QotNews
Hacker News, Reddit, Lobsters, and Tildes articles rendered in reader mode.

24 Hour Fitness won't let you unsubscribe from marketing spam, so I fixed it

Source: ahmedkaddoura.com
110 points by daem 14 hours ago on hackernews | 44 comments

24 Hour Fitness has a broken unsubscribe page. You get one of their marketing emails. You click the unsubscribe link at the bottom. It takes you here:

https://www.24hourfitness.com/members/unsubscribe

You enter your email. You click unsubscribe. You get a mysterious error message in Spanish.

I found the bug. It's one line of JavaScript. I reported it back in November 2025. No response. So I built my own unsubscribe page.

24 Hour Fitness unsubscribe page showing an error message in Spanish

"The audacity of a Spanish error message on a US gym website." — Claude

What the heck is this? 🤔

Error de conexión al obtener el token de OneTrust.

OneTrust is an American software company that develops privacy, security, and data governance software. Their platform includes tools for consent management and regulatory compliance automation.

The irony: OneTrust is literally a consent management platform focused on regulatory compliance, and 24 Hour Fitness is using it to violate consent regulations. The error is in Spanish for some reason.

This is actually illegal

The CAN-SPAM Act requires commercial emails to have a working opt-out mechanism. Companies that violate this face serious fines:

  • Verkada: $2.95 million (2024) - the largest CAN-SPAM penalty ever. They ignored opt-out requests.
  • Jumpstart Technologies: $900,000 (2006) - didn't process opt-out requests in time.
  • Experian: $650,000 (2023) - spammed users with emails they couldn't opt out of.

Each individual email can carry a penalty of up to $53,088.

Marketing email = psychic attack

I don't subscribe to anything. Not newsletters. Not Substacks. Not even blogs from writers I deeply care about. My inbox is for communication, not marketing.

I'm definitely not subscribing to 24 Hour Fitness marketing spam.

Since October 2025, I've received 40 marketing emails. Every single one links to the same broken unsubscribe page.

Each of these emails is a psychic attack. An attack on my attention. Here are the subject lines:

I'm paying for this membership. I can't opt out of their spam. This is evil.

This isn't new for 24 Hour Fitness

I found this Reddit post from February 2019:

Reddit post from 2019 complaining about 24 Hour Fitness unsubscribe

Almost 7 years ago, same problem.

24 Hour Fitness has had unsubscribe problems for at least 7 years. Not only do they make it hard to cancel your gym membership, they also make it hard to escape their marketing emails.

I hope they fix this. If I'm dealing with it, I'm sure thousands of others are too.

I reported it. No response.

I submitted a bug report via their contact form back in November 2025.

They replied: "Thank you Ahmed, for reaching out! We will make sure your comments are forwarded to the appropriate person. Please be assured we are doing our best to follow up as soon as possible, typically within 10 business days."

Weeks later. No response. Bug still broken. Emails still coming.

The one-line JavaScript fix

I looked at their code. The bug is embarrassingly simple:

$.ajax({
    type: "POST",
    url: m.urlPost,
    data: JSON.stringify({...}),
    contentType: !1,  // BUG: !1 === false
    ...
})

contentType: false tells jQuery to skip the Content-Type header. The server expects JSON. It rejects the request.

The fix:

contentType: "application/json"

One line. Broken for months.

So I built my own unsubscribe page

My page calls the same API with the correct header. It just works.

If you know someone on the 24 Hour Fitness engineering team, please share this with them. It's a one-line fix.