Projects currently are able to access all sources you’ve linked to your account regardless of the information being public or not. Not an immediate need, but something to think about architecturally for the information someone may not have made public.
Granular control of what data is accessed by a project would also be good for those evaluating and testing projects not yet approved and for those who have data that they have not made public and may not want to share with an app. The permissions behaviour could act more like Android and iOS as revocable permissions that must be granted in context. If a particular data source is required, ask for the permission in when the action requires the data instead of upon joining.
Open doesn’t need to mean all or nothing. Take the example below, this shows both 23andMe and Imputer are available data when joining a project. Either I join and provide both data sources to the project or don’t join the project. There is no just give 23andMe data, but hold back on the imputer until i know what is going on or why it needs one or both of the sources (Just to be clear, imputer is ok by me on these). Being able to explore a project before granting one or more data sources would allow a user to be more informed about their decision and how data that is not public might be used.
Access to these data sources: 23andMe Upload (joined) AncestryDNA Upload FamilyTreeDNA integration Imputer (joined)
I wanted to open this permission structure up for discussion and weigh the cost and benefits.