Mozilla and the use of third-party mailers

[Mook]

Before I start: don't worry, the sky isn't falling.

(Somewhat) recently, I received mail (via being on mozillians), first
about Mozilla Europe, then about Conductors. These messages went
through a third-party (responsys, I think?). Would it be possible to do
these all in-house instead?

I don't think Mozilla is doing anything wrong - I agreed to the privacy
policy (yay!), and I am sure these people have been chosen as the best
possible external entity to work with, with my privacy taken into
consideration. I'm also sure that these folks offer things that didn't
seem feasible to do internally, whatever it was. (Since I've zero
experience sending mail to lots of people, perhaps getting the trust
from upstream to let you do it is one of those things - or perhaps they
can provide reports on success and failures, and help stop mailing
people who don't like it.)

However, I think that Mozilla can do _better_. Since I never vetted
these people myself (and it's infeasible for everybody on the list to do
so), I don't have the same level of trust as you guys. I don't know if
anybody in the company is shady enough to sell the whole list; I have no
way to estimate their likelihood of being hacked and the lists
extracted. I don't know if they try to do any tracking for their own
benefit. I don't even know if they keep any address on file after each
batch is done.

Doing things in-house would be better for the folks sending the mail,
too, though possibly only marginally if few folks are like me. As I've
had a relationship with Mozilla over the last decade but not these
folks, I'm not going to tell gmail to allow loading remote images (and
therefore the stats won't be able to count me).

--
Mook

P.S. yes, I know about the hilarity of privacy concerns of somebody
using gmail. I make trade-offs.

[Reed Loden]

On Mon, 21 Nov 2011 23:11:41 -0800
Mook <mook.moz+nntp.n...@gmail.com> wrote:

> (Somewhat) recently, I received mail (via being on mozillians), first
> about Mozilla Europe, then about Conductors. These messages went
> through a third-party (responsys, I think?). Would it be possible to do
> these all in-house instead?

I don't see a particular reason why the wheel should be reinvented
here. If you've never dealt with sending e-mail to large groups of
people, it's not an easy task at all. Dealing with people's spam
filters, RBLs, and various other technical problems makes it really
difficult to do in-house. Mostly, it ends with very sad sysadmins who
end up getting their mail server egress IPs banned from large e-mail
sites (Hotmail, Yahoo!, AOL, etc.).

Besides keeping all the e-mail addresses in-house, I don't really see
any benefit here. In fact, total ROI would be much lower than the
status quo, imho, due to the amount of effort and money that would have
to be spent to build out such infrastructure. Responsys and other
companies have built entire businesses around sending e-mail to folks
and doing their best to make sure it actually arrives in people's
inboxes. Mozilla is just paying to use their services in order to keep
its community apprised of current events.

The rant-y response to this question is "Next, will you be saying
Mozilla should create its own backbone infrastructure to your house, as
data currently goes through (many) different third-party providers?"
It just ends badly if you start down this path. Let Mozilla do what
Mozilla does best, and leave the minor stuff to other companies.

jm2c,
~reed

--
Reed Loden
re...@reedloden.com

[Gervase Markham]

On 22/11/11 07:11, Mook wrote:
> I don't think Mozilla is doing anything wrong - I agreed to the privacy
> policy (yay!), and I am sure these people have been chosen as the best
> possible external entity to work with, with my privacy taken into
> consideration.

Thank you for assuming the best of us :-) I am sure that when we picked
Responsys, we did so based on which provider best fitted with Mozilla
principles.

> However, I think that Mozilla can do _better_. Since I never vetted
> these people myself (and it's infeasible for everybody on the list to do
> so), I don't have the same level of trust as you guys. I don't know if
> anybody in the company is shady enough to sell the whole list; I have no
> way to estimate their likelihood of being hacked and the lists
> extracted. I don't know if they try to do any tracking for their own
> benefit. I don't even know if they keep any address on file after each
> batch is done.

