this post was submitted on 23 Nov 2023
162 points (96.6% liked)

Technology

59317 readers
4753 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] SomethingBurger@jlai.lu 31 points 11 months ago (3 children)

WhatsApp: "you can now use email to access your account if you can't use your phone for some reason"

This community: "REEEEEEEEEEEEEEEEEEEEEE"

[–] WhatAmLemmy@lemmy.world 41 points 11 months ago (3 children)

People acting like a phone number isn't 100x more personally identifiable than email are delusional. I have like 700 unique emails atm, and can create a new one within seconds. I only have a few numbers.

[–] Annoyed_Crabby@monyet.cc 21 points 11 months ago (2 children)

In my country we're required to have our own identification tied to the number and we can only legally have a handful of number under a person name. Email is nothing lol.

[–] Alivrah@lemmy.world 7 points 11 months ago (1 children)

I have a very, very old SIM card. It's from the 3G era, which means I miss out on my phone's 5G capabilities. However, when I went to buy a new card I found out you're required to take a selfie and send to the telecom company alongside your ID and email, which is creepy enough to keep me using my 3G SIM...

[–] Annoyed_Crabby@monyet.cc 4 points 11 months ago (1 children)

Maybe you can request a new card but under the same number? In my country we can request for a new card that way, though we didn't need to take a selfie when buying a new number, just have to register your name and ID(quite old fashion but the rule is made in pre-smartphone era to combat scammer)

[–] Alivrah@lemmy.world 3 points 11 months ago (1 children)

I'd have to go to a telecom store to do that in person, which I don't really have an issue with, except that it may take a whole afternoon on a queue waiting for my turn.

Anyway, I rarely use mobile internet and when I do, it's mostly for text messages, so I don't feel a pressing need to upgrade.

[–] Annoyed_Crabby@monyet.cc 3 points 11 months ago

Ahh, that makes sense

[–] neutron@thelemmy.club 6 points 11 months ago (1 children)

I lived in a country doing that, and couldn't understand the people making social media profiles with their (actually traceable to a real life identity) phone numbers public. Don't you love receiving spam calls?

[–] Annoyed_Crabby@monyet.cc 3 points 11 months ago

Funny thing is, there's a time where the hot topic is basically facebook eavesdropping conversation then put on ads with item relevant to the conversation. Everyone talk about it being creepy, but everyone keep using it without any change. I think they just don't care ¯\_(ツ)_/¯

[–] Engywuck@lemm.ee 5 points 11 months ago (3 children)

I have a catch-all address with a personal domain. Infinite aliases for free.

[–] b000urns@lemmy.world 3 points 11 months ago (2 children)

Hmm🤔 I use Migadu and could probably set this up -- is this actually a good idea?

[–] lemmyvore@feddit.nl 4 points 11 months ago* (last edited 11 months ago) (1 children)

A catch-all is not a good idea. But Migadu lets you do something called pattern rewrites which are aliases that can contain wildcards. So you can set up a pattern like shop-*@yourdomain.tld and use addresses like shop-amazon@, shop-etsy@ etc.

It doesn't have to be "shop" you can use anything you want and make up the pattern in any way you want ("ama.shop.zon@" or whatever you can think of).

It's better than plus addresses ("realaddress+amazon@") because it doesn't have to include your real address, and you can make a pattern that nobody can guess, but still retain the ability to use one address per site so you know who's spamming you, and you can make them up on the fly.

In fact I no longer use my "real" address for anything except logging into IMAP and SMTP, I use aliases or patterns for everything else.

Edit: If you want to also be able to send email from these addresses make sure to enable "wildcard sender" for the associated mailbox.

These addresses do have one downside similar to catch-all: if one of them starts getting spam you have to make an explicit deny rule for it. Some people contend that this is a messy approach and they'd rather make regular (non-wildcard) aliases and deny everything else. The downside with that however is that you can no longer make up addresses on the fly, you have to go to the Migadu admin to create the alias every time.

[–] b000urns@lemmy.world 1 points 11 months ago

Hmm 🤔 interesting, I appreciate the qualified suggestions

[–] Engywuck@lemm.ee 0 points 11 months ago* (last edited 11 months ago)

"It works for me" (C)

[–] db0@lemmy.dbzer0.com 2 points 11 months ago (2 children)

Don't you also get infinite spam?

