Skip to content
This repository has been archived by the owner on May 2, 2022. It is now read-only.

Add the option for a one-time email with link. #259

Open
willwillems opened this issue Mar 23, 2020 · 25 comments
Open

Add the option for a one-time email with link. #259

willwillems opened this issue Mar 23, 2020 · 25 comments
Labels
enhancement New feature or request

Comments

@willwillems
Copy link
Contributor

I don't know this but I think right now the overwhelming majority of users is not saving that link.

It would be super useful for the integrity of the data if we could nudge people/help people to actually save that link.

@fossecode
Copy link
Member

@adriaanvanrossum has added support for saving the state in the web browser (checkbox on registration). If many people use this functionality, we might not need functionality for sending emails. I suggest we release what we have, and if the percentage who ticks that checkbox is low, we add email.

@arildwtv
Copy link
Contributor

I agree. Data from the Norwegian site tell us that only 10 % update their reports. My hypothesis is that this is mainly due to poor user-friendliness (and also partly to the value proposition, but that's not relevant here). I think allowing people the option of sending a one-time email with link will greatly increase the chances of users returning and updating their data.

@fossecode Any suggestion on what library/framework to use for sending emails? I think we should give this high priority.

@michaelmcmillan
Copy link
Member

I agree that this is a nice to have at some point. I guess we could achieve the same thing using the native Notifications API (https://developer.mozilla.org/en-US/docs/Web/API/notification).

@fossecode
Copy link
Member

Nodemailer + Mailgun could probably be used. I agree, we should implement this, but it should not block the launch in NL.

@willwillems
Copy link
Contributor Author

I agree that this is a nice to have at some point. I guess we could achieve the same thing using the native Notifications API (https://developer.mozilla.org/en-US/docs/Web/API/notification).

This doesn't "save" the link right?

@fossecode
Copy link
Member

I agree that this is a nice to have at some point. I guess we could achieve the same thing using the native Notifications API (https://developer.mozilla.org/en-US/docs/Web/API/notification).

This doesn't "save" the link right?

Right now we save the state using a cookie. The notification API can be used for sending notifications without having the page open.

@arildwtv
Copy link
Contributor

@adriaanvanrossum has added support for saving the state in the web browser (checkbox on registration). If many people use this functionality, we might not need functionality for sending emails. I suggest we release what we have, and if the percentage who ticks that checkbox is low, we add email.

Can we pull out statistics on this percentage?

@arildwtv
Copy link
Contributor

By the way, we already have an issue on this: #236

@michaelmcmillan
Copy link
Member

michaelmcmillan commented Mar 23, 2020

I would use Mailgun API's (HTTP) over nodemailer (SMTP) for simplicity, if we're planning on implementing this: https://www.npmjs.com/package/mailgun-js

@fossecode
Copy link
Member

@adriaanvanrossum has added support for saving the state in the web browser (checkbox on registration). If many people use this functionality, we might not need functionality for sending emails. I suggest we release what we have, and if the percentage who ticks that checkbox is low, we add email.

Can we pull out statistics on this percentage?

Yeah, but the site is not launched yet.

@arildwtv
Copy link
Contributor

@adriaanvanrossum has added support for saving the state in the web browser (checkbox on registration). If many people use this functionality, we might not need functionality for sending emails. I suggest we release what we have, and if the percentage who ticks that checkbox is low, we add email.

Can we pull out statistics on this percentage?

Yeah, but the site is not launched yet.

Yeah, I know that. :D Just wanted to check if we have support for inspecting that percentage once we go live.

@fossecode fossecode added the enhancement New feature or request label Mar 23, 2020
@adriaandotcom
Copy link
Contributor

I think the email's value is mostly in people forgetting to update their status. Not so much able to go back to the same website. So let's say an email after 7 days would be great to ask for an update, right?

@fossecode
Copy link
Member

Yeah I think that would be a nice feature. But then we have to store a connection between email and health information, which comes with a lot of privacy challenges. But if we find out that it is ok, it would be an awesome feature!

@adriaandotcom
Copy link
Contributor

If we ask people it's okay. We can explain that we only email them their personal link to their email address and delete their email after we did send it. Something like that.

@fossecode
Copy link
Member

I think the laws might differ from country to country. In Norway there is a separate law for treating health information: https://lovdata.no/dokument/LTI/lov/2001-05-18-24, and there are crazy fines for breaking those laws.

When we made the first version one week ago we used SMS verification codes in order to prevent people submitting multiple fake reports, but we got major pushback for saving the phone numbers. We might be ok if we delete the email addresses after we have sent the reminder, but we have to be 100% sure that we are on the right side of the law.

@adriaandotcom
Copy link
Contributor

Ah I see, do you know people who can figure this out?

@michaelmcmillan
Copy link
Member

michaelmcmillan commented Mar 23, 2020 via email

@michaelmcmillan
Copy link
Member

michaelmcmillan commented Mar 23, 2020 via email

@fossecode
Copy link
Member

@michaelmcmillan was in contact with Datatilsynet (https://www.datatilsynet.no/en/) last week, they can probably help us answering this (at least for Norway).

What about using the Notifications API? Everything client side.

On Mon, 23 Mar 2020 at 22:08, Adriaan @.***> wrote: Ah I see, do you know people who can figure this out? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#259 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABD57KXIM2WX67XSJLQOP3RI7FTFANCNFSM4LSATJVQ .

Would be interesting to check out the Notifications API and see if it has any limitations.

@michaelmcmillan
Copy link
Member

Not yet available on iOS, so I don’t think we can use it unfortunately. Alternatively we could just send a reminder email without the passcode. That way we don’t relate email addresses and passcodes. In most cases that would probably work fine given that they’ve chosen to set a cookie.

@adriaandotcom
Copy link
Contributor

We might be ok if we delete the email addresses after we have sent the reminder, but we have to be 100% sure that we are on the right side of the law.

This is how https://www.symptotrack.org does it. They just email a link and delete the email address. So no reminder, just an email with the link. Smart and simple. You need to make sure the logs do not contain that info as do the logs of the email provider.

@adriaandotcom
Copy link
Contributor

Asked Mailgun:

CleanShot 2020-03-30 at 13 44 17@2x

@adriaandotcom
Copy link
Contributor

If mailgun will store this we could create email forwards in another service to the real emails and send those forward email to mailgun. That way mailgun does not know which original email the heath report belongs to.

@adriaandotcom
Copy link
Contributor

Got a reply. TL;DR they can't disable storing the info, they can limit it to keeping it for 1 hour.

Hello Adriaan,

Thank you for contacting Mailgun support.

We would be happy to assist! Full transparency, we can not disable storing message content completely but we can limit how long the data is stored within Mailgun. There two options available:

  1. How long the message content is stored in our system(1 hour, 1 day, 7 days, 30 days )
  2. If the data is retrievable. (On/off)

We can limit how long the data is stored to 1 hour and turn off message content retrieval (This would be the storage URL within the accepted/delivered events)

If you would like to proceed, please reply back with your decision and we will make the necessary adjustments.

Regards,
Sean | Mailgun Support

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

5 participants