Forms, user info, spam and the law

That may be a good idea: I will look into your suggestion and also what other options there may be. The previous website was one that was already up and running when I redesigned it, meaning no wonder the client was confused about the whole thing if it meant changing what she was used to. This is all new, so I have the opportunity to try and design it properly.

The story about the travel website made me wonder if a similar conversation had happened there! :slight_smile: Or maybe they just didn’t know. It’s better than nothing. These days the designer/developer could have been anywhere in the world - I was trying to think of what exactly I would put in writing before beginning something and I guess there needs to be some way of indicating that ultimately it’s up to the client to check relevant local laws if there is any doubt. (???). I mean, I can try to comply with american / uk laws and best practices, but I wouldn’t even be able to read say, dutch or french laws. Probably nobody would even bother to check but I don’t want to be held responsible in the case of some problem.

Sometimes people really do get asked to do dubious things. I remember seeing an ad on a freelance site for someone to replicate a login page/members page exactly. I read it very carefully and came to the conclusion that it could only be for phishing. The website deals with very large purchases of thousands of dollars at a time. So I looked at the freelance site’s policy and it said it was up to you to decide the right thing to do. So I emailed the website and showed them the ad, and said it looked like someone was going to try phishing against their customers. They did write back and say thanks, too.

And no I don’t want to get my server blacklisted for sending spam. I already agreed with my next client (who was quite interested in all of this) that this means that anyone with forms really shouldn’t be hosted on my own server. I already decided that if they want to upload their own content that isn’t something I want on my server - just in case the whole thing gets taken down because of a picture they used. Not a biggie, I could still easily arrange hosting for them. But if I ended up with 30 small websites hosted on my server and they all went down because of one picture of a kitten someone swiped from google image search I’d have a lot of explaining to do! (I also decided to change some of my images - I only started blogging again recently, and didn’t even expect anyone to find my site. So I swiped the odd pic. Most of them are OK, but now I’m getting 100 visits per day and people are asking me for little 1-page websites that I can host myself it’s time to change all the dodgy ones. I don’t want someone else to be affected by my behaviour!).

The more I think about it, the more obvious it is that the real reason this all happened the way it did is just because this is a completely new person who has had no dealings with me before. The site is almost complete. To be honest I’m just as bothered by their remark that “of course we won’t be paying until we are completely happy with the website” when in fact this was a project with a fixed deadline, and I’m basically waiting for their content. Classic scenario! I always firmly impress on people when I am first approached about something that I never agree to do anything without a deadline. At the time I handled this comment by firmly redirecting their attention back to the fact that essentially there is not much more I can do without the content. It didn’t seem worth making more of a scene at the time, especially as it was our first phone call. But I really felt someone was playing the hotshot business person, probably thinking they are doing everything right (getting what they want, not paying until happy) but not realising they are creating waves. It crossed my mind to phone my original client and have a little chat. Anyway, I don’t think this is something I can’t handle - just normal people skills and assertiveness should be enough. I was caught out because when I took the project on I had been ill for a long while, and wasn’t quite up to speed with my usual methods of setting ground rules at the beginning.

I used to do paintings on commission. I’m used to setting the rules at the beginning: deadlines, payment, etc. I actually started asking for payment just to make the people who were already asking for paintings behave themselves and respect the time it takes! Cutting down on changes to the brief, making people turn up to view rough drafts, and all that. I said to my next client the other day that this suddenly made me realise perhaps there is a different scale of payment here - I should stick another 0 on the end basically! Just because what I’m charging is cheap for a website … yes that sounds utterly psychopathic but it’s a way of thinking about things that works (at least it did in the past). When I did paintings, these things would happen and the rules would be adjusted and the prices would go up. The more I charged the more people asked me to do, and the better they respected my efforts and my time.

I’m lucky to be dealing with such nice people so far. Yes I have actually avoided the real sharks. This is like practicing so when I maybe some day have to deal with someone really nasty, I won’t even need to think about what to do - I’ll just carry right on with my established procedure.

I have done that before with other things too - amazing how having some simple rules that you can tell people in advance cuts down on a lot of angst. If they break the rules they are “out”, and that’s that.

They don’t sound like nice clients at all. And in the extraordinary amount of time you’ve spent describing the story you could have probably dumped then and got yourself another two clients. It all sounds very low-rent and suss to me, if in fact any of these people even exist.

No forms or uploaded content? That seems a little drastic. I think you may be over thinking this - just use common sense and you should be OK. No reason to avoid an entire world of hosting (if you want to be in that world) just to avoid what is generally a manageable risk.

