Scrupuli

blunt essays with sharp points

SourceForge Does Evil?

by Scrvpvlvs
Dec 3, 2010 5:54 PM–I believe SourceForge has disclosed personal e-mail addresses (including mine) to untrustworthy third parties, for the purpose of spamming.

On December 2, 2010, I received an ad sheet by e-mail. The ads offer white papers at the cost of providing my industry, company size, and complete identifying information. Judging from the title—This Week’s Best IT Re:Sources—it is apparently the premier issue of a weekly mailing.

The mailing used the SourceForge name and logo, and SourceForge admit sending it. It was accomplished using third party service bureaus.

The advertisers who underwrote the mailing were: Dell, Hewlett-Packard, IBM, and Intel.

Based on SourceForge’s privacy policy, I believe I should have only received the mailing if I had first requested it, selected it, or been offered a choice about it. I also believe they should not have used service bureaus to accomplish the mailing, and I do not believe they used trustworthy service bureaus.

About The Mailing

I had only opted to receive the sitewide SourceForge “Site Update Email Alert”, a.k.a. SourceForge.net Update, a monthly newsletter which carries their security notices and other site related announcements, and no others except notifications of comments on a few individual bug reports. Up to now, I had only received these e-mails. And SourceForge’s media kit does not mention This Week’s Best IT Re:Sources, or offer any kind of mass mailings other than short four-line snippets in their newsletters. This Week’s Best IT Re:Sources has not been mentioned anywhere as a new advertising program that I can find. These facts suggested that somebody else sent the mailing.

Also, SourceForge has an in-house system which it uses to distribute its newsletters, but this mailing used an outside system. This fact also suggested that somebody else sent the mailing.

But the ad sheet was addressed to a unique e-mail address which I disclosed in confidence only to SourceForge and Gravatar. This fact suggested either that SourceForge did send the mailing, or that spammers stole my personally identifiable information from SourceForge or Gravatar.

Because either possibility raises a serious issue, I filed a private trouble ticket with SourceForge support.

Today SourceForge admitted to me that they sent the mailing.

About The Privacy Policy

The serious issue, then, is this. I believe SourceForge broke trust with me, twice:

1. They promise that personally identifiable information will only be used with permission. In their privacy statement, they say they may use the information for various good purposes. Especially relevant to this issue, they may use it

  • to notify user referrals of Geeknet services, information, or products when a user requests that Geeknet send such information to referrals

and

  • to allow the user to purchase products, access services, or otherwise engage in activities the user selects

and they promise that they

  • will not use or share the personally identifiable information provided to it online in ways unrelated to the items described above without first letting a user know and offering the user a choice. (Emphasis added.)

2. They promise only to share personally identifiable information with a third party in a manner consistent with the privacy policy, or when obligated by law. That is, when they have

  • a user’s permission,

or when they use a third party service bureau

  • prohibited from using users’ information for any other purpose

and who will

  • comply with Geeknet privacy practices, and other appropriate confidentiality and security measures,

or

  • as required by legal obligations.

They say that when using a service bureau they will still keep all the promises made in the privacy statement.

The mailing has links to elabs10.com and emailengine.com for mailing list management, and sourceforge.com and then to accelacomm.com for fulfillment. With Google Search I found that elabs10.com appears on some lists of domains blacklisted for spamming, and that accelacomm.com appears on a list of domains blacklisted for phishing.

Damage Control

In the mailing, they did appear to honor the part of their privacy policy which says they will provide instructions in each of its emails on how to be removed from any lists.

SourceForge have also apologized to me and said, The team has received feedback on this issue, and are working to ensure to make the purpose of these messages more clear in the future and that these messages are only sent to those that want them. This might be corporatespeak for, The people who broke the privacy policy have been properly spanked.

I hope so.

Citations

“GeekNet, Inc. United States/European Union Safe Harbor Privacy Statement.” SourceForge. GeekNet, Inc., n.d. Web. 3 Dec 2010.

Labels: , , , , , , , , , , ,

Share: submit to reddit

3 Comments:

by Blogger Scrvpvlvs
December 14, 2010 8:56 AM–“The team has received feedback on this issue, and are working to ensure to make the purpose of these messages more clear in the future and that these messages are only sent to those that want them.”

But not working very hard; I have now received the second installment of the spam sheet.  

by Anonymous Anonymous
February 04, 2011 3:04 AM–Received them too for a while now, also wondering where they might really come from. Thanks for your insight!
I'll contact them about it right away, maybe a few more complaints will 'help' them do something about it!  

by Anonymous Anonymous
February 10, 2011 8:33 AM–No, they have not stopped. I have started receiving those recently, and after the second one (received today), I have disabled the alias I gave to SourceForge.  

Post a Comment

<< Home

about.me

Follow

feed

E-mail: enter address

Project Euler competitor metaed

vs.

Project Euler competitor db8

profile for MetaEd on Stack Exchange, a network of free, community-driven Q&A sites

Recent Articles

Faith Is Not A Renunciation Of Evidence

Manic And Depressed All At Once? That’s Normal

Make Firefox Take Geolocation From Google Latitude

Pumpkin Pie Mea

Eddys Found In the Space-Time Continuum

rad50.pl - interpret quadragesimal numbers

Out Of Kindness, Play Dumb

Oklahoma law banning Islamic law could also ban Bi...

About Roundup: Part 1, Preface and Introduction

NPR’s firing of Juan Williams an example of an eth...

Archives

November 1999
June 2000
July 2000
September 2001
October 2001
February 2002
March 2002
June 2003
February 2004
June 2004
July 2004
August 2004
September 2004
February 2005
March 2005
November 2005
July 2007
March 2008
April 2008
May 2008
October 2008
November 2008
December 2008
January 2009
April 2009
September 2009
December 2009
February 2010
March 2010
May 2010
June 2010
September 2010
October 2010
November 2010
December 2010
January 2011
April 2011
June 2011
July 2011
August 2011
September 2011
December 2011
February 2012
April 2012
May 2012
June 2012
July 2012
August 2012
September 2012
November 2012
January 2013
February 2013
April 2013
February 2014
May 2014
October 2014
June 2017
February 2019