EmailDiscussions.com  

Go Back   EmailDiscussions.com > Discussions about Email Services > Email Comments, Questions and Miscellaneous
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

Email Comments, Questions and Miscellaneous Share your opinion of the email service you're using. Post general email questions and discussions that don't fit elsewhere.

Reply
 
Thread Tools
Old 26 May 2022, 06:57 AM   #16
TenFour
Master of the @
 
Join Date: Feb 2017
Posts: 1,356
Quote:
Reusing a distinctive local-part can also potentially leak information about identity when a website is hacked.
Doesn't using your own domain have the same problem?
TenFour is offline   Reply With Quote
Old 26 May 2022, 08:02 PM   #17
TenFour
Master of the @
 
Join Date: Feb 2017
Posts: 1,356
Just for kicks I did a Google search on a Gmail address I have used in probably thousands of places for about 16 years and it was interesting what came up. It was only one page with 8 results, and everything there was very old. You really couldn't learn much about me from those results. It is an interesting exercise to try with important email addresses you use regularly. Based on this search the biggest threat to my personal email address appears to be several professional organizations I am a member of. Their directories of members have also been used regularly to spam me. Just last night I was thinking about this as I quickly scanned the Spam folder of my email. The lesson is to watch out for memberships in organizations if they publish the member list on their website for some reason.
TenFour is offline   Reply With Quote
Old 2 Jun 2022, 05:34 AM   #18
SideshowBob
Essential Contributor
 
Join Date: Jan 2017
Posts: 203
Quote:
Originally Posted by TenFour View Post
Doesn't using your own domain have the same problem?
Yes, that's why I still use a few anonymous free accounts for mailing lists and things like forum sign-ups. These things don't need monitoring.
SideshowBob is offline   Reply With Quote
Old 2 Jun 2022, 08:13 AM   #19
ioneja
Cornerstone of the Community
 
Join Date: Jul 2011
Posts: 694
Quote:
Originally Posted by TenFour View Post
Doesn't using your own domain have the same problem?
Same kind of issue, yes, but you can mitigate that to a degree by buying really generic-sounding domain names and then making sure to use whatever domain privacy services that your registrar offers to protect your WHOIS info. To your signups, your domain will look like every other boring web services domain, nothing distinctive or noteworthy. Better yet, buy more than one and spread your aliases around.

Then use a service like SimpleLogin with your custom domain(s) and you can fine-tune all your aliases and who can reach you. Then you'll have a nice set of tools to control your inbound email, which looks generic, generally flies under the radar unless you have a nosy website or service you're signing up for, PLUS your domain is portable in case your alias service (in this example, SimpleLogin), goes out of business. Or you just want to move service providers.

Worst case scenario, a domain gets "outed" with your personal WHOIS info during some Registrar breach (it has happened before!), and that of course is extremely annoying, so you will have to decide how much hassle you want to go through to migrate those aliases to another generic-sounding domain. Then you can theoretically ditch the old domain and move on with life.

In practice, I've found this approach solves the service lock-in problem and gives you portability, but you do technically increase your risk of some nasty hacker exposing your WHOIS info.

The larger risk, IMO, is service lock-in though. I've made that mistake before and I am *still* migrating out a bunch of personal aliases from one email provider that I no longer use, except I still pay for the service to maintain the aliases as I painfully migrate them out. It's very frustrating and time-consuming. Owning a custom generic-sounding domain for all those aliases would have saved me a huge amount of hassle.

So for me, it's "never again" getting stuck in service lock-in. It's just such a massive pain.

In any case, another question to consider is what degree of anonymity you really want to achieve with your aliases, considering how many breadcrumbs and other identifying fragments we leave everywhere we browse... and even more than that, what degree of anonymity is *realistic* to achieve with your current habits and behavior on the Internet? The more anonymity you want, the more hoops you have to jump through. As you know, you are being triangulated by many factors, and your email address is just one of those factors.

So I find the approach outlined above gives a certain level of simplistic anonymity suitable for most newsletter signups, store signups, "normal" reputable memberships, etc... but for anything that requires more significant anonymity, that approach would not be effective.
ioneja is offline   Reply With Quote
Old 2 Jun 2022, 08:39 AM   #20
TenFour
Master of the @
 
Join Date: Feb 2017
Posts: 1,356
Quote:
Same kind of issue, yes, but you can mitigate that to a degree by buying really generic-sounding domain names and then making sure to use whatever domain privacy services that your registrar offers to protect your WHOIS info.
I think the point is that there is some worry that Internet thieves will use things like your email address to gather intelligence on who you are to be able to eventually hack into various online services you use. No matter how generic sounding the domain it is still unique so can't someone just search on something like @customdomain.com and learn a lot about you? Or search crypto forums for any poster that uses that domain to learn which crypto services you are using? Frankly, though, I think for 90% of us it doesn't really matter if we have one email address at Gmail or hundreds of one-off email aliases. Unless we are being specifically targeted for some reason nobody is building a dossier on our Internet lives. And, if for some reason we do get targeted there really is no place to hide on the Internet. Just use good security practices like never reuseing passwords, make them long and unique, and use 2FA with anything that could cause loss of money and you are better off than 99% of the people on the Internet.
TenFour is offline   Reply With Quote
Old 2 Jun 2022, 09:06 AM   #21
ioneja
Cornerstone of the Community
 
