🐛 Don't show email addresses by default.

[fnurkla]

Right now, all email addresses are shown in the open without any need of interaction or verification to see them. I find this a bad policy since it makes it easy for web crawlers to find our email addresses and sign them up for spam emails.

Steps to reproduce:

1. Open dsek.se in a private window,
2. click on the profile of any person that has posted a news item,
3. see their email aliases without any verification,
4. sign addresses up for spam email,
5. profit.

[01ste02]

I agree that this should not be publicly available. It might be a good idea to have the emails for a specific post visible, for example to have "root@dsek.se" listed under the post "root" on https://www.dsek.se/committees/km so that companies and outsiders can get in touch with us easily. However, it is not a good idea to list ALL emails that go to the person on their user profile without the client being signed in.

It is also not a good idea to list all aliases that go to, for example, root on https://www.dsek.se/committees/km as that might display emails for internal use that are not suitable to contact me through. I suggest that the committees should get to select which emails are displayed for each post, so that they can display their preferred address and not random irrelevant ones.

Another example: it is NOT appropriate to contact teknikfokusansvarig through kallelse@dsek.se, despite it being listed under https://www.dsek.se/committees/naru

EDIT: might also be a good idea to point out that all pages containing emails should be included in a robots.txt to blacklist them from being crawled.