Bargainbox Email unsubscribe BS

Forums › Off topic › Bargainbox Email unsubscribe BS

getontoit99

85 posts

Master Geek

Lifetime subscriber

#304394 30-Apr-2023 13:03

Clicking Unsubscribe in an email from Bargainbox took my Brave browser to an unsecured (no HTTPS) page at bargainbox.co.nz.

This of course, results in a warning from the browser:

"The connection to click.info.bargainbox.co.nz is not secure
You are seeing this warning because this site does not support HTTPS."

With "Continue" and "Go Back" buttons.

All other pages I found at www.bargainbox.co.nz are secured.

Many people trying to unsubscribe from the emails would be scared off by the warning message and not continue to the site, to complete the Unsubscribe process.

Making it difficult to unsubscribe may be good business but it's hardly honest. Or am I just old and cynical?

I've brought this to their attention and received an auto acknowledgement from hello@myfoodbag.co.nz.

1 | 2 | 3

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3069498 30-Apr-2023 13:33

Not good business and actually called a "dark pattern".

getontoit99

85 posts

Master Geek

Lifetime subscriber

#3069499 30-Apr-2023 13:35

And a listed company!

SirHumphreyAppleby

2844 posts

Uber Geek

#3069514 30-Apr-2023 14:41

The law actually requires people be able to unsubscribe via the same means of communication, which in this case means e-mail. The DIA has decided to take a more liberal interpretation, allowing a link to a Website. HTTP is perfectly standards compliant and meets this definition. There is no deception or deliberate attempt to complicate the unsubscribe process, it's your browser creator arbitrarily imposing their views on what is and is not acceptable. If anything, this is a futher imposition on a business that is trying to do the right thing by providing the link in the first place.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3069527 30-Apr-2023 15:23

The business already redirects the root domain from HTTP to HTTPS. There's no reason why the email link shouldn't include HTTPS or the server automatically redirect like the rest of the domain.

Users don't need to know the technical aspects.

boosacnoodle

963 posts

Ultimate Geek

#3069530 30-Apr-2023 15:49

Have you tried with Chrome or Edge? Sure this isn’t just a Brave browser issue? Where do we draw the line? It should work in Lynx browser?

nzkc

1571 posts

Uber Geek

#3069533 30-Apr-2023 16:06

freitasm:

The business already redirects the root domain from HTTP to HTTPS. There's no reason why the email link shouldn't include HTTPS or the server automatically redirect like the rest of the domain.

Users don't need to know the technical aspects.

This assumes the marketing, or this part of it at least, isnt out sourced to a different company. I'd bet it is. The practices and standards are probably very different between the companies (personally have low opinions on marketing and the web)

Agree that today nobody should be using HTTP and assuming everything is redirected because their website is would be a bad assumption.

Jase2985

13457 posts

Uber Geek

ID Verified

Lifetime subscriber

#3069537 30-Apr-2023 16:11

freitasm:

Users don't need to know the technical aspects.

correct so does it mater that its not HTTPS?

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

getontoit99

85 posts

Master Geek

Lifetime subscriber

#3069600 30-Apr-2023 17:22

My bad for posting in a forum full of techies😁

When Joe Non-tech User sees this (below), many will likely be put off by the browser warning. They won't have a clue and will not use the Advanced button to get to unsubscribe from the emails. (Brave, Chrome and Edge all do this.).

Everyone here knows that clicking the Advanced button will provide a safe path to unsubscribing. I'm talking about those from outside, IRL (in real life), for whom this is a black art. (Not everyone is under 40 and tech-clever...)

This is why it does matter that its not HTTPS.

SirHumphreyAppleby

2844 posts

Uber Geek

#3069648 30-Apr-2023 17:30

getontoit99:

It's nice you think we're under 40.

That error is a certificate error. HTTP is being redirected to HTTPS, but the certificate is invalid for the site.

Inphinity

2780 posts

Uber Geek

#3069682 30-Apr-2023 19:23

SirHumphreyAppleby:

It's nice you think we're under 40.

That error is a certificate error. HTTP is being redirected to HTTPS, but the certificate is invalid for the site.

Which is probably worse, because more (most modern) browsers will display a similar error for an invalid cert, than simply being HTTP.

SirHumphreyAppleby

2844 posts

Uber Geek

#3069683 30-Apr-2023 19:29

Inphinity:

Which is probably worse, because more (most modern) browsers will display a similar error for an invalid cert, than simply being HTTP.

Definitely worse. In this instance, any browser would warn of a legitimate issue. Because it's a CN mismatch, not just an expired certificate, it would be wise to treat the link with some caution.

It's still most likely an oversight rather than a deliberate attempt to make unsubscribing difficult, but it needs to be raised with the company to get it fixed.

yitz

2074 posts

Uber Geek

#3069684 30-Apr-2023 19:34

Was the original unsubscribe link in the email https though?

The screen captured error message of the follow up post is not consistent with the description of the warning message in the original post.

boosacnoodle

963 posts

Ultimate Geek

#3069694 30-Apr-2023 21:09

So, you were sent an HTTP link and your browser upgraded the connection to (misconfigured) HTTPS which, correctly, presented an error - have I got that right?

yitz

2074 posts

Uber Geek

#3069758 30-Apr-2023 22:16

Whether the client side browser is correct to upgrade the connection is debatable... the server in question here is certainly not indicating any preference for an upgrade in anyway so is a fully client side decision.

https://brave.com/privacy-updates/22-https-by-default/

neb

11294 posts

Uber Geek

Trusted

Lifetime subscriber

#3069768 30-Apr-2023 22:43

getontoit99:
Making it difficult to unsubscribe may be good business but it's hardly honest. Or am I just old and cynical?

"Never attribute to malice what is adequately explained by stupidity". Or, in this case, a simple misconfiguration or server glitch.

In addition, to quote Bruce Schneier, "Go to a web site and interact with it via HTTP rather than HTTPS. Watch the total lack of chaos that results" (he was responding to some claim that without TLS the internet would collapse into chaos).

1 | 2 | 3