[klabb3]

Unique links like this work well over trusted comms channels, like email or slack. I don’t think typo attacks are particularly fruitful, but sometimes you need to type manually, in which case you’ll break the link. They should probably make canonicalize identifiers.

What I would worry about though, is tracking. If you can see calendar status via a link you received (or even guessed), you can follow that person forever. That’d be fine for public use-cases, like therapists, but I would never share my calendar publicly, even if the details are masked.

A great compromise, imo, is to generate temporary links, that are hard-enough to guess. That let’s you avoid rolling your own permission system, while providing excellent privacy by default.