It is scary, but do read downthread -- the way I outlined it isn't what's in the works, and tyggerjai goes into some detail and clarifies a lot of stuff, which was very helpful!
Which is why I think shared journals absolutely must show on the profile that they're shared.
Unfortunately, I can't see any possible way this could be implemented. If multiple people have the password, multiple people can log in. There's just no way of stopping it. (If I leave myself logged in, my husband can always sit down at my computer! There's just no way to guard against all the possibilities here, nor would most people really like the results we'd get if we asked for more draconian security measures. :) )
Maybe it shouldn't be an option to hide on your profile which associated journals you have then? And the people you have access to should also know that your associated journals have access to them.
Well, I wouldn't go that far, because that would remove a whole awful lot of the utility of this service. Also, fixing borked privacy by borking more privacy just doesn't seem like the right response. *g* The right response, IMO, is to ensure that DW does not transfer granted access from one account to another, regardless of whether the owners of those accounts are the same person. In other words, if you are logged in as MY_JOURNAL, you will only see posts to which MY_JOURNAL has been granted access.
If you are viewing posts as MY_SECONDARY, you should only see posts to which MY_SECONDARY has been granted access, and not ones that MY_JOURNAL was granted access to.
If you are viewing posts as MY_SHARED, you should only see posts to which MY_SHARED has been granted access, and not ones that MY_JOURNAL or MY_SECONDARY or SECOND_JOURNAL or SECOND_SECONDARY or THIRD_JOURNAL (where SECOND and THIRD are separate users with SECOND_SECONDARY as a secondary for SECOND_JOURNAL) has access to.
The tricky part is for people who want to be able to read all posts that MY_JOURNAL and MY_SECONDARY and MY_SHARED all have access to at the same time, even though there may be totally different permissions for all three of those journals. That seems needlessly complicated to me and I would never ever use it, personally, but apparently there is some call for it.
But what bothers me isn't the fact that a person could log out as MY_JOURNAL and log in as MY_SECONDARY, and then have access to all of MY_SECONDARY's stuff, or even that a person could log out as MY_JOURNAL and log in as MY_SHARED, and then have access to all of MY_SHARED's stuff -- my concern is that, what this amounts to, behind the scenes, is DW transferring access between accounts, without alerting the access-granter. I'm much more okay with a system that has a dropdown menu that says "View as: [MY_JOURNAL] [MY_SECONDARY] [MY_SHARED]", because then the user is saying "I want to view this account of mine," and DW is pretty much functioning as normal.
We'll see how it shakes out! Sharing journals is a really complicated use-case, but I'm super-glad they brought it up in the first place, because guarding against stuff by saying "well, people shouldn't do that" just plain doesn't work in any situation. :)
Re: Shared access = massive security hole
Which is why I think shared journals absolutely must show on the profile that they're shared.
Unfortunately, I can't see any possible way this could be implemented. If multiple people have the password, multiple people can log in. There's just no way of stopping it. (If I leave myself logged in, my husband can always sit down at my computer! There's just no way to guard against all the possibilities here, nor would most people really like the results we'd get if we asked for more draconian security measures. :) )
Maybe it shouldn't be an option to hide on your profile which associated journals you have then? And the people you have access to should also know that your associated journals have access to them.
Well, I wouldn't go that far, because that would remove a whole awful lot of the utility of this service. Also, fixing borked privacy by borking more privacy just doesn't seem like the right response. *g* The right response, IMO, is to ensure that DW does not transfer granted access from one account to another, regardless of whether the owners of those accounts are the same person. In other words, if you are logged in as MY_JOURNAL, you will only see posts to which MY_JOURNAL has been granted access.
If you are viewing posts as MY_SECONDARY, you should only see posts to which MY_SECONDARY has been granted access, and not ones that MY_JOURNAL was granted access to.
If you are viewing posts as MY_SHARED, you should only see posts to which MY_SHARED has been granted access, and not ones that MY_JOURNAL or MY_SECONDARY or SECOND_JOURNAL or SECOND_SECONDARY or THIRD_JOURNAL (where SECOND and THIRD are separate users with SECOND_SECONDARY as a secondary for SECOND_JOURNAL) has access to.
The tricky part is for people who want to be able to read all posts that MY_JOURNAL and MY_SECONDARY and MY_SHARED all have access to at the same time, even though there may be totally different permissions for all three of those journals. That seems needlessly complicated to me and I would never ever use it, personally, but apparently there is some call for it.
But what bothers me isn't the fact that a person could log out as MY_JOURNAL and log in as MY_SECONDARY, and then have access to all of MY_SECONDARY's stuff, or even that a person could log out as MY_JOURNAL and log in as MY_SHARED, and then have access to all of MY_SHARED's stuff -- my concern is that, what this amounts to, behind the scenes, is DW transferring access between accounts, without alerting the access-granter. I'm much more okay with a system that has a dropdown menu that says "View as: [MY_JOURNAL] [MY_SECONDARY] [MY_SHARED]", because then the user is saying "I want to view this account of mine," and DW is pretty much functioning as normal.
We'll see how it shakes out! Sharing journals is a really complicated use-case, but I'm super-glad they brought it up in the first place, because guarding against stuff by saying "well, people shouldn't do that" just plain doesn't work in any situation. :)