Join Date: Jul 2011
Posts: 694
Quote:
Originally Posted by TenFour View Post
I think the point is that there is some worry that Internet thieves will use things like your email address to gather intelligence on who you are to be able to eventually hack into various online services you use. No matter how generic sounding the domain it is still unique so can't someone just search on something like @customdomain.com and learn a lot about you? Or search crypto forums for any poster that uses that domain to learn which crypto services you are using? Frankly, though, I think for 90% of us it doesn't really matter if we have one email address at Gmail or hundreds of one-off email aliases.
Right, the approach I mentioned is suitable for most newsletter signups, store signups, "normal" reputable memberships, etc.... but for a higher level of identity abstraction/protection/obfuscation/anonymization, you have to jump through more hoops. For crypto and anything financially sensitive, I'd definitely not use that approach, for example.

Quote:
Originally Posted by TenFour View Post
Unless we are being specifically targeted for some reason nobody is building a dossier on our Internet lives.
Here I disagree in part -- there is absolutely a dossier on your Internet life being built, mostly by big tech, and mostly for the granularity of detail that will increase advertisement effectiveness. But your identity and profile are commodities that are being bought and sold every day, built and cross-pollinated with other databases, for all sorts of reasons, such as targeted ads, to financial services, to background checks, to reputation services, to identity verification services (which tap into many databases!), in legal searches or dragnets, government overreach (especially in some parts of the world), by hackers for identity theft and other reasons, voting information, demographic analytics (or worse), product research, and even just careless incompetence by some IT guy who got lazy with security so it becomes public info, then integrated into a profile somewhere. There are numerous examples of this, it's very sad.

While someone might not be actively "targeting" you, that doesn't mean elaborate "dossiers" (to loosely use that word) aren't being created. Now that might not mean much to most people, but I think it's worth the effort for people to consider how their data might get abused, and then look for proactive ways to protect themselves and reduce their areas of exposure. Using some of these alias approaches can help somewhat. It's just part of the bigger picture. The largest factor is of course habits and behavior online. Case in point is the pattern of so many of the younger generation, for example, that shares so much personal info in social media, so their surface area of exposure is massive, unfortunately. It's worth a good talk with our kids (or grandkids!) to help them realize the implications of what they share online.

In any case, there is no one size fits all kind of solution. Just a bunch of different ideas and people can figure out what might work best for their situation. My two bits only.

Last edited by ioneja : 2 Jun 2022 at 09:12 AM.
ioneja is offline   Reply With Quote
Old 2 Jun 2022, 07:37 PM   #22
TenFour
Master of the @
 
Join Date: Feb 2017
Posts: 1,356
Quote:
I think it's worth the effort for people to consider how their data might get abused, and then look for proactive ways to protect themselves and reduce their areas of exposure.
Sure, but I think most people worry about the wrong things most of the time. For example, despite using one-off email addresses for everything and never giving out your real address all it takes is clicking on one link in whatever emails that do arrive and you can be hacked. In other words, 99.9% of online attacks are random, not targeting you specifically, yet people worry the most about the Black Swan event of someone collecting personal information and using it against them. So, I would argue, it is far more important to use an email service that blocks or properly labels suspicious emails. And, the service needs to provide an effective way to block or report dangerous emails. That's a failure I have found with many smaller services.
TenFour is offline   Reply With Quote
Old 2 Jun 2022, 10:48 PM   #23
ioneja
Cornerstone of the Community
 
Join Date: Jul 2011
Posts: 694
Quote:
Originally Posted by TenFour View Post
Sure, but I think most people worry about the wrong things most of the time. For example, despite using one-off email addresses for everything and never giving out your real address all it takes is clicking on one link in whatever emails that do arrive and you can be hacked. In other words, 99.9% of online attacks are random, not targeting you specifically, yet people worry the most about the Black Swan event of someone collecting personal information and using it against them. So, I would argue, it is far more important to use an email service that blocks or properly labels suspicious emails. And, the service needs to provide an effective way to block or report dangerous emails. That's a failure I have found with many smaller services.
All good points, in agreement, goes along with what I mentioned about habits and behavior online being the largest factor. All the alias paranoia and wizardry in the world won't help you much if you click on a bad link, for example.

And a good thing this forum still exists, since some level-headed and reasonable responses still seem to be the norm here.
ioneja is offline   Reply With Quote
Old 3 Jun 2022, 09:27 AM   #24
JeremyNicoll
Essential Contributor
 
Join Date: Dec 2017
Location: Scotland
Posts: 376
Quote:
Originally Posted by SideshowBob View Post
I don't bother, most of us only need one domain for email and don't see it as a matter of life and death. In the unlikely event I missed all the warnings, my email would stop, I'd notice and I'd fix the problem.
I largely agree with you, except for one thing. Instantly fixing the problem won't be so easy if - by bad luck - a problem happens just as you suffer a nastly illness, or a stroke or whatever ... and as we all get older these things become more likely.

Or, suppose you go on holiday - on a world cruise or something - and you don't spend a biggish chunk of every day online?
JeremyNicoll is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 07:52 AM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy