Handling of private events



  • As far as I understand Kolab is using a two calendar concept to handle private events even though a flag private/confidential exists but does not affect visibility of the information to other users. In Outlook in contrary uses one calendar and hides the information from other users.

    From a usability point of view the Outlook approach seems more natural and intuitive to me.

    What is the status of handling private events with Kolab? And what is the recommended approach especially for using Outlook as a client?

    The information I find online seems to be quite old. See https://roundup.kolab.org/issue1041 (2006-2009), https://roundup.kolab.org/issue3613 (2009), http://lists.kolab.org/pipermail/devel/2006-January/004845.html (2006)



  • Can any improvement be expected here? It is indeed confusing for users to set an event to private or confidential, and then find out that other people with access to the calendar can see it.



  • This really needs to get onto Phabricator as a task that can then be tracked and subscribed to.

    We've talked about using Outlook elsewhere before on the forum here, so I won't repeat that bit, but respecting events marked as private is an interesting issue ... primarily this is because the calendar data is stored in folders and permissions are per-folder .. not per-file. So the filtering would always be client-side due to that, which renders the private (or other such "please filter this out") flags to not be very impactful. The solution would be to have server-side filtering of that content, though at that point one would want to index all the objects and filter that way .. with a proper index on that flag in hand, perhaps something that the Guam IMAP proxy/filter could do the work.

    I do not see this changing in the immediate future, due to the amount of work it would take.

    Given that, how big a blocker is using more than one calendar, exactly?



  • I created the task: https://git.kolab.org/T1453

    I understand that it is not easy to implement with the way events/calendars are stored now, and that it is not a priority. For me and for most users (I would say), it is not a blocker at all, but we migrated some companies from Exchange, and some people in higher positions now of course say "No, I don't want to have another calendar. It used to work before. Your system sucks."

    Of course we will have to persuade them that another private calendar is not a big deal : ) But besides that, I think that most people would suppose that when they mark something as private/confidential, it is not visible to others. Maybe there could be at least a warning that "this is just a tag and other users with access to this calendar can still see this event"?



  • FWIW, last time we checked we found out Outlook has full access to all private details, and technically savvy users can also access all details there. Outlook just chooses not to render them, normally.

    When discussing this in the past we decided not to adopt that approach in order not to mislead users into a false sense of security, and treat these as "social guidance between users", given that this is what they technically seem to be in the majority of systems. For example: If you share your calendar with a third party, and put a "Private" event in there, and that third party is being asked by another person whether they know where you are, they should respond "Sorry, no."


Log in to reply