Roby is looking for friends

Dear Roby,

I know, dating is hard, and services like Meetic look like they can help but they quite instantly try to make you pay. Granted, if you use my email to register, it’s even harder.

Dear Meetic,

I know it’s hard to onboard new users. I assure you that however violating the privacy by registering and activating an email that never authorized you is not a good way to proceed. Sure, everyone makes error, but not even a link to remove the email? That’s bad practice, don’t you think?

It’s even worse because… we already had this discussion in August 2017. And your customer support told me that they were to fix the issue. Why then are we still here, GDPR and all, and my email is getting used without authorization?

Screen Shot 2018-06-02 at 00.07.43.png

  • Prologue: this is the second time. Meetic wasn’t validating the emails already in August 2017, where someone registered an account with my email and I had to jump through loops to get it deactivated. At the time took them about a day to reply.
  • 2018-06-01 — Received an “Activate your Account” email. I don’t activate.
  • 2018-06-01 — Received an “Your photo has been approved” email. Clearly the account is active and the email has been used without authorization.
  • 2018-06-01 — I try to check the account. Password recovery works – again, clearly representing that the email is active in the database.
  • 2018-06-01 — I gain access to the profile, but the “email” field can’t be edited. I try to edit the profile because it’s moderated and maybe some humans will see it. I’m stuck.
  • 2018-06-01 — I contact their customer care from inside the service, from the email reply account, and from their Terms of Privacy email contact.
  • 2018-06-01 — I click on “Stop contacting me” on the email that contained the “Activate your Account” link.
  • 2018-06-01 — I receive a new email that my update to the profile wasn’t accepted. Clearly again the email is still active, and the request to not receive emails anymore isn’t respected.
  • 2018-06-01 — I look for support documentation, and I figure out that even for some reason I can’t update the email address, I seem to be able to close the account. I close the account.
  • 2018-06-01 — To cross-check if closing the account worked, I try to do yet again a password recovery. I get a message that I’m going to receive an email: it looks like my email is as such still in their database unfortunately.
  • 2018-06-02 — Their support team replies confirming that the account has been deleted, but they also add “That’s not an issue with our systems, someone probably played a prank on you”. So I registered their customer support email to their own service.

 

Advertisements

Max wants to play epic adventures!

Dear Max,

As a long-time player of Unreal and Unreal Tournament – the originals! I know! – I understand how amazing Epic games are. Yet, I think it would be better that you use your email address to register, otherwise you will have some major problems later to keep your scores and your game profile. I know very well how precious they are.

Dear Epic,

I understand you want to have as many users as you can – growth! right? – yet if I never click on “Verify Your Email”, why is my email still in your database? I really hoped you were going to do the right thing… yet we are. A month later, and my email is still recorded.

Screen Shot 2018-05-09 at 18.00.09.png

Possible privacy violation:

  • Email stored in a database without authorization
  • Contacting for privacy issues requires sending a physical letter. No other contact detail. Privacy policy is here.

Status:

  • 2018-04-07 — Received “Verify” email, I archived without clicking.
  • 2018-05-07 — I receive an email warning me of multiple attempt to login to “my” account (note: I do have an Epic account, but it’s associated to a different email). I double check to be sure, this time it’s the email address I never authorized.
  • 2018-05-07 — I try to access the account to contact their customer care. I contact them, asking to delete the account associated with my email.
  • 2018-05-09 — I receive a reply that to proceed with the deletion I have to… verify the email first.
  • 2018-05-09 — I reply asking to remove my email as they are not authorized to store it.
  • 2018-05-09 — Epic answers that the account seems “verified” already (WAT?!?) and they are “escalating” to the “next step”. It also adds: “Please await our email, as any response to this ticket will reset the escalation process and may lead to a delay in handling your request”.
  • 2018-05-23 —Received an email warning me of multiple attempt to login to “my” account. Again.
  • 2018-05-23 — I now reply to the “escalation” email above, since it’s now two weeks since then!
  • 2018-05-31 — Received an email warning me of multiple attempt to login to “my” account. Again.
  • 2018-05-31 — Finally Epic updated their privacy policy and now it includes an email address to contact. I’ve now sent another email with their privacy team in CC.
  • 2018-06-01 — Finally Epic deleted the account (was it necessary? couldn’t have they just changed the email?). Case closed (even if it seems they still allow users to register without authorizing the email, and the email address can’t be updated).
  • 2018-06-13 — Unfortunately, even if Epic confirmed the account deletion, I received yet another email providing details on how to secure my account (“Mantieni al sicuro il tuo account”).
  • 2018-06-17 — I contacted them back at both support and at their privacy policy email again (dpo@epicgames.com). Notably, the support email is a “no reply” account, and as such they replied I’ve to contact them through web support. Which means additional hoops before I find a contact form.
  • 2018-06-18 — They replied they haven’t my email in their database. Yet I received the email, so they asked for more details.
  • 2018-07-01 — After a couple emails, I send them the email header of the latest email I received from them.
  • 2018-07-19 — They now confirmed they have now “updated a few things on our side” and I shouldn’t receive emails anymore.

A healthier lifestyle with Yazio for Angela

Dear Angela,

I don’t know you, but I think it’s great you decided to try out an app to track and improve your diet. Unfortunately, I’d also have appreciated you used your own email instead of mine.

You see, Yazio isn’t asking for authorization when you registered, so now my email has been added without authorization in their database. Unfortunately, Yazio as of today does’t seem to have even a Privacy Policy linked in the footer of their website, so I really had an hard time finding a contact email… ah yes, because of course the sender used in the email I received bounces back.

Screen Shot 2018-04-15 at 15.01.52.png

Possible privacy violations:

  1. Email registered without authorization
  2. No-reply sender for the emails sent
  3. No privacy policy in the website footer

Status.

  • 2017-04-15 — Received email.
  • 2017-04-15 — Sent email to coach@mails.yazio.com (no-reply, bounced back), help@yazio.com, kanzlei@lex.tm (their legal firm).
  • 2017-04-16 — Customer care replied, they removed the account. They ignored in the reply the request to fix signups and privacy policy.

Richard and Sandra: who is flying to Florida?

A broken email case from Sandy:

Dear Richard and Sandra,

I hope you all have a great trip heading to Florida! If you’re wondering why it is taking so long for your boarding passes to come through email, you’ll be waiting much longer. As you can’t seem to get your own email right you may just want to print them out when you make it to the airport.

Sincerely,
Sandy

 

DGdPbmufIc.jpg

Sandra got pay

A broken email case from Sandy:

Dear Sandra,

Glad you’ve been able to find a new job, or that your current job moved into paperless pay stubs. Make sure you give your email address for important financial emails though. Had I not contacted back your employer after the second pay stub came through you might not get important tax forms at the end of the year.

Best of luck in the new venture,
Sandy

 

WHEa8BLXos

 

Sandra, que laser?

A broken email case from Sandy:

Dear Sandra,

My Spanish is not great (non-existent) but from the looks of it, and the translation, you’ve ordered some kind of laser and it is on it’s way to you now. I’m not sure if I should be curious about what you’re up to, or report you to the authorities as an evil genius building the ultimate weapon to take over the world. In any case just remember that I was nice and didn’t log into your homecenter.com.co account and cancel the order when I first saw it come through. In other words don’t aim your laser at me!

Thanks in advance,
Sandy.

 

X8oHLesJpw.jpg