Springtime
a month ago
Just in terms of privacy, it's worth noting that anyone who has uploaded something on IA already has their email address publicly viewable.
This isn't something that commonly known (even judging by comments here) but in the publicly viewable metadata of every upload it contains the uploader's IA account email address. So from a security perspective it's bad but from a privacy perspective a lot of users probably weren't aware of this detail if they've uploaded anything.
hunter2_
a month ago
This raises an interesting question: should email addresses be private? Addresses of buildings aren't private, and they're somewhat analogous as with many computing concepts. (Aside: Before spam filters were quite good, it was typical to avoid scraping of addresses by mild obfuscation, but I think those days are gone, and this is distinct from privacy anyway.)
If someone wants to upload and never be found out, then they need to use a throwaway address in any case, lest they be providing their "private" address to the administrators of the service without explicitly forbidding further disclosure. If I say something to Alice without demanding that Alice keep it from Bob, then I implicitly don't mind if Alice tells Bob what I said.
tjoff
a month ago
Whether the email is considered private or not is completely orthogonal to whether you are allowed / should tie an action to your email. And then again completely orthogonal whether you can/should make that connection public.
Even if your email is public information and even if what is uploaded is public information that doesn't imply that the email address behind the account that uploaded that information should be public.
nerdponx
a month ago
The same exact thing goes for physical addresses too. The fact that I live at my address is public knowledge. But the presence of my address in any particular database, mailing list, etc. is not and should not be public knowledge.
stefs
a month ago
i agree. if "user contacting another user" is a feature, there should be the option to (optionally) supply a different email address than your account email or use an online form that keeps your account email hidden.
slimsag
a month ago
There is software which is intended to e.g. locate the GitHub profiles of people working at companies, then scrape all public repositories they've contributed to for their email address and the emails of their coworkers - to enable targeted advertising to those individuals. Very common in enterprise sales.
With ChatGPT, this can be extended to create emails that look very personal - as if someone has followed all of your work and is genuinely interested in what you are up to - with extremely low effort. And people are already doing this, I already get emails like this today.
Should emails be private? I don't know - I personally consider them to be public because I know for a fact mine will eventually be public whether I like it or not. But I am aware AI is out their slurping up every public communication I've ever had, and is likely trying to manipulate me in various ways already today.
benterix
a month ago
This was a problem already before the generative AI era, it just got less expensive. The only way to reduce it is to have two work addresses: one that you rarely check and is exposed to the public, listed on your profile etc., and the real internal one just to get the work done.
pixl97
a month ago
>it just got less expensive
Quantity is a quality. Add that the AI can profile you and do a decent job spear phishing and you're talking about a sea change.
>and the real internal one
“Three can keep a secret, if two of them are dead.”
There is no such thing as an 'internal' email you communicate to other people outside your company with. It's just an email address. Someone at some point will leak it by accident or malice.
benterix
a month ago
> There is no such thing as an 'internal' email you communicate to other people outside your company with. It's just an email address. Someone at some point will leak it by accident or malice.
Sure, so personally I never use it to communicate with people outside. Also, I make sure it's never used to register with external licenses like Docker Desktop etc. as they subscribe me to their spamlist and send the usual semi-personalized messages - but as far as I can tell most of these bigger companies don't sell them outside (for a good reason). Startups, however, will do what they want and will make sure to squeeze the last drop from the info that such-and-such person works and that company and does X.
Roark66
a month ago
About AI slurping all information. I bet one of the first ideas organisations that spy on population had when the recent AI boom happened was: How about we just train our AI on all the intercepted data and just ask it? Is John Smith a terrorist (for our definition of terrorist)? And the AI would reply: Yes he it, he searched on Google where to buy these ingredients that can be used to make explosives. So then they go and figure out some way to "legally" arrest the guy and obtain more private info. It looks like the guy was buying the stuff because he's got a plot of land to fertilise and an old car to paint. So they ask the AI again. You said John Smith is a terrorist! And the AI would answer. I'm really sorry, I'm doing my best and I'll endeavour to do better in future. After this the agents ask for another billion $ because clearly they need more VRAM.
user
a month ago
boscovn
a month ago
Personally I've been using an email aliasing service (simplelogin) and try to use a different alias for every purpose. I don't use it for my git commits but I find that email aliasing services are something to look into not just for privacy concerns but also spam mitigation
kurisufag
a month ago
>With ChatGPT, this can be extended to create emails that look very personal - as if someone has followed all of your work and is genuinely interested in what you are up to - with extremely low effort. And people are already doing this, I already get emails like this today.
shit, now i don't feel like sending e-mails to people i'm actually interested in
II2II
a month ago
> This raises an interesting question: should email addresses be private? Addresses of buildings aren't private, and they're somewhat analogous as with many computing concepts.
