A recent data breach is not the only way that Internet Archive users have been left vulnerable online.
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 124 users / day
- 1.05K users / week
- 1.3K users / month
- 4.58K users / 6 months
- 1 subscriber
- 3.67K Posts
- 93.1K Comments
- Modlog
This article isnt about how emails associated with logins got released in a breach, but that documents that are uploaded to the archive are stamped with the email address of the account that uploaded it and that can be viewed by anyone who downloads the document.
So in standard, everyday use of the site, email addresses are being revealed and are associated with the actions of that person. Like if I upload a copy of the manual for my washing machine or something, which is a more benign example, my email is linked to that document now.
Then combine this with (1) the internet archive says in multiple spots that they dont reveal this info anywhere, and (2) the issue has been raised to the organization, and it becomes more of a specific negligence from them.
good thing I used throwaway emails to upload
Someone feel free to jump in and audit my take:
The Internet Archive is not a company, does not sell me anything, and is merely providing a public service.
The service has nothing to do with my health or wellbeing. It is not marketed as being privacy forward. Hell, the whole purpose of the project is to make data publically accessable.
Therefore, exposing email addresses… I kinda don’t care?
Of course, it would be way better if they just used generic login numbers etc instead, but… I feel like this is the equivalent of my library card number getting leaked, and these headlines are treating it like Equifax just leaked my SSN again.
This article isnt about how emails associated with logins got released in a breach, but that documents that are uploaded to the archive are stamped with the email address of the account that uploaded it and that can be viewed by anyone who downloads the document.
So in standard, everyday use of the site, email addresses are being revealed and are associated with the actions of that person. Like if I upload a copy of the manual for my washing machine or something, which is a more benign example, my email is linked to that document now.
Then combine this with (1) the internet archive says in multiple spots that they dont reveal this info anywhere, and (2) the issue has been raised to the organization, and it becomes more of a specific negligence from them.
Exactly. I was surprised to see my unique named throw-away email being found in the leak, despite having changed it to an uniquely generated throw-away account alias in the year prior. But i don’t mind that much.
However, bad security practices must still be pointed out regardless of it being applied to something important or large. I do still can criticize my friend decision to expose his local server at home, unsecured, even if in the grand matter of things, it is unlikely it will be exploited or impact him in any way.
Now, the only issue having my throw-away address, is that i will have to throw it away once i start receiving spam on it. As far i know, the pirated database wasn’t shared nor necessarily conserved outside of prooving the original
clownshacktivists group involvment, outside of confirmed security analyst.The guy in the thumbnail looks like Steve Jobs.
You mean Brewster Kahle? Maybe a little?
I think they do look alike.
https://external-content.duckduckgo.com/iu/?u=http%3A%2F%2Fstatic.independent.co.uk%2Fs3fs-public%2Fthumbnails%2Fimage%2F2016%2F01%2F13%2F23%2Fweb-steve-jobs-getty_0.jpg&f=1&nofb=1&ipt=a3038725c31c7bf1ad281762587ef4cf83ecd5032e565dca75de6d51f70fdb57&ipo=images
Oh no, won’t someone think of the email addresses?!
Guys. IP addresses, and email addresses…aren’t really private things.
Not everyone throws their E-Mail at every Text field they see.
Funny because of the “not a paywall” on the article which the intent is to force the user into providing their email address to read the entire article.
The entire point of a web browser is to allow scum to:
endlessly throw loginwalls and paywalls at us
load dodgy third party sites libraries
insisting on kyc as an act to show and display continuous acts of compliance
So not surprising the linked site has either a login or paywall.
Forcing a phone number is kyc. kyc is obnoxious.
Idk, being that “that’s so they can sell your email,” I’m inclined to argue that it is a paywall, the currency is just “email” not “USD.”
Sure, but your registration of it with a website is generally expected to be.
Not really. Hasn’t been since the beginning of email addresses. Because email addresses aren’t required to link to a personal identity. They’re just email addresses.
Until the day an email address require personal identification, it’s not something you need to protect as private information.
Emails are personal data and are not allowed to be shown without specifically opting in for it. In Europe at least. Same for IP. This is also why when you “Recover Password” it will say something like “if this email address is found we’ll send you a mail”. So nobody can just check if an email exists on the service.
That has less to do with customer privacy and more to do with competitors exfiltrating your email lists. They aren’t doing it out of the goodness of their hearts.
It’s hard to find an email service that doesn’t ask for a phone number now a days. Even shit ass Proton mail does it now
Depends on your personal acceptable levels of spam in your inbox, I suppose. Thus the common “junk email” and “good email I actually use” scheme many people today rely on. One of those emails I’ll give out, the other is a closely guarded secret only available to a select few. I actually have a middle ground too of “not junk, but I don’t know these people IRL,” too.