I think that in this case you have to exercise transitive trust. If you
trust us and we trust them, then you will have to trust them. (You do
this every day when you visit SSL sites; you trust us and we trust
Verisign to issue good certs etc. etc.)

Gerv

[Asa Dotzler]

Gervase Markham wrote:
> On 22/11/11 07:11, Mook wrote:
>> I don't think Mozilla is doing anything wrong - I agreed to the privacy
>> policy (yay!), and I am sure these people have been chosen as the best
>> possible external entity to work with, with my privacy taken into
>> consideration.
>
> Thank you for assuming the best

Yes! Seconded! Thank you for framing the discussion so well up front.

>> However, I think that Mozilla can do _better_.

I would love it if we could do most things that have privacy
implications in house. But we're still a (relatively) small community
with a growing but not fast enough set of people and capabilities. Until
we're there, I think it makes a lot of sense to carefully evaluate and
work with vendors to fill in the gaps where our community is short on
people or skills.

I don't know about the difficulty of building or operating a system like
this but I hear your concerns about privacy and share them. I think we
all do.

Perhaps we can do more to explain to everyone why certain vendors are
chosen and what kinds of agreements we have with those vendors. Would
something like that help ease your mind?

- A

[Mook]

On 11/22/2011 9:43 AM, Asa Dotzler wrote:

> Perhaps we can do more to explain to everyone why certain vendors are
> chosen and what kinds of agreements we have with those vendors. Would
> something like that help ease your mind?

Yes, most definitely; for example, if it was explicit that responsys had
policies in place to not keep my address around or pass it on to
unrelated people, I probably wouldn't have bothered sending the message
in the first place. I only assume the worst because I have no other
information about them.

None of the information I currently have says they weren't picked
because somebody got really drunk and signed the wrong piece of paper ;)
Having the process detailed (even if, in this case, I would have no say
in it) would certainly dispel that notion, not that it seems plausible
anyway.

--
Mook

[Axel Hecht]

I'd like to add that email goes through various loops in general between
sender and recipient, each of them actually changing the email sent. All
network appliances on the way also can read and monitor your email
transparently.

I don't see any privacy implications in mozilla using a service to send
emails, really.

Axel

[Gervase Markham]

On 23/11/11 04:07, Mook wrote:
> Yes, most definitely; for example, if it was explicit that responsys had
> policies in place to not keep my address around or pass it on to
> unrelated people, I probably wouldn't have bothered sending the message
> in the first place. I only assume the worst because I have no other
> information about them.

I think it's reasonable to ask Mozilla to be more clear about what
Responsys have promised to do/not do with email addresses we give them.
Can you file a bug on Legal or Privacy?

Gerv

[Janet Swisher]

We certainly can do more to explain our vendor selection process and
relationships. But I'd like to point out that the current privacy
policy does state that third-party email service providers will use
collected email addresses only for Mozilla business:

"These are opt-in interactions where community members affirmatively
sign-up for inclusion in a direct communication with Mozilla (and with
an ability to unsubscribe/opt-out on any email received). These
campaigns may be conducted with the help of a third-party customer
relationship manager to help us manage the database of information and
its analysis and use, in each case such third party’s involvement with
all the data collected will be solely on Mozilla’s behalf. "

[Mook]

No. ;) And I meant that I literally can't -
https://bugzilla.mozilla.org/config.cgi does not list any products or
components named "Legal" or "Privacy". (There's a "privacy" keyword,
and no mention of "legal" on that page.)

Is a MoCo bit needed on permissions to see those components? Because I
don't have that ;)

--
Mook

[Yvan Boily]

https://bugzilla.mozilla.org/enter_bug.cgi?product=Legal will get you
started!