There are several ways to look at that.
The organization that I work for considers anything that ties two pieces of information about a person together as private information. That is to say that a person's name is not private and a phone number is not private, but connecting a phone number to a name is private. In one form or another, an email is frequently tied to a name (e.g. the email address is based on their name, or an account record includes both a name and an email address).
Another way is to consider how accessible the information is. There was a lot of information that was not considered as private prior to the widespread adoption of the internet. One issue that I remember popping up in the early 1990's involved property (i.e. land) records. Historically, people had to go to a government office to access them but they were publicly available. Since they were publicly available, some governments made them available online. Once they were available online, the barriers to access were removed (e.g. having to physically visit an office) and the ability to abuse that information was vastly increased. All of a sudden, people started considering something that used to be considered as public information as private information.
Springtime
a month ago
An issue is for most sites/services an email has just become a standard authentication method, rather than something that can easily be more unique per account. So any usernames across sites/services that share it identify that user as being the same person (for data broker profiling, doxxing, etc), which is the privacy issue (not the email address per se, unless it perhaps contained one's real name).
For contrast truly unique email aliases for example aren't possible on common services like free Gmail*, only things like self-hosting/certain paid email hosts, which makes less feasible for many. So from a privacy perspective while in an ideal world everyone would be able to freely create entirely unique per-account creds we're mostly stuck with the email implementation.
* One could create entirely separate accounts but it's high friction and IIRC the same phone number (now a requirement) can only be used for 2-3 accounts.
StressedDev
a month ago
Proton Mail and iCloud’s hide my e-mail feature allow users to have unlimited e-mail addresses. You can also get unlimited e-mail addresses by running your own e-mail server or using something like Office 365’s business e-mail (costs about $4 per month).
bossyTeacher
a month ago
is running your own e mail server a good idea in 2024? Security issues aside, you are at the mercy of the big email providers and whatever rules they want you to follow
kroltan
a month ago
For e-mail addresses as an authentication tool, you don't really need to be able to send emails at all, just receive them, and I think that is pretty feasible to not run afoul of the usual shenanigans.
rrwo
a month ago
I think the cost of paying for a dedicated email service is worth it. (There are plenty of smaller, privacy-oriented services such as Proton Mail or Fast Mail.)
They're better at it than I am, and it means I don't have to fill up my free time maintaining another server.
bsammon
a month ago
> One could create entirely separate accounts but it's high friction and IIRC the
> same phone number (now a requirement) can only be used for 2-3 accounts.
I've wondered about this. Every Android/ChromeOS device I've ever bought, I had a new Google account created for it (during setup, instead of using an existing account), and only a few actually had phone numbers (I don't generally use smartphones for telephony). Is "Google account" synonymous with "GMail account" these days?
I've had this idea for an experiment where I get such a device (without a simcard), and see how many times I can iterate the Initialize-Device-With-New-Google-Acct-PowerWash-Repeat cycle, and how many Gmail accounts I would have as a result.
sureglymop
a month ago
Why did you do that? Android doesn't require an account to work.
bsammon
a month ago
(For both Android and ChromeOS) I thought it would be significantly easier to let it use a Google account, than it would be to make it proceed without one. Was I wrong? Serious question.
Links to information would be appreciated, even/especially if it's a complex task to do this.
(I never put a lot of effort into this, because having the Google account be anonymous/fake-named was generally tolerable for my privacy standards)
exe34
a month ago
I think it does if you want to install anything from the Play Store.
gdevenyi
a month ago
Aurora store gets around that
exe34
a month ago
the search doesn't really work does it? you have to search on Google and then click on it to open with aurora.
but you're right, it does help!
gdevenyi
a month ago
The search worked for me to find a single app I needed when I was setting up a single-use tablet recently, but I haven't used it hugely beyond that. YMMV
KronisLV
a month ago
> This raises an interesting question: should email addresses be private?
I sadly don't think that's viable.
What might be, in our current world, would be having a mail server/client setup where you can generate random addresses for yourself like Wf1JJUBHLu@domain.com and never re-use an e-mail address, much like with passwords, while being able to see all of the incoming mail in the same place and respond with the corresponding accounts.
Then, when your address gets traded around, it'd be fairly obvious (with some basic bookkeeping, e.g. a text field with purpose/URL for why a certain address was created) who is to blame for it and blocking incoming traffic from somewhere would be trivial as well.
