Student email in Badges

Re: Student email in Badges

by Sue Hellman -
Number of replies: 10

I am a l colleague of John's who was part of the same Moodle course. I don't have access to Moodle Tracker so will add my comments here. This is only intended to give you some insight into why this is a big issue for some people. If my tone is a bit strident, please take it in that spirit.

Online privacy is a big issue for all people no matter what their age. I believe that forcing Moodle participants to display email addresses deterred participants from claiming badges in the course John was talking about and would also prevent them from using this feature of the Moodle LMS with their students. I feel compelled when using badges in Moodle for online professional development events to post a prominent privacy alert warning people that Moodle does not give them control over whether this personal information will be displayed or not. 

Using an email address to connect Moodle and Mozilla backpack makes sense to me. However, I've read the MZ privacy statement and it says: "Each badge you push to the Mozilla Badge Backpack contains your Persona username and data about what the badge means and who issued it."  It does not say your Persona email address will be published in order to ensure you are who you say you are. The decision to include earner emails in badge assertions has been made at the Moodle end. Other badge management organizations (eg. Credly) do not automatically do that. 

Moodle seems to be working from the assumption that an email address is like a social insurance number --- that we have a unique email address for all learning experiences and that it will stay with us forever and ever. Only if that were true would an email address differentiate one 'john smith' from another. The first John Smith may have many email addresses across his learning lifetime and also at any one period in his life. ( I have at least 10 of them right now.) His portfolio might display badges earned at different stages of his life from different organizations and under different email addresses. Having all those different email addresses revealed in his portfolio would not create a story of continuity and would not be a way for an outside observer to be sure that the same John Smith was recipient of all those badges. If he changed service providers, his email address would change. if he earned badges through employment training and used his work email address for that purpose, when he changed jobs, that email would become completely defunct. Email addresses don't offer a great way to legitimize badge earners from my point of view.

There will be unscrupulous people trying to cobble together portfolios using other people's badges. That is going to happen. The greater worry, I think, is that someone can find my email address on a Moodle badge displayed publicly, misrepresent him/herself as me using that information, and hack my email address (which those who know me trust to come from me). if you've ever been hacked in that way, you'll know how much trouble it is to notify everyone not to open emails that look like they're from you and to change all your accounts to a new email address. 

I think what's missing from Moodle & other assertions is a statement from the badge earner about how the evidence he/she provided was a good demonstration of the learning or accomplishment embodied in the badge. Potential employers would be able to question candidates about these experiences or ask to see the artifacts in order to ensure false claims were not being made. (They have to take some responsibility and do their due diligence to vet digital claims.) Taken together, these recipient statements would tell an interesting story of learning, skill development, and achievement that is missing in open badges at this point. 

Those are my thoughts. Thanks for listening.

Sue Hellman

('email withheld' -LOL)

 

Average of ratings: -
In reply to Sue Hellman

Re: Student email in Badges

by Simon Coggins -

Hi Sue,

 I've read the MZ privacy statement and it says: "Each badge you push to the Mozilla Badge Backpack contains your Persona username and data about what the badge means and who issued it."  It does not say your Persona email address will be published in order to ensure you are who you say you are. 

I don't think that their privacy statement is very clear about this, but a "persona username" is an email address (see here - it says "usually" but I'm not sure how it could be anything else). You can also see in their terms of use:

Badges may only contain the user’s email address, the issuer’s name, the badge name and specific data about what the badge means such as the badge description and criteria URL, which is a URL pointing to a page hosted by the issuer that details all the criteria required for earning the badge.

However despite this, I agree that at the very least we should give the user a choice about if their email is displayed, and ideally avoid displaying it all together.

The only reason I'm giving any push back at all is that we also want badges to be verifiable. To be clear, given a choice between good privacy and verifiable badges I would still choose good privacy, but what I'm wondering is, is there a way for us to have our cake and eat it too. smile

Unfortunately as of right now I can't think of another way, and ultimately this is a problem that needs to be solved by the badges infrastructure rather than us. If anyone has any thoughts then please share!

that we have a unique email address for all learning experiences and that it will stay with us forever and ever

Again I agree this is definitely not the case. Unfortunately this is a limitation of the current badges infrastructure. I have already been involved in the discussions with Mozilla about this issue here:

https://github.com/mozilla/openbadges/issues/42

Unfortunately there hasn't been any progress on this issue, and we've done just about all we can to mitigate it in moodle by allowing users to at least pick which email they connect with.

Anyway, I will discuss some more with Yuliya and we will try to do something soon.

Simon

Average of ratings: -
In reply to Simon Coggins

Re: Student email in Badges

by John Andrewartha -

Simon,

You are missing the core issue, the problem is Moodle insists on putting the student email address in the original badge, it's the evidence link that is the bogeyman.

Here is the URL for a badge I got from Moodle.org https://moodle.org/badges/badge.php?hash=17c4250d35778d7fda890e0f1aecb3ee00c1f950

Notice Name , then Email = blown privacy as the URL is public.

Simple solution replace email address with serial number.

In the grand scheme of things this may sound trivial, I will be the first to agree that the average teen or pre-teen blabs there guts out on FB and blows there privacy to the wind.

The venerability is now in the public domain, this forum is public, the tracker is public. How long before an exploitation occurs?  On this one Google may not be our friend.

Average of ratings: -
In reply to John Andrewartha

Re: Student email in Badges

by Simon Coggins -

I think I do understand the core issue, and I don't think it's trivial, which is why I said:

I agree that at the very least we should give the user a choice about if their email is displayed, and ideally avoid displaying it all together.