OK point noted, but it still makes it more important to get terms and conditions that cover this. I was hoping to be able to host smaller sites myself. I think I certainly need to plan ahead and think carefully. I suppose if I’m hosting a site on my own server then “my server, my rules” probably is a good rule. If they want to do crazy-stupid things they can go do it on some other server. There is something worth thinking about here - after checking I found plenty of examples of IPs being blacklisted (this happened to me a year or so ago - a whole block of IPs were blacklisted by spam software and it really wasn’t funny to find all my emails disappearing into a black hole), and also examples of people being sued, fined etc (OK, much less likely).

Anyway, there never would have been a problem if someone hadn’t reacted to some gentle steering by playing the Boss card: making it seem that they intend to get what they want and it’s my job to do what I’m told. I didn’t like that. This may be less an issue about the law than it is about people and how they behave sometimes. It’s a bit corny but perhaps we wouldn’t need laws in the first place if people behaved a little better. On the other hand they didn’t know that there was a law (I did but was caught on the hop and more concerned with keeping the converstation on track - perhaps I should have been more forthright).

The more I think about it the less clear it is that this is separate from the other thing they said that worries me - that they weren’t going to pay until “we are completely happy” etc. It was the way they said these things as much as what they said.

They are not paying me enough to put up with this. I seriously nearly just downed tools. If I had wanted to be confrontational I would have said immediately that I never work without a deadline at all. I pointed out that I had been working to the deadline that I had been given, but this new person has suddenly (and nastily) stated that there is no deadline.

I really really had to resist the urge to kick back hard. STILL resisting the urge. My first instinct really IS just to write a formal email or letter stating that as far as I am concerned a deadline was agreed upon at the beginning and I won’t work without one. Maybe mentioning the legal issue of the form as well (but to be honest it bothers me less).

Yes I know I should have had a proper contract. I’d been ill, they asked out of the blue, I’m almost just accepting the job as a favour to a previous client. There was considerable confusion at the start (just getting the word on whether the project was actually going ahead ate up valuable time - from what I thought was a short deadline). The house flooded as well, throwing me into time-management panic. I was aware that there needed to be more formal agreements of terms, and kind of had that goosebumpy feeling when you know you are doing something wrong. Even without written contracts I make sure I set ground rules very firmly at the beginning - but this time everything had to go past a committe… who were slow …

Oh well. You are right, oh person who says they sound low-rent and suss. I was doing this for portfolio and references, but that’s starting to seem less and less likely. For one thing they have very, very specific ideas about how everything should be (so it’s not a fair representation of what I could design - it’s what they want me to create). For another it is EATING AWAY AT MY TIME for too little money. They already extended the deadline once - from 4-6 weeks to SIX MONTHS. Even my school-age daughter is annoyed that I haven’t got rid of this project yet. And at the eleventh hour a stranger is brought in and creates issues …

I keep reminding myself to be fair. Nobody else has caused any offense whatsoever. This person perhaps needs to be reminded of some ground rules. Or I should just let it flow over me and use the experience next time.

I basically tidied up what I needed to do on their site, and now it’s in cold storage until they either get me some content or the date on their quote comes around. You are right about getting new clients - it has got to the stage where two people are waiting.

I will not be letting this happen again. It makes me cross, and when I get cross I get my s*** together. :slight_smile:

OH and PS they are real and so am I - it doesn’t take me long to write these posts (I’m a wordy person), and also there really is nobody to talk to here. Starved of human interaction, and all that. Sorry!

PPS I wrote up all this legal stuff in a blog post - I guess that’s Covert Aggression and makes me dysfunctional but hey. The blog must go on. And it’s good material …

PPPS: no I haven’t missed the massive subtext that basically they keep extending the deadline because they are nowhere near ready themselves. Fool me to believe people when they say that something has to be ready for their own launch dates. So far this has never, ever, worked. I broke my own rule - my oldest rule of all - which is making damn sure people know that I must have a specific deadline and that is the deadline on which they either pay me or reject it outright (if that was an option - this has never happened, and so I dropped this condition ages ago. It’s ready on the agreed day, you pay. You get your stuff). But their original “must be ready by” date was looming by the time I even got a go-ahead. Stupid, stupid, stupid me!

Indeed, this is all you need to do. Make the policies clear, and stand by them. That’s it. They don’t have to be ‘ground rules’, those are what you give children. They are policies, which are what you use to conduct business and you don’t need to justify or explain them to anyone.

Most importantly, the ‘flow over me’ comment is crucial. I think you are very connected to this relationship in an emotional and passionate way which is getting in your way - it makes your mind noisy and takes away from you ability to do business.

One great way to reduce that kind of noise is simply to slow down by not responding to emails/call from the client right away. Instead, write them calm, concise email each morning based on the previous days correspondence. Then, don’t worry about them all day and give yourself a little time to reflect. Things usually seem simpler after a nights sleep.

