Micropayments Company Coil Distributes New Privacy Policy With Email That Puts Users' Addresses in the 'To:' Field (theregister.com) 22
Micropayments company Coil has emailed users its new privacy policy but placed hundreds of their addresses in the "To:" field and therefore breached their privacy. From a report: The mail had the Subject line "Updates to Coil's Terms and Privacy Policy" and offered links to the document. The Register has read it and can report that while it reveals that Coil seeks permission to share users' details with service providers, partners, and "related entities." We cannot find a clause that resembles: "We reserve the right to expose your email address to countless other Coil users in the 'To:' field of an email."
Empty words (Score:5, Informative)
Unfortunately, due to a human error related to how we interface with our mailing list provider, a number of users' email addresses were populated alongside yours.
This mistake is especially painful as we take privacy extremely seriously
But not, apparently, seriously enough to properly train your marketing department or automate in a way that prevents this sort of problem in the first place. In other words, you're lying just like every other company who claims to take privacy seriously.
Re: (Score:2)
I'd hate to be the guy in DevOps that bungled this.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Hmmm.. Sure training helps *some*, but a secure system has to be built around the assumption that even trained users are unreliable.
If you want to *enforce* security, you have to restrict access to sensitive information. If user email addresses are sensitive, then use of those addresses probably needs to be done exclusively through something like a CRM system. If users have access to those addresses they *will* misuse them, even if you train them not to. At the very least you need to make it sufficiently
Re: (Score:2)
Training might mean teaching users how email actually works. Given the conversations I've had at least monthly for the last 20 years, I assume that's impossible.
Re:talk about technology... (Score:4, Insightful)
Email is really bad however the problem is that there isn't a good replacement for it. As every new technology that comes out today is owned by some company who wants to control the entire infrastructure.
Email/FTP/Telnet/HTTP is nice because you just need to point to the name of the server, with what account if needed. Send the data and your are done. You don't need to have people sign up for some big companies service, then have to communicate with someone else in which you need to sign up to their service, and you need a complex set of tools and many accounts for all your communication.
Re: (Score:2)
Micropayments will never work (Score:2)
Re: (Score:2)
The problem is most sites will only go one way. If I am exposed to Ads I want some Micro transactions sent back to me.
What do you expect? (Score:3)
BCC (Score:2)
Who needs the BCC field? Reply-all storm in 3...2...1...
Re: (Score:3)
Why not just do individual emails? Then the customer's privacy is respected, and it is less likely to be filtered out as SPAM. Having no one in the To: field and only recipients in the BCC field would quite likely get it marked as SPAM as well.
I'm also curious about the configuration of their mail server that allows 500+ recipients in the to: field in one email. Unless the script writer was clever, and broke the To: list into $server_limit - 1 sized chunks. Ah, looks like the server limit of email was 1
Re: (Score:2)
The BCC field is only a "field" on the sending side, it doesn't get transmitted. Sending the same message BCC'd to 100,000 people has the identical effect on the receiving end as sending 100,000 individual messages
Although, if you do send individual messages you can put the recipient in the To: header, which _may_ have some effect on recipient filters. I know I add filter points for bcc'd messages from non-whitelisted senders.
No one cares about privacy (Score:2)
It's amazing how many companies take privacy seriously, and care deeply about their privacy practices, yet don't seem to understand or grasp what "privacy" means in different contexts. I've honestly lost count of the number of companies who don't utilize P
Private Email Addresses? (Score:4, Insightful)
Shut up (Score:2)
Really, this company fucked up and the best thing they can say is "OK, we screwed up". No fake sorries, no long winded excuses, nothing.
Every word they say in their excuse piece just buries them deeper.
49 years and they still don't get it (Score:2)
Email has been around since 1971 so its secrets should be known by now.