rambos

Demanding selfie to unsibscribe

https://lemm.ee/post/5711383

Demanding selfie to unsibscribe - lemm.ee

Hello nice people, I’ve been using NiceHash app for some time 5-6 years ago. (It was a simple app for mining cryptocurrency and you get paid in bitcoin on their wallet, then you could transfer bitcoin to another wallet.) It was working fine until they got hacked (or fooled us) and lost all crypto. Luckily I didn’t loose much like some guys did. I decided not to use the service anymore and I’m still receiving stupid e-mail newsletters. I tried to unsubscribe and It asks me for login, I know password, but don’t have 2fa anymore. Also I don’t have backup 16 words. Now support told me that this is the only way and I feel ridiculous about taking selfie just to subscribe. Am I protected against this somehow? I live in Europe and I think Nicehash is located in neighbourhood. And of course I never wanted to subscribe…and I don’t think I ever verified account with a document. What are my options other than just filtering that shitty domain as spam?

Aug 27, 2023 at 9:48pmWeb
Show threadOsrsNeedsF2PAug 27, 2023

GDPR allows for the company to verify your identity before proceeding with deletion. Source: …europa.eu/…/how-should-requests-individuals-exer…

[The company] can ask [you] for additional information in order to confirm the identity of the person making the request.

How should requests from individuals exercising their data protection rights be dealt with?

Rule, including deadlines, for responding for citizens’ request made under the EU’s data protection law.

European Commission
Show threadrambosAug 27, 2023
Thanks for the link. Feels bad tho 😭 gdpr gave me Accept/Reject cookies and some more pain as a bonus it seems 😂
Show threadSchlecknitsAug 27, 2023

GDPR didn’t give you cookie banners, it’s shitty websites that do.

If they were to just follow activated “Do not Track”-Preferences, they wouldn’t need to ask, instead they would deactived them by default. Or you could just not use cookies, it’s not like somebody forces you to give cookies out to your website’s users.

Show threadReversalHatcheryAug 27, 2023
Read the other replies to the parent comment. This is not on GDPR.
Show threadrambosAug 27, 2023
Also, Im not trying to delete account (but that eould be ideal), Im just trying to unsubscribe. I guess it doesnt matter here FML 😂
Show threadSchlemmyAug 27, 2023
They should unsubscribe you by simple request and only need your e-mail for that. You could verify by clicking a link in an unsubscribe email.
Show threadBlizzardAug 27, 2023
But if OP did not provide “selfie” during registration, providing it now doesn’t help confirming his identity so it doesn’t fall into that category. I would aks them how do they justify that and if they are trying to discouraged me from deleting the account.
Show threadSchlemmyAug 27, 2023

They can’t ask for more information than what they needed to create your account.

But maybe they’re seen as a bank and then they have to confirm your identity with a copy of your id.

Show threadrambosAug 28, 2023
Ive never heard of bank asking selfie. I wouldnt even provide ID, but that would make bit more sense
Show threadKissakiAug 28, 2023
In Germany I’ve had multiple contracts that needed identification. They use trustworthy third party services for verification though.
Show threadSchlemmyAug 29, 2023

KYC (Know Your Costumor) Here you have a small overview.

www.thalesgroup.com/en/…/know-your-customer

When you create an account online, a selfie along with a copy of your id is deemed minimal verification.

Know Your Customer in banking

Since 2012, Thales signed on as prime contractor with a high-profile European bank to deploy ID Verification at each branch location. Each station is connected to a central document verification repository that will hold more than 2,000 travel and ID documents. The central system is connected to each agent station to provide document repository updates as well as to perform management and operational reports. New customer demographic data, which are captured automatically from the document, are entered directly into the bank’s enterprise management system. The project is now up and running, with over 1,000 ID Verification workstations enabled.

Thales Group
Show threadrambosAug 29, 2023
Ive used face scanning on some other crypto service, but didnt know its a thing in banking. Thanks for sharing, but it still doesnt explain why I need that just to unsubscribe. I could accept that they are trying to protect me, but they obviously have diferent plans. My experience and recent communication with support proved NiceHash is ran buy toxic garbage and not by people who run a bank or anything close to that.
Show threadSchlemmySep 5, 2023
They need to be sure it’s you who’s unsubscribing, I suppose. There’s been enough social engineering to not rely on emails only.
Show threadrambosSep 5, 2023

I see that selfie is the only solution to unsubscribe (if not involving lawyer or just spam filter).

I understand what you are saying, but If I lost my email why would they send newsletter to a new owner? It just makes no sense since 99% can be unsubscribed with no login or whatever they ask.

Sorry, its hard to accept any safety meassure as explanation due to bad reputation of NiceHash. Also after talking to human support I just feel even less safe tbh, but it doesnt surprise me at all, its company that took my crypto back in a day.

