I am somewhat satisfied that harvesters cannot discover email
addresses of members at an OpenACS site. For the most part, ACS
modules have been designed not to show that information unless the
visitor has registered, and the casual harvester doesn't register
(yet!)
Still, in prior OpenACS releases, the implementation was left up to
each page designer, and there were some leaks. For example, within
the SDM, I believe that unregistered visitors can determine the email
addresses of each package owner. (Log out, and then visit
https://openacs.org/sdm/package-releases.tcl?package_id=2)
Is there any support in OpenACS 4 for displaying email addresses only
under appropriate circumstances? The solution that comes to mind
would be some sort of OpenACS routine that a developer would call
whenever for any email address to be displayed, and that routine
would determine if it's appropriate for the email address to be
displayed, and if not, mangle it for the circumstance.
In the case of an unregistered visitor, the email address can be
smushed to an empty string. At other times, the email address might
be displayed as a text string and not as a mailto: link.
For sites very sensitive to the issue, email addresses might never be
revealed, but each email address might be displayed as a form button
that allows registered users to send an email to recipient via a web
form and a smop. In that case, one registered user might never know
the actual email address of the actual other registered user being
sent mail, and yet, the mail could still get through.
Is there anything within OpenACS 4 that helps out now, and/or is this
an interesting feature to think about for future incarnations?
