Feature request: Notification by e-mail

[brknkfr]

As a creator of a poll I'd like to have mail notifications when someone submitted a vote. This means I'd first have to supply an e-mail address.

[austinhuang0131]

But then the email address wouldn't be encrypted (visible to the server)? Doesn't this defeat the point of Croodle?

[jelhan]

I share the privacy concerns raised by @austinhuang0131. Actually sharing the email address with the server may not be the most problematic aspect.

If the user opts in to sharing the email address with the server explicitly, I wouldn't have much concerns. The user already shares some personal information like IP address and browser used with the server when using Croodle. I don't think it would defeat the point of Croodle unless it affects encryption of the data in the poll.

I don't see any valuable content, which could be included an unencrypted email:

• The server should not know what the poll is about, what answer options are available, and what options have been chosen. Including any information about the poll in an unencrypted notification email would expose that information to the server. That would defeat the point of Croodle.
• One could argue that informing the user that someone has participated in some poll is enough. The user could open that poll and review the changes. But the email must not even include a link to the poll. At least not a link which includes the encryption passphrase.

Such a notification only makes sense in two scenarios:

1. If the email can include the relevant information because it is end-to-end encrypted as well. This would be possible using GPG. A user would not only share an email address but also a PGP key, which is used to encrypt the content of the notification email. Generating and encrypting the content of the notification email would need to happen when the user subscribes for notification. That means the email could only include information about the poll but not about the participation, which triggered the notification.
2. If the notification is processed by an application, which can securely store the encryption passphrase. This would be the case for a native application. In that case it would be enough to inform the application that a new participation for a specific poll has happened. The app could use the locally stored encryption key to look up all other information about the poll and the new participation.

GPG is only used by a few. Copying a key for your email address is an user experience nightmare even for those few using GPG at all. I don't think spending time on that option is worth it.

The second option looks more promising. Croodle hat the potential to be locally installed as a progressive web app (PWA). Technically there is not much left to make that possible. But for that case it wouldn't be a notification via email. The notification must be processed by a specific app. Only that guarantees that encryption passphrase is available. Push notifications would be the way to go.

Having that said, I feel other topics have a higher priority when (and if) I have time to pick up Croodle development again.

[brknkfr]

Thank you very much for the detailed explanation which absolutely makes sense. I just thought, it would be nice to be informed, when someone adds a vote to a poll, otherwise all those comfortable people out there just forget about the poll and don't check it again.
Couldn't it be a possibility to add a selectable notification by mail with a big fat warning about the consequences? I could imagine that privacy aware people would use an appropriate mail address for this function.