Think: ‘mind like water’ :slight_smile:

Yes! you are right on the button and of course I know it - why else would I have stopped myself from biting back in the first place? I know that’s just going to make a big problem out of something that is really my own fault, and creating tension won’t help anything at all.*

*(sometimes later you end up in more trouble by being diplomatic, and someone says you should have nipped it in the bud…)

I just came back because I was having a think, and I know that the real reason I reacted so emotionally was that in fact I’m so short of money right now that I had been counting the days (well, weeks) until this was finished and making plans. It’s childish - I felt like a little kid who has been told they can’t have a new toy. It’s also kind of screwed up that I could get that bothered about such a small amount of money. That’s not their fault either.

I think perhaps if I just stay calm and when I am in a good ‘place’ and have an opportunity to raise the subject, I should just ask them nicely to pay me even though their content isn’t ready. I think that was what I thought I could do at the time, but the worry ate away at me.

The person who initially approached me has been a client for quite a while now, and I regularly do bits and pieces on their website. I quite consciously gave them ‘mates rates’, and had actually been really pleased about how everything was going. They actually told me they were going to pay quite a lot more than first agreed (relatively), and things were going brilliantly as I felt I now had lots of happy people who were in a great position to recommend me to their contacts. I was even networking them with old friends.

I had a falling-out with my original client, way back when. I came and asked advice about that here as well. We sorted it all out in the end and I got a sincere apology and explanation that there had been a misunderstanding. But I did have to send that formal (sort of) email.

I suppose another thing is being treated with “suspicion” by someone when I know my original client trusts me and would probably be quite shocked if she thought I felt I was under suspicion of being the type to “cut and run”. I really think if there was a real issue there she would back me up because she knows I’d never do that.

I have been applying liberal doses of beer to the issue. I’m not a drinker by anyone’s standards, but it seemed more sensible and healthy to get out and chill out than stay in and stew. Time heals all etc.

It’s quite freaky to see this on the list of top forum topics, by the way. LOL, asking for trouble! Oh well, so far I have resisted the urge to delete anything I’ve said. It’s come close once or twice!

Anyway, time to try to be zen …


Came back to say I also noticed this is a good thing overall. It’s giving me back some of my usual pep. I tend to be at my best when I have something to get me going … (Six Impossible Things Before Breakfast, and fierce). It probably is actually relevant to my attitude in general that I’m female, btw. I noticed the blurb says ‘he’ and thought ‘haha’, but for one thing it explains why I don’t care much about sounding like a psychopathic angry freak, and for another why I seem so ‘emotional’. It’s handbags at dawn! :slight_smile:

Spam is illegal in many countries and Russia is certainly no exception. So why then is it mostly left up to the technical experts to try to combat the problem when it could be argued that the legislature should be leading the crusade? In this article we will discuss anti-spam legislation as it exists in different countries around the world, focusing on how effective such legislation is and what prevents it from being more so.

Spam can cause a number of very serious problems, not least of which are excessive mail traffic, unrecoverable costs generated by staff productivity losses and server overloads, this last being a real headache for email providers and system administrators. But it doesn’t end there. Due to its perceived anonymity, spam is an effective tool for fraudulent activities such as the advertising of counterfeit goods and other forms of contraband, the distribution of pornography and a host of other crimes besides. Additionally, spam acts as a malware ‘delivery service’. A malicious program can be attached to an email, or a link can be placed in the body of an email that points to an infected website. Phishers also employ spam to trick users into visiting fake versions of well known websites with the intention of stealing their confidential data.

Cases involving spam are notoriously difficult to investigate and it is even more difficult to prove the spammers’ guilt. However, that’s not the only issue. The second problem is that many people, including some authorities whose job it is to protect us, simply underestimate the damage that spam can do, often seeing little problem in the mere fact that unsolicited correspondence is to be found in someone’s inbox. That is why much less attention is paid to the question of fighting spam than, for example, to the question of computer fraud.

There you have it, from an apparent Russian spammer.

lol, I don’t know if he’s a russian spammer perhaps you know something I don’t!

I came back because I had some email notifications of new posts but I haven’t been checking much email - trying to chillax and succeeding nicely. Good thing too - I’ve been indundated with new work requests, and I need to recharge the batteries. The latest thing is being asked to write a report that will be taken to Parliament in 2 weeks. If it doesn’t scare you to think that someone like me could be mixed up in something like that, it really should! I’ve been bricking myself all afternoon, and worrying about how on earth I will be able to fulfil all my commitments …

Meanwhile I have obviously been giving some thought as to what wording I should put in future contracts. I do HAVE a very long and formal contract that was written for me by a lawyer, but it’s designed for dealing with big companies who will show it to their legal team. Round here, it’s more likely that contracts need to be very simple and easy to understand, for Joe The Farmer who wants a simple website for his Bed & Breakfast and is confused about “that new internet thing”. I have to draw up a contract like this over the weekend for my next client (a local builder) and I really did have to reassure him that it will be simple to understand, and even explained that “there’s no point in having it if you don’t understand, so you must ask me if you don’t and I will reword it”. Essentially, it actually makes the whole thing invalid anyway if the person signing it doesn’t understand what they are signing.

