|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
14 Apr 2018, 02:52 PM | #16 | |
Member
Join Date: Sep 2006
Posts: 49
|
Quote:
|
|
14 Apr 2018, 03:42 PM | #17 |
The "e" in e-mail
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,696
Representative of:
Fastmail.fm |
The issue has now been escalated directly to me, and I have replied outlining both the steps we have taken, my apology on behalf of the entire company, and what we can do in future to monitor the address and see if the exposure to a known third party has resulted in it being used by spammers.
I am quite happy to have all our interactions published. My apologies for the delay in posting that initial response here. When I became aware of the issue, I was on a standing-room-only train at the time traveling to my father-in-law's house for family dinner. Given that there was no timely element involved: * the exposed data was an email address * the related threat is receiving spam messages to the primary account name * the mitigation is renaming the account, which can happen at any time and stop the flow of spam * there was no evidence that there was an immediate flood of spam to the account, so delaying that rename by some hours made no difference .. and since I've been overseas for the last month and this family dinner was the first one in a while, I politely waited until after dinner to sit down at my laptop and give this issue my full attention. If my assessment of the urgency was incorrect, I apologise for that as well. Regards, Bron. |
14 Apr 2018, 04:07 PM | #18 | |
Member
Join Date: Mar 2018
Posts: 53
|
Quote:
In future as you are going to continue this practice. How about automatically creating an alias within each account & giving that out to your survey friends & whoever else instead of giving out our login email |
|
14 Apr 2018, 04:34 PM | #19 | |
Member
Join Date: Apr 2007
Posts: 72
|
Quote:
Moreover in this case a survey could have technically been done without releasing any email addresses to the third party, e.g.
|
|
14 Apr 2018, 05:13 PM | #20 | ||
Cornerstone of the Community
Join Date: Sep 2013
Posts: 536
|
Quote:
Regarding the rest of your comment, it's bad practice to share your costumers email address. This is not even a discussion. Your customers shouldn't have to waste their time blocking spam that was caused by the email provider itself. There are also possible privacy/security implications. Quote:
Last edited by 17pm : 14 Apr 2018 at 05:21 PM. |
||
14 Apr 2018, 05:55 PM | #21 | |
Essential Contributor
Join Date: Dec 2017
Location: Scotland
Posts: 490
|
Quote:
And, it's not a mountain out of a mole hill. Like others here, I treat my username email address as a secret value. I do not use it as an email address. Anyone who knows it has half the information they need to login to my account. Having that released to any company no matter who they are annoys me a great deal. And... it matters not a jot what a third party's privacy policy is - disgruntled employees selling on lists of working email addresses are not likely to pay any attention to a privacy policy. However I did not previously realise that it's possible to change one's username. That does at least make damage limitation possible. |
|
14 Apr 2018, 07:25 PM | #22 |
The "e" in e-mail
Join Date: Jul 2002
Location: VK4
Posts: 3,029
|
Why did F/m give out the main address surly they could have used just an alias from each account.
|
14 Apr 2018, 10:17 PM | #23 | |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,744
|
Quote:
|
|
15 Apr 2018, 01:34 PM | #24 | |
Junior Member
Join Date: Oct 2010
Posts: 8
|
Quote:
Moreover, the Experian hack occurred as the result of mind-boggling negligence where a patch was not applied for a long-disclosed security hole in one of the most widely distributed pieces of server software on the planet. Is that what you're suggesting is going on here? Not to dismiss your concerns out of hand, but perhaps you're mixing apples and oranges. |
|
15 Apr 2018, 05:04 PM | #25 | |
Essential Contributor
Join Date: Dec 2017
Location: Scotland
Posts: 490
|
Quote:
Also there's a difference between FM giving a focussed list of such users to the survey company (ie FM chose the users), and FM giving a list with much more info in it to the survey company and then them choosing who to contact - the scope for misuse of data is far greater in the latter case. If Fastmail can't trust their own users to answer questions that they ask them themselves (or via a suvery company having asked permission first), why would they think that a surprise poll sprung on people without permission is going to be any more reliable? |
|
15 Apr 2018, 10:14 PM | #26 |
Member
Join Date: Nov 2014
Posts: 39
|
Disclosing customers' primary email addresses for the purposes of running some lousy survey seems like incredible amateur hour and something I honestly wouldn't have expected from FastMail, ever...
As is evident, quite a few customers (myself included) are very purposefully not giving this address to anyone, so for FastMail to give it to some random entity without asking permission is a violation of trust more than anything. This is not about the survey company's privacy policy, how easy it is to change the main address, etc. etc. -- the point is that an email provider should not be proactively giving out its customers' addresses without their express consent, period. (This would actually apply to our other aliases as well, not just the main address.) What the heck are they smoking over at FastMail these days? It's obvious that there are trivially easy (particularly for email pros like them) ways to not give out customers' existing email addresses for this at all (temp aliases or forwarders like customer1234_at_fastmailusersurveys.com, for example); and even if, by some dubious rationale, giving out an existing address would be deemed absolutely unavoidable, there's no legitimate excuse for not asking for customer consent first. I thought we were paying FastMail for (among other things) never having to worry about stunts like this... The continuing slide of the company's mindset from "customer first" to "our convenience first" is troubling indeed. |
15 Apr 2018, 10:40 PM | #27 |
Member
Join Date: Mar 2018
Posts: 53
|
Bron
That you think it ok to publicly discuss in front of the entire internet the results of 'monitoring' a private account makes me feel even more violated. You announced to the forum that my account is now being monitored but didn't ask me before divulging that. Nor did Fastmail bother to tell me that in private. I found that out reading the forum. Spam isn't the issue anyway, you are just trying to sidetrack. And your spiel about how busy you were is also neither here nor there. I never complained that you weren't attending to it. I objected to you misrepresenting the situation by claiming that the CM was communicating with me when infact she had left me hanging. So you trying to guilt me with stories about your train journey & family time & all the rest was irrelevant. And another attempt by you to switch focus away from my email address being given out. An email I'm now scared to use as I'm being 'monitored' & the results of that monitoring is being made public by you. Your product is good, really good. But your handling of this situation & the fact that you still don't get why it is not ok to give out email addresses is shocking. All you have to do is not give out email addresses (save if the law/govt ask - which is different) |
15 Apr 2018, 10:49 PM | #28 | |
The "e" in e-mail
Join Date: Sep 2004
Location: The Netherlands
Posts: 2,908
|
Quote:
Last edited by Berenburger : 16 Apr 2018 at 12:58 AM. |
|
15 Apr 2018, 10:59 PM | #29 | |
Member
Join Date: Mar 2018
Posts: 53
|
Quote:
I had to ring Australia from England to speak to the Office of the Australian Information Commissioner. It was only when I quoted (as instructed by the OAIC) to Fastmail the relevant section of legislation that the OAIC said was breached to her that she took any notice at all. And then I was repeatedly told yes we shouldn't have contacted you without asking first. With me saying over & over the issue is giving it out in the first place not the survey contact. |
|
15 Apr 2018, 11:56 PM | #30 |
Essential Contributor
Join Date: Dec 2017
Location: Scotland
Posts: 490
|
That's deeply worrying. How can FM employ someone with so little clue?
And "Communication Manager"? Is that a sign that FM is now more worried about its public /image/ than being known & respected for its solid technical foundation? |