Join
3
0 Comments

How to not dox your community

by glitter

Recently, a group I’m in wanted everyone to write down ideal meeting times on a shared Google Doc. From there we would be able to use ChatGPT to suggest meeting times that would work for everyone. We made a big mistake by restricting access to the document to a list of email addresses. This meant that everyone shared on the document saw everyone else’s email address.

Even in a tight knit, inclusive, and friendly community like ours, this email address leak caused people to be rightfully upset. It can be challenging to protect the privacy of members in your community while at the same time enabling each member to participate in group activities and collaborative projects. Most digital tools make it unclear when your personal information will be used and who will be able to see it.

In my opinion, the best way to avoid doxxing your community members when working on collaborative documents is to not set permissions. Open access to anyone with the link. It may sound uncomfortable or flat out wrong to you, but hear me out—

I've been a software engineer for 9 years, so I know access control is hard. Configuring permissions correctly can be complex for anyone, but for community professionals, the myriad of buttons, dials, and knobs, simply fail.

This is because the tools that online communities use are not built for online communities. By and large, they are built for companies. Inside a company, everyone has a predictable and known email address so doxxing is not a concern. Not so in a community.

When a community is built on a platform like Slack, Discord, Circle, or MightyNetworks, members have expectations of a safe shared space when they join. As you use third-party tools for socializing and collaboration, those expectations remain, yet the mechanisms to meet them are no longer there. For example, if I sign up for Slack and my email address is hidden, when I join the group’s Google Doc my email address may be visible without my knowledge.

Fortunately, most digital tools have done a good job at using unguessable URLs for their services. You can make your document public and editable by anyone with the link and then share that link inside the already closed space your community uses. You’ll get the benefit of everyone being able to participate without anyone being doxxing.

The chances that a stranger or even a hacker stumbles across your document is pretty much 0. And even if they did, as long as you aren’t writing anything sensitive in this doc there is no harm done. Could they delete everything? Yeah. But they won’t. And you would just undo the change anyway.

Avatar for glitter glitter
posted to Icon for group Community Building
Community Building
 on April 17, 2024
Say something nice to valsk…
Post Comment
Trending on Indie Hackers
I spent $0 on marketing and got 1,200 website visitors - Here's my exact playbook User Avatar 58 comments Veo 3.1 vs Sora 2: AI Video Generation in 2025 🎬🤖 User Avatar 27 comments Codenhack Beta — Full Access + Referral User Avatar 21 comments I built eSIMKitStore — helping travelers stay online with instant QR-based eSIMs 🌍 User Avatar 20 comments 🚀 Get Your Brand Featured on FaceSeek User Avatar 18 comments Day 6 - Slow days as a solo founder User Avatar 16 comments