Skip to content
This repository was archived by the owner on Nov 6, 2023. It is now read-only.

Unify contact email addresses for addon/extension #13755

Closed
brainwane opened this issue Nov 26, 2017 · 16 comments
Closed

Unify contact email addresses for addon/extension #13755

brainwane opened this issue Nov 26, 2017 · 16 comments

Comments

@brainwane
Copy link
Contributor

Type: other

Right now, the contact email addresses for HTTPS Everywhere in the Chrome store, on addons.mozilla.org, and on eff.org differ.

It's probably best to use one unified address, and I suggest it should be an eff.org address that's regularly forwarded to the team that maintains this repository; https-everywhere@eff.org seems most likely the right choice.

@jeremyn
Copy link
Contributor

jeremyn commented Nov 26, 2017

@brainwane Or maybe -- counterargument -- we should have different email addresses for different contact points, as a sort of metadata about the user who is sending the email. For example https-everywhere-chrome@eff.org for the Chrome version, https-everywhere-firefox@eff.org for the Firefox version, https-everywhere-eff@eff.org for the EFF-hosted version. I'm not convinced this is better, in fact it probably isn't, but it's just an idea.

Another email address we should unify, from https://www.eff.org/https-everywhere , is https-everywhere-rules@eff.org (written on the page as "https-everywhere-rules AT eff.org").

We should not have any Gmail addresses, because @gmail.com addresses are a security problem that might enable email-phishing (see issue https://github.com/EFForg/https-everywhere/issues/12198).

All project email addresses should have public GPG keys associated with them that are clearly published somewhere at https://eff.org/https-everywhere as well as the major keyservers.

There shouldn't be the old-school "AT" obfuscation for email addresses when writing them on https://eff.org. The EFF should improve its spam catching functionality instead.

@brainwane
Copy link
Contributor Author

I'm fine with having different email addresses for those different contact points to add metadata about how people got to the email address (although of course there'll be some noise, since some people will stumble across the address even though they aren't using that particular extension).

I see https://lists.eff.org/mailman/listinfo/https-everywhere-rules has gotten zero new email since January 2017, so I would be fine with closing it down -- @Hainish, does it exist in order to provide a means of contributing rulesets for people who don't want to use GitHub? If so, I'm in favor of keeping it.

Agreed that it'd be much better to have @eff.org addresses and avoid @gmail.com addresses.

Ideally, yes, it would be great to have public GPG keys for each address. I'm happy to file a separate issue about that.

While I agree that it would be great for EFF to improve its spam filtering, and thus to reduce the need to obfuscate email addresses, I'm also aware that an org like EFF gets a bunch of legitimate email that's weird on various axes in ways that confuse spam filters. So, as with the GPG key suggestion, I'd be happy to file a separate issue so rearranging the addresses doesn't have to wait for it.

@brainwave
Copy link

brainwave commented Nov 27, 2017 via email

@brainwane
Copy link
Contributor Author

Hi, @brainwave. Thanks for the heads-up! I did get notification email regarding this issue; thanks. (I'm a woman, just so you know.) You can feel free to unsubscribe from notifications for this issue & anything else in this repository where you got pinged by mistake. :)

@Hainish
Copy link
Member

Hainish commented Nov 28, 2017

@brainwave in 4db81ad, I did change the email address to an @eff.org email in the author field of manifest.json, but I encountered some problems while making a release in the Chrome Web Store (CWS). eff.software.projects@gmail.com is the email we use to make releases on CWS. Changing that to a different email causes an error when uploading an updated crx file.

In d97d5ab, I had to change the email back. However, it looks like this is only used in the self-hosted Firefox UI. We should change the make.sh script to modify the author field email only for the Firefox build, not for Chrome.

In the Chrome Web Store, I can change the display email address from info@eff.org, but this is used for both Privacy Badger and HTTPS Everywhere alike. If we do change this, it'll have to be to an email commonly administrated by both projects.

@brainwave
Copy link

brainwave commented Nov 28, 2017 via email

@Hainish
Copy link
Member

Hainish commented Nov 28, 2017

Sorry for the disturbance! @brainwane this time.

@jeremyn
Copy link
Contributor

jeremyn commented Nov 28, 2017

(I also erroneously tagged @brainwave, in #13755 (comment). Oops, sorry! Fixed.)

@jeremyn
Copy link
Contributor

jeremyn commented Nov 28, 2017

The GPG question and this question are related, because each email address will need its own key, or multiple addresses will need to be added to the same key. So if the EFF doesn't want to do either of those things, then it should reduce the number of email addresses used.

@jeremyn
Copy link
Contributor

jeremyn commented Nov 28, 2017

For the spam filter thing, the issue is that the EFF should make all its addresses available in some obvious way. The current approach of burying obfuscated addresses in a big paragraph midway down the main page is not obvious.

@Hainish
Copy link
Member

Hainish commented Nov 30, 2017

In any case, this should also be added to the https://www.eff.org/about/contact page. That's the canonical place for non-personal points of contact.

@jeremyn
Copy link
Contributor

jeremyn commented Dec 1, 2017

From https://www.eff.org/about/contact it looks like vulnerabilities@eff.org is also (partly) an HTTPS Everywhere address.

@Hainish
Copy link
Member

Hainish commented Dec 1, 2017

@jeremyn

From https://www.eff.org/about/contact it looks like vulnerabilities@eff.org is also (partly) an HTTPS Everywhere address.

Yes, kind of. It's the e-mail address to report vulnerabilities. Though I think the optics of setting that as our primary point of contact for the extension is less than ideal.

@jeremyn
Copy link
Contributor

jeremyn commented Dec 1, 2017

I agree, but if @brainwane is making a comprehensive list of HTTPS Everywhere email addresses, it should probably go on that list.

Hainish added a commit that referenced this issue Dec 6, 2017
…rx should remain eff.software.projects@gmail.com (see #13755)
@Hainish
Copy link
Member

Hainish commented Dec 6, 2017

I've updated Chrome Web Store and AMO to have extension-devs@eff.org as our point of contact. In ca6676e, I updated the author field of manifest.json, this should change the displayed contact in the self-hosted version upon next release. In https://www.eff.org/about/contact, I've added a listing for extension-devs@eff.org as well as the PGP fingerprint, the key for which is available on the keyservers. This page is cached, it should update when that cache expires. I've also added a "Feedback" section to https://www.eff.org/https-everywhere with this email.

This should unify all points of contact for the extension. Closing this now.

@Hainish Hainish closed this as completed Dec 6, 2017
@jeremyn
Copy link
Contributor

jeremyn commented Dec 6, 2017

I also suggest that the GPG key be included in the "Feedback" section at https://www.eff.org/https-everywhere.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants