Plugin Author has contacted email addresses from our site

  • Resolved digbymaass

    (@digbymaass)


    5 years, 4 months ago

    I don’t know if this is the correct place to comment/complain about this but here is the story.

    We are a running club.

    We use (or used) two plugins – one to encrypt email addresses (Email Address Encoder), and one to add OG headers for posting to social media (now deactivated).

    The encoder, recently updated, added an invitation to “Scan your pages to see whether all your email addresses are protected.”

    I did this a while ago, but for reasons I forget, it wasn’t very satisfactory and I stopped the process.

    However I have just received an email from one of our users – a race organiser whose email address is on his race page. He is not an admin and did not construct the page. Basically the email encoder plugin has emailed him (and presumably all other email addresses on other pages, but not me the webmaster) saying his email address is not encrypted:

    Recently, you or someone on your team scanned the domain carnethy.com for unprotected email addresses using the page scanner on my website <https://encoder.till.im?utm_source=email-reminder&utm_medium=email&gt;

    This is a friendly reminder that your email address xxxxx@carnethy.com is still listed on carnethy.com and is not protected from email-harvesting robots — which is exactly how I was able to send you this email.

    (I’ve obscured the email address)

    This seems to me entirely unacceptable. And makes no sense either – email me, the admin, by all means, so I can try and remedy the situation. But not our users. This is spamming. What are they to make of it?

    And in fact the email address was encoded but unknown to me the Open Graph plugin adds the email address in plain text in the header, completely defeating the encryption. So I’ve deactivated the OG plugin.

    Is this acceptable behaviour on the part of a plugin author?

    • This topic was modified 5 years, 4 months ago by digbymaass.
    • This topic was modified 5 years, 4 months ago by digbymaass.
    • This topic was modified 5 years, 4 months ago by digbymaass.

    The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    5 years, 4 months ago

    I’ve moved this to Everything else WordPress as it’s more appropriate.

    Which plugin exactly are you referring to? What is the link to that plugin please?

    Thread Starter digbymaass

    (@digbymaass)

    5 years, 4 months ago

    The plugin is Email Address Encoder – https://encoder.till.im

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    5 years, 4 months ago

    Just FYI, encrypting/obscuring email addresses is kind of pointless. The folks who really want to harvest them have tools that can easily defeat it.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    5 years, 4 months ago

    You mean this one.

    https://wordpress.org/plugins/email-address-encoder/

    Unless the plugin in the WordPress repo is somehow harvesting emails in the code to bug people (which it may, I’ve not looked at the code yet) then there’s nothing to be done.

    As Steve said, the premise behind that plugin is pointless.

    Thread Starter digbymaass

    (@digbymaass)

    5 years, 4 months ago

    That’s the one.

    On the settings page is an invitation to “Scan your pages to see whether all your email addresses are protected.” https://encoder.till.im/scanner

    The plugin author has presumably emailed all the unencrypted email addresses found using that tool with his ‘friendly reminder’.
    I’ve only had feedback from one user (the one quoted) but there’s no reason to suppose the same email hasn’t gone to all the unencrypted email addresses.

    Whether the premise behind the plugin is pointless or not this doesn’t seem right.

    • This reply was modified 5 years, 4 months ago by digbymaass.
    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Advisor and Activist

    5 years, 4 months ago

    The plugin author has presumably emailed all the unencrypted email addresses found using that tool with his ‘friendly reminder’.

    Eeeeh I would email him back and point out it’s really low class, but sadly you used the service on his site, which means you kind of asked him to find any emails. What he does with the data after that is up to him, but you gave him tacit permission to get it 🙁

    Thread Starter digbymaass

    (@digbymaass)

    5 years, 4 months ago

    I have made my feelings known!
    What he did is pointless. It’s embarrassing for me, and the people he has emailed have nothing to do with the actual construction of the site.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Plugin Author has contacted email addresses from our site’ is closed to new replies.