this post was submitted on 27 Aug 2023

3 points (100.0% liked)

Privacy

31253 readers

633 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

Demanding selfie to unsibscribe (lemm.ee)

submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]

18 comments fedilink hide all child comments

Hello nice people,

I've been using NiceHash app for some time 5-6 years ago. (It was a simple app for mining cryptocurrency and you get paid in bitcoin on their wallet, then you could transfer bitcoin to another wallet.) It was working fine until they got hacked (or fooled us) and lost all crypto. Luckily I didn't loose much like some guys did. I decided not to use the service anymore and I'm still receiving stupid e-mail newsletters. I tried to unsubscribe and It asks me for login, I know password, but don't have 2fa anymore. Also I don't have backup 16 words.

Now support told me that this is the only way and I feel ridiculous about taking selfie just to unsubscribe. Am I protected against this somehow? I live in Europe and I think Nicehash is located in neighbourhood.

And of course I never wanted to subscribe...and I don't think I ever verified account with a document.

What are my options other than just filtering that shitty domain as spam?

edit: typo

top 18 comments

sorted by: hot top controversial new old

[–] [email protected] 6 points 1 year ago (1 children)

Nothing says decentralized currency like having a corporation that controls your assets 😋

[–] [email protected] 1 points 1 year ago (1 children)

Don't point out how all their bullshit requires middlemen and accounts holding their currency to make it work. That makes it looks silly. Almost like it's just more complicated harder to use money that people can more easily steal from you.

[–] [email protected] 1 points 1 year ago

I love talking to tech recruiters... We are a defi startup revolutionizing the financial world.. "Cool, so distributed smart contracts, zero knowledge open source swarms?".. no, we run a centralized website where people give us money and we do a thing for them...

Putting the central back in defi. It's almost like their is willful ignorance in what their own words mean.

[–] [email protected] 1 points 1 year ago

Unsubscribing and disabling 2FA seem like two different things.

[–] [email protected] 1 points 5 months ago

How exactly does that verify that you are the owner of the mentioned account nor verify legitimate interest in withdrawing consent from being included in their marketing campaigns!?

[–] [email protected] 1 points 1 year ago (4 children)

GDPR allows for the company to verify your identity before proceeding with deletion. Source: https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/dealing-citizens/how-should-requests-individuals-exercising-their-data-protection-rights-be-dealt_en

[The company] can ask [you] for additional information in order to confirm the identity of the person making the request.

[–] [email protected] 1 points 1 year ago

But if OP did not provide "selfie" during registration, providing it now doesn't help confirming his identity so it doesn't fall into that category. I would aks them how do they justify that and if they are trying to discouraged me from deleting the account.

[–] [email protected] 1 points 1 year ago (1 children)

Also, Im not trying to delete account (but that eould be ideal), Im just trying to unsubscribe. I guess it doesnt matter here FML 😂

[–] [email protected] 1 points 1 year ago

They should unsubscribe you by simple request and only need your e-mail for that. You could verify by clicking a link in an unsubscribe email.

[–] [email protected] 0 points 1 year ago (1 children)

Thanks for the link. Feels bad tho 😭 gdpr gave me Accept/Reject cookies and some more pain as a bonus it seems 😂

[–] [email protected] 1 points 1 year ago

GDPR didn't give you cookie banners, it's shitty websites that do.

If they were to just follow activated "Do not Track"-Preferences, they wouldn't need to ask, instead they would deactived them by default. Or you could just not use cookies, it's not like somebody forces you to give cookies out to your website's users.

[–] [email protected] 0 points 1 year ago (1 children)

They can't ask for more information than what they needed to create your account.

But maybe they're seen as a bank and then they have to confirm your identity with a copy of your id.

[–] [email protected] 0 points 1 year ago (1 children)

Ive never heard of bank asking selfie. I wouldnt even provide ID, but that would make bit more sense

[–] [email protected] 0 points 1 year ago (1 children)

KYC (Know Your Costumor) Here you have a small overview.

https://www.thalesgroup.com/en/markets/digital-identity-and-security/banking-payment/issuance/id-verification/know-your-customer

When you create an account online, a selfie along with a copy of your id is deemed minimal verification.

[–] [email protected] 0 points 1 year ago (1 children)

Ive used face scanning on some other crypto service, but didnt know its a thing in banking. Thanks for sharing, but it still doesnt explain why I need that just to unsubscribe. I could accept that they are trying to protect me, but they obviously have diferent plans. My experience and recent communication with support proved NiceHash is ran buy toxic garbage and not by people who run a bank or anything close to that.

[–] [email protected] 1 points 1 year ago (1 children)

They need to be sure it's you who's unsubscribing, I suppose. There's been enough social engineering to not rely on emails only.

[–] [email protected] 1 points 1 year ago

I see that selfie is the only solution to unsubscribe (if not involving lawyer or just spam filter).

I understand what you are saying, but If I lost my email why would they send newsletter to a new owner? It just makes no sense since 99% can be unsubscribed with no login or whatever they ask.

Sorry, its hard to accept any safety meassure as explanation due to bad reputation of NiceHash. Also after talking to human support I just feel even less safe tbh, but it doesnt surprise me at all, its company that took my crypto back in a day.

Ill try fake pic when I get some time to burn

[–] [email protected] 1 points 1 year ago

A requirement beyond an email address to unsubscribe from an email newsletter is illegal in most western countries.

What's wrong with filtering their domain?