Add an "email user" button to the profile page if logged in as admin

NEW
Unassigned

Status

5 years ago
3 years ago

People

(Reporter: sheppy, Unassigned)

Tracking

Details

(Whiteboard: [specification][type:feature])

(Reporter)

Description

5 years ago
What problems would this solve?
===============================
User profile pages should have an "email user" button if you're logged in as admin. This would let us contact users that have made a mistake more easily.

Who would use this?
===================
Admins, to more easily and quickly contact users when they've made a mistake -- or, better, when they've done something awesome.

What would users see?
=====================
Typical users would see nothing. Admins would have an "Email user" button next to or under the username on the profile page.

What would users do? What would happen as a result?
===================================================
Clicking the button would simply open mailto:<user's email address> in the user's mail program.

Is there anything else we should know?
======================================

Updated

4 years ago
Blocks: 962556
Before we do anything, we need to add a checkbox to profiles which asks users if it's OK to email them.  We can't just assume this.
(Reporter)

Comment 2

4 years ago
I disagree. The entire point of this is to let admins easily email users that are violating MDN rules. Letting people opt out of being told when they're screwing up doesn't make sense. :)
:davidwalsh is pointing out the privacy aspect. If we build anything that lets anyone email other users directly (i.e., not as a notification from the site) we will need a privacy review, and I'm 99% sure privacy will require an opt-out mechanism.

:sheppy - is the primary use case to notify users when they make a mistake? Because we can build to that specific use-case without opening so many privacy concerns.
Flags: needinfo?(eshepherd)
(Reporter)

Comment 4

4 years ago
(In reply to Luke Crouch [:groovecoder] from comment #3)
> :davidwalsh is pointing out the privacy aspect. If we build anything that
> lets anyone email other users directly (i.e., not as a notification from the
> site) we will need a privacy review, and I'm 99% sure privacy will require
> an opt-out mechanism.
> 
> :sheppy - is the primary use case to notify users when they make a mistake?
> Because we can build to that specific use-case without opening so many
> privacy concerns.

The uses here are all admin-centric:

* Tell a user why you've deleted a post they put up (spam, inappropriate, duplicate content, etc).

* Tell a user why you reverted their change (again, inappropriate or inaccurate content).

* Suggest better ways to accomplish something.

* Suggest asking for a code sample.

* Request clarification of a change that seems unusual or unclear.

* Congratulate a contributor for amazing work.

* Tell a user why you made a possibly controversial edit to their work (for instance, if the changes you made seem trivial -- some people get cranky about this and need a little friendly note).

Yes, this could be done more privacy friendly than a simple email link. It would ideally, I suppose, be a form that would handle all the emailing server side so the admin wouldn't see the email address.

However, keep in mind that all admins have access to this information already anyway. We can simply go look in the user database in the Django admin panel. That's what we currently do, even though it's sort of a hassle (enough so that many cases where we would like to email users, we don't).

So this bug is not actually exposing any information to anyone that doesn't already have it anyway.
Flags: needinfo?(eshepherd)

Comment 5

4 years ago
Relevant bit from EU Privacy and Electronic Communications (EC Directive) Regulations: 

1. The sender has obtained the contact details of the recipient in the course of a sale or negotiations for the sale of a product or service to the individual;
2. The communication is made regarding the sender's similar products and services only; and
3. The recipient is given a simple means of refusing (free of charge) the use of his or her contact details for the purposes of sending such communications, both at the time of the initial collection of the details, and at the time of each subsequent communication.

#3 is the important part for us...

Comment 6

4 years ago
Actually, the point is that admins -shouldn't- have access to those email addresses unless the users have opeted in.
Ideally yes - we should move further *away* from admins accessing and using email addresses. I propose we RESOLVE:WONTFIX this on the basis that it violates privacy regulations. I.e., - it's straight up illegal for us to do this.
(Reporter)

Comment 8

4 years ago
So instead it's better for us to go through the user database and find the contact info that way? That doesn't really make any sense. I would think that having a button that sends an email without us seeing the address would be a much better solution.
No, we shouldn't go find the contact info at all.

We're legally required to give the recipient a simple means of refusing the use of his or her contact details, both at the time of initial collection and with each subsequent communication.

