Forum email notifications violate factorio.com privacy policy

[_aD]

The factorio.com privacy policy states: "We don't provide any of user information (including the email) to third parties"

Email notifications from the forum go via sendgrid.net and also contain invisible third-party tracking images. I'd prefer if the creepy invisible tracking images are removed, but it would be a start to have the privacy policy updated to amend the quoted sentence and to inform users.

[Klonan]

The privacy policy for website accounts is separate from that of the forum

[_aD]

Could you point me to the privacy policy that applies to the forums? I can't seem to find it from looking at the FAQ and a search. If the privacy policy located on your home page doesn't apply to all areas of your service, it should be made clear that is the case.

[DaveMcW]

Log out, click login, click privacy policy.

[Klonan]

Could you point me to the privacy policy that applies to the forums? I can't seem to find it from looking at the FAQ and a search. If the privacy policy located on your home page doesn't apply to all areas of your service, it should be made clear that is the case.

Its here:

Factorio Forums - Privacy policy
This policy explains in detail how “Factorio Forums” along with its affiliated companies (hereinafter “we”, “us”, “our”, “Factorio Forums”, “https://forums.factorio.com”) and phpBB (hereinafter “they”, “them”, “their”, “phpBB software”, “www.phpbb.com”, “phpBB Group”, “phpBB Teams”) use any information collected during any session of usage by you (hereinafter “your information”).

Your information is collected via two ways. Firstly, by browsing “Factorio Forums” will cause the phpBB software to create a number of cookies, which are small text files that are downloaded on to your computer’s web browser temporary files. The first two cookies just contain a user identifier (hereinafter “user-id”) and an anonymous session identifier (hereinafter “session-id”), automatically assigned to you by the phpBB software. A third cookie will be created once you have browsed topics within “Factorio Forums” and is used to store which topics have been read, thereby improving your user experience.

We may also create cookies external to the phpBB software whilst browsing “Factorio Forums”, though these are outside the scope of this document which is intended to only cover the pages created by the phpBB software. The second way in which we collect your information is by what you submit to us. This can be, and is not limited to: posting as an anonymous user (hereinafter “anonymous posts”), registering on “Factorio Forums” (hereinafter “your account”) and posts submitted by you after registration and whilst logged in (hereinafter “your posts”).

Your account will at a bare minimum contain a uniquely identifiable name (hereinafter “your user name”), a personal password used for logging into your account (hereinafter “your password”) and a personal, valid e-mail address (hereinafter “your e-mail”). Your information for your account at “Factorio Forums” is protected by data-protection laws applicable in the country that hosts us. Any information beyond your user name, your password, and your e-mail address required by “Factorio Forums” during the registration process is either mandatory or optional, at the discretion of “Factorio Forums”. In all cases, you have the option of what information in your account is publicly displayed. Furthermore, within your account, you have the option to opt-in or opt-out of automatically generated e-mails from the phpBB software.

Your password is ciphered (a one-way hash) so that it is secure. However, it is recommended that you do not reuse the same password across a number of different websites. Your password is the means of accessing your account at “Factorio Forums”, so please guard it carefully and under no circumstance will anyone affiliated with “Factorio Forums”, phpBB or another 3rd party, legitimately ask you for your password. Should you forget your password for your account, you can use the “I forgot my password” feature provided by the phpBB software. This process will ask you to submit your user name and your e-mail, then the phpBB software will generate a new password to reclaim your account.

Source: ucp.php?mode=privacy

[_aD]

Thanks. I can't find a link to that on my UCP but at least that means I can read it. It does not mention tracking users via a third party using embedded invisible images.

[ssilk]

I've looked into my notifications, and I didn't found any hidden pics.

What do you mean? Can you show an example? Is that a hidden feature of phpbb to send the whole mail?

[prg]

I've looked into my notifications, and I didn't found any hidden pics.

What do you mean? Can you show an example? Is that a hidden feature of phpbb to send the whole mail?

Code: Select all

<html><body>
<p>Hello ***,</p>
<p>You have received a new private message from &ldquo;***&rdquo; to your account on &ldquo;Factorio Forums&rdquo; with the following subject:</p>
<p>***</p>
<p>You can view your new message by clicking on the following link:</p>
<p><a href="https://u2338853.ct.sendgrid.net/wf/click?upn=***">https://forums.factorio.com/ucp.php?i=pm&mode=view&p=***</a></p>
<p>You have requested that you be notified on this event, remember that you can always choose not to be notified of new messages by changing the appropriate setting in your profile.</p>
<p>&mdash; Thanks, The Management</p>

<img src="https://u2338853.ct.sendgrid.net/wf/open?upn=***" alt="" width="1" height="1" border="0" style="height:1px !important;width:1px !important;border-width:0 !important;margin-top:0 !important;margin-bottom:0 !important;margin-right:0 !important;margin-left:0 !important;padding-top:0 !important;padding-bottom:0 !important;padding-right:0 !important;padding-left:0 !important;"/>
</body></html>

This tracks when the user opens the email by embedding a 1px x 1px image. It also tracks when the user clicks the deceptive link that looks like it goes directly to forums.factorio.com but actually leads to sendgrid.net.

[daniel34]

This was made into a bug report and fixed on April 25.
Forum notification marked as potential phishing/scam [Resolved Problems and Bugs]

I checked and my mails after that date are fine.