Participant list visibility restricted to authenticated users


Indico support restricting worldwide visibility of participant list, either to those who accepted or by hiding it. The problem is that if you publish such a list with emails, you are exposed to robots getting this page and using it to get a list of address for sending SPAMs or advertisements sent in the name of organisers (for example for hotels). I have the feeling that one way to prevent it would be to restrict worldwide visibility to authenticated users. It would keep a wide diffusion of the participant list (more that users registered to the event) but prevent from most of the unwanted exploits.

Is it something that has been considered or could be in the future? Or did I miss something and this approach would have more drawbacks than advantages?


IMHO it is NEVER a good idea to publish a list of participant emails.

Currently you can choose whether the participant list (and all fields you decide to include there) is visible to nobody, other registered participants (only if they have an Indico account of course) or everyone - and generally this choice is left to the participant (since it’s up to them to consent to it, unless you think you have legitimate interest to always show it).

PS: I think those nasty hotel spammers are not fully automated but there’s at least some human involvement. So I doubt “require to be authenticated” would do much considering the vast majority of Indico instances allow anyone to register an account…

@ThiefMaster I agree it will not fix the problem for every instance but at least offer another knob for sites who are not allowing anybody to request a local account…