On 16/09/05, Thomas Gries mail@tgries.de wrote:
Rowan Collins wrote:
The basic problem is that people see the watchlist as private information - watching someone else's could facilitate anti-social users "stalking" those pages, etc.
See my comment http://bugzilla.wikimedia.org/show_bug.cgi?id=471#c13 wherein I suggest a token method, the token only mailed on watchlist owner's request to his e-mail address, similar to Confirmmail method.
Yes - or my comment #8 on that bug, which reads in part:
...the most widely usable solution would be to let the user opt in in preferences to make their watchlist public, and then generate a secret random token that has to go in the URL to view it. (Noting that this provides only imperfect protection...
I don't really see the need for e-mail addresses to be involved, unless that happens to make the code much simpler for some reason - the decisions of whether to register an e-mail address and whether to activate an RSS watchlist are completely unrelated. The way I pictured it, the "secret" token would just show up on the preferences page once the user opted in.