Page MenuHomePhabricator

Opting out of the annual fundraising e-mail is a terrible user experience; links.email.donate.wikimedia.org has invalid certificate
Closed, ResolvedPublic

Description

This may need to be split out to separate bug reports.

The annual fundraising e-mail contains this text:


You are receiving this email as a valued donor of the Wikimedia Foundation. If you do not wish to receive any future emails from the Wikimedia Foundation, unsubscribe instantly.

"unsubscribe instantly" is a link to https://links.email.donate.wikimedia.org/. This domain doesn't have a valid SSL certificate, so the browser throws a terrifying warning. This is bad.

If the user chooses to proceed, he or she is presented with an awful form (so much for instantly unsubscribing...):


Opt-out Email Confirmation
Enter Email: [ ]

[No, I do NOT wish to Unsubscribe] [Yes, Unsubscribe me]

Requiring the user to re-enter his or her e-mail address is a pretty dickish move.

And finally, "No, I do NOT wish to Unsubscribe" is abominable language. The only way the user can figure out what that button does is by reading the other button and realizing it's the "Yes" button that he or she wants.


Version: wmf-deployment
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=72514

Details

Reference
bz58373

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 2:15 AM
bzimport set Reference to bz58373.
bzimport added a subscriber: Unknown Object (MLST).

(In reply to comment #0)

"unsubscribe instantly" is a link to
https://links.email.donate.wikimedia.org/. This domain doesn't have a valid
SSL certificate, so the browser throws a terrifying warning. This is bad.

I see no such warning in current Firefox or Safari.

The form looks pretty awful though.

Created attachment 14074
Screenshot of https://links.email.donate.wikimedia.org in Google Chrome, OS X, 2013-12-12

(In reply to comment #1)

I see no such warning in current Firefox or Safari.

Perhaps specific to Chrome? Uploaded a screenshot.

Attached:

Screen_Shot_2013-12-12_at_3.17.50_PM.png (940×1 px, 75 KB)

(In reply to comment #1)

I see no such warning in current Firefox or Safari.

Using Firefox 25.0 on Linux, for me it displays the security warning about invalid certificate, with the same reason as the screenshot of attachment 14074

Curious, I had no trouble earlier today but now I do see the dread warning in Firefox. Mysterious indeed?

"The certificate is only valid for *.links.mkt41.net"

Bumping up prio.

Confirming "Untrusted cert" warning for https://links.email.donate.wikimedia.org/

links.email.donate.wikimedia.org uses an invalid security certificate. The certificate is only valid for *.links.mkt41.net (Error code: ssl_error_bad_cert_domain)

Setting highest prio; I don't see how opt'ing out of an annual email requires immediate action. Now somebody please ping the Fundraising folks. ;)

mwalker wrote:

Oh; we're aware of this all right. There's just not much we can actually do about it at this point. We tried fixing it but it broke other things... so we're delaying on this until after the fundraiser.

Our current position is that individuals using something like SSL Everywhere are an edgecase; and that a unsubscribe page that works consistently is currently better than one that doesn't work at all.

[Resetting severity & priority as per comment 7]

The HTTPS Everywhere rules have been amended to avoid causing the security certificate warning for this domain. https://github.com/EFForg/https-everywhere/issues/686

CCogdill_WMF claimed this task.
CCogdill_WMF added a subscriber: CCogdill_WMF.

I've looked into this further, and we have been able to update the unsubscribe link address so that the SSL cert is valid. I'd also like to note the form was updated about a month after this bugzilla ticket was initially created, and the "No I do NOT wish..." line was removed at that time for a much clearer opt-out. The only drawback is we had to change the link to:
https://www.pages04.net/wikimedia/WMFUnsubscribe/, however I think the tradeoff is worthwhile.

All future email appeals sent from Fundraising will use this new link (none have been sent yet in 2015).