@xav Thanks. Well, at least it’s now working, and maybe you can determine the suspicious client one day 🙂
Setting for calendar item privacy class
-
I’m using nextcloud 12 with caldav sync and would like to share my calender with others.
The android calendar only offers 3 options for privcy settings - public, calendar default and confidential.
Public and default shows the event with full details to others, confidential doesn’t show it at all.
I guess this is a limitation of android so it would be nice to have a setting in the calendar configuration if “confidential” should map to private (doesn’t show at all) or confidential (show it as blocked). Also there is no way to set the default privacy setting for davdroid calendars.
Thanks
-
@jgold Thanks for your suggestions.
I have just seen that since SDK 14, Android makes a difference between “private” and “confidential” [https://developer.android.com/reference/android/provider/CalendarContract.EventsColumns.html#ACCESS_CONFIDENTIAL], but
Confidential is not used by the app.
I guess that’s related to the default calendar app?
In this case, we could synchronize it 1:1 and a capable calendar app (maybe aCalendar?) could use it.
-
I have tested using
ACCESS_CONFIDENTIALand it works as expected. So, we could sync that value, but there are currently no calendar apps supporting it.The problem is that when you edit an event with
ACCESS_CONFIDENTIAL, most calendar apps set it to “server default”, which is by iCalendar definition the same asPUBLIC. So, when someone edits a confidential event and doesn’t change the classification intentionally, it will switch from confidential to public, which would reveal private data.If at all possible, I’d like to avoid additional options and settings, because they make everything unnecessary complicated and most users don’t want to learn about the details of iCalendar before using DAVdroid.
So what can we do in this case?
- Maybe use “server default” in some way. For instance, we could map it to “confidential”.
Advantage: All three classification levels could be chosen in the GUI.
Disadvantages: “Server default” has no useful meaning to users and it’s confusing that “server default” doesn’t mean “server default”, but “confidential”. Also, “server default” should bePUBLICin CalDAV. - Make a setting what “server default” means. The default value could be “server default” (as now), but users could change it to confidential. This would solve the problem, but only for users who play around with classification settings (most people won’t, but many people want to use shared calendars).
- Map all settings 1:1 and accept that confidential events might become public unintentionally. At the same time, encourage calendar app vendors to implement
ACCESS_CONFIDENTIALcorrectly.
This solution would be the cleanest and my preferred one, but there’s still the disadvantage that at the moment, no calendar apps support it yet and that confidential events might become public when edited on an Android device without setting the classification to “private”.
- Workarounds like saving the classification of received events in an additional field. If such an event is then modified locally and the classification changes to “server default”, use the saved classification. This would at least prevent leaking private data.
What do you think?
Also there is no way to set the default privacy setting for davdroid calendars.
Please report this to your calendar app vendor.
- Maybe use “server default” in some way. For instance, we could map it to “confidential”.
-
@rfc2822 thank you for your reply!
Here is how my privacy setting looks like. I think it’s the default android calendar app (android 7.1.1). For not german readers: “Öffentlich” = public, “Kalender Standard” = calendar default, “Vertraulich” = confidential
So I think there is a 5. way to handle this - like in option “2.” a setting in davdroid if “confidential” should map to private or confidential. But this could also be confusing for users.
I’m also not sure which option is the best. For me option 2 or 5 would be ok because it solves my problem, but your 100% correct that the only true solution is that the calendar vendors have to fix this.
-
I think this is a translation error and if you set “Vertraulich” it is saved as “PRIVATE” and not as “CONFIDENTIAL”… There is no calendar app on Android that has a real option for confidential data to my knowlegde. All of them only use Public, Server Default and Private.
-
We have decided to implement option 3 (map all settings correctly) + 4 (if the original event had
CONFIDENTIALor an unknown classification, then “server default” means to use this original classification for this event):
https://gitlab.com/bitfireAT/ical4android/commit/83dab17f03ee0d82f28445ba07e805fbe2ded552So
CONFIDENTIALcan be used when the server sends it by setting “server default” (which most calendar apps do when they don’t handleACCESS_CONFIDENTIAL). This means:CONFIDENTIALcan be set in the Nextcloud Web interface and will persist if you change such an event on your Android device.- With current Android calendar apps, you can set
PUBLICandPRIVATEas usual. - With future Android calendar apps which may implement
ACCESS_CONFIDENTIALcorrectly, you can also create events withCLASS:CONFIDENTIAL.
Which calendar app do you use? Can you get in contact with the developers of it?
-
Which calendar app do you use? Can you get in contact with the developers of it?
I use the Google android calendar. I just send a feedback through the app to google to ask for a real “confidential” option
https://play.google.com/store/apps/details?id=com.google.android.calendarIf my request will be published I will add the link here.
-
georgehrke from nextcloud asked how to add the server default option. Can you please answer him? I couldn’t find an anwser online but i guess the server should set it itself if no privacy class is set, correct?
https://github.com/nextcloud/calendar/issues/638 -
@jgold “server default” is
ACCESS_DEFAULT(https://developer.android.com/reference/android/provider/CalendarContract.EventsColumns.html#ACCESS_DEFAULT). It only exists on the client and thus can’t be defined on the server. Currently, DAVdroid interprets “server default” as “don’t send anyCLASSIFICATION”, which is the same asCLASSIFICATION:PUBLICbecause it’s the default value [https://tools.ietf.org/html/rfc5545#section-3.8.1.3]. -
I think it would be a good idea to make this setting adjustable on the configuration view:
It would also indirectly enable users to choose between public, confidential and private.
What do you think about that? -
@jgold Which setting do you mean?
-
@rfc2822 the ACCESS_DEFAULT setting
-
@jgold I still do not understand what you mean …
-
Do you mean that a user should be able to set a calendar to “ACCESS_CONFIDENTIAL” or so inside the DAVdroid account?
-
I thought that the user should be able to choose in the settings what Davdroid should do if an event has the privacy set to ACCESS_DEFAULT - like a dropdown menu where i can set what default should mean (public, private, confidential). At the moment, default is basically the same as public, right? But if you could map default to private or confidential, then every event send to the server would have class: private or confidential.
-
After a nice cooperation with TapirApps they can now offer support for
CONFIDENTIALin their aCalendar+ Android app.
-
@jgold Does it work for you as expected?