Setting for calendar item privacy class



  • I'm using nextcloud 12 with caldav sync and would like to share my calender with others.

    The android calendar only offers 3 options for privcy settings - public, calendar default and confidential.

    Public and default shows the event with full details to others, confidential doesn't show it at all.

    I guess this is a limitation of android so it would be nice to have a setting in the calendar configuration if "confidential" should map to private (doesn't show at all) or confidential (show it as blocked). Also there is no way to set the default privacy setting for davdroid calendars.

    Thanks


  • developer

    @jgold Thanks for your suggestions.

    I have just seen that since SDK 14, Android makes a difference between "private" and "confidential" [https://developer.android.com/reference/android/provider/CalendarContract.EventsColumns.html#ACCESS_CONFIDENTIAL], but

    Confidential is not used by the app.

    I guess that's related to the default calendar app?

    In this case, we could synchronize it 1:1 and a capable calendar app (maybe aCalendar?) could use it.


  • developer

    I have tested using ACCESS_CONFIDENTIAL and it works as expected. So, we could sync that value, but there are currently no calendar apps supporting it.

    The problem is that when you edit an event with ACCESS_CONFIDENTIAL, most calendar apps set it to "server default", which is by iCalendar definition the same as PUBLIC. So, when someone edits a confidential event and doesn't change the classification intentionally, it will switch from confidential to public, which would reveal private data.

    If at all possible, I'd like to avoid additional options and settings, because they make everything unnecessary complicated and most users don't want to learn about the details of iCalendar before using DAVdroid.

    So what can we do in this case?

    1. Maybe use "server default" in some way. For instance, we could map it to "confidential".
      Advantage: All three classification levels could be chosen in the GUI.
      Disadvantages: "Server default" has no useful meaning to users and it's confusing that "server default" doesn't mean "server default", but "confidential". Also, "server default" should be PUBLIC in CalDAV.
    2. Make a setting what "server default" means. The default value could be "server default" (as now), but users could change it to confidential. This would solve the problem, but only for users who play around with classification settings (most people won't, but many people want to use shared calendars).
    3. Map all settings 1:1 and accept that confidential events might become public unintentionally. At the same time, encourage calendar app vendors to implement ACCESS_CONFIDENTIAL correctly.

    This solution would be the cleanest and my preferred one, but there's still the disadvantage that at the moment, no calendar apps support it yet and that confidential events might become public when edited on an Android device without setting the classification to "private".

    1. Workarounds like saving the classification of received events in an additional field. If such an event is then modified locally and the classification changes to "server default", use the saved classification. This would at least prevent leaking private data.

    What do you think?

    Also there is no way to set the default privacy setting for davdroid calendars.

    Please report this to your calendar app vendor.



  • @rfc2822 thank you for your reply!

    Here is how my privacy setting looks like. I think it's the default android calendar app (android 7.1.1). For not german readers: "Öffentlich" = public, "Kalender Standard" = calendar default, "Vertraulich" = confidential
    0_1508430898751_Screenshot_20171019-183018.png

    So I think there is a 5. way to handle this - like in option "2." a setting in davdroid if "confidential" should map to private or confidential. But this could also be confusing for users.

    I'm also not sure which option is the best. For me option 2 or 5 would be ok because it solves my problem, but your 100% correct that the only true solution is that the calendar vendors have to fix this.


  • admin

    I think this is a translation error and if you set "Vertraulich" it is saved as "PRIVATE" and not as "CONFIDENTIAL"... There is no calendar app on Android that has a real option for confidential data to my knowlegde. All of them only use Public, Server Default and Private.


  • developer

    We have decided to implement option 3 (map all settings correctly) + 4 (if the original event had CONFIDENTIAL or an unknown classification, then "server default" means to use this original classification for this event):
    https://gitlab.com/bitfireAT/ical4android/commit/83dab17f03ee0d82f28445ba07e805fbe2ded552

    So CONFIDENTIAL can be used when the server sends it by setting "server default" (which most calendar apps do when they don't handle ACCESS_CONFIDENTIAL). This means:

    1. CONFIDENTIAL can be set in the Nextcloud Web interface and will persist if you change such an event on your Android device.
    2. With current Android calendar apps, you can set PUBLIC and PRIVATE as usual.
    3. With future Android calendar apps which may implement ACCESS_CONFIDENTIAL correctly, you can also create events with CLASS:CONFIDENTIAL.

    Which calendar app do you use? Can you get in contact with the developers of it?



  • Which calendar app do you use? Can you get in contact with the developers of it?

    I use the Google android calendar. I just send a feedback through the app to google to ask for a real "confidential" option ;)
    https://play.google.com/store/apps/details?id=com.google.android.calendar

    If my request will be published I will add the link here.



  • georgehrke from nextcloud asked how to add the server default option. Can you please answer him? I couldn't find an anwser online but i guess the server should set it itself if no privacy class is set, correct?
    https://github.com/nextcloud/calendar/issues/638


  • developer

    @jgold "server default" is ACCESS_DEFAULT (https://developer.android.com/reference/android/provider/CalendarContract.EventsColumns.html#ACCESS_DEFAULT). It only exists on the client and thus can't be defined on the server. Currently, DAVdroid interprets "server default" as "don't send any CLASSIFICATION", which is the same as CLASSIFICATION:PUBLIC because it's the default value [https://tools.ietf.org/html/rfc5545#section-3.8.1.3].



  • I think it would be a good idea to make this setting adjustable on the configuration view:
    0_1508512838377_Screenshot_20171020-171808.png
    It would also indirectly enable users to choose between public, confidential and private.
    What do you think about that?


  • developer

    @jgold Which setting do you mean?



  • @rfc2822 the ACCESS_DEFAULT setting


  • developer

    @jgold I still do not understand what you mean …


  • admin

    Do you mean that a user should be able to set a calendar to "ACCESS_CONFIDENTIAL" or so inside the DAVdroid account?



  • I thought that the user should be able to choose in the settings what Davdroid should do if an event has the privacy set to ACCESS_DEFAULT - like a dropdown menu where i can set what default should mean (public, private, confidential). At the moment, default is basically the same as public, right? But if you could map default to private or confidential, then every event send to the server would have class: private or confidential.


  • admin

    After a nice cooperation with TapirApps they can now offer support for CONFIDENTIAL in their aCalendar+ Android app.

    0_1512137870013_acalendarconfidential.png


  • admin

    @jgold Does it work for you as expected?


Log in to reply
 

Looks like your connection to Bitfire App Forums was lost, please wait while we try to reconnect.