Hacker News new | ask | show | jobs
by EgoIncarnate 2051 days ago
I think he's talking about signing into a preexisting account. It maybe be illegal to require you to sign up, but I don't think it's proven that requiring preexisting customers to sign in to a preexisting account to adjust their communication settings.

Personally I'm all for requiring an automation enabled unsubscribe header and double opt in (requiring a response from a subscription confirmation email to subscribe in the first place).
1 comments
Scaless 2051 days ago
The wording is very clear, you can NOT require login to change subscription settings. A password would classify as additional information outside of email address and preferences. Otherwise someone could sign up with your email and you would have no recourse to end the spam, or the company could just bulk create accounts for you without any way to log in (i.e. Facebook).
link
dahart 2050 days ago
> The wording is very clear, you can NOT require login to change subscription settings.

You’re right that wording is clear, though you might have misunderstood or skipped over the scope of this CFR, which is “Non-solicited” messages (https://www.law.cornell.edu/cfr/text/16/316.1), and excludes transactional email (https://www.law.cornell.edu/cfr/text/16/316.3). Since the parent was explicitly talking about any email communication coming from accounts you’ve signed up for, it is important to note that the CFR you’re citing does not always apply.

You absolutely can legally require a password to change some subscription and communication settings relating directly to someone’s account, to require otherwise would be a glaring and massive security hole. It’s quite easy to spoof email addresses, and being able to unsubscribe someone else from transactional email subscriptions would be extremely dangerous.

link
reaperducer 2051 days ago
you can NOT require login to change subscription settings

And yet it happens all the time. Even Apple does it. I expect Apple’s lawyers have a better understanding of the rules than most people.

link
edoceo 2051 days ago
Or nobody is fighting them. Enforcement starts with a complaint to the "authorities"
link
MatthewElvey 2050 days ago
Or in small claims court. There are still folks collecting around $500 per violation.
link