[tor-bugs] #32558 [Internal Services/Tor Sysadmin Team]: clarify what happens to email when we retire a user

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Nov 23 21:05:40 UTC 2019 

#32558: clarify what happens to email when we retire a user
-------------------------------------------------+---------------------
 Reporter:  anarcat                              |          Owner:  tpa
     Type:  task                                 |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:  #32519                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+---------------------

Comment (by arma):

 First and foremost, I think we need to communicate a policy to people when
 they get their @tpo email forward. That is, they should know the expected
 way that we will handle their email address when they move on from Tor.

 Part of the problem we have now is that we haven't been clear to people in
 the past, so I imagine people have a variety of expectations. We're going
 to keep surprising people until we have a policy and we've communicated
 it.

 One of the culture clashes here is between a free software community
 project, where email addresses are tied to a person who is contributing,
 and a company, where email addresses are 'owned' by the company and of
 course you shouldn't expect any email privacy or even to control who gets
 your email now and in the future. And some people are on both sides of the
 line: for example, I became arma at tpo back when it was a free software
 community project, and now I'm an employee and officer.

 One reason this matters is because people will quite reasonably use their
 email addresses in different ways depending on the expected persistence.
 If I knew that we planned to possibly redirect my tpo mail to somebody
 else, or if I knew that our policy is that my tpo email address will be
 unreliable at getting email to me in the future, I would switch to using a
 domain that I know I'll continue to control.

 Ok, with all this in mind, let me try to talk through some concrete
 options.

 Option one, we decide our policy is that soon after you stop being an
 employee or stop being a core contributor, by default your email address
 goes away. I think this would be a poor choice. It would mean that folks
 who take a break from working on Tor will see a disruption in their
 contact address -- the email address they used, and likely also the one
 they used in their git commits -- and they will feel less wanted when
 considering whether to return. If this is our policy, I would get new
 business cards with some other domain, and probably change my git commit
 addresses. People would ask why my Tor card has a freehaven.net email
 address, and it would be embarrassing, both to me and to Tor, when I
 explain why.

 Option two, when we are adding a new email forward, we decide whether it's
 in the "company" or "hacker" category, and we make it clear to the person
 getting it. If it's in the company category, then they know that it will
 go away after they leave, possibly get redirected, and all the things that
 company people expect to happen to their email addresses. If it's the
 hacker category, we'll plan by default to leave it in place unless special
 circumstances make us need to do something else. I think this approach
 would be a fine choice. There are some details still to be worked out,
 like how to handle the existing addresses (I think we could go through and
 categorize them), and how to recognize when a person has shifted category,
 but I think they're solvable.

 Option three is like option two except the division is "are they a core
 contributor or not". That is, in this policy, if you have been voted in as
 a core contributor, you are like the "hacker" category above. Whereas if
 you have an email address but you didn't get it by being voted in as a
 core contributor, then you're like the "company" category above. I'd be
 fine with this approach too. In many ways it's cleaner than option two.

 I also don't have any need to force a permanent email address on people
 who didn't expect it. I'd be fine with an approach for the hacker side
 where, when they become less active, we ask them if they plan to make use
 of the address in the future, and then they can say yes or no.

 And there will definitely be exceptions where we choose to disassociate
 ourselves from a person, e.g. after we fire them or after the community
 council kicks them out of the community. I am talking here about our
 default policy, and exceptional circumstances can and should produce rare
 exceptions.

 Yet another complexity comes from the conflict in how to handle company vs
 hacker for folks who fit into both categories. But if, when people switch
 from the hacker category to the company category, they give up the
 expectation of having a reliable email address for the future, we should
 make that clear to them as a tradeoff they are choosing.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32558#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list