this post was submitted on 13 Mar 2024
135 points (95.3% liked)

Reddit

17659 readers
68 users here now

News and Discussions about Reddit

Welcome to !reddit. This is a community for all news and discussions about Reddit.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules


Rule 1- No brigading.

**You may not encourage brigading any communities or subreddits in any way. **

YSKs are about self-improvement on how to do things.



Rule 2- No illegal or NSFW or gore content.

**No illegal or NSFW or gore content. **



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts.

Provided it is about the community itself, you may post non-Reddit posts using the [META] tag on your post title.



Rule 7- You can't harass or disturb other members.

If you vocally harass or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



:::spoiler Rule 10- Majority of bots aren't allowed to participate here.

founded 1 year ago
MODERATORS
 

Reddit account for 13+ years. Constantly prompted to provide email. Have no desire to have any personal information in it whatsoever, so never provided any. However, it is the only account I've ever used for extensive long term discussion and community involvement. Thousands of comments in discussions with other folks on topics I'm interested in. Logged in from many different locations and platforms over the years. Opted to never enter an email. Have never forgotten password, never needed to reset password. Didn't care about recovery. If the account is lost, so be it. Logged in recently to a banner saying my account has been "suspended for suspicious activity security reasons" and the above message. The only way to recover the account is to "reset the password by entering an email". Created a random anonymous email online, entered it as a fresh new email never provided before, reset link shows up in email, reset password, back in the account.

If I had to make a cynical skeptical guess - looks like an obvious stunt in advance of the IPO to grab a bunch of emails for accounts that didn't have emails in order to drive up account metrics used for valuation. Side note, I did receive the IPO invitation.

I spend more time on Lemmy now because the phone apps are awesome. I only hang on to Reddit because there are some communities that exist there that don't have Lemmy equivalents. But I have been thinking about running one of those account comment / post scramblers and then deleting. This is bringing me closer to that decision.

top 32 comments
sorted by: hot top controversial new old
[–] LibertyLizard@slrpnk.net 54 points 8 months ago* (last edited 8 months ago) (2 children)

How would this provide any measure of security if your account had been hacked? So the hackers just need to provide literally any email address? That doesn’t pose much of a barrier.

[–] elvith@feddit.de 3 points 8 months ago (2 children)

I think newer accounts can only be created, when providing an email address. There may be some old accounts that don't have an email address associated. So, in most cases, you'd just be able to restore the account if you have access to both the account password and the email address. This breaks apart, if there's no email address associated so I think they provided this way of recovery although it doesn't improve security since it only applies to very few accounts?

[–] Couldbealeotard@lemmy.world 1 points 8 months ago

Last time I checked, you can still make one without an email, but you have to click on a very small ambiguous hyperlink during creation. It's possible this is no longer the case.

Being able to make throwaway accounts has been the back bone of Reddit for a long time. People want a right to privacy.

[–] LibertyLizard@slrpnk.net 1 points 8 months ago (1 children)

So you think it’s just a mistake overlooking a small number of accounts? Seems possible. I am curious how many such accounts there are.

[–] elvith@feddit.de 2 points 8 months ago

Not quite. If they had overlooked a few accounts, they'd probably not even implemented that function. They'd just said "well, if you forget your password - or need to change it - you need to use the forgot password workflow that sends an email. Everyone without an email Adresse associated with their account would be SOL.

Since they implemented it, they are aware of such accounts. But since "providing freely any email address for a password reset" makes absolutely no sense, this should only work for this special case - accounts without an associated email address.

Whether it's only done for unlocking accounts, whether this would have also worked when clicking on "Forgot Password" or whether this account lock and unlocking workflow might even be intentional to associate an email address to such accounts, is unknown (to me)

[–] beebarfbadger@lemmy.world 1 points 7 months ago

"Hmmm. Yesss. Counterpoint: Shut up and give us more data to sell."

[–] lvxferre@mander.xyz 31 points 8 months ago

OP highlights some damage caused by data harvesting, that is not widely spoken: users reacting against providing data to sites or software, even when doing so might potentially increase the security of their data.

Including myself. Frankly? If I got the same message as the OP, my knee-jerk reaction would be: "oh great they're trying to associate my Reddit account with my e-mail, and my e-mail with everything else, for the sake of data profiling. The claim that it's for my security is probably bull fucking shit."

The worst part? As a wise man once said, "just because you're paranoid doesn't mean that they aren't after you". ...okay, I'm joking about Kurt Cobain being a wise man, but not about the rest - the risk that the "it's for your protection, your user, chrust us" discourse is bullshit and that they want to sell your data is very real.

