Redmine

Jan Niggemann wrote:

I hope I'm right in saying that there's no affiliation?

Yes, you're right.

No more reports so far...
JPL, can you please take a quick look at the logfiles if there's a surge in http requests for .../users/...?

Jan Niggemann wrote:

No more reports so far...
JPL, can you please take a quick look at the logfiles if there's a surge in http requests for .../users/...?

Probably but this is not illegal, so what can we do next?

Send them an email to get explanations?
Make the Hide the email address box checked by default?

As a side note I personally think this conversation should be made public, Open is better.

Jan Niggemann wrote:

JPL, can you please take a quick look at the logfiles if there's a surge in http requests for .../users/...?

I received the first email months ago, that would take some time to analyse the log files but I guess this the only possible way they got the email addresses.

Etienne Massip wrote:

As a side note I personally think this conversation should be made public, Open is better.

Totally my opinion, but I wasn't sure what you others thought, I'll remove the private flag.

Probably but this is not illegal, so what can we do next?

IANAL, but I know that it's illegal in Germany (somewhere in the UrhG), even if the information is publicly displayed.

Send them an email to get explanations?

Send an eMail to all of our users, tell them what happened and make them aware of the "hide email" checkbox. Inform them that unwanted commercial email is illegal in most countries and that they are free to contact Easy Redmine or law enforcement, if they think they ought to.

Make the Hide the email address box checked by default?

I don't think that's necessary, let the user decide...

FWIW, I am used to, and notice on most any other site I use my email address, that is is private information by default. I guess I just assumed the same behavior here and didn't notice warnings or bother to check that my email address was public.

If someone did collect the addresses and use them for commercial mailing purpose without obtaining prior agreement from users then it seems that this is spamming and would be illegal regarding EU law¹; as Redmine.org doesn't stipulate anything in registration form there's no legal spamming allowed using the users email addresses, even if they're visible.

Please correct me if I'm wrong.

¹ http://europa.eu/legislation_summaries/information_society/legislative_framework/l24120_en.htm for summary, see Unsolicited communications ("spamming"), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:en:HTML for details, see (40)

Well, in my opinion, no serious company should use crawled data for acquire.