Currently by design anyone in the world can create, edit, or delete any of my commitments but I think this is unfortunately an undesirable feature. I love the idea of certain trusted friends and collegues being able to have full create and write access to my commitments, but ideally I’d want that strictly limited to only chosen people.
As soon as a bored troll finds the site, any or all of our commitments could be modified or removed, and we could be spammed with new ones, possibly offensive ones (think http://alice.commits.to/watch_youtube but worse…)
I’ve told my fellow Habitica moderators and some of the staff about commits.to but that’s about the limit of where I’m willing to share it for data integrity reasons. I’d love to post my commits.to links in wide spaces in Habitica and other places, but I’m certain that some of the people there cannot be trusted. I did consider doing it anyway as a test in case I’m being over-cautious but then realised that I’d be risking not just my own data, but every user’s.
Even if my fears never come true, they’re strong enough to limit my use of the site, and I suspect that they’d also limit the number of people willing to use the site at all.
When I shared my URLs in Habitica with two separate groups of people, in both cases someone said that they’re able to edit my commitments and they asked if that was intentional. It’s a feature that looks like a bug, sadly. One of them indicated that he’d be interested in using the tool when it’s out of private-ish beta and that hopefully this issue wouldn’t exist then.
There’s related information in the GitHub repo’s at Home · commitsto/commits.to Wiki · GitHub in the “For Later: Security and Privacy” section:
Alice’s friends can troll her by making up URLs like alice.commits.to/kick_a_puppy but that’s not a huge concern. Alice, when logged in, could have to approve promises to be public. So the prankster would see a page that says Alice promises to kick a puppy but no one else would.
In the MVP we can skip the approval UI and worry about abuse like that the first time it’s a problem, which I predict will be after commits.to is a million dollar company.
I totally agree that my friends won’t troll me, but other people not so much.
“could have to approve promises to be public” - That would be an improvement but still not enough I feel. It would still take up my time to remove any spam commitments and if they were offensive, the exposure to them would be unpleasant.
My counter prediction is that this issue would prevent commits.to becoming a million dollar company. I am sorry to say this because I know it would be lovely to trust everyone but SOME people…!
If logins were added, the site would need to be converted to https, but I’d suggest that that could actually be done first. It might seem a bit pointless now but it would prevent Chrome from marking the site as insecure and add a touch of authenticity (certificates have value in confirming who runs a site as well as encryptying data).