So for little bods who just want something simple, I felt stating that I will follow accepted best practice (including some main points worthy of note such as clear privacy policy, telling people what they are signing up for before they opt in, and deleting people from their database), but that it is their responsibility to make sure that they comply with any relevant laws.

Seriously, people vary a lot in what they know or can understand. Some are professional business people who either do or should know about things like data protection laws and good business practice. Some of them can and will afford a lawyer to look at contracts before signing, and it’s not unreasonable to expect them to do their own fact-finding.

Other people, like my next client, are confused and anxious about the whole process and DO want help and advice. It really is easier for me to give them a simple explanation of some basic things, and they want to be able to rely on me to point them in the right direction. My next client has made it clear that he doesn’t understand anything at all about the internet and that he needs me to be in charge. He just needs someone he can trust to do things for him. This is the person who came up with a completely unique internet-related law question that I really didn’t know the answer to and had never ever come across before. It’s important both to advise people to get proper legal advice if they have such questions and to be happy to assist in finding some information if they need it. It’s a lot easier for me to find out stuff than it is for some other people.

I think at the beginning you said it came down to what I saw as my role, or job description, and how much I was prepared to take on. I think the answer to that is that I really need to be flexible and responsive to individual clients’ needs. I do however need the protection of conditions in a contract that I can refer to later - the more general I can make the relevant clause the better. Still giving it thought, but it will be relevant for my next-but-one contract, so I have a whole month to work it out!

Some people here thought that actually the Unique Selling Point that I have and should make use of is a personal service with excellent support and after-sales care, as I am local. So far this is how things are working out - naturally. I have another new client who phoned up panicking about her website - wanting a redesign. Turned out that she’s paid vast amounts of money to one person after another, with no progress. I may end up redesigning her site - in the end! But for now I offered my time (at a reasonable and affordable rate), just to help her figure out how to make the best of what she has and to fix anything she breaks while she is learning. (She has a complex CMS). I was very alarmed by how much she had already spent, and frankly I don’t want to be compounding the problem.

With any luck word will get around about me being reliable and honest, in addition to what I can actually do on the computer. It seems to be working out. Things look like they are snowballing rapidly.

I do hope that if my original clients find this they don’t freak out too much. I’m prepared to take my lumps if that happens. I was upset, yes, but really thinking ahead to the future and avoiding any much more serious problems with significant amounts of money on the table.

Trust - that is the key word I think. Doing things on time, the right way, looking good, and being a sensible person who gives sensible advice is not really too much to expect. I’m new to the area and need to build up a good reputation. I look like the least likely computer nerd in the world - more like a tramp, and my house looks like a squat. But people are suddenly realising that I’m really very capable.

So I may not be back to check the forum for a while as I am too busy - but thank you all for your sensible advice and various opinions. There is no one correct way of seeing the world!

The post in question is from a one post wonder, and it’s copypasta from an article on Securelist.

99% of the time a new poster throws up copypasta, it’s a spammer. It’s often something to check for when a post seems related, but not ENTIRELY on topic.

I would error on the side of caution. It sounds like it is a bit shady.

Exactly, time to just sit back, take stock and do my best to deal with things wisely. As it stands, I have looked into using a better plugin for the form (I may still have to dive in to the code, but may as well start with a good one), and I have put some basic writing on the page that (sort of) complies with the law. We can iron out the details later, and I will be able to explain with more confidence why we need this.

As for spammers - they are clever these days. I did notice the copypasta aspect and figured that must be it … but sometimes I leave spam on my blog when it manages to be either very amusing or relevant. As long as it doesn’t link to bad things!!! The other day I let through a comment on Generation X, as I felt it was so apt.

I should have a little rogues gallery of the best and most insane spam comments.

Back to the topic - it’s always easier to deal with things like this when you are very sure you are correct, and why. I think I shall design a simple factsheet that people can have when they start a project that deals with people’s data. It can have the main points they need to be aware of and information about where to get more.

I still haven’t dug into the whole moving-data-outside-EU thing. I should do that … so far nothing major has ever come up, but if I need to I can rent UK server space from the same hosting company, or even have them move my original website onto a UK server. I think if someone was expecting serious traffic they will be needing their own separate hosting anyway, so I will just remember to keep people on UK servers and avoid worrying about that aspect.

Next-but-one project will involve a lot of forms and database work, which I will probably code from scratch instead of using a CMS.