Exercise Your Rights

I have a pulse, which unfortunately means I receive spam fairly consistently across a variety of channels. To make matters worse, I also founded Sentry, put my cell phone number on legal filings, and have had the same email address for over a decade. You can imagine what every day is like, but if you can’t, its me smashing archive over and over, running around with multiple sims (as well as Google Voice), and being generally a very frustrated person.

Why doesn’t anyone do anything about this?

Google provides anti-spam functionality, but it only stops automated bots. The spam I receive is automated, but its (usually) not a bot. Its sales people. Its recruiters. Its investors. Its a bunch of humans who get paid to harass you. Google, and basically everyone else, has mostly refused to do anything about this, so what can we do? Well, not a lot.

I have:

  • Abandoned LinkedIn (the spammers primary platform) and required you know my email address to even sent a request - albeit its not hard to find.
  • Changed my cell phone number (though for security reasons I can’t abandon it), and I give it out to no one except family and friends.
  • Raged quite a lot on the internet, and sent many angry UNSUBSCRIBE responses.
  • Tried my best to build a culture at Sentry to avoid these kinds of practices (I truly am sorry when we fail).

While some of those actions helped (particularly the cell change), it’s not enough.

There is one shining beacon though, and it has a few names. If you spell color wrong you might know of it as GDPR, or if you’re a tech elitist, you’ve probably heard of CCPA. It doesn’t really matter what the difference is, but they both importantly give you a very useful tool to put the fear of God in your salesperson enemies: a legal facility which they are required by law to act upon, one which explicitly targets theses kinds of scummy practices.

That facility is effectively the right to be forgotten. It’s the right to say “my soul is not for sale, let alone resale”.

So what did I do? I asked a member of Sentry’s legal team to help me out with a templated response. A response that goes to anyone with an unsubscribe link, or anyone who thinks they can possibly make money with 16 follow-ups. The response works, but I’ve yet had to test the follow through (although I am fully willing).

I’m copying my macro below which is for the CCPA (I’m a California resident), and you can easily tweak it for GDPR. Honestly, even if I wasn’t from from Europe or California, I’d just say I was and send the notice anyways. Humanity deserves humanity, and industries designed to waste our time do not.


Edit: I’ve also published this on GitHub in case folks have other ideas to contribute.

As you should know the California Consumer Privacy Act (CCPA) grants a number of protections to individuals:

Consider this a formal complaint and request to immediately remove my contact information, and any other identifying information about myself from your systems.

Additionally I revoke your permission to sell, transfer, or otherwise share my information going forward.

Please respond acknowledging your receipt and compliance with this request. If you are unable to comply with this action directly, please provide the contact for CCPA requests, or forward this to said contact.

If you do not comply with this request, rest assured I will be filing a complaint with the California Office of the Attorney General.

More Reading

Secure Yo Self

Debugging OpenAI Errors

Work/Life Balance

An Honest Review of Gatsby

Instrumenting GatsbyJS with Sentry