Hey folks, Joel here, I'm the original maker behind browserless. You've seen us before on HN -- I'm very sorry for this situation.
We didn’t intend to SPAM you or send unsolicited emails, we just wanted to ask for feedback. Being an open-source/boostrapped service, feedback is really important for us, so that’s why we thought it might be a good idea to reach out to people directly. But now it's clear that that was a wrong decision. We stopped doing that and won’t do it again.
Hey man, I believe most of us here know how hard it is to bootstrap something and lift it off the ground. From my side, I admire your product, and I admire the hell out of the fact that you've open sourced it. Which is why I would have totally been fine with just the first email, but the second one pushed it from "start-up founder struggling to get momentum" to "spammer that won't leave me alone". You were just too aggressive about it, but I do think the way you're handling it now is great.
There's one thing I'm honestly curious of, because I've seen this technique before, and it's not necessarily a question to you, but to anyone who might read this: do these pretend-personal emails actually work on anyone? Your product is targeted at users with a pretty high technical skillset, do you think they really believe you hand-wrote that email? Because I could smell the automation right away, even before I checked the message source and saw the HTML structure and the tracking image. It's fake, it feels fake, and to me it's actually worse than an openly-automated message, because it insults me by assuming I can't tell it's not sent by a human. I think perhaps tactics like these work better on less-technical people (though they still shouldn't be employed at all!)
Talked about this on another community, here’s a hilariously sad example of these fake “personal” emails
I was once gone from home for two days traveling with family. Two days. HBOMax sent me an email with this exact subject line (edit: I went and checked through my past emails before unsubscribing, they sent four emails with the subject line over the holidays):
“I can’t help but wonder why you aren’t watching” as an attempt to inform me about the latest series that was now on the platform.
Why? Because I have a life HBO that doesn’t involve you lol. I do other things with my time. I’m not addicted to television. Like come the hell on. I’m already a paying customer. Get out of here with this “why aren’t you wasting more of your time on our platform?” BS
I feel genuinely bad for whoever had to write that, and worse for whoever thought it was a good subject line for ad copy.
I don't understand how you can say "we didn't intend to... send unsolicited emails... " when this is literally what you did. It is very clear that you did actually intend to send unsolicited emails, because you sent unsolicited emails and have just given your reason for sending unsolicited emails. You are not being honest with yourself or others by saying this.
I guess now that you read through the comments, you learned this lesson. As someone who agree with the harsh ones, I appreciate your apology and being forthright about it.
For the future, you can utilize the tools given in GitHub - add a link and/or call-for-action in docs/README/release notes, pin an issue, Discussions.
Depending on your jurisdiction, status, and purpose, merely scraping and processing e-mail addresses associated with GH handles could be a regulatory violation without even sending anything. It's certainly against GH ToS. You'd do best in ensuring you wipe anything acquired without consent.
This kind of thing was seen differently in the 90s and early 00s. Times change.
I think you're being overly apologetic here. This entire discussion is an excessive amount of mindshare for receiving a single email or two. I regularly get email I don't care for. I deal with it. I don't think you're a bad person for sending 2 emails. This is the internet making a mountain out of a molehill. In a week, the pitchforks will move onto something else.
Hey man don't worry too much. It's usually just the vocal one percent, some of us get annoyed, some of us have the world seemingly fall down around us when a "spam" notice arrives.
> We didn’t intend to SPAM you or send unsolicited emails, we just wanted to ask for feedback
You _did_ want to send unsolicited emails, that's exactly what you did. You saying you didn't want to send spam, and hiding what you did intend to do behind "we didn't intend to spam you" is burying the lede.
> Being an open-source/boostrapped service,
Being bootstrapped is not an excuse for sending unsolicited marketing emails. Hiding behind being "open source" when you're actually a commercial offering with an open source repo is _again_ trying to hide what you did.
> But now it's clear that that was a wrong decision
It's only clear after someone called you out on HN and flagged your repository as abusing the terms of service?
Um, am I the only one who had no idea that my Github stars are public knowledge? I don't see anything about this in the documentation or on my stars page. Can anyone see this, or just the admin for the repo that I starred?
Stars are public - navigating to any GitHub profile and clicking the 'Stars' tab shows all the repositories starred by the user. Moreover, all users that have starred a repository can be viewed by appending /stargazers to the repo url or clicking the stars link in the sidebar.
More importantly, there is an API endpoint for /stargazers.
If you really wanted to get GitHub data in bulk for illicit purposes and you know how to work with big data you can get it from the GitHub Archive but that’s a topic for another day. (Although it may not have user emails)
I've received several instances of spam to the public email address I have listed in my unused GitHub account. I've reported it to GitHub plenty, but I've never received any response.
