When the government gets back to work I have a new law to propose: It should be illegal to sign people up for services without getting confirmation that the subscriber's email address is valid. In other words, failing to verify opt-in should be punished. And, in my humble opinion, harshly.
I write this not just because being subscribed to services and publications you have no interest in is both irritating and waste of time but because it also can expose the private information of people who are apparently too stupid to remember their own email address correctly.
Yes, I'm talking to you "dre31gt" ... you signed up for Match.com using one of my email addresses and Match.com just dumbly assumed that to really be your address. After a daily onslaught of notifications about women who "checked you out" I finally got around to going to the service and requesting a password reset after which I logged in and cancelled the account.
Then there's PlentyofFish, another dating site that has recently got huge market traction and which, just like match.com, apparently thinks that verifying subscriptions is just too much work. "mashup79" and some other idiot, one after the other, used my email address and I had to use the password reset feature to kill off those accounts as well.
PlentyofFish in particular annoyed me as the deluge of notifications just went on and on. According to various articles, the CEO of PlentyofFish, Markus Frind, is a one man band and apparently thinks that customer service is a needless overhead thus any email messages to the company are simply ignored.
While those two companies have irritated me the one that really surprised as well as irritated me was NOW TV, part of British Sky Broadcasting, which yesterday confirmed someone else's "Sky Sports Day Pass" using my email address. Once again using Sky's "I've forgotten my user name" and password reset features I discovered the account details then logged in.
Sky's customer, user name "gibdonious", who shares my given name but doesn't believe in capitalizing our surname, is obviously deeply confused about his online identity. As Sky's registration page doesn't ask for the email address to be entered twice nor does the service subsequently verify the customer's email addresses to get an opt-in conformation they have, as a consequence, casually exposed his personally identifiable information. I now know the street address of "gibdonious" as well as the last four digits and expiry date of his Visa credit card. I can see that the account was established on September 30 and that the "Sky Sports Day Pass" was the only transaction he's had with Sky. If I were a bad person I could use that data for all sorts of social engineering.
What we have here is a huge failure on Sky's part to protect their customer's personally identifiable information simply because they don't follow a sensible registration protocol something which I suspect contravenes UK and or European Community privacy legislation.
With Match.com and PlentyofFish the issues of failing to verify the user's account and exposing the customer's data are considerably less profound but still sloppy and unprofessional.
So, Match.com, PlentyofFish, and Sky and all the rest of you sloppy, simple-minded companies that fail to verify that given email addresses are valid it's time to get a clue. It's not hard to do, it won't cost much or take long to implement and if we ever do get a law that addresses what is, in fact, a simple requirement it'll keep you from getting into trouble and my level of irritation will be reduced.