not GDPR compliant – send unsolicited advertising mails to users and admins

Just a quick reaction on:

There is no options button, a checkbox with which I can select whether I want a newsletter and to which address.

This is simply not true.

When you enable the Network Brute Force Protection module and then click on the Configure button you’ll be presented with an Email Address input box and a Receive Email Updates opt-out checkbox (which by the way I believe should be an opt-in).

Anyway there is a choice and you can specify an email address ??

So does this mean the iTSec plugin fully complies with GDPR ?
Definately not. There is a lot of work to do for iThemes to reach full GDPR compliance.

Yes, that’s correct, but you’re still violating the GDPR. First, their so-called opt-in gives me the possibility to give one or more addresses, but only for the purpose that the plugin or iThemes Security can send me system messages in case of problems such as bruteforces, general attacks or unauthorized login attempts etc…

Therefore your company does not have the right to send me and all users, who have installed the plugin actively, automatically and unasked advertising e-mails with offers, and that is what it is about me!

As far as I know installing, activating and configuring the iTSec plugin does not make iThemes send any unsollicited newsletter emails. The only exception is when enabling the Network Brute Force Protection module and NOT unchecking the opt-out setting as I described in my previous post.

It’s not very clear from your description but are you perhaps referring to the ads in the emails activated from the Notification Center module ?
(If so why don’t you simply say so …)

Anyway this is a free plugin from a highly commercial US organisation. Its sole purpose is advertisement in order to increase premium (Pro) plugin and other iThemes services/products sales. Use it or not. It’s your choice.

My opinion is not iThemes’ opinion …

Yes, I am also talking about the Notification Centre, but obviously I am still being misunderstood or people do not want to understand me.

It’s not about the plugin sending newsletters itself, of course the plugin doesn’t, but the company behind iThemes picks up my email address and then sends unsolicited advertisements, that’s what I’m talking about! And that is a clear violation of the GDPR!

Furthermore, neither in the Notification Center, nor under Bruteforce, neither under global setting, is there any indication that I will later receive advertising from iThemes, i.e. that I have a newsletter on my hands.

Free software or not, it has to be clearly marked and pointed out that you will get advertising and I have to decide whether I agree or not. Is there a checkbox for this? No. If you contradict me again, then have a look at the plugin under German GUI.

The message center only states that you receive system messages in the event of security breaches. There you can determine whether all admins or a certain admin gets a message. There’s nothing about newsletters.

Nevertheless iThemes picks up my mail address to send me regular advertisements. That may be legitimate, but it happens without my consent. It doesn’t change the situation that you have an opt out in the newsletter itself. There was no prior approval.

Furthermore, one should think about how far it is possible to anonymize the collected IP addresses, for brute force protection, because this is also demanded by the GDPR.

I hope that this has finally become clear to me.

• This reply was modified 6 years, 4 months ago by agenciesFirst.

Да дынный плагин вообще многое что нарушает ! И это первый плагин который попал в черный список большого количество крупных балансировщиков во всем мире за спам навязчивую рекламу и полную не работоспособность ! Я лично принимаю большое участия что бы данный плагин как можно больше был занесен в черный список теми или иными крупными дата центрами так как не имеет никакого отношения к безопасности ! чем тут заниматься ерундою и удалять мои посты лучше бы вернусь к версии 6.8.1. и начали бы нормальную разработку а не выпускали бы новые продукты которые имеют огромное количество ошибок !

Below the Google translation into English of the previous post:

Yes, the melodic plug-in does a lot of things! And this is the first plug-in that has been blacklisted by a large number of large balancers all over the world for spam obsessive advertising and complete non-availability! I personally take a lot of participation that this plug-in as much as possible was blacklisted by some major date centers because it has nothing to do with security! than here to be engaged in nonsense and to remove my posts it would be better to return to the version 6.8.1. and start a normal development and not release new products that have a huge number of errors!

Oh and returning to version 6.8.1 will not fix the advertising ??

Properly configuring the plugin will make it run smoother. No need to put it on a blacklist. That said, yes there is a lot of bugs that still need to be fixed. At least 1 CSRF vulnerability and undoubtfully others as well which are yet to be discovered …

Also remember, my opinion is not iThemes’ opinion.