We don't ask users if we can contact them when they register for MDN, so we may not be allowed to do this. It needs a legal review.
Yes, we do ask them. It is there: https://www.mozilla.org/en-US/privacy/websites/ 

Privacy policy for websites (mdn is explicitely cited): "Volunteering for Mozilla as a community contributor may require Mozilla and others to communicate with you at the email address that you provide in connection to your contribution and to recognize your efforts. "

Legal bug should be open, but the privacy policy went through legal review, isn't it?

Ali should we stop contacting our contributors meanwhile?
Flags: needinfo?(aspivak)
(Reporter)

Comment 11

4 years ago
What Jean-Yves said. The privacy policy specifically allows this kind of contact using the email address they give us. There's no issue here, other than wanting to make it easier to do so as privately as possible.
The privacy policy mentioned in comment 10 clearly says that contributing means you may be contacted. I think someone trained in the law would have to comment on how that relates to the EU directive mentioned in comment 5. To me, it looks like the privacy policy does not spell out how someone might opt out of communications related to being a contributor, and the apparent conflict with the EU directive is something I will bring up with the legal team in a different bug. But we do have language stating that contributors may be contacted in the privacy policy linked on all of our sites, and we have been depending on that language to communicate with contributors, and I think it would be rash to stop contacting them now.

But is it the case that everyone who signs up for MDN is volunteering to contribute? If someone signs up for MDN without intending to volunteer or understanding that they are volunteering, then to me it appears they have not opted in to the communications. 

Since we do not currently have a programmatic way to separate volunteers from non-volunteers in MDN, let's state for the record that we use the systems available to us to contact people whose activities clearly identify them as contributors. 

Regarding the subject of this bug (creating an easier way to contact people than copy/pasting their email from the admin panel), I think it is only loosely related to whether or not we are allowed to contact any particular individual. I suggest we focus this bug on "make it easier to contact people than copy/pasting their email from the admin panel" and I will link to the legal bug I open regarding the question, "do we have a legal basis to contact people, and who?".
(Reporter)

Comment 13

4 years ago
(In reply to Justin Crawford [:hoosteeno] from comment #12)

> But is it the case that everyone who signs up for MDN is volunteering to
> contribute? If someone signs up for MDN without intending to volunteer or
> understanding that they are volunteering, then to me it appears they have
> not opted in to the communications.

Given that the purpose to this "Email user" feature is to allow us to contact people who have made a contribution, I don't feel this is a concern. If we were really worried about this being a concern, we could make the button only show up if the user had made a contribution, but I think that's unnecessary.

> Since we do not currently have a programmatic way to separate volunteers
> from non-volunteers in MDN, let's state for the record that we use the
> systems available to us to contact people whose activities clearly identify
> them as contributors. 

Agreed.

> Regarding the subject of this bug (creating an easier way to contact people
> than copy/pasting their email from the admin panel), I think it is only
> loosely related to whether or not we are allowed to contact any particular
> individual. I suggest we focus this bug on "make it easier to contact people
> than copy/pasting their email from the admin panel" and I will link to the
> legal bug I open regarding the question, "do we have a legal basis to
> contact people, and who?".

Good call. I agree totally.
I still need to have a clear yes/no from Ali, as she is my manager and the only one who can tell me what to do here.

The content team never contact people for other things than editions.

Also if we add an opt-out feature, it is clear that if they opt-out of such communication, they should *not* be allowed to edit. We don't want editors we can't legally contact.
(Reporter)

Comment 15

4 years ago
Looking at the legal bug filed for this, I did some scanning over the various policies, and wrote this up:

I think the use cases in question are covered in multiple places here. First, from the Mozilla privacy policy:

"If you subscribe to receive our newsletters or register for an account in connection with any of our Websites, you may receive transactional emails from us in connection with your account (for example, legal, privacy, and security updates)."

The emails in question are covered here in regard to bug 956529, which is all about an admin-only button for contacting MDN members.

"Some of our Websites have online tools that allow you to send emails to others. For example, you can invite your contacts to events using your Webmaker account.  You agree not to misuse others’ email addresses (for example, by spamming them)."

This covers email contact in a broader sense, in that *if* we allowed users to email each other using buttons on the site, that permission is allowed here, I would think. However, this is not a feature we are requesting anyway.

Bug 868624 is about allowing users to indicate that they want to be emailed by the system whenever a specific page or set of pages is changed; This is covered by the text on the sign-up page, as shown in the attached screen shot.

But it's definitely good to confirm with legal.

Comment 16

4 years ago
I agree with Justin.
Flags: needinfo?(aspivak)
You need to log in before you can comment on or make changes to this bug.