• recklessengagement@lemmy.world
    link
    fedilink
    arrow-up
    24
    arrow-down
    1
    ·
    1 month ago

    Someone feel free to jump in and audit my take:

    The Internet Archive is not a company, does not sell me anything, and is merely providing a public service.

    The service has nothing to do with my health or wellbeing. It is not marketed as being privacy forward. Hell, the whole purpose of the project is to make data publically accessable.

    Therefore, exposing email addresses… I kinda don’t care?

    Of course, it would be way better if they just used generic login numbers etc instead, but… I feel like this is the equivalent of my library card number getting leaked, and these headlines are treating it like Equifax just leaked my SSN again.

    • PoorPocketsMcNewHold@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      1 month ago

      Exactly. I was surprised to see my unique named throw-away email being found in the leak, despite having changed it to an uniquely generated throw-away account alias in the year prior. But i don’t mind that much.

      However, bad security practices must still be pointed out regardless of it being applied to something important or large. I do still can criticize my friend decision to expose his local server at home, unsecured, even if in the grand matter of things, it is unlikely it will be exploited or impact him in any way.

      Now, the only issue having my throw-away address, is that i will have to throw it away once i start receiving spam on it. As far i know, the pirated database wasn’t shared nor necessarily conserved outside of prooving the original clowns hacktivists group involvment, outside of confirmed security analyst.

  • kitnaht@lemmy.world
    link
    fedilink
    arrow-up
    24
    arrow-down
    7
    ·
    edit-2
    1 month ago

    Oh no, won’t someone think of the email addresses?!

    Guys. IP addresses, and email addresses…aren’t really private things.

      • kitnaht@lemmy.world
        link
        fedilink
        arrow-up
        10
        arrow-down
        14
        ·
        edit-2
        1 month ago

        Not really. Hasn’t been since the beginning of email addresses. Because email addresses aren’t required to link to a personal identity. They’re just email addresses.

        Until the day an email address require personal identification, it’s not something you need to protect as private information.

        • x00z@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          ·
          1 month ago

          Emails are personal data and are not allowed to be shown without specifically opting in for it. In Europe at least. Same for IP. This is also why when you “Recover Password” it will say something like “if this email address is found we’ll send you a mail”. So nobody can just check if an email exists on the service.

          • kitnaht@lemmy.world
            link
            fedilink
            arrow-up
            1
            arrow-down
            2
            ·
            edit-2
            1 month ago

            That has less to do with customer privacy and more to do with competitors exfiltrating your email lists. They aren’t doing it out of the goodness of their hearts.

        • Mojave@lemmy.world
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          1 month ago

          It’s hard to find an email service that doesn’t ask for a phone number now a days. Even shit ass Proton mail does it now

      • fritolay@lemmy.one
        link
        fedilink
        arrow-up
        2
        ·
        1 month ago

        Funny because of the “not a paywall” on the article which the intent is to force the user into providing their email address to read the entire article.

        • logging_strict@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 month ago

          The entire point of a web browser is to allow scum to:

          • endlessly throw loginwalls and paywalls at us

          • load dodgy third party sites libraries

          • insisting on kyc as an act to show and display continuous acts of compliance

          So not surprising the linked site has either a login or paywall.

          Forcing a phone number is kyc. kyc is obnoxious.