kill-the-newsletter icon indicating copy to clipboard operation
kill-the-newsletter copied to clipboard

Published 20 hours ago verified publisher icon leafac

Consider using different public ID for the email and feed.

Open kevincox opened this issue 9 months ago • 2 comments

Right now the same publicId is used for both writing (in the email address) and reading (in the feed ID). This presents a possible privacy issue where anyone with the email can read sent items.

At first look this isn't an issue as they sent those items in the first place, but there are a handful of reasonable scenarios where this could happen.

  1. Using the same email for multiple senders.
  2. The sender sells your email address, now the buyer can read the communication. (Rather than just spamming you as was probably intended).

I would recommend adding a separate public ID for sending to keep write and read privileges separate. I believe this can be done without disruption by making these two values the same for all existing feeds, and generating them separately for new feeds. Alternatively either ID could be used for writing (at least for old feeds) but I see no benefit of this approach.

kevincox avatar Feb 09 '25 17:02 kevincox

Hi @kevincox,

Thank you for reaching out.

This is a leftover from back in the day when, instead of using a database, we stored the feeds as files in the filesystem.

We tell people not to share their feeds in the How do I share a Kill the Newsletter! feed? section of the home page.

But you’re right that for new feeds we could separate the ids of the email address and the feed address.

I’ll get to that at some point.

leafac avatar Feb 20 '25 15:02 leafac

Thanks for the input. It isn't a major concern for me personally but someone was asking about the privacy of Kill the Newsletter! and I noticed this could be improved. I figured it was good to at least track this.

We tell people not to share their feeds

Sharing the feel link is one part of it, right now sharing allows posting to the feed (which may be unexpectedness to a casual user) and reading whatever is in the email including unsubscribe links (which may be expected by a user).

But I'm more concerned that you need to share the submission email with the senders and you usually don't have much control over what they do with it. For example emails are often sold and to the seller it seems like this is tracking and write only if they share a Kill the Newsletter! feed they have inadvertently given access to read the past things that they have sent you as well. (Of course I don't condone selling emails, but it is the unfortunate reality that we live in.)

Glad to know that you are open to the

kevincox avatar Feb 20 '25 17:02 kevincox