this post was submitted on 07 Dec 2023
121 points (94.2% liked)

Privacy

31915 readers
737 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I hope it is a way to solve this…

top 39 comments
sorted by: hot top controversial new old
[–] ono@lemmy.ca 65 points 11 months ago* (last edited 11 months ago) (2 children)

It's not just Protonmail.

Blacklists like these aggressively and unapologetically collect all privacy-focused email domains they find, including simple forwarding and tagging services. With more and more sites using these lists to reject or black-hole email addresses, it has become difficult to protect one's self from spam and cross-site account tracking.

Dear web developers, please don't use these lists. Well-intended or not, they are privacy and user-hostile.

[–] thesmokingman@programming.dev 11 points 11 months ago (2 children)

That’s not what this specific list is for.

I'm okay with people using burner email addresses to get my free content, I just need to be able to filter them out of my list so it doesn't drive up bounces and hurt deliverability.

AWS SES, for example, is fucking rabid about bounces. Being able to filter out addresses you know are going to bounce is pretty important.

Can a list like this be used for anti-privacy measures? Absolutely! Does that mean we should never create lists like this? For me that depends on whether or not you think we should prevent encryption because bad actors can use it for bad purposes.

[–] Spotlight7573@lemmy.world 1 points 11 months ago (1 children)

I feel like having different attributes for each domain might be helpful so that those services using the list can filter for just the things they care about such as burner emails, anonymous registration, whether it requires any email/phone verification, etc. Right now domains kind of have the problem of just being on the list or not, with no indication on why they might be a problem.

[–] thesmokingman@programming.dev 2 points 11 months ago

The beauty of open source code is that you can fork this project and add that. The repo maintainer seems to have a simple litmus test for whether or not something should be on the list: is it something that will cause a bounce for email distribution? That’s a really subjective test so you kinda have to talk to the repo maintainer about answering it. I suspect they feed it into a library, perhaps one of the ones linked, for use with their platform, so their problem is most likely solved.

[–] ono@lemmy.ca 0 points 11 months ago (1 children)

That’s not what this specific list is for.

Yet it has a lot of legitimate domains, and has had them for years.

Regardless of whether the maintainer is malicious or just irresponsible, his list is doing harm.

[–] thesmokingman@programming.dev 8 points 11 months ago (1 children)

You’re getting into very sketchy territory by saying a dev who is using a public GitHub repo to solve their problems needs to take it down because of how others are abusing it. Should the original dev be punished by their email provider because they shouldn’t be allowed to use this? Should anything that has potential harm be required to be a private repo? Who gets to decide all of that?

In the interest of specifics, can you point to where this specific list has done harm? I spent a fair amount of time looking around to make sure I wasn’t going out on a limb for someone with neutral views.

[–] ono@lemmy.ca 1 points 11 months ago* (last edited 11 months ago) (2 children)

You’re getting into very sketchy territory by saying a dev who is using a public GitHub repo to solve their problems needs to take it down

No, I don't believe I said any such thing. Since you mention it, though, I think taking this list down and removing the false positives before bringing it back up would be the responsible thing to do.

In the interest of specifics, can you point to where this specific list has done harm?

I know from personal experience and investigation (both as a user and on the admin side) that there are now many cases of privacy-focused email addresses being rejected, or even worse, accepted and then silently black-holed, due to the domains being inappropriately added to lists like this one. I don't know of a place where people report such cases so they can be documented in aggregate, but if I find one, I'll be sure to bookmark it in case your question comes up again in the future.

[–] thesmokingman@programming.dev 3 points 11 months ago (1 children)

So you’re lumping this resource into a bucket with other resources that were malicious but you have no direct connection from this resource to harm you claim it causes? You’re saying a dev using this list to allow people to download free content but prune emails to save his bounce rate is doing bad things and needs to convert their FOSS use-case to yours?

Who gets to decide? You didn’t answer that and in the interest of good faith I’ll pull that one down as the important one since it follows from the argument I feel you’re making.

[–] ono@lemmy.ca -2 points 11 months ago* (last edited 11 months ago) (1 children)

but you have no direct connection from this resource to harm you claim it causes?

The connection is very clear, because you can see what domains are on the list.

So you’re lumping this resource into a bucket with other resources that were malicious

You’re saying a dev using this list [...] needs to convert their FOSS use-case to yours?

[...] the argument I feel you’re making.

Please stop putting words in my mouth. As you seem to be arguing in bad faith, I'm done with this conversation.

[–] thesmokingman@programming.dev 1 points 11 months ago

You’ve ignored my questions attempting to flesh out your point and refuse to link this specific list to anything bad. I don’t think you understand good or bad faith. Good luck with that!

[–] temporal_edict@lemmy.ca 2 points 11 months ago

So this is the list that you used as an admin? Or this is the list that blocked you as a user?

[–] privacyfighter@discuss.online 2 points 11 months ago (1 children)

Devs can use them to block DISPOSABLE mails, not PRIVACY legitimate emails. That’s why it is critical to remove privacy oriented email domains from such lists

[–] ono@lemmy.ca 10 points 11 months ago (1 children)

Devs can use them to block DISPOSABLE mails, not PRIVACY legitimate emails.

That's what they claim, but in practice, they seldom distinguish between the two.

[–] privacyfighter@discuss.online 4 points 11 months ago

You are telling truth unfortunately. That’s why I asked help from community…

[–] LWD@lemm.ee 52 points 11 months ago* (last edited 11 months ago) (1 children)
[–] privacyfighter@discuss.online 8 points 11 months ago

Disposable mails (one time mails) can be a problem for webmasters. But PRIVACY mails or ALIAS mails is PERMANENT addresses. So there is no way that they would be deleted at no additional situation. They gonna be deleted only if webmaster send SPAM or got data leak.

