Hello nice people,

I’ve been using NiceHash app for some time 5-6 years ago. (It was a simple app for mining cryptocurrency and you get paid in bitcoin on their wallet, then you could transfer bitcoin to another wallet.) It was working fine until they got hacked (or fooled us) and lost all crypto. Luckily I didn’t loose much like some guys did. I decided not to use the service anymore and I’m still receiving stupid e-mail newsletters. I tried to unsubscribe and It asks me for login, I know password, but don’t have 2fa anymore. Also I don’t have backup 16 words.

Now support told me that this is the only way and I feel ridiculous about taking selfie just to unsubscribe. Am I protected against this somehow? I live in Europe and I think Nicehash is located in neighbourhood.

And of course I never wanted to subscribe…and I don’t think I ever verified account with a document.

What are my options other than just filtering that shitty domain as spam?

edit: typo

You are viewing a single thread.
View all comments
37 points

Probably an unpopular opinion - but I actually think requesting overriding 2fa is a big deal and companies shouldn’t do that lightly. If I had a lot of money in crypto I would sure hope the exchange would scrutinize a request to turn off 2fa. And if op had saved their backup words they wouldn’t have been in this situation.

Now requiring that to change an email subscription is not great, but again - turning off 2fa without the proper backup options should be difficult and scrutinized.

permalink
report
reply
15 points

Requiring logging in to unsubscribe is absolutely bullshit. I mark all emails as spam that don’t automatically unregister with ONLY clicking a lick. I’m not providing my email, I’m not logging in.

permalink
report
parent
reply
-2 points

It’s probably not for marketing emails. They probably require login to disable account alerts. Imagine a threat actor gets access to your account, turns of transaction alerts so you aren’t notified, then transfers out all your crypto.

I’m certain the marketing emails don’t require login to unsubscribe.

permalink
report
parent
reply
6 points

I was with you till your last sentence, I’ve seen multiple companies require account login to disable marketing emails. It’s a dark web pattern to keep their subscription numbers high, by adding a lot of friction to unsubscribing. Those companies can go fuck themselves, but they exist in numbers

permalink
report
parent
reply
12 points

For bypassing 2fa this does seem reasonable. But anyone who can access the email address should have the permission to unsubscribe from messages.

For example on my service there is the concept of a “primary email” which is the only one that can be used to reset the password. But even if you have lost the password and access to your primary email you can still unsubscribe any other email from notifications as long as you can show access to that particular email. You won’t regain access to the account but you can turn off emails.

permalink
report
parent
reply
2 points

For marketing emails I totally agree.

For important account security and verification emails, no I don’t think that should be done without being able to log into the account.

If somebody breaks into your email, they shouldn’t be able to compromise everything silently

permalink
report
parent
reply
2 points

This is a good point. Maybe you could have some sort of exit plan such as 3 emails confirming that you have been unsubscribed at 1d, 30d and 365d. This way if the email takeover is temporary then the user will eventually see a warning but there is still a finite amount of emails still to be received.

It isn’t perfect, because an attacker could set up filters or something so that these aren’t noticed. But at this point the attacker could set up a filter to hide the regular account emails so it really isn’t any worse.

permalink
report
parent
reply

Privacy

!privacy@lemmy.ml

Create post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

Community stats

  • 4.6K

    Monthly active users

  • 2.9K

    Posts

  • 77K

    Comments