E-mail visibility

[nap84]

This is kind of a revisit of #5784 where I open the e-mail visibility can of worms.

We are currently discussing adding a create eLabFTW team functionality to our moodle instance, which would automatically create a team in our eLabFTW education instance and add the students to it. Technically, this appears fairly simple. However, from the way our identity management works, I will most likely have to allow all domains to avoid lots of "domain not allowed" errors - students usually have a personal e-mail address in our system. For our research istance, I basically say they have to adjust the address in the system, but I see this being pretty hard to argue for students.

This is where I see some data protection concerns happening. We already do not show e-mail addresses to everyone in Moodle, even if they are in the same course. I may have problems arguing that they are shown to all users in eLabFTW.

The first question I was asked by our moodle devs is why the e-mail addresses need to be shown and how are they used by users. My answer would be that it's a collaboration feature, but in this case we have Moodle as the communication tool.

How are others handling this? Is it worth revisiting some kind of visibility or masking feature request?

[NicolasCARPi]

why the e-mail addresses need to be shown and how are they used by users.

It was asked by someone as a way to discriminate between users with same/similar names.

Also, you realize that you're trying to mask information that is easily guessable, right? Your email is literally LASTNAME@institute.de.

On the other hand, given that the email is also the login, I can see how it could be interesting to make this feature opt-in from sysadmin panel and make the email a "secret" value.

[nap84]

Also, you realize that you're trying to mask information that is easily guessable, right? Your email is literally LASTNAME@institute.de.

If we just had institutional email addresses (which I enforce on the research instance), completely agree, and I wouldn't be at all concerned. Not so much the case for students at RWTH, apparently.