web3-storage
fix: only log user IDs, not names or email addresses
Although these logs are only accessible to project members, not the public, it still seems a bit risqué to be logging user PII.
I considered trying to redact part of the email address, so that we'd log ad******@gmail.com kind of thing. But if someone is using a personal domain name, then redacting the username part is kind of pointless, because the domain name itself is pretty much a personal identifier. We could get around that by having a list of known email providers (gmail, outlook, etc) and if the domain is one of those then react the username part, and if not then redact the domain name as well. But that would be pretty convoluted for a simple bit of logging, so I decided to just not log the email address at all.
@flea89 good point, it needs to be user._id in email/service.js (but still user.id in jobs/storage.js). Fixed.