this post was submitted on 27 Aug 2023
302 points (93.4% liked)

Privacy

31886 readers
467 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hello nice people,

I've been using NiceHash app for some time 5-6 years ago. (It was a simple app for mining cryptocurrency and you get paid in bitcoin on their wallet, then you could transfer bitcoin to another wallet.) It was working fine until they got hacked (or fooled us) and lost all crypto. Luckily I didn't loose much like some guys did. I decided not to use the service anymore and I'm still receiving stupid e-mail newsletters. I tried to unsubscribe and It asks me for login, I know password, but don't have 2fa anymore. Also I don't have backup 16 words.

Now support told me that this is the only way and I feel ridiculous about taking selfie just to unsubscribe. Am I protected against this somehow? I live in Europe and I think Nicehash is located in neighbourhood.

And of course I never wanted to subscribe...and I don't think I ever verified account with a document.

What are my options other than just filtering that shitty domain as spam?

edit: typo

top 50 comments
sorted by: hot top controversial new old
[โ€“] candle_lighter@lemmy.ml 144 points 1 year ago (1 children)

Nothing says decentralized currency like having a corporation that controls your assets ๐Ÿ˜‹

[โ€“] Astroturfed@lemmy.world 33 points 1 year ago (1 children)

Don't point out how all their bullshit requires middlemen and accounts holding their currency to make it work. That makes it looks silly. Almost like it's just more complicated harder to use money that people can more easily steal from you.

[โ€“] jet@hackertalks.com 20 points 1 year ago (1 children)

I love talking to tech recruiters... We are a defi startup revolutionizing the financial world.. "Cool, so distributed smart contracts, zero knowledge open source swarms?".. no, we run a centralized website where people give us money and we do a thing for them...

Putting the central back in defi. It's almost like their is willful ignorance in what their own words mean.

[โ€“] Astroturfed@lemmy.world 9 points 1 year ago (1 children)

Using buzzwords to describe doing something people have been doing for decades or centuries is all the newer big tech companies seem to do. They're just fancy new middlemen with a shiny interface for us to use.

[โ€“] jet@hackertalks.com 6 points 1 year ago

There are some really cool decentralized concepts that would be fun to work on. But only a tiny handful of companies actually do, it's usually a open source group doing it.

Makes me mad when I talk to the imposters

A requirement beyond an email address to unsubscribe from an email newsletter is illegal in most western countries.

What's wrong with filtering their domain?

[โ€“] eager_eagle@lemmy.world 65 points 1 year ago* (last edited 1 year ago) (2 children)

That looks like a proper request to disable 2FA. Their problem is requiring login to unsubscribe from newsletter emails, which is total BS.

If support won't take your email out of their list, just block the address / domain and move on, I guess.

I wouldn't give them any extra personal info after what happened.

[โ€“] Pseu@kbin.social 13 points 1 year ago* (last edited 1 year ago)

This is what I do when I can't unsubscribe in a minute. No reason to waste time on this, it is a solved problem.

[โ€“] pianoplant@lemmy.world 2 points 1 year ago* (last edited 1 year ago) (1 children)

It's probably not for marketing emails. They probably require login to disable account alerts. Imagine a threat actor gets access to your account, turns off transaction alerts so you aren't notified, then transfers out all your crypto.

I'm certain the marketing emails don't require login to unsubscribe.

[โ€“] eager_eagle@lemmy.world 8 points 1 year ago

OP is receiving newsletters

[โ€“] IgnacioM@lemmy.ml 50 points 1 year ago

Unsubscribing and disabling 2FA seem like two different things.

[โ€“] OsrsNeedsF2P@lemmy.ml 44 points 1 year ago (6 children)

GDPR allows for the company to verify your identity before proceeding with deletion. Source: https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/dealing-citizens/how-should-requests-individuals-exercising-their-data-protection-rights-be-dealt_en

[The company] can ask [you] for additional information in order to confirm the identity of the person making the request.

[โ€“] Blizzard@lemmy.zip 52 points 1 year ago

But if OP did not provide "selfie" during registration, providing it now doesn't help confirming his identity so it doesn't fall into that category. I would aks them how do they justify that and if they are trying to discouraged me from deleting the account.

