Currently, any call to fetch person data when not authorised will return a 101 person not found error. While it is understandable that things such as email are not given out without authorisation happening, to avoid scraping and the like, it would be very handy to have less critical information (very specifically names, avatar and homepage) exported even when not authorised.
So, two options here:
- Simply remove the requirement for authorisation on the persondata call
- Retain the protection for the complete data set, and only send out the following information when not authorised: personid, firstname, lastname, homepage, avatarpic, avatarpicfound, bigavatarpic, bigavatarpicfound, description, and profilepage
I'd of course prefer option 2, because privacy is important...