this post was submitted on 09 Jun 2023
30 points (100.0% liked)
Asklemmy
43777 readers
872 users here now
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The threat model here is someone getting access to all the services databases through now-routine "data breaches", and then being able to link what I do online and who I actually am, despite not having any sort of legitimate law-enforcement-type power.
In that case, something like SimpleLogin would secure you from this specific treat model. The whole point of that is to have a unique email for each service.
A catch all on a domain could also, since people don't need to know it's a catch all and everything leads to your mailbox. But it would require a domain likely linkable to you.
If you're worried about your mail provider getting a data breach, then you're stuck to a free account with bullshit info and trow something like SimpleLogin over that. Most paid accounts require some sort of verifiable info.
There are no doubt more services that do the same aliasing kinda stuff, SimpleLogin simply comes to mind as an example of what kind of service you need. In fact, I dunno if it's free or payable witbout tracking (ie likely crypto).
A bunch of fake bullshit emails on free accounts are also an option ofc. As in, one fake account per service you use. I guess that would be the hardest to trace, unless a hacker is getting into the providers servers and check logs for login time, IP, cookies, general browser fingerprinting etc. Or easier, into your device. But then, this also matters when visiting anything online including Lemmy instances. Of course, you can also try to secure yourself against this too, but there is always a next step or provider that cóúld be exploited.
Question is really, how far do you wanna go? Assuming everything cán be breached and shouldn't be trusted without looking at the likeliness of the databreach(es) needed (as in some cases multiple servi es need to be breached to specific levels): does it seem likely you're new boss (or whatever) will actually take this effort to look for and link al that data and how much effort is it worth. To go with your use-case, I doubt the average bus driver would be screened that harsly.
Not to forget most hacks still happen by social engineering. You could have the most secure set-up ever, then screw it up by saying something stupid once to the wrong person.
In the end, the savest bet against this is to stay of the internet. There is always something that could be a treat, be it difficult to exploit (or not).
I commend you for thinking about privacy like this tho. It's a fun topic, no matter if it's overboard for this use-case or not. It's always good to look into what's possible. Just don't forget the "what's realistic" and "what's worth it" part (which also depends on the use-case).