Comment by left-struck
9 months ago
> The problem with verifying breaches sourced from data aggregators is that nobody willingly - knowingly - provides their data to them
This is a bit of a tangent but I feel like if we can prove this statement then these data aggregators should be made illegal. How can you consent to something that you don’t know you’re consenting to? Likewise why do these entities have the right to collect detailed personal information like SSN without your explicit, beyond reasonable doubt, consent? To me this is the most obvious failure of the legal system, it clearly goes against well established legal principles that a basic requirement of an agreement is that all parties know what they are agreeing to.
Obviously there is some leeway with agreements where it’s not possible to clarify every eventuality but lets say if you’re applying to rent a place through an online form and that form shares your SSN to a data aggregator, it should be extremely clear about that, and possible to out out while still allowing you to complete the rental application without discrimination.
It’s like, it should be possible to show that no one, with in reason, consented to sharing their data with this aggregator because no one is able to confirm that they did. Sure one person could forget, or lie, but 100s of millions of people? No. Clearly almost zero people knowingly consents.
I have been using a different site@mydomain email address for every service I've used for the past 15 years. I can point to exactly which site breach furnished my email address to the aggregators.
Care to call out some bad actors so others know to avoid business with them?
I recently started using unique emails for everything I sign up for. Thankfully I haven’t seen anything yet, but I have little hope it will stay that way.
I second this request of releasing the results of this “digital tracer dye” experiment. If their respect for your personal data is that low, they deserve to be named and shamed. And more.
Surprisingly, there aren't that many. When I started, I thought I would catch my email address being resold. The only reseller has been Democrat politicians or funding sites like Go Blue. The other one is Engagez, which is some kind of tech vendor expo I signed up for with some meetup event.
The most widely spread breached address is LinkedIn by a wide margin. Houzz is second. Zynga, Imgur are also in contention.
When I started getting porn spam from the Diver's Alert Network, I alerted them to a breach. They misunderstood and just told me how to change my password.
The most annoying thing is that I found my personal robert@ email address is HIBP under the evite breach. I so jealously guard my personal address. A well meaning friend invited me to something with evite. And that's all it took.
1 reply →
I like email forwarding services, like ddg, mozilla’s relay, iCloud’s hide my email and simple login. Unique password and email address for every website, plus, like you said if your unique email shows up somewhere it’s a smoking gun.