Support » Plugin: Advanced Access Manager » spammy and I am not sure I want to know whats more

  • Installed it because client complained about it not showing all expected capabilities (which to be fair was a problem unrelated to this plugin) and after few hours I got a “welcome” email from the plugin author. WTF? any other personal information it looks for in my server and without any notification sends to the author? maybe now it is only admin email, but next version credit cards?

    When you install software on your site, the most basic requirement is trust, trust that whoever wrote the software do not knowingly creat backdoors or expose your private information without notifying you. One that basic trust is broken there is no way back. I recommend people to just stay away from whatever this author does.

    As if the spammy practices are not enough, the plugin creates directories in unexpected locations, and again, no notification that it does it and for what.

    It is not like the actual functionality is great. Yes it has shiny UI, but almost anything valuable requires an upgrade to the “pro” version, so what you end up with is just ads for the pro. and its integration with normal user workflow is just bad.

    Advice: If you need this kind of plugin, stay with the user role manager plugin.

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author Vasyl Martyniuk

    (@vasyltech)

    Hi Mark,

    What a surprise… However honestly I do appreciate your feedback. In the next release I will add a notification that explains the reason for “welcome” message.

    It is bummer that you rushed to be so open about your experience without taking your time to read through. First of all by reading our Privacy policy you would find out all necessary answers to your claims. If you do not want to read it, as a summary, AAM collects email address and website URL that will never be disclosed to third-party or used for any commercial benefit.

    It is not clear for me your statement about “credit cards”. It is way inappropriate to say so.

    Yes, AAM create a directory in the wp-content folder for internal need as it is complex plugin that works on lot of layers and this is a perfectly normal practice for tons of plugins. Why don’t you go and review also plugins that create custom database tables without asking your permission?

    I believe that you also misunderstood the full potential that AAM offers you out-of-box with basic version. Yes, there are some “pro” features but they are more than reasonable to ask to be paid for, besides as more features I’m adding, as more “pro” features becomes free.

    Conclusion: Are you by any chance affiliated with user role manager plugin? Not sure how that plugin works but a lot of people sent me thank you note by saying that AAM has more stuff in free version that user role manage in “pro”.

    P.S. Seriously, not hard feeling however I would truly appreciate if you could revise your review and focus on the features that it offers rather than on your personal opinion about privacy. Thank you in advance.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    You’ve a privacy policy for a plugin…?

    I’ve unspammed the author’s reply and will look at this plugin closely later on this weekend.

    Plugin Author Vasyl Martyniuk

    (@vasyltech)

    @jdembowski dang, you guys keep surprising me on the fast you react. Thank you for that.

    Yes, I have a privacy policy page. Both Braintree and Stripe compliance team revised and approved all what is related to AAM.

    The only reason AAM collects an email is to send a welcome note to end user with how to use AAM and link to the documentation section. I’ve already noticed a very positive impact as people get more educated about access management in WordPress.

    Correct me if I’m wrong, but this is not any different than what WooCommerce or Jatpack plugins do. One time welcome email without disclosing any private information to the third-party is perfectly fine.

    Keep me updated if any additional information is needed.
    Thank you,
    Vasyl

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    I’ve not looked at the plugin and honestly don’t know anything about it. But this part confused me.

    The only reason AAM collects an email is to send a welcome note to end user with how to use AAM and link to the documentation section. I’ve already noticed a very positive impact as people get more educated about access management in WordPress.

    Why collect an email address? You could easily just have the user’s own site email that directly without collecting that information. Or make a dismissable dashboard notice with that link.

    Again, I’ve not looked at the plugin yet (and I’m on the support team, not the plugin team) but that seems like a slim reason to collect that info.

    Correct me if I’m wrong, but this is not any different than what WooCommerce or Jatpack plugins do. One time welcome email without disclosing any private information to the third-party is perfectly fine.

    That’s apples compared to oranges and isn’t valid here as far as I can see. Woocommerce has no reason to do that. I would be shocked if it does that without explicit user permission first.

    The Jetpack plugin is an interface to the WordPress.com service. It’s SaaS.

    How is just collecting an email a service to the user? Especially when it’s not necessary?

    I’ll look more later, as I’ve said I’m not familiar with this plugin.

    • This reply was modified 1 year, 9 months ago by  Jan Dembowski.
    Plugin Author Vasyl Martyniuk

    (@vasyltech)

    @jdembowski,

    Look guys. If you find it inappropriate then, sure, I’ll remove that part from the plugin. My objective with this flow is to establish personal connection with the user because an email also states that “if any questions, please simply reply to this email and I’ll be more than happy to assist”.

    I’ve been getting tons of questions and helped hundreds of users that followed this path. All this is just improved user experience, however again, if you find it inappropriate, this part will be gone immediately.

    Keep me updated.
    Thank you,
    Vasyl

    Regards,
    Vasyl

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    If you explicitly ask for permission and only collect that email address after that permission is granted by the informed user then you will be following the plugin guidelines and you won’t have any trouble here at all.

    If you’re collecting email addresses automatically then yes, please take that out of your plugin ASAP. That’s not allowed. It has to be opt-in.

    Plugin Author Vasyl Martyniuk

    (@vasyltech)

    @jdembowski,

    Yes sir. Just release a new update and removed it. I prefer to follow your guidance, however for your information I’ve got inspired by the way Jatpack does it. I’ve got a welcome note without giving any consents to use my email address. I can’t guaranty that Jatpack works the same way today as it was around a year ago.

    Thank you for your support.
    Regards,
    Vasyl

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    for your information I’ve got inspired by the way Jatpack does it.

    No, Jetpck doesn’t do that. If anything, it gets your installation to send the admin an email. That is very different from collecting emails on your system.

    Jetpack is an interface to a service. Without that service, Jetpack alone does very little. Jetpack needs your WordPress.COM information to connect your installation to your account.

    This plugin of yours is not a service. There’s no reason for you to collect that email address.

    Whilst I think Mark-k’s “review” is way over the top in terms of reactivity and unfounded accusations, I am happy to learn that AAM has consequently been asked to remove the feature of collecting the email address of site admins. I see no valid reason for collecting such information. As Jan has pointed out, if the developer deems it useful to send an email to the site admin for “Welcoming” purposes, that can be triggered through the site itself.

    I just discovered this review and after reading, I am pleased to see that a body ensures that developers respect the rules. What is important for me, user, is the intention of the developer when he does not respect a rule and all evidence, this case seems to me closer to clumsiness than bad intention.
    I would add that AAM is currently the only plugin that can manage access rights as deeply as it does (from the free version). I recognize that the purchase of the “Plus Package Extension” is quickly essential but given the quality of the plugin, its level of performance and the responsiveness of the support, the price seems to me to perfectly match the services offered
    User Access Manager and User Role Editor are good plugins but do not offer this level of protection.
    Thanks to those who brought out the problem, to those who make sure the rules are respected and to the developer to apply them.
    I regret, however, that the author of this review has gone astray with excessive remarks and comparisons in my opinion.

    • This reply was modified 1 year, 6 months ago by  erisal.
Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘spammy and I am not sure I want to know whats more’ is closed to new replies.