[โ€“] rambos@lemm.ee 16 points 1 year ago (1 children)

Also, Im not trying to delete account (but that eould be ideal), Im just trying to unsubscribe. I guess it doesnt matter here FML ๐Ÿ˜‚

[โ€“] Schlemmy@lemmy.ml 11 points 1 year ago

They should unsubscribe you by simple request and only need your e-mail for that. You could verify by clicking a link in an unsubscribe email.

[โ€“] Schlemmy@lemmy.ml 13 points 1 year ago (6 children)

They can't ask for more information than what they needed to create your account.

But maybe they're seen as a bank and then they have to confirm your identity with a copy of your id.

load more comments (6 replies)
load more comments (3 replies)
[โ€“] pianoplant@lemmy.world 36 points 1 year ago (2 children)

Probably an unpopular opinion - but I actually think requesting overriding 2fa is a big deal and companies shouldn't do that lightly. If I had a lot of money in crypto I would sure hope the exchange would scrutinize a request to turn off 2fa. And if op had saved their backup words they wouldn't have been in this situation.

Now requiring that to change an email subscription is not great, but again - turning off 2fa without the proper backup options should be difficult and scrutinized.

[โ€“] Falmarri@lemmy.world 14 points 1 year ago (2 children)

Requiring logging in to unsubscribe is absolutely bullshit. I mark all emails as spam that don't automatically unregister with ONLY clicking a lick. I'm not providing my email, I'm not logging in.

load more comments (2 replies)
[โ€“] kevincox@lemmy.ml 11 points 1 year ago (3 children)

For bypassing 2fa this does seem reasonable. But anyone who can access the email address should have the permission to unsubscribe from messages.

For example on my service there is the concept of a "primary email" which is the only one that can be used to reset the password. But even if you have lost the password and access to your primary email you can still unsubscribe any other email from notifications as long as you can show access to that particular email. You won't regain access to the account but you can turn off emails.

load more comments (3 replies)
[โ€“] rolandtb303@lemmy.ml 31 points 1 year ago (1 children)

ahh, the sponsor from LTT that mined your PC while at idle :)

[โ€“] cordlesslamp@lemmy.today 5 points 1 year ago (1 children)

I actually made enough each month to pay rent for almost 2 years during the Covid pandemic (subtracted the energy bill).

[โ€“] ExoMonk@beehaw.org 5 points 1 year ago

I made enough to pay for the 3080 I was mining on and heat my office in the winter at the same time.

[โ€“] icepuncher69@sh.itjust.works 25 points 1 year ago* (last edited 1 year ago) (1 children)

You should just block them. Otherwise try with ai generated images, i heard midjourney works really good. But if you wanna cause damage threat to sue them if they dont whant to unsubcribe. You can probably do it since you are on european union and they take this type of shit seriously afaik, probably could do something aboit the money you lost too if it turms out they where being fishy aboit it.

[โ€“] rambos@lemm.ee 7 points 1 year ago

Thanks. Im not gonna sue them, but I might report that if I find the right address. Ill first wait for their response to my last email. Thx for input

[โ€“] iamak@infosec.pub 22 points 1 year ago* (last edited 1 year ago) (1 children)

If you really want to be keep using the service, get a non watermarked random guy's pic (he must be holding something) from the internet, write what they want on a paper and edit the pic so that the guy is holding what you wrote. This might not work because of the personal ID requirement but trying it doesn't hurt.

They usually have a face detection algorithm running along with ocr and rarely check if this is a stock photo. I need to use Instagram to be in the loop. They blocked my account for using Barinsta so I did this and they unblocked it.

[โ€“] rambos@lemm.ee 5 points 1 year ago (1 children)

Hehe this made me laugh. Thank you!

Your story is also about nicehash? I might do that if I manage to digure out that pic. I will try

load more comments (1 replies)
[โ€“] wAkawAka@lemmy.world 18 points 1 year ago (1 children)

Don't send any data that you haven't sent already! Just block 'em f out, feels so nice :D Or they'll demand a nude selfie next time!

