Thursday 30 April 2015

You couldn't make it up...

I mentioned yesterday that VUR Village Hotels & Leisure Limited had settled with me for £200 + costs after unlawfully spamming.  Well you couldn't make it up - I am now in possession of a brand new spam from them, so I'm sending another preaction notice...

Wednesday 29 April 2015

Another win

As I've mentioned before, spam email has become a serious problem for people - the vast majority of email traffic is spam, and unlike some of the other forms of direct marketing, the costs for the sender are minimal and are outweighed by the costs to the recipients who are having to deal with the junk emails.

What many people don't seem to be aware of is that, within the EU, spamming is unlawful.  You should be able to appeal to the Information Commissioner's Office, asking them to take action, but in reality the most they will do is write a letter to the  company in question, and most of the time not even that.  From the start of the year I've been sending legal notices to spammers asking them to pay me damages for their law breaking.  If they ignore the notice, I'm allowed to file a court claim against them (I'll write a guide on how this all works at some point soon).

I've now had several successes and this is the latest: To my knowledge, I have never been a customer of De Vere Venues, but they have been spamming me for well over 4 years - between 2011 and 2014 I received around 200 unsolicited emails from them.  They were asked on several occasions to stop, and these requests were ignored, as were subject access requests made under the Data Protection Act asking them what information they held about me.

Eventually I complained to the Information Commissioner's Office, who instructed De Vere to stop spamming me and to answer the subject access request.  De Vere admitted that they had no idea where they had acquired my details from, which tells you something about their data protection policies - even if I had been a customer, there would have been no way for them to provide evidence to support that claim since they didn't keep track of any of that information.

De Vere Venues then sold their brand and my details to VUR Village Hotels & Leisure Limited, who started spamming me using the details De Vere had been instructed to suppress.  And surprise, just like De Vere, they also ignored the two legal notices I sent them by email and the legal notice and subject access request I sent them by post.

Serving Village Hotels with court documents got their attention and they have now settled in full, out of court.  If they hadn't ignored the original emails I sent they would have saved the £25 court costs and would have had a much stronger negotiating position.

Wednesday 15 April 2015

Following scripts

One of the most annoying things is contacting technical support to get a problem solved, and getting answers that have clearly come from a script, rather than being able to talk to someone who can actually put some thought into the problem.

https://secured.studentfinance.direct.gov.uk is using an expired certificate.  Here's the output from OpenSSL:
depth=2 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO SSL CA
depth=0 OU = Domain Control Validated, OU = COMODO SSL, CN = secured.studentfinance.direct.gov.uk
verify error:num=10:certificate has expired
notAfter=Apr  2 23:59:59 2015 GMT
All pretty straight forward - the certificate clearly expired at the end of April 2nd.  This causes web browsers to display very prominent security warnings (not just some easy to ignore icon somewhere - you actually have to click through the security warning and tell it that you understand that you're taking a risk).  So being the good citizens that we are, we informed them so they could fix their systems - here's the response we got back:
I would advise to clear all browser cache, cookies and temporary internet files, close the browser and reopen a new one.
How exactly does that address the problem we raised?  It doesn't does it - clearly their support department works on the principle of "don't bother looking into the problem, just tell people to clear their cookies and hopefully they'll go away".

I'm glad that we've never gone down that route with our customer support - when people phone us they don't get fobbed off with some scripted reply; they actually get to talk to someone with a lot of technical experience who can start looking into the problem immediately and provide a relevant answer.