Privacy

31876 readers

403 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

891

I asked them to delete my data, they said "Install our app" (lemmy.world)

submitted 1 year ago by mypasswordis1234 to c/[email protected]

125 comments fedilink hide all child comments

A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?

you are viewing a single comment's thread
view the rest of the comments

[–] mypasswordis1234 10 points 1 year ago* (last edited 1 year ago) (3 children)

Their site is just a landing page, there's no login option or anything like that. Their business is a smartphone application.

Edit: Gmail uses SPF, DMARC and DKIM signing so spoofing is not possible if their email services are configured properly.

[–] [email protected] 6 points 1 year ago (1 children)

SPF/DKIM/DMARC does not prevent sending the spoofed message, though. It is up to the recipient system to filter out the message should the checks fail. Even then, the message often lands into spam instead of being dropped.

[–] mypasswordis1234 3 points 1 year ago (1 children)

Anyway they should configure their systems to reject unsigned e-mails and providers that don't have a proper SPF configuration. SPF (Sender Policy Framework) allows you to make sure that the message was sent by an approved server and was not forged by some hackur.

[–] [email protected] 4 points 1 year ago (1 children)

You'd be surprised how many legitimate email are sent with failed SPF. Even Microsoft sometimes doesn't update their MX records and the SPF fails.

[–] [email protected] 1 points 1 year ago

That is especially true with large organizations where multiple non-technical teams are ordering/configuring products that send email.

Unfortunately it is difficult to solve, unless services stop allowing sending without verifying and forcing proper configuration. That would drive sales to competitors who do not enforce this, though.

[–] [email protected] 0 points 1 year ago

But there are other services than GMail around. Companies want one process that handles all requests equally, so there will be no exceptions for "check if the provider uses DMARC and DKIM".