I'm in a quest to find a good email provider that doesn't ask for a cellphone or another email address while creating an account, cock.li used to do this but now it's "getting back on its feet"
this post was submitted on 20 Jan 2025
895 points (98.4% liked)
Technology
63082 readers
2410 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
Theres an LTT video where one of the boys intercept all Linus' calls and texts, classic prank.
- Phone numbers
- social security numbers
Stop making personal information into digital ids because when it inevitably ends up in some kind of data breach. These companies all throw their hands up saying sucks to be you.
Yeah, just generate a unique ID and ask only for the information you actually need.
load more comments
(5 replies)
Are internet security and internet privacy incompatible goals?
Yes. They are completely incompatible goals when anything relating to identity/being is linked to it. Examples of this could be anything from your name, to your behavioral patterns, to your phone number
Disregarding the entire possibility that ANY site is hack-able/breach-able, the issue stands that the reasons that most sites request PII is valid, for security reasons. There does not exist any valid method of ensuring users identity that does not violate users privacy. CAPTCHAS are proven inefficient, email domains are easy as a 1-2 click. Once the setup is done server side changing to a new address is as easy as changing your server settings and registering a new domain, then just pointing your MX records there. Heck depending on your postfix setup you might not even have to change server settings, if your account lookup is setup to ignore the domain and it all uses the same database. Even phone numbers have proven troublesome but its the least troublesome method available
The entire reason PII style setups are used, is because its an easy verification site side, but a hard to spoof verification customer side. Like the article says, phone numbers are hard to change for verification, many only let you change so many times in X period, and usually require some form of physical identity to register, and the ones who don't are forced such as VOIP style numbers get blocked.
We lack currently a good system aside from that, because at the end of the day, how do you prove you are who you say you are, without disclosing your identity. I personally think it should be fine to give up some PII for security purposes, but this NEEDS to be restricted only to security and should never be shared with any entity, and this includes government overreach. Alas this will never happen.
This assumes a legitimate need to prove who you are outside the context of that specific site, rather than just within it. Sometimes that need is real, sometimes it is not.
When it's not, and you only need to prove you are the same person who created the account, then a simple username and password is sufficient. Use 2FA (via authenticator app or key, NOT via SMS or email) on top of that. This allows users to prove to a sufficient degree that they are the owner of that account.
This is how most Lemmy instances work, for example. I can sign up by creating a username and password, with optional 2FA. They do not need my email. They do not need my phone number. They do not need my name, or my contacts, or anything else that is not related to my identity within their server.
I realize that this is untenable at large scales for any communications platform. Spam (and worse) is a problem wherever there are easy and anonymous signups. I'm honestly not sure how Lemmy is as clean as it is. I guess it's just not popular enough to attract spammers.
You are correct with this comment yea, the biggest drawback (which as acknowledged we have seen on lemmy) is the anonymous of the account. It's easy to spin up spam instances, and due to how federation works its hard to combat against it. I remember LW had an issue regarding that a bit ago with someone threatening to just keep changing domains to avoid blocking, which is indeed a problem for any of these style services. I agree at large scale, most sites are not going to want to have to put up with losing that level of control moderation side. It creates a lot of headaches and for most sites it's just easier to enforce a policy that forces disclosing PII.
It's not an accident. They're not stupid. It is intentional. They want your personal information. Most of your personal information is tied to your email but it's easy enough to spin up an alias to sign in with. Requiring a phone number ensures that they know exactly who you are and can buy/sell/use your data accordingly. They also know what a giant pain in the dick it is to change your phone number, especially when you need it for these security checks. They also know sales conversion rates are much higher if they can get you on the phone. So yeah, they're not going to stop doing that.
I have absolutely no need for my phone number, nor do I use it for anything that I couldn't use a voice app for. Just get rid of them altogether.
Yeah I mean I'd get rid of that and email entirely if I could but unfortunately there are legal and societal expectations.
We need email. It's one of the few protocols that are 100% in the user's control. I run my own mail server. I can't do the same for whatsapp.
We've added a lot of checks to email (SSL, DKIM, DMARC, SPF) so it's very easy to identify spam these days. It's also easy to avoid giving any two companies the same email address. That's something much harder to avoid with a phone number.
For 2FA, per-account email addresses and authenticor apps are the best approach for privacy.
I run my own mail server. I can't do the same for whatsapp.
No, but you can do the same for a wide variety of chat apps.
it's very easy to identify spam these days
LOL then why is my inbox constantly full of spam?
Platforms like SimpleX solve spam by requiring participants to have an invitation to message you. You can either send them a 1-time invitation or you can use a semi-permanent one that can be posted publicly and rolled as necessary without losing contact with anyone you've already connected with, so by the time it's mined somehow and sold to some company, it's already changed.
For 2FA, per-account email addresses and authenticor apps are the best approach for privacy.
LOL what? No they're not. How does an email protect your privacy over just a username?
LOL what? No they’re not. How does an email protect your privacy over just a username?
They said per-account email addresses, presumably meaning that when giving out an email address, you would use a different one for each service. That way, they couldn't be used to link you across services, and you could easily delete one (and know who to blame) if it was abused.
Yes, I understand how email aliasing works. Again, how is that more private than a username?
I don't see a claim of it being more private than a username. Perhaps the person you're arguing with views them as equally private, or is thinking of services that require some form of contact info. I can't speak for them.
load more comments
(1 replies)
load more comments
(2 replies)
You'll pry email from my #coldDeadHands, but I haven't had a phone number for a decade.
Get married, then legally, you only need one lol.