Last modified: 2014-10-31 20:29:11 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T60373, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 58373 - Opting out of the annual fundraising e-mail is a terrible user experience; links.email.donate.wikimedia.org has invalid certificate
Opting out of the annual fundraising e-mail is a terrible user experience; li...
Status: NEW
Product: Wikimedia
Classification: Unclassified
Fundraising (Other open bugs)
wmf-deployment
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on: 72514
Blocks:
  Show dependency treegraph
 
Reported: 2013-12-12 04:32 UTC by MZMcBride
Modified: 2014-10-31 20:29 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Screenshot of https://links.email.donate.wikimedia.org in Google Chrome, OS X, 2013-12-12 (75.08 KB, image/png)
2013-12-12 20:19 UTC, MZMcBride 		Details
Add an attachment (proposed patch, testcase, etc.)

Description MZMcBride 2013-12-12 04:32:39 UTC 
This may need to be split out to separate bug reports.

The annual fundraising e-mail contains this text:

---
You are receiving this email as a valued donor of the Wikimedia Foundation. If you do not wish to receive any future emails from the Wikimedia Foundation, unsubscribe instantly.
---

"unsubscribe instantly" is a link to <https://links.email.donate.wikimedia.org/>. This domain doesn't have a valid SSL certificate, so the browser throws a terrifying warning. This is bad.

If the user chooses to proceed, he or she is presented with an awful form (so much for instantly unsubscribing...):

---
Opt-out Email Confirmation
Enter Email: [              ]

[No, I do NOT wish to Unsubscribe]   [Yes, Unsubscribe me]
---

Requiring the user to re-enter his or her e-mail address is a pretty dickish move.

And finally, "No, I do NOT wish to Unsubscribe" is abominable language. The only way the user can figure out what that button does is by reading the other button and realizing it's the "Yes" button that he or she wants.
Comment 1 Brion Vibber 2013-12-12 17:47:11 UTC 
(In reply to comment #0)
> "unsubscribe instantly" is a link to
> <https://links.email.donate.wikimedia.org/>. This domain doesn't have a valid
> SSL certificate, so the browser throws a terrifying warning. This is bad.

I see no such warning in current Firefox or Safari.

The form looks pretty awful though.
Comment 2 MZMcBride 2013-12-12 20:19:28 UTC 
Created attachment 14074 [details]
Screenshot of https://links.email.donate.wikimedia.org in Google Chrome, OS X, 2013-12-12

(In reply to comment #1)
> I see no such warning in current Firefox or Safari.

Perhaps specific to Chrome? Uploaded a screenshot.
Comment 3 Jesús Martínez Novo (Ciencia Al Poder) 2013-12-12 20:25:55 UTC 
(In reply to comment #1)
> I see no such warning in current Firefox or Safari.

Using Firefox 25.0 on Linux, for me it displays the security warning about invalid certificate, with the same reason as the screenshot of attachment 14074 [details]
Comment 4 Brion Vibber 2013-12-13 05:53:23 UTC 
Curious, I had no trouble earlier today but now I do see the dread warning in Firefox. Mysterious indeed?

"The certificate is only valid for *.links.mkt41.net"

Bumping up prio.
Comment 5 Andre Klapper 2013-12-13 14:12:28 UTC 
Confirming "Untrusted cert" warning for https://links.email.donate.wikimedia.org/

links.email.donate.wikimedia.org uses an invalid security certificate. The certificate is only valid for *.links.mkt41.net (Error code: ssl_error_bad_cert_domain)
Comment 6 Andre Klapper 2013-12-18 14:16:10 UTC 
Setting highest prio; I don't see how opt'ing out of an annual email requires immediate action. Now somebody please ping the Fundraising folks. ;)
Comment 7 Matt Walker 2013-12-18 18:54:25 UTC 
Oh; we're aware of this all right. There's just not much we can actually do about it at this point. We tried fixing it but it broke other things... so we're delaying on this until after the fundraiser.

Our current position is that individuals using something like SSL Everywhere are an edgecase; and that a unsubscribe page that works consistently is currently better than one that doesn't work at all.
Comment 8 Andre Klapper 2014-01-02 10:48:10 UTC 
[Resetting severity & priority as per comment 7]
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links