Privacy

32482 readers

267 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Shouldn't you make email aliases for not only every contact you exchange emails with, but every combination of contacts it must be shared with? (lemmy.world)

submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]

9 comments fedilink hide all child comments

Basically create an alias for every combination to prevent privacy cross contamination.

For instance, not only should you make an email alias for an Eventbrite account, but for every organization you sign up for events with. You are required to enter an email (any email) for the event, which can be seen by both Eventbrite and the organization. If you enter in the email of your Eventbrite account then the org could give that away, resulting in email spam and you can't be sure if it was either Eventbrite itself or the org that sold you out. If that happens then you would probably want to delete email address but then you have to change it in other places you need to send/receive emails from.

Another example is Discourse forum sites. While Discourse is open source and self-hostable, you may not always be sure if a Discourse site is self-hosted or using paid hosting. A lot online places have both their own website and a separate discourse site. Bitwarden's forum site doesn't have a sign-in option using your Bitwarden.com account, and Raindrop.io uses canny.io to track app feedback which has also uses its own login. (I'm actually glad I made an alias for every single Discourse forum site before realizing all of this).

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] -1 points 1 week ago (3 children)

Then you end up with an inbox full of drive-by spam to abuse/admin/aardvark/.. (insert dictionary here)../zack/ziggy.

[–] [email protected] 4 points 1 week ago* (last edited 1 week ago)

I believe there are some services, including some selfhosted ones, that allow you to quickly create (and later delete) unique aliases.

That said, I was surprised that these dictionary spam attacks don't really happen all that much, at least based on my own experience. Most of the ambient drive-by spam my server receives targets email addresses belonging to domains I don't even own. Blocking those and a few Sieve scripts gets rid of 99% of spam for me.

Interestingly, there was one time I received spam to a bogus address belonging to my own domain: A while back, one of my actual email addresses got leaked (thanks Sega) and a few months later that address got copied into another dataset but with a typo, which I assume was caused someone using OCR.

[–] [email protected] 2 points 1 week ago

Is this experience or conjecture?

[–] [email protected] 2 points 1 week ago

Is that something you have experience with or are you just making up scenarios to pose as arguments?

Because I've been doing this for years and I don't have this issue. You could also just preemptively auto-trash anything that goes to those very common emails, but I don't and it's not an issue.