@supervisitor opened this Issue on November 21st 2019

At step 5 of installation, there you can mark to receive information about community and/or professional news. At this page you can read: "We will not share your email with anyone else...", but they do!

The email you will receive comes from secureserver.net/madmimi.com! Matomo use a tool for mailings from a different company, Mad Mimi, so they do share your email with anyone else (Mad Mimi)! Yes, there is a link to the public privacy policy at the web for more detailed information. But when I read in front they don't share, why should I have to do research work to read much more detailed information to see they do?

Matomo is a tool for tracking and to analyze users... so Matomo should be a tool that inspires 100% confidence! With informations like this, Matomo do not!

The correct way to fix this critical issue/bug:

  • Matomo can do a dump of the mail addresses db
  • they have to delete the mail address db at Mad Mini and have to verify that this is really done (no backups have to be alive at Mad Mini!)
  • they can use the db for own use to address mailings, news, whatever... like they define before
  • e.g. in this mail they can announce a new service with a new privacy contract... to subscribe or not, to give away your mail address or not
  • best would be to redesign this in a "pull service plugin" to see this news e.g. at the dashboard, it would be much more privacy compliant
  • Matomo should apologize for this procedure and for the work that this has been performed in some places, e.g. I now have to replace this email address on all installations with a new one
  • Matomo should not close this issue after they change the information message at the installation script, the should keep this information for all who've fallen into this trap

The reason why this is a "critical issue/bug":
I and everyone else trusted Matomo. I gave an address that was until now only known internally, but now Mad Mini knows it and therefore this address is generally known.
It's the little things that create mistrust! At least I don't trust Matomo anymore, I was lied to. From today on I will control all data transfer and look for and implement a trustworthy alternative... can no longer recommend Matomo to anyone, give e.g. Open Web Analytics, Fathom Analytics, Ackee, etc. a try...

@mattab commented on November 22nd 2019 Member

Thanks for the feedback. We hear where you're coming from and our wording of this will be improved. Madmimi might know your email, but they won't use it for any purpose except for us to send you the newsletter. As you saw Madmimi is noted in our privacy policy. To make this clearer, we will soon update the message to mention we're using Madmimi. fyi we will not start hosting a newsletter service and mail server ourselves, that is too much work and not easy to do. Thanks for letting us know your concerns.

@PPMary commented on February 19th 2020

I also received another information from Matomo today. I agree with supervisor. You have to delete the recipient database, apologize to the recipients and admit the error, while keeping the recipient database without the unwanted one. Possible, although not without effort but easier to do than expected.
Just please: do it already! I also want to get off the list... and I definitely want nothing to do with GoDaddy.
Thanks for prioritizing.
BTW: It is not issue when signing for the newsletter, it is really a violation of privacy. (FYI: In Europe there are even laws that forbid and punish this kind of non-information, but not here.)

Powered by GitHub Issue Mirror