...It's public, what is GitHub supposed to do about it? Hide currently public views behind a signup-wall? And how much would that actually achieve in practice? Should they start requiring phone number validation and ID for signups?
I suggest using a fake, or at least a dedicated, e-mail address for commit messages.
If you are talking about the e-mail in your GH profile, you can mark it as private in settings. Or use their built-in function to mask it (they will replace it with an address under their domain and forward incomings to you).
There are many valid complaints about GitHub but with regards to this I think they've done what they can already. If you don't want spam to your address, don't put it in public. It will be scraped.
OP put their e-mail in cleartext, unobfuscated, in their profile. The blame is on part of the spammers. Countermeasures should be done by OP (and their e-mail host), not by GH.
I feel that part of the problem is that we now have a "notoriety economy." Social media tools have "gamified" the process of interacting with each other, so we're constantly looking for "high scores," and actually become dependent on them.
For myself, I have very few stars on my repos (the one that got a bunch has been passed on to a different team, and I'm happy to have it off my table).
I'm totally fine with that. I write software for myself. Publishing it as shipped, supported, documented, and tested product is more an exercise in Quality, than it is an effort to get stars. The fewer people that depend on my stuff, the better.
Email changelogs? WTF? Is there not RSS for releases, that people can subscribe to if they want those kinds of notices?
[EDIT] Answer appears to be "yes, there is" (append ".atom" to the releases URL for a repo) with the caveat that the handling of pre-releases is less than ideal.
Yes this is frustrating. I just changed my repo's first few lines to suggest subscribing to the mailing list rather than being an intro to the project. I've seen that a few times before and used to think it was weird. But now that I've got updates I want people to know about I'm more interested in just making sure people who are interested have access to info.
As somebody who likes to assume good intentions, I would have hoped your second attempt at unsubscribing was to send a polite, nonadversarial email asking to be removed from the email list you never willingly joined. Assuming that fell on deaf ears, I can understand where you're coming from.
> I would have hoped your second attempt at unsubscribing was to send a polite, nonadversarial email asking to be removed from the email list you never willingly joined. Assuming that fell on deaf ears, I can understand where you're coming from.
No, absolutely not. You put an unsubscribe button in the footer of the email or I'm marking it as spam. That's _entirely_ on you if you don't do that.
If the unsubscribe link requires me to sign in, or pressures me into not doing "Why do you want to unsubscribe? I never signed up. Don't you want our new offers? yes/no", you're also getting the spam report
My nonadversarial action was to ignore the first email, that's all the consideration I am willing to give. The onus is not on me to politely ask to be removed from anything.
I don't assume good intentions and neither should you. If some entity emails me in an automated way without my permission and without any way to unsubscribe it's going straight in spam and being reported to any abuse/spam mechanism that's appropriate.
I get the hustling nature of HN, but this behaviour crosses a line and breaks laws in various juristictions. I don't feel the need to politely explain this to people.
Oversimplifying, but an unsubscribe link is a legal requirement under many different laws (CAN-SPAM, GDPR, CASL) for this sort of email. It's 2022, unsubscribe links are a solved problem, I'm not going to assume good intentions for somebody who is purposefully breaking the law in order to spam me.
That's emotional labor and investment to do for something that was unwanted and not opted into in the first place. There's laws in place that make it mandatory to opt-in and to easily unsubscribe from unwanted emails simply because being nice about it didn't work.
That and 2 emails hardly constitute as "spam". Sure, unwanted but the guy on github and other people in the comments here act like the dude kicked a dog. People need to chill and get some real problems in their life to concern themselves over.
I think the bigger problem is we preach user feedback as the holy grail of product growth, but it's hard to do so when you fully respect privacy (i.e. no sign ups).
For example, when I built https://github.com/pdepip/mmap.it I made the conscious decision to not require any log in information but quickly found I was unable to find who was using my product and then ask them for feedback - so user led development stalled.
The way to get feedback without being obnoxious is to provide ways for users to give you feedback on their own terms. Bonus points if you build a community where you can ask questions as needed.
Readit News
We didn’t intend to SPAM you or send unsolicited emails, we just wanted to ask for feedback. Being an open-source/boostrapped service, feedback is really important for us, so that’s why we thought it might be a good idea to reach out to people directly. But now it's clear that that was a wrong decision. We stopped doing that and won’t do it again.
Sorry, it won’t happen again.