[–] ininewcrow@lemmy.ca 9 points 8 months ago (1 children)

I avoided all this by creating a unique Gmail address ages ago and set the Reddit account just to that email. Then set up two factor authentication on everything.

It's a pain but whenever I jump into a new social media account I create separate emails and separate authentications to everything.

If the account ever gets compromised, I don't really care because it was setup as a standalone account. If the service gets weird like what happened to Reddit, I was able to just delete the account content, delete the account and none of it was directly identified or connected to any of my actual services I use.

I've done the same with Lemmy and every other service I want to try out but am unsure of.

I had Reddit for ten years and I felt safe and happy dumping my account.

Hopefully the same won't happen to Lemmy but no one ever knows how these things will pan out.

[–] baritone_edge@lemmy.ml 5 points 8 months ago (1 children)

Check out Anon Addy or Simple Login. The second one is partnered with Protonmail. They are automated email forwarding. I generate a random email for every account. You can also turn on and off said emails. Not affiliated with either, just a happy customer.

[–] vox@sopuli.xyz 6 points 8 months ago* (last edited 8 months ago)

there's also mozilla relay thingy

[–] RedditWanderer@lemmy.world 8 points 8 months ago

Leopardsatemyface

[–] voicesarefree@lemmy.world 7 points 8 months ago

This happened to me several years ago on a similarly old account. I don’t think it was actually compromised, and I had no way to recover it as I had never set an email.

[–] perviouslyiner@lemmy.world 6 points 8 months ago

(long string of numbers) @ mailinator.com?

[–] muntedcrocodile@lemmy.world 3 points 8 months ago (2 children)

Bro u gotta go delete all ur old content give them nothing

[–] Alpha71@lemmy.world 4 points 8 months ago (1 children)

doesn't work. They have that shit locked down.

[–] muntedcrocodile@lemmy.world 0 points 8 months ago (2 children)

Huh i deleted all my content i got some js code to do it somewhere if ya want it.

[–] GBU_28@lemm.ee 3 points 8 months ago (1 children)

They have backups and the ability to see mass edits. Guaranteed they are selling the undamaged data.

[–] muntedcrocodile@lemmy.world 1 points 8 months ago

Im sure they are but users cant see it and ive been noticing a lot of deleted content in reddit chains when googling for answers its nice to contribute to the destruction of human knowlege now and then.

[–] Alpha71@lemmy.world 1 points 8 months ago (1 children)

I would double check that. I deleted an old account only to find it still up. I then proceeded to deleted EVERY. SINGLE. POST. on that account.

Guess what. They're still up.

[–] muntedcrocodile@lemmy.world 1 points 8 months ago

Is that legal under gdpr?

[–] cqthca@reddthat.com 0 points 8 months ago (1 children)

be aware that if delete (and overwrite) your comments, that someone can accuse you of saying anything. I had a script that did it automatically. Someone didn't like what I said, by the time it came to them to look at it , the comment was deleted


just what someone would do with a "uncivil" comment. So, be aware of that. The script I was using edited with random overwrite and then deleted, from the newest comment backward in time until a certain date. I'm not a jscript ninja, but it was open source and within a day I think a reasonable person with any coding experience would be able to moderate the script to their liking. I wasn't aware of how nasty these people are. Very very sensitive.

[–] muntedcrocodile@lemmy.world 1 points 8 months ago

Huh whats the issue people saying u said something fucked and u couldnt prove otherwise cos it was deleted. Bro who cares what random fuckers on the internet say?

[–] squid_slime@lemmy.world 2 points 8 months ago

Damn that sucks, sorry your not a legacy user anymore.

[–] IsThisAnAI@lemmy.world 2 points 8 months ago (1 children)

Yeah because this very server doesn't also require you to verify your emails 🙄

[–] Nerd02@lemmy.basedcount.com 10 points 8 months ago (1 children)

OP's account is on SJW and that instance does not require email verification. Plenty of instances don't.

[–] beebarfbadger@lemmy.world 1 points 7 months ago

"That's a nice account you got there. Be a shame if someone were to lock it unless you give us some personal data."

[–] kia@lemmy.ca 1 points 8 months ago

All the more reason to use something like SimpleLogin. Sure they can have my email, but it's unique to them and can't be linked to me for data harvesting that easily.

[–] jherazob@kbin.social 0 points 8 months ago

Time to let go