If you will use such addresses as disposable you will be simply banned (there is written in ToS)

[–] Railcar8095@lemm.ee 20 points 11 months ago (1 children)

It's a rare treat to see somebody raise a concern while at the same time doing something (PR + discussion). Kudos to you!

I've seen other similar lists with the same issues (c7 I think?).

This is going to be a mesh if all private email providers are blocked.

[–] privacyfighter@discuss.online 9 points 11 months ago

We fighted it out from 7c filter. Now only this and this lasts. Thank you for kind words. Only community can change this bad practice!

[–] verysoft@kbin.social 15 points 11 months ago* (last edited 11 months ago) (1 children)

Okay why do these random packages keep popping up with this? For attention?
It's irrelevant, they are barely used by anyone and if a site blocks legitimate e-mail providers, then it is not a site worth registering with in the first place.

Is this the new interaction bait post?

[–] KrispeeIguana@lemmy.ml 2 points 11 months ago

Just because not many people use a package, doesn't mean it is irrelevant. For open source packages (or anything really), as soon as one additional person uses a package, that package becomes relevant. The person/people using it become its advertisers, and when enough people are seen using a product, especially a free one, a larger group will use either that package or something similar to cut their own programming costs.

This is simplified, but the point is that we need to stop this sort of thing at the root (the package itself) before it gets noticed by larger groups and companies who might actually get away with this BS. Always remember, we are tech/privacy nerds. We are the minority, and the average person doesn't care until something hurts them directly.

[–] Zerush@lemmy.ml 13 points 11 months ago* (last edited 11 months ago) (1 children)

It is logical that large corporations that base their economy on surveillance advertising hate users who protect their privacy by using all kinds of dirty tricks to bypass or eliminate these protections.. Luckily I have had no problems so far with the Proton, Tuta and Murena (NextCloud) emails that I use in the EU.

[–] privacyfighter@discuss.online 3 points 11 months ago (1 children)

Unfortunately? This is true. That’s why I asked help from community!

[–] Zerush@lemmy.ml 3 points 11 months ago

Try with Murena, the NextCloud mail (xxxx@e_email direction), it's maybe less known by these lists.

[–] scytale@lemm.ee 7 points 11 months ago (2 children)

I saw the other day Tuta complaining that Outlook has been sending emails from tutanota.com straight to junk/spam. What’s surprising is tuta.com emails were fine. So not sure if their domain change had anything to do with it, or if MS is doing the same thing as in the OP.

[–] privacyfighter@discuss.online 5 points 11 months ago

Look. Outlook, Yahoo, ICloud, even Gmail provides temp mails solutions, but nobody complains or blocks them.

Also you can use something like this that will create disposable Gmail every time. So blocking Proton is totally useless

[–] fluckx@lemmy.world 1 points 11 months ago

But good on you for trying to get it out of the blacklist.

I saw tutanota was in there as well.

[–] fluckx@lemmy.world 5 points 11 months ago (1 children)

Ugh. I don't like i this evolution. Simple login is pretty handy to avoid jumping through hoops to unsub from companies.

Recently had a site where I bought something once without having to register spamming me with Christmas mails. If I wanted to unsubscribe from the mailing list I had to register before I could unsub.

Just deleting the simplelogin alias is a lot less work than unsubscribing is most of the time... And my actual email address isn't leaking either so... Profit.

[–] privacyfighter@discuss.online 1 points 11 months ago

Your can simply block sender, not only delete aliases. So it is a problem of webmaster that doesn’t respect users wish to unsubscribe

[–] Darkassassin07@lemmy.ca 3 points 11 months ago (1 children)

It's said in the thread you've linked that they have already been removed from the blocklist.

[–] privacyfighter@discuss.online 3 points 11 months ago (1 children)
[–] Darkassassin07@lemmy.ca 2 points 11 months ago (1 children)

Yup. Open that link, 'find in page', search for any of the domains listed on that original post and none are found.

They've been removed from the list.

[–] privacyfighter@discuss.online 0 points 11 months ago (1 children)

What is this in that case?

[–] Darkassassin07@lemmy.ca 9 points 11 months ago* (last edited 11 months ago)

One that was missed I guess. I didn't take the time to search every single one.

As the rest have been removed, I can only assume their intention was to remove them.

Try speaking with the list maintainer about it instead of a random lemmy post they have no idea about...

[–] ono@lemmy.ca 2 points 11 months ago (1 children)

Ironically, when I tried setting a ProtonMail account recovery email address, they rejected it because it was on a list like this one. I hope Proton gets off this blacklist, but I also think they should practice what they preach.

[–] privacyfighter@discuss.online 1 points 11 months ago (1 children)

They rejects them because it is an abuse prevention mechanism. You can solve captcha and register without any additional information

[–] ono@lemmy.ca 0 points 11 months ago (1 children)

They rejects them because it is an abuse prevention mechanism.

An "abuse prevention mechanism" that punishes legitimate users is a badly designed mechanism. It's a lot like police racial profiling.

You can solve captcha and register without any additional information

Nobody said anything about registering.

[–] Spotlight7573@lemmy.world 2 points 11 months ago

A lot of sites are willing to have something that's good enough, rather than perfect, so if they find that using a list like this solves the majority of their abuse/deliverability issues, it's unfortunately pretty logical they'd use it for that.

[–] onlinepersona@programming.dev -5 points 11 months ago (1 children)

What is this? Does anybody actually use it?

[–] privacyfighter@discuss.online 1 points 11 months ago* (last edited 11 months ago)

Yes. That’s why I asked help :(