On 11-11-23 10:02 PM, Mook wrote:
> On 11/23/2011 7:09 AM, Gervase Markham wrote:

[Gervase Markham]

On 23/11/11 16:17, Janet Swisher wrote:
> We certainly can do more to explain our vendor selection process and
> relationships. But I'd like to point out that the current privacy
> policy does state that third-party email service providers will use
> collected email addresses only for Mozilla business:

Sure :-) I'm not saying we are doing it in secret, just that we could be
more verbose about what it involves.

Gerv

[Gervase Markham]

On 24/11/11 06:02, Mook wrote:
> No. ;) And I meant that I literally can't -
> https://bugzilla.mozilla.org/config.cgi does not list any products or
> components named "Legal" or "Privacy". (There's a "privacy" keyword, and
> no mention of "legal" on that page.)

Sorry, that was shorthand. There is a legal component, but by "privacy"
I just meant "wherever in Bugzilla privacy bugs go".

Gerv

[Mook]

Sorry, I still can't figure out where that is; filed
https://bugzilla.mozilla.org/show_bug.cgi?id=705210 - please move it as
appropriate? Thanks.

--
Mook

[Mook]

I'm afraid that only works with bugmail that ends in @mozilla.com - and
I'm not one of them. Which is why I explicitly mentioned MoCo
permissions... it's actually kind of depressing as an external
contributor when I get response like this.

Mook

--
Mook

[L. David Baron]

On Thursday 2011-11-24 18:51 -0800, Mook wrote:
> I'm afraid that only works with bugmail that ends in @mozilla.com -
> and I'm not one of them. Which is why I explicitly mentioned MoCo
> permissions... it's actually kind of depressing as an external
> contributor when I get response like this.

Agreed. That's why I filed
https://bugzilla.mozilla.org/show_bug.cgi?id=705051 earlier today,
since there's *absolutely no UI* in bugzilla that indicates that a
component only shows up for some people -- you either see it (and
have no idea others can't) or you don't.

I'm confident there are good reasons for the Legal component to be
restricted the way it is. It might have something to do with
attorney-client privilege.

But I think the basic problem here is that people who see it have no
way of knowing that others can't, so it only comes out in
conversations like this one (and a conversation I had a few weeks
ago with an employee who had a pre-existing no...@mozilla.com bugmail
who wanted to file a bug about the furniture in the office, which is
in a similarly-restricted component).

I don't think Gerv or Yvan intended any harm -- I suspect they just
weren't aware the component was restricted -- although I know it is
quite unpleasant to be on the other side of that conversation.

-David

> On 11/23/2011 10:45 PM, Yvan Boily wrote:

> >https://bugzilla.mozilla.org/enter_bug.cgi?product=Legal will get you
> >started!

--
𝄞 L. David Baron http://dbaron.org/ 𝄂
𝄢 Mozilla http://www.mozilla.org/ 𝄂

[Yvan Boily]

My apologies, when I tested it with an unprivileged account I failed to
notice that I couldn't actually submit the bug.

If no one else has offered, I am happy to file the bug on your behalf,
and cc' you on it. You can reach me on this email address, or message
me on irc.mozilla.org (yvan).

Cheers,
Yvan Boily

On 11-11-24 6:51 PM, Mook wrote:
> I'm afraid that only works with bugmail that ends in @mozilla.com - and
> I'm not one of them. Which is why I explicitly mentioned MoCo
> permissions... it's actually kind of depressing as an external
> contributor when I get response like this.
>

> Mook

> On 11/23/2011 10:45 PM, Yvan Boily wrote:

[Gervase Markham]

On 25/11/11 02:59, L. David Baron wrote:
> On Thursday 2011-11-24 18:51 -0800, Mook wrote:
>> I'm afraid that only works with bugmail that ends in @mozilla.com -
>> and I'm not one of them. Which is why I explicitly mentioned MoCo
>> permissions... it's actually kind of depressing as an external
>> contributor when I get response like this.

My apologies for directing you incorrectly. :-(

> I'm confident there are good reasons for the Legal component to be
> restricted the way it is. It might have something to do with
> attorney-client privilege.

