Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When signing up for the Matomo newsletter, clarify In the privacy notice that emails are processed by Madmimi #15182

Closed
supervisitor opened this issue Nov 21, 2019 · 7 comments · Fixed by #16012
Closed

When signing up for the Matomo newsletter, clarify In the privacy notice that emails are processed by Madmimi #15182

supervisitor opened this issue Nov 21, 2019 · 7 comments · Fixed by #16012
Assignees
@sgiehl
Labels
c: Privacy For issues that impact or improve the privacy.
Milestone
4.0.0

Comments

@supervisitor
Copy link

At step 5 of installation, there you can mark to receive information about community and/or professional news. At this page you can read: "We will not share your email with anyone else...", but they do!

The email you will receive comes from secureserver.net/madmimi.com! Matomo use a tool for mailings from a different company, Mad Mimi, so they do share your email with anyone else (Mad Mimi)! Yes, there is a link to the public privacy policy at the web for more detailed information. But when I read in front they don't share, why should I have to do research work to read much more detailed information to see they do?

Matomo is a tool for tracking and to analyze users... so Matomo should be a tool that inspires 100% confidence! With informations like this, Matomo do not!

The correct way to fix this critical issue/bug:

  • Matomo can do a dump of the mail addresses db
  • they have to delete the mail address db at Mad Mini and have to verify that this is really done (no backups have to be alive at Mad Mini!)
  • they can use the db for own use to address mailings, news, whatever... like they define before
  • e.g. in this mail they can announce a new service with a new privacy contract... to subscribe or not, to give away your mail address or not
  • best would be to redesign this in a "pull service plugin" to see this news e.g. at the dashboard, it would be much more privacy compliant
  • Matomo should apologize for this procedure and for the work that this has been performed in some places, e.g. I now have to replace this email address on all installations with a new one
  • Matomo should not close this issue after they change the information message at the installation script, the should keep this information for all who've fallen into this trap

The reason why this is a "critical issue/bug":
I and everyone else trusted Matomo. I gave an address that was until now only known internally, but now Mad Mini knows it and therefore this address is generally known.
It's the little things that create mistrust! At least I don't trust Matomo anymore, I was lied to. From today on I will control all data transfer and look for and implement a trustworthy alternative... can no longer recommend Matomo to anyone, give e.g. Open Web Analytics, Fathom Analytics, Ackee, etc. a try...
@mattab
Copy link
Member

mattab commented Nov 22, 2019
edited

Thanks for the feedback. We hear where you're coming from and our wording of this will be improved. Madmimi might know your email, but they won't use it for any purpose except for us to send you the newsletter. As you saw Madmimi is noted in our privacy policy. To make this clearer, we will soon update the message to mention we're using Madmimi. fyi we will not start hosting a newsletter service and mail server ourselves, that is too much work and not easy to do. Thanks for letting us know your concerns.

@mattab mattab added the c: Privacy For issues that impact or improve the privacy. label Nov 22, 2019
@mattab mattab changed the title privacy violation (critical issue/bug) When signing up for the Matomo newsletter, clarify In the privacy notice that emails are processed by Madmimi Nov 22, 2019
@mattab mattab added this to the 4.0.0 milestone Jan 21, 2020
@PPMary
Copy link

PPMary commented Feb 19, 2020

I also received another information from Matomo today. I agree with supervisor. You have to delete the recipient database, apologize to the recipients and admit the error, while keeping the recipient database without the unwanted one. Possible, although not without effort but easier to do than expected.
Just please: do it already! I also want to get off the list... and I definitely want nothing to do with GoDaddy.
Thanks for prioritizing.
BTW: It is not issue when signing for the newsletter, it is really a violation of privacy. (FYI: In Europe there are even laws that forbid and punish this kind of non-information, but not here.)

@sgiehl
Copy link
Member

sgiehl commented Apr 28, 2020

@mattab so (from code side) it's basically only about changing the privacy note displayed in installation?

matomo/plugins/Installation/lang/en.json

Line 153 in 7172c71

"EmailPrivacyNotice": "Your email address will be only used to send you the Matomo newsletter. You can unsubscribe at any time by clicking the unsubscribe link. We will not share your email with anyone else or use your email for any other purpose than sending you the Matomo newsletter. Please consult our %1$sprivacy policy%2$s for more information."

What text change would you suggest? Something like:

Your email address will be only used to send you the Matomo newsletter. You can unsubscribe at any time by clicking the unsubscribe link. We are using Mad Mini for sending our newsletter. We will not share your email with anyone else or use your email for any other purpose than sending you the Matomo newsletter. Please consult our %1$sprivacy policy%2$s for more information.

@sgiehl
Copy link
Member

sgiehl commented May 25, 2020

ping @mattab @tsteur

@tsteur
Copy link
Member

tsteur commented May 25, 2020

Mad Mini => Mad Mimi. Sounds good to me. ping @mattab

@supervisitor
Copy link
Author

supervisitor commented May 26, 2020
edited

clearly more like this:

Your email address will be only used to send you the Matomo newsletter. You can unsubscribe at any time by clicking the unsubscribe link.
But we don't do it ourselves, we are using tools from third parties for sending our newsletter and for email marketing. For this we have to share your email with this companies. Currently we use Mad Mimi (a GoDaddy company), but this may change in the future. That is why it is possible that we forward your email address to several companies over time. The last one, however, only at the time we change our email list provider.
Please consult the email list providers and our %1$sprivacy policy%2$s for more information.

It is much more clear to the users... and you tell the true about your using the address.

... or run a majordomo instance yourself, it's neither difficult nor costly. But it would lead to the fact that no email addresses are forwarded to third parties?!

@sgiehl sgiehl self-assigned this Jun 2, 2020
@sgiehl
Copy link
Member

sgiehl commented Jun 2, 2020

I'll create a PR with my suggestion for now. Let's discuss further changes there...

@sgiehl sgiehl mentioned this issue Jun 2, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sgiehl sgiehl

Labels
c: Privacy For issues that impact or improve the privacy.
Projects
None yet
Milestone
4.0.0
Development

Successfully merging a pull request may close this issue.

Improve newsletter privacy note in installation matomo-org/matomo
5 participants
@tsteur @mattab @sgiehl @supervisitor @PPMary