Max wants to play epic adventures!

Dear Max,

As a long-time player of Unreal and Unreal Tournament – the originals! I know! – I understand how amazing Epic games are. Yet, I think it would be better that you use your email address to register, otherwise you will have some major problems later to keep your scores and your game profile. I know very well how precious they are.

Dear Epic,

I understand you want to have as many users as you can – growth! right? – yet if I never click on “Verify Your Email”, why is my email still in your database? I really hoped you were going to do the right thing… yet we are. A month later, and my email is still recorder.

Screen Shot 2018-05-09 at 18.00.09.png

Possible privacy violation:

  • Email stored in a database without authorization


  • 2018-04-07 — Received “Verify” email, I archived without clicking.
  • 2018-05-07 — I receive an email warning me of multiple attempt to login to “my” account (note: I do have an Epic account, but it’s associated to a different email). I double check to be sure, this time it’s the email address I never authorized.
  • 2018-05-07 — I try to access the account to contact their customer care. I contact them, asking to delete the account associated with my email.
  • 2018-05-09 — I receive a reply that to proceed with the deletion I have to… verify the email first.

A healthier lifestyle with Yazio for Angela

Dear Angela,

I don’t know you, but I think it’s great you decided to try out an app to track and improve your diet. Unfortunately, I’d also have appreciated you used your own email instead of mine.

You see, Yazio isn’t asking for authorization when you registered, so now my email has been added without authorization in their database. Unfortunately, Yazio as of today does’t seem to have even a Privacy Policy linked in the footer of their website, so I really had an hard time finding a contact email… ah yes, because of course the sender used in the email I received bounces back.

Screen Shot 2018-04-15 at 15.01.52.png

Possible privacy violations:

  1. Email registered without authorization
  2. No-reply sender for the emails sent
  3. No privacy policy in the website footer


  • 2017-04-15 — Received email.
  • 2017-04-15 — Sent email to (no-reply, bounced back),, (their legal firm).
  • 2017-04-16 — Customer care replied, they removed the account. They ignored in the reply the request to fix signups and privacy policy.

Richard and Sandra: who is flying to Florida?

A broken email case from Sandy:

Dear Richard and Sandra,

I hope you all have a great trip heading to Florida! If you’re wondering why it is taking so long for your boarding passes to come through email, you’ll be waiting much longer. As you can’t seem to get your own email right you may just want to print them out when you make it to the airport.




Sandra got pay

A broken email case from Sandy:

Dear Sandra,

Glad you’ve been able to find a new job, or that your current job moved into paperless pay stubs. Make sure you give your email address for important financial emails though. Had I not contacted back your employer after the second pay stub came through you might not get important tax forms at the end of the year.

Best of luck in the new venture,




Sandra, que laser?

A broken email case from Sandy:

Dear Sandra,

My Spanish is not great (non-existent) but from the looks of it, and the translation, you’ve ordered some kind of laser and it is on it’s way to you now. I’m not sure if I should be curious about what you’re up to, or report you to the authorities as an evil genius building the ultimate weapon to take over the world. In any case just remember that I was nice and didn’t log into your account and cancel the order when I first saw it come through. In other words don’t aim your laser at me!

Thanks in advance,




A nice greeting card… to someone else

A broken email case from Donncha:

One of the advantages of knowing someone in Google is that I have a email.

Unfortunately one of the disadvantages of having a email is that other people with that name will give out that email in error, or their friends will CC that email in very personal email threads. I was once even sent an email about a planning development by an architect.

Nowadays I rarely use that email when signing up for a website, instead prefering to use a throwaway address in the form own domain instead. If that email gets spam I can simply send it to the trash automatically.

Anyway, the latest case of mistaken identity was from a nice lady named Gayle who sent her friend Don a Jacquie Lawson greeting card. Needless to say I have not clicked the link to view the card.





Lucas wants a Dragon Ball Z DVD from eBay

Dear Lucas,

I understand the Dragon Ball Z DVD at just €2 was too tempting and in the excitement you forgot your own email. But you see, now I’m getting all the notifications about your bid, and also that other purchase for the Amazing Spiderman from Germany. Unfortunately these purchases aren’t going to happen, you see?

Dear eBay,

I understand you really want your users to get onboard quickly, and start buying as Lucas did, so I see why you don’t validate emails. Yet… you could have put at least a “Not my email” link on that email. So I could simply click it instead of having to hunt for your privacy contact. Also, making the customer support accessible exclusively for logged in users doesn’t really help, does it?





  • 2017-12-04 — Welcome on eBay!
  • 2017-12-04 — Contacted eBay “spoof” email, “privacy form”, and Twitter DM.
  • 2017-12-05 — Received answer via Twitter.
  • 2017-12-05 — “Account Suspended”, asking me (since the email is mine) to verify it.
  • 2017-12-06 — “eBay Customer Support – spoof” replied that it’s “most likely not our email”.
  • 2017-12-06 — “eBay Office of the President” replied that they forwarded the issue to their “Technical Support team to investigate”, and that the account has been suspended (which means I got the email to verify “my” details, and my email is still in their database, now also unusable and associated to an account that violated policy).
  • 2017-12-07 — “eBay Office of the President” relied that my email will get back to me after “a grace period of several days” and that there will be “no negative impact on your own future account”.
    They have also forwarded the issue to their “Privacy Team”.