When you say replace the email address with a serial number, what would the serial number be? How would it help the user to prove that they earnt the badge?

To give an example, here are a couple of badges I earnt recently for presenting at a Mahara Conference:

http://backpack.openbadges.org/share/102d9e69f989168a46e3ff52c3100c7b/

If you follow that link you will notice that nowhere on that page is my name mentioned. In fact you would have to follow the evidence link:

https://maharahui.org.nz/badges/badge.php?hash=f2042d6b666bcae453f822fbe6e6e1d78341c21b

To see that the badge was actually issued to Yuliya (I never presented at the conference, she did).

If people want to use badges as digital certificates, this is actually quite a serious problem (in my view it is more a problem with the open badges system than its implementation in moodle).

Now what I'm saying is, by removing the email address we will make it harder to verify that the person claiming the badge did in fact earn it, as all you are left with is the users name (which is much less unique than an email, particularly in some parts of the world).

As I said before, given the choice I agree that privacy should trump verifiability, but can we have both? I'd like to hear more about your serial number idea and how that could help with verification.

Simon

 

Average of ratings: -
In reply to Simon Coggins

Re: Student email in Badges

by John Andrewartha -

Hi Simon,

When Badges first appeared in Moodle, the learners Moodle email address was used as the auth for Persona, that changed when we put a preference into the back pack config.

Within Moodle a learner/user can change any part of there profile. Moodle in order to keep some sanity especially in the grade book, provides each user with a unique UID, that UID can not be changed. It follows you through any changes in your profile.

Badges as with any award system, needs to be able to identify the recipient, this is done by Name and Email address, great if they don't change.

Replacing the email with serial which is always tagged to the UID by default, provides a better verification of the badge.

The advantages of leaving the email visible, a viewer can contact the recipient direct. Not so good if the recipient is a child.

If a viewer wishes to contact the recipient then the Contact link in the badge becomes the way in/filter.

A example, Female student enrols using what will become her maiden name, has badges awarded. Student marries and the last name changes, she also changes her email address.

She now as a married women seeks RPL using awards in her maiden name, issued by Moodle. The details on the badge have no relevance now. If a serial was used then the award can be verified irrespective of the User details, the serial is truly unique, the student only has to verify maiden name, usually included on the marriage certificate.

Sorry about the poor example.

John

Average of ratings: Useful (1)
In reply to John Andrewartha

Re: Student email in Badges

by Simon Coggins -

I agree that the email address (like the name) is likely to change. Unfortunately until the backpack supports multiple email addresses there isn't really anything we can do to handle that as the email is baked into the badge at the time of issue.

I wouldn't say using the moodle user id number provides better verification of the badge because it is specific to the moodle site that awarded the badge, which may not even be accessible to the person attempting to verify a badge.

In the end we have decided to take two steps:

1. Remove the email address from the badge award page. This will be treated as a bug and backported to older stable releases too.

2. Create a new improvement bug to add a form to the badge page. A user can insert an email address and the page will tell them if the badge was awarded to that email address or not. That way someone who knows the email can still verify it, but they can't discover the email unless they already know it. This will be a new feature in a subsequent release when we have time to implement it.

Hopefully that will provide an acceptable balance between privacy and accountability. FYI, I have started a discussion about this topic on the open badges dev group here:

https://groups.google.com/forum/#!topic/openbadges-dev/F1EPz9HsUQ0

Simon

 

Average of ratings: -
In reply to Simon Coggins

Re: Student email in Badges

by John Andrewartha -

Thanks Simon,

A start is a start, I thank you for your efforts. The problem of being human, we are unique but the parts of us that authenticate that, retina print and DNA are just a little hard to implement. smile

John

Average of ratings: -
In reply to Simon Coggins

Re: Student email in Badges

by William Beazley -

I'd like to add that I am disturbed by the issue which I just discovered yesterday.

I am designing about 150 badges in a site used by, hopefully, thousands.  even if the backpack collections do not show contact information, clicking on the evidence link will show name and email.  This could be solved by a simple "email withheld by request."

So we are stuck. Badge data is only authenticated by moodle but by doing so, it discloses proprietary information.

Badges has tremendous promise but this is a big problem in the US where there are more lawyers than doctors.

Average of ratings: -
In reply to William Beazley

Re: Student email in Badges

by Simon Coggins -

Sorry I should have posted back here. This issue has been fixed in 2.5.6, 2.6.3, and the upcoming 2.7 release.

We have fixed it by removing the email address completely. We have also opened a new feature ticket to add a form to the badge page which will allow a user who knows the user's email address to confirm the badge belongs to that user. That issue is here:

https://tracker.moodle.org/browse/MDL-45300

Simon

Average of ratings: Useful (1)
In reply to Simon Coggins

Re: Student email in Badges

by William Beazley -

Great!  In the meantime I have posted this notice:

IMPORTANT NOTICE: YOUR EMAIL IS INCORPORATED INTO THE BADGE FOR IDENTIFICATION PURPOSES. DISTRIBUTE ONLY TO PARTIES YOU WISH TO SEE YOUR EMAIL

I will upgrade ASAP.  Would you recommend directly to 2.7 or just to 2.6.3?  I have not gone totally live yet and if there is easy migration, I'll jump.

Bill

Average of ratings: -
In reply to William Beazley

Re: Student email in Badges

by Simon Coggins -

2.6.3 will have less other changes so if you are looking for a quick fix then that's probably the way to go for you.

Simon

Average of ratings: -