A self-proclaimed data enthusiast calling themselves ‘ThinkingOne’ has made a huge database containing 201 million pieces of user data from X freely available. The data is said to have come from two previous leaks and includes email addresses, locations and profile data of users of the social media platform.
Another example of where it pays off to have separate email addresses/aliases for every website/service you use.
I think it pays even more to not use X
That’s re-victimization. People do people stuff, like using social networks. Furthermore, the database probably goes as far as previous to being bought, enshittified and renamed by Musk. So… you’re not being fair.
I think there’s a fine line between victim-blaming and identifying an object lesson. We all understand why people started using twitter, and people are creatures of habit. But this is an example of why people should stop using twitter. We’re not saying “this is your fault because you’re stupid if you’re still on twitter.” The message is “this should serve as a wake up call to anyone stuck in their habits.”
100%
Giving one’s real name and real information to a social network who is intending to track everything one does or says and the people one does or says it with is idiocy and it has never not been.
People do people stuff like not listening to people who have constantly been telling them not to push the button.
People stuff also includes continuing to use these horror networks for years after knowing full well they shouldn’t.
I’m fairy sure the guy above said “use X” not use social media. X is a particularly shitty platform.
The actual data compromise happened sometime before July 2022, months before Elon’s purchase of Twitter happened. Telling people they shouldn’t have registered their real phone numbers to Twitter in 2015 or whatever isn’t really a helpful argument to make today.
deleted by creator
Wait, so you literally have hundreds of accounts? How do you manage them all?
My email provider allows for unlimited aliases. So, while I have 600+ email addresses, emails to them all end up in the same mailbox.
The accounts for all the websites and services (with their specific email address) are in a KeePass database and they all have random passwords, too.
The only small issue is when you have to contact support of some service. Then, I have to configure the specific email address in my client so they can match that to my account with them. But most email clients allow multiple sender addresses without having to fiddle with the rest of the settings.
I do this too. The unique email address I create for each is identifiable to the place I’m using it. This has other benefits. If an organization you created and account with sells or has a data breech you know exactly which company it was when you start receiving spam or phishing email directed to that address. This is also nice because you can “black hole” that email address and all the spam goes with it even future spam not sent yet.
Exactly! I add a random string to each email address, too, so you can’t just guess other addresses. So, it’s usually something similar to
lemmy-r4nd0m@mydomain.me. And, whenever a breach happens, I’ll generate a new random part and set that as my email address and invalidate the old one. Until the next breach. (Looking at you, LinkedIn…)That is clever!
deleted by creator
Thanks for the guide on how to switch. I’ve been using a mail provider with my own domain for a while now. I’m not unhappy with their service but they only let me make a few inboxes. Good to know switching can be seamless.
Awesome. How’s the Addy privacy posture looking?
deleted by creator
How do you reply to those emails in case of needing to contact with said company.
I’d assume they would deny service if the user (even on the same custom domain) is not equal to the account holder.
deleted by creator
I don’t use an “alias provider”.
I just don’t use aliases for companies I need to send emails to. There are very few.
wouldn’t profilers simply track via the domain tld instead of the whole address…shopping1 at uniquedomain, bank2 at uniquedomain , etc
and in the case of aliasing, couldnt a domain provider tell where the aliases rout to and sell that info as a side earner?
deleted by creator
Password manager plus an emailing alias service. Protonpass integrates with SimpleLogin but there’s also ones like Firefox relay and anomaly (all open source)
Thanks, though do you have a link for Anomaly? I can’t seem to pull up anything.
Anon addy sorry lol
Yes, and Bitwarden+SimpleLogin. Bitwarden to keep track of login info including the alias that is used for that site. SimpleLogin is where the aliasing is actually handled, they have a decent UI for enabling/disabling or generating reverse aliases (for outgoing emails) when needed.
It does take a little more effort to manage it, but it’s worth the payoff. I’ve been using this setup for about 9 months now and I finally got my first spam email a week ago. I looked at the address it was sent to, it was an alias I used at a site I ordered something from about 6 months ago. I sent them a message letting them know that either someone at their company is selling customer info to scammers or their database has been leaked, then I shut off the alias. No more spam.
🫡
My email provider will auto-generate aliases with no limit, and I also subscribe to Mozilla Firefox Relay, which allows me to invent email addresses on the fly and have them relay emails to my inbox. The advantage of the Firefox Relay is that it isn’t tied to the email provider so if I switch provider the aliases can still work.
Hmm, 5 for free, I see; thanks for sharing. Is your provider Proton Mail?
No, I’m on Fastmail. It’s full-featured and has a slick web UI, but it’s not as good for privacy as Tuta, Proton, etc. Also, although Fastmail is Australian they apparently host their servers in the USA.
I use addy.io
Wow, infinite aliases?! This is way better than Fx Relay, thanks!
Proton Pass has a feature exactly for that. You can create unlimited number of aliases, and kill ones that bacame compromised.