[โ€“] rambos@lemm.ee 6 points 1 year ago

If I ever send picture it will be nude selfie for sure ๐Ÿ˜‚

[โ€“] jet@hackertalks.com 10 points 1 year ago* (last edited 1 year ago)

I can't speak for Europe, but a certified letter saying in no uncertain terms that you don't wish to be contacted again, sent to their legal department should carry the day.

If you have a lawyer friend, bonus points for saying all future correspondence must go through your legal representative, and no other methods (email, phone, sms) are welcome. I believe that notice carries legs in the US.

In europe I suspect the GDPR should let you get all your data, and account removed without jumping through their hoops.

[โ€“] Extrasvhx9he@lemmy.today 9 points 1 year ago* (last edited 1 year ago) (1 children)

If its just to verify does that mean they already have the information on record, like their picture? If not whats stopping someone from using someone elses picture and photo editing in the requirements?

load more comments (1 replies)
[โ€“] Nerrad@lemmy.world 8 points 1 year ago (1 children)

I would just block their shit in email

[โ€“] kevincox@lemmy.ml 7 points 1 year ago

Yup. I try to unsubscribe nicely once. If it isn't honored they are going straight on my provider's spam list.

[โ€“] AnonTwo@kbin.social 7 points 1 year ago* (last edited 1 year ago)

I mean, just mark as spam?

It hurts them more if a bunch of people mark them as spam and it becomes a trend doesn't it? Just seems like a design issue on their part.

I always figured that companies generally wanted to avoid that.

[โ€“] StellarTabi@hexbear.net 7 points 1 year ago* (last edited 1 year ago)

I'd setup a thing to auto-mark them as spam and forget about it. CAN-SPAM and FTC guidelines dictate that for non-transactional emails like newsletters, the user must be able to unsubscribe without a fee and without requiring a login. IDK anything about European law.

[โ€“] glacier@lemmy.blahaj.zone 6 points 1 year ago (1 children)

You could block them and the emails will be sent to your spam folder.

load more comments (1 replies)
[โ€“] Vexz@kbin.social 5 points 1 year ago (1 children)

If it's just the newsletters that bug you then just use a filter that automatically deletes them.
I do this on my email account I use for websites I don't trust too much and will probably sell the email address for advertising purposes. Sometimes they then subscribe me to their newsletter and the unsubscribe button in the newsletter is often fake. So I use filters that delete them immediately.

load more comments (1 replies)
[โ€“] olorin99@artemis.camp 4 points 1 year ago (1 children)

What happens if you just send the example selfie instead of your own? Do they actually check it?

load more comments (1 replies)
[โ€“] WhoRoger@lemmy.world 3 points 1 year ago (2 children)

If you asked to delete or alter the account, then it makes sense. To unsubscribe from emails... Well normally not but I guess it's financial information, and you can't use 2FA, so I guess it makes sense that they need to protect themselves.

If you never used a document to sign up, then it's ridiculous to ask for more information... Not sure if it's actually illegal though, as long as they handle the data correctly.

load more comments (2 replies)
[โ€“] OrangeCorvus@lemmy.world 3 points 1 year ago (2 children)

That's stupid and illegal in Europe since you only want to unsubscribe from emails. The few sites for which the unsub button does nothing, I usually contact them and tell them they are breaking the EU law and if they don't stop, I will report them. Works all the time.

[โ€“] Pietson@kbin.social 4 points 1 year ago (1 children)

You should report them either way.

[โ€“] rambos@lemm.ee 3 points 1 year ago (2 children)
load more comments (2 replies)
load more comments (1 replies)
[โ€“] vox@sopuli.xyz 3 points 1 year ago* (last edited 1 year ago) (2 children)

well at least they provide this as an option. usually if you lose your 2fa, hardware keys (such as android phones) AND recovery codes, your account is gone. period.
there's literally no other way to confirm your identity without something like id or a credit card if your credentials are gone.

load more comments (2 replies)
[โ€“] AOCapitulator@hexbear.net 2 points 1 year ago (1 children)

I felt bad for the person being manipulated like this but then I saw that this was a cryptomining service and I approve of this as a punishment

load more comments (1 replies)
load more comments
view more: next โ€บ