Consider using different public ID for the email and feed.

[kevincox]

Right now the same publicId is used for both writing (in the email address) and reading (in the feed ID). This presents a possible privacy issue where anyone with the email can read sent items.

At first look this isn't an issue as they sent those items in the first place, but there are a handful of reasonable scenarios where this could happen.

1. Using the same email for multiple senders.
2. The sender sells your email address, now the buyer can read the communication. (Rather than just spamming you as was probably intended).

I would recommend adding a separate public ID for sending to keep write and read privileges separate. I believe this can be done without disruption by making these two values the same for all existing feeds, and generating them separately for new feeds. Alternatively either ID could be used for writing (at least for old feeds) but I see no benefit of this approach.

[leafac]

Hi @kevincox,

Thank you for reaching out.

This is a leftover from back in the day when, instead of using a database, we stored the feeds as files in the filesystem.

We tell people not to share their feeds in the How do I share a Kill the Newsletter! feed? section of the home page.

But you’re right that for new feeds we could separate the ids of the email address and the feed address.

I’ll get to that at some point.

[kevincox]

Thanks for the input. It isn't a major concern for me personally but someone was asking about the privacy of Kill the Newsletter! and I noticed this could be improved. I figured it was good to at least track this.

We tell people not to share their feeds

Sharing the feed link is one part of it, right now sharing allows posting to the feed (which may be unexpected to a casual user) and reading whatever is in the email including unsubscribe links (which may be expected by a user).

But I'm more concerned that you need to share the submission email with the senders and you usually don't have much control over what they do with it. For example emails are often sold and to the seller it seems like this is tracking and write only if they share a Kill the Newsletter! feed they have inadvertently given access to read the past things that they have sent you as well. (Of course I don't condone selling emails, but it is the unfortunate reality that we live in.)

Glad to know that you are open to the

[waynehoover]

To get around this you could use an email forwarding service to your KTN email. This way they never get your KTN email address.

An example free email forwarding service is duck.com, or many registrars offer free email forwarding.