At present Trusted List requests and additions, and some Profile Manager additions, are handled using members' email addresses. Trusted List requests delivered by email include the address of the member originating the request. To add a member to the Trusted List of a single profile, their email address needs to be entered in a field on the privacy tab of the profile. Similarly, the bulk Trusted List and Profile Manager addition tools require the use of the email address of the member being added.
This approach has at least two drawbacks:
- Many people prefer that their email addresses are not widely known, to help prevent identity theft and spam. It is not suggested that other members would be directly responsible for this, but if another member's computer is hacked and their contacts list is stolen, anyone on that list is at risk.
- Once member A knows member B's email address, member A can accidentally or deliberately add member B as trusted or manager for large numbers of profiles, without approval of member B, who may then need to do a lot of work to reverse the change. There have been cases where this has happened in practice.
One way to improve this situation would be to use members' WikiTree IDs instead of email addresses when adding them to Trusted Lists, and for bulk Profile Manager additions. When this is done, the recipient member being hypothetically added would be notified by an email, not including the address of the originating member, but instead a link to a web page where if logged in the recipient could approve or deny the addition, whether for one or many profiles.
A Trusted List request email could as at present include a link to a tool which would approve the request. But the email would no longer include the address of the requesting member. Instead it would give instructions for replying via a comment on the profile of the member originating the request (this does not reveal email address). If the member receiving the request wished to reply privately, they could use a WikiTree Private Message, either revealing their own email address voluntarily if they wished, or replacing it with an imaginary one as Gaile Connolly has described at this link.
I realise that changes along these lines, or any other approach to the problem, would require substantial programming effort. But I think they offer substantial benefits, and I hope they can be considered for inclusion in long-range software development planning.