There's one thing I'm honestly curious of, because I've seen this technique before, and it's not necessarily a question to you, but to anyone who might read this: do these pretend-personal emails actually work on anyone? Your product is targeted at users with a pretty high technical skillset, do you think they really believe you hand-wrote that email? Because I could smell the automation right away, even before I checked the message source and saw the HTML structure and the tracking image. It's fake, it feels fake, and to me it's actually worse than an openly-automated message, because it insults me by assuming I can't tell it's not sent by a human. I think perhaps tactics like these work better on less-technical people (though they still shouldn't be employed at all!)
I was once gone from home for two days traveling with family. Two days. HBOMax sent me an email with this exact subject line (edit: I went and checked through my past emails before unsubscribing, they sent four emails with the subject line over the holidays):
“I can’t help but wonder why you aren’t watching” as an attempt to inform me about the latest series that was now on the platform.
Why? Because I have a life HBO that doesn’t involve you lol. I do other things with my time. I’m not addicted to television. Like come the hell on. I’m already a paying customer. Get out of here with this “why aren’t you wasting more of your time on our platform?” BS
I feel genuinely bad for whoever had to write that, and worse for whoever thought it was a good subject line for ad copy.
For the future, you can utilize the tools given in GitHub - add a link and/or call-for-action in docs/README/release notes, pin an issue, Discussions.
Depending on your jurisdiction, status, and purpose, merely scraping and processing e-mail addresses associated with GH handles could be a regulatory violation without even sending anything. It's certainly against GH ToS. You'd do best in ensuring you wipe anything acquired without consent.
This kind of thing was seen differently in the 90s and early 00s. Times change.
> We didn’t intend to SPAM you or send unsolicited emails, we just wanted to ask for feedback
You _did_ want to send unsolicited emails, that's exactly what you did. You saying you didn't want to send spam, and hiding what you did intend to do behind "we didn't intend to spam you" is burying the lede.
> Being an open-source/boostrapped service,
Being bootstrapped is not an excuse for sending unsolicited marketing emails. Hiding behind being "open source" when you're actually a commercial offering with an open source repo is _again_ trying to hide what you did.
> But now it's clear that that was a wrong decision
It's only clear after someone called you out on HN and flagged your repository as abusing the terms of service?
Create a pinned issue with title "We ask for feedback"
Deleted Comment
If you really wanted to get GitHub data in bulk for illicit purposes and you know how to work with big data you can get it from the GitHub Archive but that’s a topic for another day. (Although it may not have user emails)
I’ve never quite understood why there isn’t a private way to bookmark repos.
https://support.github.com/contact/report-abuse
I suggest using a fake, or at least a dedicated, e-mail address for commit messages. If you are talking about the e-mail in your GH profile, you can mark it as private in settings. Or use their built-in function to mask it (they will replace it with an address under their domain and forward incomings to you).
There are many valid complaints about GitHub but with regards to this I think they've done what they can already. If you don't want spam to your address, don't put it in public. It will be scraped.
OP put their e-mail in cleartext, unobfuscated, in their profile. The blame is on part of the spammers. Countermeasures should be done by OP (and their e-mail host), not by GH.
Deleted Comment
For myself, I have very few stars on my repos (the one that got a bunch has been passed on to a different team, and I'm happy to have it off my table).
I'm totally fine with that. I write software for myself. Publishing it as shipped, supported, documented, and tested product is more an exercise in Quality, than it is an effort to get stars. The fewer people that depend on my stuff, the better.
[EDIT] Answer appears to be "yes, there is" (append ".atom" to the releases URL for a repo) with the caveat that the handling of pre-releases is less than ideal.
I used to use watch but I could care less about every individual commit on anything other than projects I'm actively working on.
Watch is not a good substitute for a way to learn about important changes on an infrequent, regular basis (i.e. once a month emails).
No, absolutely not. You put an unsubscribe button in the footer of the email or I'm marking it as spam. That's _entirely_ on you if you don't do that.
I get the hustling nature of HN, but this behaviour crosses a line and breaks laws in various juristictions. I don't feel the need to politely explain this to people.
Spammers are not entitled to private and nonadversarial communication.
Note that in numerous jurisdictions both sending spam and not including unsubscribe link is actively illegal.
For example, when I built https://github.com/pdepip/mmap.it I made the conscious decision to not require any log in information but quickly found I was unable to find who was using my product and then ask them for feedback - so user led development stalled.
GitHub discussions not enabled on the repo
> https://mmap.it/
404 Page not found
The way to get feedback without being obnoxious is to provide ways for users to give you feedback on their own terms. Bonus points if you build a community where you can ask questions as needed.
Mention it in the Readme.