Page MenuHomePhabricator
Create Task
Maniphest T60373

Opting out of the annual fundraising e-mail is a terrible user experience; links.email.donate.wikimedia.org has invalid certificate
Closed, ResolvedPublic
Actions

Description

This may need to be split out to separate bug reports.

The annual fundraising e-mail contains this text:

You are receiving this email as a valued donor of the Wikimedia Foundation. If you do not wish to receive any future emails from the Wikimedia Foundation, unsubscribe instantly.

"unsubscribe instantly" is a link to https://links.email.donate.wikimedia.org/. This domain doesn't have a valid SSL certificate, so the browser throws a terrifying warning. This is bad.

If the user chooses to proceed, he or she is presented with an awful form (so much for instantly unsubscribing...):

Opt-out Email Confirmation
Enter Email: [ ]

[No, I do NOT wish to Unsubscribe] [Yes, Unsubscribe me]

Requiring the user to re-enter his or her e-mail address is a pretty dickish move.

And finally, "No, I do NOT wish to Unsubscribe" is abominable language. The only way the user can figure out what that button does is by reading the other button and realizing it's the "Yes" button that he or she wants.

Version: wmf-deployment
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=72514

Details

Reference
bz58373

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 2:15 AM
bzimport added a project: Wikimedia-Fundraising.
bzimport set Reference to bz58373.
bzimport added a subscriber: Unknown Object (MLST).
MZMcBride created this task.Dec 12 2013, 4:32 AM
brion added a comment.Dec 12 2013, 5:47 PM

(In reply to comment #0)

"unsubscribe instantly" is a link to
https://links.email.donate.wikimedia.org/. This domain doesn't have a valid
SSL certificate, so the browser throws a terrifying warning. This is bad.

I see no such warning in current Firefox or Safari.

The form looks pretty awful though.

MZMcBride added a comment.Dec 12 2013, 8:19 PM

Created attachment 14074
Screenshot of https://links.email.donate.wikimedia.org in Google Chrome, OS X, 2013-12-12

(In reply to comment #1)

I see no such warning in current Firefox or Safari.

Perhaps specific to Chrome? Uploaded a screenshot.

Attached:

Screen_Shot_2013-12-12_at_3.17.50_PM.png (940×1 px, 75 KB)

Ciencia_Al_Poder added a comment.Dec 12 2013, 8:25 PM

(In reply to comment #1)

I see no such warning in current Firefox or Safari.

Using Firefox 25.0 on Linux, for me it displays the security warning about invalid certificate, with the same reason as the screenshot of attachment 14074

brion added a comment.Dec 13 2013, 5:53 AM

Curious, I had no trouble earlier today but now I do see the dread warning in Firefox. Mysterious indeed?

"The certificate is only valid for *.links.mkt41.net"

Bumping up prio.

Aklapper added a comment.Dec 13 2013, 2:12 PM

Confirming "Untrusted cert" warning for https://links.email.donate.wikimedia.org/

links.email.donate.wikimedia.org uses an invalid security certificate. The certificate is only valid for *.links.mkt41.net (Error code: ssl_error_bad_cert_domain)

Aklapper added a comment.Dec 18 2013, 2:16 PM

Setting highest prio; I don't see how opt'ing out of an annual email requires immediate action. Now somebody please ping the Fundraising folks. ;)

bzimport added a comment.Dec 18 2013, 6:54 PM

mwalker wrote:

Oh; we're aware of this all right. There's just not much we can actually do about it at this point. We tried fixing it but it broke other things... so we're delaying on this until after the fundraiser.

Our current position is that individuals using something like SSL Everywhere are an edgecase; and that a unsubscribe page that works consistently is currently better than one that doesn't work at all.

Aklapper added a comment.Jan 2 2014, 10:48 AM

[Resetting severity & priority as per comment 7]

CCogdill_WMF closed subtask T74514: links.email.donate.wikimedia.org should offer HTTPS as Declined.Jan 9 2015, 9:00 PM
Pcoombe added a comment.Jan 19 2015, 10:32 PM

The HTTPS Everywhere rules have been amended to avoid causing the security certificate warning for this domain. https://github.com/EFForg/https-everywhere/issues/686

CCogdill_WMF closed this task as Resolved.Jan 23 2015, 6:08 PM
CCogdill_WMF claimed this task.
CCogdill_WMF subscribed.

I've looked into this further, and we have been able to update the unsubscribe link address so that the SSL cert is valid. I'd also like to note the form was updated about a month after this bugzilla ticket was initially created, and the "No I do NOT wish..." line was removed at that time for a much clearer opt-out. The only drawback is we had to change the link to:
https://www.pages04.net/wikimedia/WMFUnsubscribe/, however I think the tradeoff is worthwhile.

All future email appeals sent from Fundraising will use this new link (none have been sent yet in 2015).

JanZerebecki mentioned this in T102827: Decide what to do with *.donate.wikimedia.org subdomain + TLS.Jul 5 2015, 12:42 PM
CCogdill_WMF changed the status of subtask T74514: links.email.donate.wikimedia.org should offer HTTPS from Declined to Resolved.Feb 18 2016, 6:52 PM
CCogdill_WMF mentioned this in T127401: Create WMF-hosted unsubscribe page .Feb 19 2016, 12:13 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL