UX Improvements for Sharing #811
Description
Context
Security constraints have necessitated changes to how user searches function within the sharing window. A recent bug bounty revealed that it was relatively easy to extract email addresses from this window.
To address this issue, the following changes have been implemented:
- The number of displayed results is limited to 5.
- Results are shown only after 5 characters are entered.
- The search is disabled when an "@" is typed in the search field.
UX Issues Encountered
These urgent changes have introduced several UX challenges:
- The new search functionality does not allow for quick searches of individuals, especially those with names shorter than 5 letters.
- Disabling the search upon entering an "@" means that users must know a person's complete email address.
Proposal
- To mitigate email address scraping, I propose removing the email address and displaying a contextual element instead (for example, "Beta" for a person whose email address is "[email protected]")—similar to how the Tchap app operates (Screenshot 1).
- Always display first and last names, and when this information is not available, infer it from the email address (for example, "Amandine Salambo" for the address "[email protected]")(Screenshot 1).
- Display results starting from just one typed letter, and if possible, prioritize results based on available context (for instance, someone with whom we share documents or have previously searched for should appear first when we type the first letter of their first name)(Screenshot 1).
- When a partial email address is entered (with an @) and matches an existing address, we suggest inviting that person (still without ever displaying the address to avoid scrapping)(Screenshot 2).
- The limitation of 5 results is not problematic.
-> Prototype for reference
Outlook
In the long term, it would be nice to improve the search function using the "my contacts" section of La Régie.
Metadata
Metadata
Type
Projects
Status