Any pointers on how to report them?

As requested, I’m posting the full text of the email into this post body. I hope it’s screen reader friendly:

u/USERNAME,

tl;dr – you’re invited to a special program that lets redditors purchase stock at the same price as institutional investors when we IPO. Details about eligibility and next steps follow. This (long, dense) email has all the info we can provide due to legal restrictions.

As you may have heard, Reddit has taken steps toward becoming a publicly traded company with the initial public filing of our registration statement with the U.S. Securities and Exchange Commission on February 22, 2024. Yes, it’s happening.

And because you have helped make Reddit what it is today, you now have the opportunity to become Reddit owners at the same price as institutional investors.

We’re offering a Directed Share Program (“DSP”) that invites eligible users and moderators who have contributed to Reddit to participate in our initial public offering (“IPO”). (Including you!) Program Requirements While being selected to pre-register is the first step, there are certain legal and regulatory requirements to participate in the DSP that are outside of Reddit’s control. Bear with us here…

To be eligible for the DSP, you must: • Be a current U.S. resident; o You will be asked to provide the DSP Administrator a valid social security or permanent resident number, along with other personal information. Reddit will not have access to this data. o Please note that U.S. residents using a VPN may face application limitations if the VPN locates them in certain non-U.S. jurisdictions. • Be at least 18 years old; • Provide your full legal name and an email address; • Not be a current or former Reddit employee (FTE). When the DSP launches (a few weeks after pre-registration ends), individuals who have been confirmed for the program will be contacted by our external DSP Administrator. You will then be asked to provide additional information securely to the DSP Administrator to confirm your eligibility. How to pre-register The number of people who can participate in the DSP is limited; we will offer this opportunity to as many redditors as we are able to accommodate. If capacity is reached before the deadline, you will be added to the waitlist. Based on demand, we may also limit the number of shares available.

If you are interested in being part of Reddit’s DSP, please go to https://reddit.com/dsp on desktop to complete the pre-registration form. If you are one of the confirmed participants, we will follow up with an email with more details in the coming weeks. You can also refer to the Frequently Asked Questions for more information. Due to regulatory restrictions (yeah… we know…) we are not able to respond to further inquiries or questions.

Pre-registering does not guarantee that you will be invited or able to participate in the DSP; it also does not obligate you to purchase shares.

As with any investment opportunity, you should make an individual decision based on your own personal circumstances and risk tolerance. Therefore, we urge you to review the preliminary prospectus, when available, before deciding whether to invest in Reddit.

The deadline for pre-registering for the DSP is March 5, 2024. If capacity is reached before the deadline, you will be added to the waitlist. What happens next? While there won’t be a confirmation email immediately after you pre-register, everyone who pre-registers will receive an email in the coming weeks from “[email protected]”, telling them whether they can proceed with the next steps for the DSP.

This is an automated message (beep, boop, beep) and does not receive replies. Please refer to the FAQ for more information. Per our lawyercats, we are not able to respond to further inquiries or questions. Prospectus and Important Disclosures The offering will be made only by means of a prospectus. When available, a copy of the preliminary prospectus related to the offering may be obtained from: Morgan Stanley & Co. LLC, Prospectus Department, 180 Varick Street, New York, New York 10014, or email: [email protected]; Goldman Sachs & Co. LLC, Attention: Prospectus Department, 200 West Street, New York, New York 10282, telephone: 1-866-471-2526, facsimile: 212-902-9316, or email: [email protected]; J.P. Morgan Securities LLC, Attention:c/o Broadridge Financial Solutions, 1155 Long Island Avenue, Edgewood, New York 11717, telephone: 1-866-803-9204, or email: [email protected]; and BofA Securities, Inc., NC1-022-02-25, 201 North Tryon Street, Charlotte, North Carolina 28255-0001, Attention: Prospectus Department, telephone: 1-800-294-1322, or email: [email protected].

A registration statement relating to these securities has been filed with the U.S. Securities and Exchange Commission but has not yet become effective. These securities may not be sold nor may offers to buy be accepted prior to the time the registration statement becomes effective. This notification shall not constitute an offer to sell or the solicitation of an offer to buy these securities, nor shall there be any sale of these securities in any state or jurisdiction in which such offer, solicitation, or sale would be unlawful prior to registration or qualification under the securities laws of any such state or jurisdiction.

No offer to buy the securities can be accepted and no part of the purchase price can be received until the registration statement has become effective, and any such offer may be withdrawn or revoked, without obligation or commitment of any kind, at any time prior to the notice of its acceptance given after the effective date. An indication of interest in response to this notification will involve no obligation or commitment of any kind.

You are receiving this email because a Reddit account, USERNAME, is registered to this email address. 548 Market St., #16093, San Francisco, CA 94104–5401

  • coffeeClean@infosec.pub
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    9 months ago

    The GDPR is a not a directive. It’s a regulation. Nontheless, I read that the GDPR was specifically mirrored into UK law with a couple minor modifications.

    But to answer @[email protected], AFAIK the #GDPR does not apply in this situation anyway because Reddit accounts are “anonymous”. The GDPR only protects identified people.

    /cc @[email protected]

    • Aceticon@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      9 months ago

      An e-mail address is “user identifying information” per GDPR, so if the UK version does not differ from the EU version on this (and it would be pretty weird if it did), it applies.

    • Evil_Shrubbery@lemm.ee
      link
      fedilink
      arrow-up
      1
      ·
      9 months ago

      That’s how I understand the UK situation too, however what is anonymous is left much for debate & sometimes local best-practices. Like, a user can be identifiable by their posts, or even full name.

      • coffeeClean@infosec.pub
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        9 months ago

        If I create an anonymous account but put what looks like a real name in the username field, and sign all posts with that real-looking name, who’s to say it’s really my name? Then suppose I lose my internet connection but want to exercise my right to be forgotten. The GDPR enables people to make an Art.17 request in writing but the GDPR also mandates that data controllers identify who the request comes from (so Mallory does not request deletion of Alice’s records). If a user ad hoc puts their name on everything then mails a request with a copy of their ID card which matches the name they put on everything, it’s a bit off because a company who does not ID users would not normally have the infrastructure in place to support GDPR requests. (and that’s a good thing… it’s good that there’s incentive to support the practice of offering anonymous accounts) But here’s the other problem: the ID mechanism itself must be minimal. A data controller cannot demand a full copy of your ID card if they can verify using something less intrusive like date of birth to verify you. Perhaps in this case a copy of the ID card would be necessary. OTOH, names are not generally unique, which would mean I could use my ID card to request deletion of all records of other people who have the same name.

        As a practical matter, we also have to figure that DPAs are extremely lazy. I’ve filed many Art.77 reports with strong irrefutable evidence and the cases just sit for years. I cannot see a DPA being motivated to work on a case that Reddit can easily defend. OP’s best move is to look at local anti-spam laws (I’m guessing it’s spam… I do not have access to the Cloudflared image the OP posted).

        (edit) more clarity here, hopefully → https://infosec.pub/comment/6975469