[–] lemmyvore@feddit.nl 1 points 11 months ago* (last edited 11 months ago)

Spammers don't bother scanning domains as much nowadays. They used to watch domain registration then spam addresses like admin@, contact@, office@ etc. but nowadays most people aren't dumb enough to use those anymore. So spammers would rather buy a list of millions of addresses that someone else obtained by breaking into sites like Yahoo or LinkedIn, which are much more likely to be valid addresses.

You can get bitten by catch all if someone who knows you and knows your domain and knows you have a catch all has it in for you and subscribes addresses at your domain to mailing lists and other spammy places. 😊

[–] Engywuck@lemm.ee 0 points 11 months ago

Actually (and surprisingly), I don't. Maybe it's due to WHOIS privacy.

[–] smeg@feddit.uk 1 points 11 months ago (1 children)

If they're all attached to the same personal domain then that's just as personally identifiable though

[–] Engywuck@lemm.ee 0 points 11 months ago (1 children)

Not if whois privacy is in place.

[–] smeg@feddit.uk 2 points 11 months ago (1 children)

True, signing up for several accounts using the same personal domain will create a link between those accounts though (whereas if they're all @simplelogin.com or similar then you're hiding asking the crowd)

[–] Engywuck@lemm.ee 2 points 11 months ago

Maybe. However, as long as they don't know my real name/identity I don't really care. Fact is that is much easier for companies to just block known email alias services than unknown random domain. Some of them do this already. Neither method is perfect, obviously.

[–] umbrella@lemmy.ml 2 points 11 months ago (1 children)
[–] Index_Case@feddit.uk 4 points 11 months ago (1 children)

I use Proton Mail, which lets you make 'aliases', which you can use for different sites. The alias forward staright to your main (or a nominated) email.

You can use https://simplelogin.io/ to do the same, and I'm sure there are similar services around.

E.g. I can't have feckwhatsapp@feckfacebook.com as my WhatsApp email, and it would forward to whatever account I normally use.

I do this for pretty much everything on line, so they all have their own bespoke email for me.

[–] victorz@lemmy.world 1 points 11 months ago (2 children)

Would you say Proton Mail's aliases are better in some way than Firefox Relay? Do you have experience with both to give your impression of which you'd recommend over the other? Or perhaps anyone else would care to weigh in, feel free to do so. Thanks, friends!

[–] Index_Case@feddit.uk 2 points 11 months ago (1 children)

I don't, I'm afraid. But I can say that creating and managing them through protons password manager is a breeze.

[–] victorz@lemmy.world 2 points 11 months ago (2 children)

Nice. So you do that through the password manager and not the email interface?

[–] WhatAmLemmy@lemmy.world 2 points 11 months ago* (last edited 11 months ago) (1 children)

You don't need to do it through the email interface. You can do it through many password managers (API key). With simplelogin and a custom domain you can set it up to use regexes and control the flow of emails to any number of inboxes. It's like a fine grained catch-all where you don't need to create the emails ahead of time and can "send as" any of them... or disable any if they start receiving spam.

If I wanted to activate a new Facebook I could just type fuckbookNOV2023@customdomain.com into the signup field and verify it seconds later. If I wanted it to go to both me and my brother, I could add his custom string (e.g. fuckbookNOV2023bruzz@customdomain.com).

I've been doing this for 2 years and only recently received my first spam. All I had to do was change the email with the service and disable the old address. Easy peasy. You can also disable the catch-all at any time if someone starts fucking your life. Then all you have to do is create a dozen emails ahead of time and assign them as needed.

Also u/umbrella

[–] Index_Case@feddit.uk 2 points 11 months ago (1 children)

Sorry, yes you do. Because it's so interlinked in my mind I got that wrong. But deffot the easiest way to do it I've found (as long as you're using proton mail though, I guess...)

[–] victorz@lemmy.world 2 points 11 months ago

Okay, thanks for the info!

[–] lemmyvore@feddit.nl 1 points 11 months ago (1 children)

Any email service will let you make aliases. If it doesn't, or if it price-gouges you for how many aliases you can make (which are basically zero cost for them) — find a better email service.