It is exactly that. Every bug in the Legal component has the following
header:

"The material and information contained herein is Confidential and
subject to Attorney-Client Privilege and Work Product Doctrine."

AIUI, the "client" of our attorneys is Mozilla-the-legal-entity.

It's not great, but there it is.

> But I think the basic problem here is that people who see it have no
> way of knowing that others can't, so it only comes out in
> conversations like this one (and a conversation I had a few weeks
> ago with an employee who had a pre-existing no...@mozilla.com bugmail
> who wanted to file a bug about the furniture in the office, which is
> in a similarly-restricted component).

Now I'm not at all convinced that office furniture bugs need to be in a
confidential component in the same way legal bugs do.

Gerv

[Justin Wood (Callek)]

Gervase Markham wrote:
> On 25/11/11 02:59, L. David Baron wrote:
>> On Thursday 2011-11-24 18:51 -0800, Mook wrote:
>>> I'm afraid that only works with bugmail that ends in @mozilla.com -
>>> and I'm not one of them. Which is why I explicitly mentioned MoCo
>>> permissions... it's actually kind of depressing as an external
>>> contributor when I get response like this.
>
> My apologies for directing you incorrectly. :-(
>
>> I'm confident there are good reasons for the Legal component to be
>> restricted the way it is. It might have something to do with
>> attorney-client privilege.
>
> It is exactly that. Every bug in the Legal component has the following
> header:
>

In theory then, we should probably have some sort of guided form that
allows external contributors to file Legal bugs that then get placed by
a pseudo-user into Legal. (or a public component for Legal that someone
[you?] can then file internal legal bugs on where appropriate, and
create cross-links.

>> But I think the basic problem here is that people who see it have no
>> way of knowing that others can't, so it only comes out in
>> conversations like this one (and a conversation I had a few weeks
>> ago with an employee who had a pre-existing no...@mozilla.com bugmail
>> who wanted to file a bug about the furniture in the office, which is
>> in a similarly-restricted component).
>
> Now I'm not at all convinced that office furniture bugs need to be in a
> confidential component in the same way legal bugs do.

Unrelatedly, I would have laughed much if a confidential furniture bug
ended up being the 700000'th etc type of bug.

--
~Justin Wood (Callek)

[Gervase Markham]

On 25/11/11 22:19, Justin Wood (Callek) wrote:
> In theory then, we should probably have some sort of guided form that
> allows external contributors to file Legal bugs that then get placed by
> a pseudo-user into Legal. (or a public component for Legal that someone
> [you?] can then file internal legal bugs on where appropriate, and
> create cross-links.

There is a public Licensing component (mozilla.org/Licensing) for
licensing-related bugs. Many of the other legal components aren't really
appropriate for external filings.

If people can suggest specific legal-type bugs they might want to file,
we can see where such bugs would live.

In this case, there should probably be a Privacy component in the
mozilla.org product.

Gerv

[fantasai]

Mozilla's privacy policy is already verbose enough that I don't want
to read it, you want to make it longer? :(

I guess it's long enough that I won't be any less likely to read it
if you make it longer, though.

~fantasai

[Gervase Markham]

On 28/11/11 23:29, fantasai wrote:
> On 11/24/2011 01:21 AM, Gervase Markham wrote:
>> On 23/11/11 16:17, Janet Swisher wrote:
>>> We certainly can do more to explain our vendor selection process and
>>> relationships. But I'd like to point out that the current privacy
>>> policy does state that third-party email service providers will use
>>> collected email addresses only for Mozilla business:
>>
>> Sure :-) I'm not saying we are doing it in secret, just that we could
>> be more verbose about what it involves.
>
> Mozilla's privacy policy is already verbose enough that I don't want
> to read it, you want to make it longer? :(

This information wouldn't necessarily be in the privacy policy itself. A
PP should tell people what you are doing; this document would be
explaining more about why, and with whom.

Gerv