I do have a self-hosted mail server and there are commands to create new accounts pretty easily, I'd just need to figure out the configuration for collecting everything in one place, as well as maybe make a web UI for automating some of the bits. I wonder if there are any off the shelf solutions for this out there.
ddoeth
a month ago
I also have my own mailserver and I don't create new accounts, I have a wildcard filter that drops all emails that come to my domain in my inbox. This is of course only viable when you are the only person using the domain, but I just sign up with a new mail address every time I sign up, for example my hackernews account would be hackernews-acc@xx.com That way I have a clear differentiator for every domain.
iam-TJ
a month ago
I do something similar except that I do not allow wildcard reception - I create unique service-identifying user@ for each service I give an address to, and have a simple script that immediately adds that to the Postfix virtual table.
That way the SMTP server can reject all unknown user@ without accepting them in the first place - preventing spamming and some types of denial of service through resource starvation.
I also apply greylist based on a unique tuple (From, To, client IP address) so on first connection with that tuple valid SMTP clients need to re-deliver the email after a waiting period. Any subsequent delivers are accepted immediately.
KronisLV
a month ago
That's a pretty cool approach! I'd only be worried about the risk of leaking the main account address when responding to anything, but it's probably doable with a bit of research, like Postfix catch-all setups seem straightforward enough.
climb_stealth
a month ago
FWIW that should just be a matter of using the right configuration and mail client. With Fastmail for example I get to use a catch-all setup with my domain, and respond to whatever email it was sent to.
And the other way around as well. Send an email from an arbitrary <whatever>@domain email address.
EVa5I7bHFq9mnYK
a month ago
Yes, but privacy suffers with this approach, because if one of emails ending in @domain.com is tied to your identity, all are.
KronisLV
a month ago
That's not really my use case, but seems like an important concern for many!
At that point, you probably want to use whatever features one of the big providers use, like: https://proton.me/support/aliases-mail
Maybe even something that'd sit in front of a mail server that you yourself control, I wonder what the variety of options out there is.
Sebb767
a month ago
This is true for someone manually searching for your info, but sufficient to fool spam lists and most data brokers. This really depends on your threat scenario.
squarefoot
a month ago
> This raises an interesting question: should email addresses be private?
Yes and no. Both of them. As any powerful tool, email is going to be abused, like any other alternative would be when it will come one day. Those services allowing creation of dynamic email addresses do their job (until they're banned, that's why I'm not mentioning them), however using them isn't automatic and most people don't even know about their existence. What if we then did upgrade email protocols to reflect current needs wrt privacy and modified existing mail servers so that they could create dynamic addresses when asked by a simple flag? Example: I want to subscribe to a service from company XYZ, however I'm not sure how much I can trust them, therefore, when writing an email or filling a web form I can activate the option to create a new address that is tied to the recipient I'll be writing to, and will work as a dedicated proxy for my real address, that is, every mail I send to the recipient using my real address will be actually sent from the new dynamic address, then all replies to the dynamic address will be routed to my real one, but a field in its headers will always contain either a memo by me (example: "signup with XYZ") or the original recipient (example: "info@xyz_trustuswerenotspammers_yeahsure.com"). This way one can immediately spot whoever sold their address to others and blacklist them. As said, those services work well but not being built in into mail servers and clients their adoption is quite restricted. I don't see why that function shouldn't be embedded in a new upgraded email protocol as the modification would neither be that hard nor consume any serious resource. I would however expect heavy resistance against the adoption, of course.
tomjen3
a month ago
In a world where email costs ten cents to send (per receiver) email addresses need not be private. In our world? They kinda need to for sanity.
skeeter2020
a month ago
even 1/100 of a cent would solve the problem - but create a bunch more!
numpad0
a month ago
I think it just needs to be communicated. Some websites allow login only by login name and not by email, some people have identifying last name, others hardly identifying full name and whatnot. There's no universal or universally agreed answer to that, so it needs to be said whether your service _consider_ it public information or not.
makach
a month ago
Pr definition the email address is considered as private information and should be protected accordingly.
figassis
a month ago
It should, mainly because an email is not just an email, it's a channel to reach otu to you, your internet address. And we know how that is going in your inbox.
weinzierl
a month ago
This raises an interesting question: should email addresses be private?