Also, there's no need to use a 3rd-party alias service unless the address you're protecting cannot be used on an email service, like if it's a gmail address for example so you're stuck with gmail. But even so you can buy a domain, forward your Gmail address to it, and start enjoying aliases and all kinds of cool features.

Look into services like MXroute or Migadu.

[–] victorz@lemmy.world 1 points 11 months ago* (last edited 11 months ago) (1 children)

Cool. I'm fine with using a 3rd party tool though. As a Linux user I'm quite used to having separate tools that do a single job well. 😊 I've been using Firefox Relay so far with positive results. But the free version is quite limited and you can't really customize the aliases at all.

But if Proton Mail already comes with aliasing, that would be a good alternative as I already have an address there. Just not a paying customer yet.

Trying to separate myself from Google a little bit as of late, so I'm looking for alternatives, but nothing too obscure and no self-hosting yet. I'd love a complete package like Google offers, kind of like Proton does.

What will be very hard for me to shake off is Google Drive and Google Documents (Sheets, Docs, etc). Very useful services that do their stuff well. Unfortunately. And very integrated into the only phones I enjoy using -- Pixel phones. 😑

[–] lemmyvore@feddit.nl 1 points 11 months ago (1 children)

Proton doesn't offer its own aliases, they use a third party service as well. It would basically be very similar to what you already get from Relay.

Have a look at Mailbox.org if you're looking for integrated services, they offer packages with more than just email. It's a long-running German service.

Please be wary of "encrypted" mail services, they make it fairly hard to migrate away from them later, if you need to. You need special tools to get your mail out of them, and those tools are at their whim.

[–] victorz@lemmy.world 1 points 11 months ago (1 children)

Proton doesn't offer its own aliases, they use a third party service as well. It would basically be very similar to what you already get from Relay.

Ah. By this, you mean they don't offer aliases that are under their own domain? Seems like a good thing to me, honestly.

Have a look at Mailbox.org if you're looking for integrated services, they offer packages with more than just email. It's a long-running German service.

Thanks for the tip!

Please be wary of "encrypted" mail services, they make it fairly hard to migrate away from them later, if you need to. You need special tools to get your mail out of them, and those tools are at their whim.

My understanding is that mailbox.org is one of these services? But you still recommend them? 🙂

[–] lemmyvore@feddit.nl 2 points 11 months ago (1 children)

My understanding is that mailbox.org is one of these services? But you still recommend them?

They just offer normal email features (TLS connections, PGP support, 2FA for webmail).

An "encrypted" service encrypts the messages at rest (on their server storage) but that makes it incompatible with normal email protocols which means you have to use their protocols and their apps to access it. Proton offers an adapter that allows you to use normal protocols (IMAP/POP3/SMTP) but it's only for PC, and if they ever discontinue that your email becomes captive.

[–] victorz@lemmy.world 1 points 11 months ago (1 children)

Oh I see what you mean now. Thanks!

But by captive, you mean inaccessible by any other means than their own interface, right?

[–] lemmyvore@feddit.nl 2 points 11 months ago* (last edited 11 months ago) (1 children)

Yes. With a service that uses standard IMAP/POP3 protocols you can always download your entire mailbox and upload it somewhere else. If it's dependent of their apps and they don't provide full download as a feature, you're stuck.

Of course if you're the type that doesn't keep much email on the server it wouldn't affect you that much but then the whole encryption thing makes even less sense.

[–] victorz@lemmy.world 1 points 11 months ago

Gonna be honest, I don't use email in a way that I need my data locally. I always just use their respective web interfaces or apps. Maybe I should be worried, maybe I'm naive. 😅

But these are very good points of info, so appreciate your help here! Thank you, friend!

[–] lemmyvore@feddit.nl 27 points 11 months ago (1 children)

The problem is that they're reaching for emails in addition to phone numbers. Don't think for a second they're going to let you login with just email. They want email just to have yet another data metric to profile you with.

[–] cheese_greater@lemmy.world -1 points 11 months ago
  • using an insecure medium like email to facillitate access to e2eencrypted messages. 1) you cant do that with Signal
[–] umbrella@lemmy.ml 3 points 11 months ago* (last edited 11 months ago)

My reeeing depends on if they are going to make it mandatory. And I have a feeling they are coming full force on the enshittification bandwagon.