hhmx.de

Erik van Straten

Erik van Straten
@ErikvanStraten@infosec.exchange

· Föderation EN Mo 17.03.2025 18:01:49

@0xF21D wrote: "[...] something we technically knew was going on before but didn't consciously consider a threat, until now."

I've been warning for CDN's like Cloudflare and Fastly (and cloud providers in general) for a long time.

Here's a recent toot (in Dutch, the "translate" button should do the job): infosec.exchange/@ErikvanStrat.

If you trust Google to translate it (guaranteed NOT error-free, it *may* work in other browsers than Chrome): infosec-exchange.translate.goo

P.S. Fastly knows your infosec.exchange login credentials.

@malanalysis

0x   1   0x

EndlessMason

EndlessMason
@EndlessMason@hachyderm.io

Föderation EN Mo 17.03.2025 22:02:57

@ErikvanStraten

If your adblock is good enough you always see the captchas, so you always know when a thing is cloud flair.

Also, who's not doing single use email addresses? Every site is a sea of spammy notification/cart abandonment/special offer/watch list/privacy policy update/m&a mail... And thats before they get pwned or sell your details.

Who wants all that in one mail box?

I already get a bitcoin scam call every 2 weeks because i enabled sms 2fa one place and scammers got hold of the number. At this point they know i know and they know i know that, but the guys on the phone have a call/hour quota and they gotta pay rent i guess...

@0xF21D @malanalysis

0x   3   0x

Erik van Straten

Erik van Straten
@ErikvanStraten@infosec.exchange

Föderation EN Mo 17.03.2025 22:42:20

@EndlessMason : thanks for responding!

You wrote:

"
Every site is a sea of spammy notification/cart abandonment/special offer/watch list/privacy policy update/m&a mail... And thats before they get pwned or sell your details.
"

Yes, and before that you wrote:
"
Also, who's not doing single use email addresses?
"

Most people. The amount of worries I have for people like you and me are negligible compared to the people who are *not* like you and me.

We should not need to fix people, we need to fix the internet.

@0xF21D @malanalysis

0x   1   0x

EndlessMason

EndlessMason
@EndlessMason@hachyderm.io

Föderation EN Mo 17.03.2025 23:00:15

@ErikvanStraten @0xF21D @malanalysis

This is not an exclusive-or choice.

In fact, if there were a hypothetical technology that allowed the user to use a certificate for authentication, and manage it in a key ring and sync it safely between browsers, you'd still need your human user to opt in to use it, to demand sites provide it and to be knowledgeable enough to keep the cert secret.

They'd also need to know to not fax their cert to bad guys.

0x   0   0x

nightoo

nightoo
@nightoo@chaos.social

Föderation EN Mo 17.03.2025 23:47:11

@EndlessMason that sounds more like you might be signing up to the wrong places?
I'm not using single-use emails and I receive perhaps 3 spam mails a year.

But I also refuse to give my mail address to sites that are "suspicious enough"

0x   1   0x

EndlessMason

EndlessMason
@EndlessMason@hachyderm.io

Föderation EN Di 18.03.2025 01:17:08

@nightoo
Sure, this site looks sketchy, but this is the platform the vendor decided to use, so either I put an email/phone into frobubook.io or snakgrabbr.io or I miss out on the band/concert/festival/event/flight/hotel/utility/job etc or I end up waiting in the cold in the "walkups" line for 90 minutes.

Everybody and their dog want an email address, and they'll look at you like you have two heads if you tell them you don't have one.

Worse, they'll have no way to record that you said "no", so they'll just casually ask you that every time you stop by to do whatever it is that they're for... Now imagine you're taking medication either that causes or treats irritability, and the chemist asks you that every fucking god damn time

Oh, and you have to give your email to create an account on the site that prints custom "Fuck you I don't have an email address" t-shirts too.

0x   1   0x

nightoo

nightoo
@nightoo@chaos.social

Föderation EN Di 18.03.2025 03:31:21

@EndlessMason hm maybe the problem is more pronounced wherever you're living then, or maybe I just got lucky.
The situations you're describing are certainly familiar enough, yet I haven't had any trouble thanks to those sites so far

0x   0   0x

skaphle

skaphle
@skaphle@social.tchncs.de

Föderation EN Di 18.03.2025 21:44:15

@EndlessMason @ErikvanStraten @0xF21D @malanalysis Cory Doctorow @pluralistic argued that hiding your email address from spambots is futile anyway so he doesn't worry when he publishes it regularly: theguardian.com/technology/201

He needs a good spam filter technique though. Afaik he is still using the same email address.

0x   2   0x

Cory Doctorow

Cory Doctorow
@pluralistic@mamot.fr

Föderation EN Mi 19.03.2025 06:41:34

@skaphle @EndlessMason @ErikvanStraten @0xF21D @malanalysis

Still am.

0x   1   0x

EndlessMason

EndlessMason
@EndlessMason@hachyderm.io

Föderation EN Mi 19.03.2025 09:55:00

@pluralistic @skaphle @ErikvanStraten @0xF21D @malanalysis

Medien: 1

0x   0   0x

RaymondPierreL3

RaymondPierreL3
@RaymondPierreL3@aus.social

Föderation EN Mi 19.03.2025 07:48:24

@skaphle @EndlessMason @ErikvanStraten @0xF21D @malanalysis @pluralistic

A good promo for , it’s a very good email client. I use it as well (not that my use is any recommendation whatsoever next to Cory’s :)

0x   1   0x

Thunderbird: Free Your Inbox

Thunderbird: Free Your Inbox
@thunderbird@mastodon.online

Föderation EN Mi 19.03.2025 21:40:49

@RaymondPierreL3 We welcome any and all recommendations! They are all good, and thanks for using us (and telling your fediverse friends.) 😊 🙌

0x   0   0x