GDPR is clear on this and there have been significant fines for revealing email addresses against the will of their owners (e.g. using cc instead of bcc). Not saying this is the ultimate wisdom, just a data point to consider.
theragra
a month ago
By itself or linked to other data? Afaik PII is usually a set of linked data. As in common name and surname are not PII. Together with age, they can be.
iicc
a month ago
>Addresses of buildings aren't private, and they're somewhat analogous as with many computing concepts.
Buildings are analogous to domains, not email addresses.
fortyseven
a month ago
> should email addresses be private?
I dunno. Should your personal phone number be private? Or your home address? Would you be okay if I knew it and shared it with a stranger? Or would you rather be asked permission to share it first?
Seems pretty cut and dry to me. Yeah, there's going to be someone out there (there always is) who doesn't care, but I'd wager the majority would be pretty ticked off if you gave those pieces of information out to a rando on the street.
mjr00
a month ago
None of that information is actually private though. Your home address and personal phone number are likely in the public record for any number of reasons, such as ownership records or court filings. Or maybe a Facebook post from 2009 that your mom made. Unless you're one of the 0.00001% of people who do things like rotate your phone number and address annually, it's out there somewhere.
But public vs private is a spectrum, not a binary true/false. My phone number is public because I get sales calls from various companies to it. It's annoying, but bearable. But there's a big gap between that and the New York Times putting my name, number and picture on the front page.
So your home address and phone number aren't private. But they're also not readily accessible unless someone is really dedicated to finding them, so they're not quite public either.
amszmidt
a month ago
There are plenty of countries where all that is public information, back in the day there even used to be a phone book with .. name, phone number, and address. And many countries have this now in digital form.
chii
a month ago
The missing part is the action part.
An email (or phone number, or address) is an identifier. Asking whether this identifier is public or private misses the important thing, which is the action that can be paird with the identifier.
So therefore, there's no universal answer to whether the identifier should be public or private. It's a case by case basis, when paired with an action.
For example, i don't want a shop to see me buying condoms, so shops shouldn't get my email address (or phone number).
slimsag
a month ago
Interestingly, public U.S. state property records will just disclose where you live whether you like it or not. With as little as your name, a home address is trivial to find.
harywilke
a month ago
We used to get these big books delivered to our doorsteps that had your name, your address and your personal phone number. You could pay to opt out.
the_gorilla
a month ago
If I published a list of all name and addresses, that's still different than "here is harywikle's full name and address". I imagine you wouldn't be too pleased?
hunter2_
a month ago
The link between online identity and offline identity is a sacred barrier. And I'm not sure that archive.org breached that particular barrier.
the_gorilla
a month ago
That's the issue I take with the "phonebook" defense. It justifies doxing people by collecting and connecting publicly available information online. All the information is out there, it's all on a phone book, your email was published online, and so on, but the end result is clearly bad so something in the process should be handled more carefully.
GeoAtreides
a month ago
Phonebooks were a thing not so long ago...
mdp2021
a month ago
And they contained data of which people allowed disclosure. When you did not want your information to be published, you informed the telephony provider and the phonebooks would not include it.
exodust
a month ago
For a fee. In Australia at least it cost money not to be listed in the phone book.
Numbers were however tied to a property rather than individual personal phones in our pockets. When you think about it, mobile phone technology arrived quickly and caught everyone by surprise. Back in the 80s very few people thought we'd be carrying around "pocket TV phones" in such a short time.
szundi
a month ago
This question could not be more academic
keybpo
a month ago
It's not just uploads but any item that uses the email address as a unique user identifier (I'm not technical enough to explain this clearer but [1]).
An email address will be part of the xml in his uploads but also in his profile, which anyone can access by simply changing the url from https://archive.org/details/@foobar to https://archive.org/download/foobar. So, in essence, one just needs to have a registered account, independeltly any uploads made.
steffanA
a month ago
This is bad enough. This alone is a privacy bug/data leak.
Theoretically, someone could scrape the pages and compile a list of exposed email addresses.
spease
a month ago
> Theoretically, someone could scrape the pages and compile a list of exposed email addresses.
I laughed. Oh no! Anyways…
The people interested in identity theft are probably too busy figuring out what to do with all the SSNs they stole (not from this breach, but from the annual catastrophic breach of a credit bureau or government repository).
And the people who want your email probably already got it from one of the hundreds of other services you have to create an account for now.
I’m not really sure if there are circumstances where donating to the internet archive could be held against you and lead to persecution. Maybe in certain Luddite communities? The Amish? But then, how would they know…
rrwo
a month ago
One solution is to use a unique email address for every website, and change the address if the site gets compromised (with the old address getting added to a spam filter).