What problems would this solve? =============================== User profile pages should have an "email user" button if you're logged in as admin. This would let us contact users that have made a mistake more easily. Who would use this? =================== Admins, to more easily and quickly contact users when they've made a mistake -- or, better, when they've done something awesome. What would users see? ===================== Typical users would see nothing. Admins would have an "Email user" button next to or under the username on the profile page. What would users do? What would happen as a result? =================================================== Clicking the button would simply open mailto:<user's email address> in the user's mail program. Is there anything else we should know? ======================================
Before we do anything, we need to add a checkbox to profiles which asks users if it's OK to email them. We can't just assume this.
I disagree. The entire point of this is to let admins easily email users that are violating MDN rules. Letting people opt out of being told when they're screwing up doesn't make sense. :)
:davidwalsh is pointing out the privacy aspect. If we build anything that lets anyone email other users directly (i.e., not as a notification from the site) we will need a privacy review, and I'm 99% sure privacy will require an opt-out mechanism. :sheppy - is the primary use case to notify users when they make a mistake? Because we can build to that specific use-case without opening so many privacy concerns.
(In reply to Luke Crouch [:groovecoder] from comment #3) > :davidwalsh is pointing out the privacy aspect. If we build anything that > lets anyone email other users directly (i.e., not as a notification from the > site) we will need a privacy review, and I'm 99% sure privacy will require > an opt-out mechanism. > > :sheppy - is the primary use case to notify users when they make a mistake? > Because we can build to that specific use-case without opening so many > privacy concerns. The uses here are all admin-centric: * Tell a user why you've deleted a post they put up (spam, inappropriate, duplicate content, etc). * Tell a user why you reverted their change (again, inappropriate or inaccurate content). * Suggest better ways to accomplish something. * Suggest asking for a code sample. * Request clarification of a change that seems unusual or unclear. * Congratulate a contributor for amazing work. * Tell a user why you made a possibly controversial edit to their work (for instance, if the changes you made seem trivial -- some people get cranky about this and need a little friendly note). Yes, this could be done more privacy friendly than a simple email link. It would ideally, I suppose, be a form that would handle all the emailing server side so the admin wouldn't see the email address. However, keep in mind that all admins have access to this information already anyway. We can simply go look in the user database in the Django admin panel. That's what we currently do, even though it's sort of a hassle (enough so that many cases where we would like to email users, we don't). So this bug is not actually exposing any information to anyone that doesn't already have it anyway.
Relevant bit from EU Privacy and Electronic Communications (EC Directive) Regulations: 1. The sender has obtained the contact details of the recipient in the course of a sale or negotiations for the sale of a product or service to the individual; 2. The communication is made regarding the sender's similar products and services only; and 3. The recipient is given a simple means of refusing (free of charge) the use of his or her contact details for the purposes of sending such communications, both at the time of the initial collection of the details, and at the time of each subsequent communication. #3 is the important part for us...
Actually, the point is that admins -shouldn't- have access to those email addresses unless the users have opeted in.
Ideally yes - we should move further *away* from admins accessing and using email addresses. I propose we RESOLVE:WONTFIX this on the basis that it violates privacy regulations. I.e., - it's straight up illegal for us to do this.
So instead it's better for us to go through the user database and find the contact info that way? That doesn't really make any sense. I would think that having a button that sends an email without us seeing the address would be a much better solution.
No, we shouldn't go find the contact info at all. We're legally required to give the recipient a simple means of refusing the use of his or her contact details, both at the time of initial collection and with each subsequent communication. We don't ask users if we can contact them when they register for MDN, so we may not be allowed to do this. It needs a legal review.
(In reply to Justin Crawford [:hoosteeno] from comment #12) > But is it the case that everyone who signs up for MDN is volunteering to > contribute? If someone signs up for MDN without intending to volunteer or > understanding that they are volunteering, then to me it appears they have > not opted in to the communications. Given that the purpose to this "Email user" feature is to allow us to contact people who have made a contribution, I don't feel this is a concern. If we were really worried about this being a concern, we could make the button only show up if the user had made a contribution, but I think that's unnecessary. > Since we do not currently have a programmatic way to separate volunteers > from non-volunteers in MDN, let's state for the record that we use the > systems available to us to contact people whose activities clearly identify > them as contributors. Agreed. > Regarding the subject of this bug (creating an easier way to contact people > than copy/pasting their email from the admin panel), I think it is only > loosely related to whether or not we are allowed to contact any particular > individual. I suggest we focus this bug on "make it easier to contact people > than copy/pasting their email from the admin panel" and I will link to the > legal bug I open regarding the question, "do we have a legal basis to > contact people, and who?". Good call. I agree totally.
I still need to have a clear yes/no from Ali, as she is my manager and the only one who can tell me what to do here. The content team never contact people for other things than editions. Also if we add an opt-out feature, it is clear that if they opt-out of such communication, they should *not* be allowed to edit. We don't want editors we can't legally contact.
I agree with Justin.
You need to log in before you can comment on or make changes to this bug.