice that the user may unsubscribe from the list, and
> >      including a link to an unsubscribe confirmation page; the link
> >      also fills in the user name (but not the password).
> >   3. The unsubscribe page lets you enter in the password. If
> >       you don't remember or never had the password, there is a
> >       "send me my password" link, which will email the password
> >      to your email address.
> >   4. The user follows the link to the confirmation page, and finds a
> >      form with an input field requesting the password
> >      and a button to "[Confirm] your unsubscription". The
> >      form is to be submitted with method="POST".
> >   5. The user types in the password from memory or
> >      copies the password from the password email message and pastes
> >      it into the password field, and activates the [Confirm] form
> >      control.
> >   6. The list processing software confirms the unsubscription and
> >      removes the user from the list.
> >
> >
> > This is the usage pattern in many email lists.
> >
> > Larry
> >
> >
>



-- 
    Cheers,
    --MarkM
Received on Sunday, 7 February 2010 16:31:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:19 GMT