Ill try fake pic when I get some time to burn

Show threadglacierAug 27, 2023
You could block them and the emails will be sent to your spam folder.
Show threadrambosAug 27, 2023
It is in spam all the time, I just found some non-spam e-mails there. Trying to clear the folder a bit now
Show threadStellarTabi [she/her]Aug 27, 2023
I’d setup a thing to auto-mark them as spam and forget about it. CAN-SPAM and FTC guidelines dictate that for non-transactional emails like newsletters, the user must be able to unsubscribe without a fee and without requiring a login.
Show threadolorin99Aug 27, 2023
What happens if you just send the example selfie instead of your own? Do they actually check it?
Show threadrambosAug 27, 2023
I might try that, but doesnt look promising
Show threadNumbersCanBeFunAug 27, 2023

Nope, fuck that. I’m done giving my personal info out to random ass places for exactly this reason. I don’t trust you with it anymore and the lure of “massive cryptocurrency gains” is long dead and gone. There are only a few cryptos I even still trade but my financial institution lets me trade those coins so I’m fine.

Oh and don’t give me the “not your keys not your coins” argument either. It doesn’t matter, most of these shit coins get rugged anyways so it doesn’t matter if I keep it with a bank, my own wallet or an exchange. At least with my financial institution I can conduct all my trades in one place and minimize security risks by having so many financial accounts open. Also it’s easier to file my taxes this way.

Okay rant over. Thanks for reading.

Show threadAnonTwoAug 27, 2023

I mean, just mark as spam?

It hurts them more if a bunch of people mark them as spam and it becomes a trend doesn't it? Just seems like a design issue on their part.

Show threadOrangeCorvusAug 27, 2023
That’s stupid and illegal in Europe since you only want to unsubscribe from emails. The few sites for which the unsub button does nothing, I usually contact them and tell them they are breaking the EU law and if they don’t stop, I will report them. Works all the time.
Show threadPietsonAug 27, 2023
You should report them either way.
Show threadrambosAug 27, 2023
Report where?
Show threadDessertStormsAug 27, 2023

In the UK there is Trading Standards and a relevant ombudsman (ofcom for communications for example), as well as the Information Commissioner's Office for something specific like reporting a company for spam, there should be something similar wherever you are.

In my experience a rude reminder to the company that you don't want to receive their emails and that by not giving you an easy way to unsubscribe they are breaking the law and that you will (or have) reported them to the relevant bodies, is enough to get them to stop.

Show threadrambosAug 28, 2023
Thx
Show threadPiogre314Aug 28, 2023
For anyone curious, it’s illegal in the US too, and you can threaten to report them to the FTC for violation of the CAN-SPAM act.
Show threadpianoplantAug 27, 2023

Probably an unpopular opinion - but I actually think requesting overriding 2fa is a big deal and companies shouldn’t do that lightly. If I had a lot of money in crypto I would sure hope the exchange would scrutinize a request to turn off 2fa. And if op had saved their backup words they wouldn’t have been in this situation.

Now requiring that to change an email subscription is not great, but again - turning off 2fa without the proper backup options should be difficult and scrutinized.

Show threadFalmarriAug 27, 2023
Requiring logging in to unsubscribe is absolutely bullshit. I mark all emails as spam that don’t automatically unregister with ONLY clicking a lick. I’m not providing my email, I’m not logging in.
Show threadpianoplantAug 28, 2023

It’s probably not for marketing emails. They probably require login to disable account alerts. Imagine a threat actor gets access to your account, turns of transaction alerts so you aren’t notified, then transfers out all your crypto.

I’m certain the marketing emails don’t require login to unsubscribe.

Show threadkevincoxAug 27, 2023

For bypassing 2fa this does seem reasonable. But anyone who can access the email address should have the permission to unsubscribe from messages.

For example on my service there is the concept of a “primary email” which is the only one that can be used to reset the password. But even if you have lost the password and access to your primary email you can still unsubscribe any other email from notifications as long as you can show access to that particular email. You won’t regain access to the account but you can turn off emails.

Show threadRufus Q. Bodine IIIAug 27, 2023
I would just block their shit in email
Show threadkevincoxAug 27, 2023
Yup. I try to unsubscribe nicely once. If it isn’t honored they are going straight on my provider’s spam list.
Show threadSchlemmyAug 27, 2023
Are they considered a bank? Because a be’abnk had to verify your identity and for that they can use a copy of your id.
Show threaduralsolo [he/him]Aug 27, 2023
If it’s just a newsletter I would set up a mailbox filter that just sends all of their mail to the trash. GMail makes this pretty easy (highlight a spam message, select “filter messages like these” from the top menu), but idk how to do it on other mail servers.
Show threadvoxelAug 27, 2023
well at least they provide this as an option. usually if you lose your 2fa AND recovery codes, your account is gone. period.
Show threadReversalHatcheryAug 27, 2023
Email is a perfectly fine second factor for recovery, at least when it was unchanged for so many years
Show threadkevincoxAug 27, 2023

That is your opinion. Personally if I have a password + 2FA configured for an account I don’t want anyone without access to those two things getting in. Ideally this would be configurable per-account, this way people who are fine trusting their email can do that and those who aren’t can not allow that.

But it is a question of security versus access. Some people would rather lose access to an account than give someone else access.

Show threadEager EagleAug 27, 2023

That looks like a proper request to disable 2FA. Their problem is requiring login to unsubscribe from emails, which is total BS.

If support won’t take your email out of their list, just block the address / domain and move on, I guess.

Show threadPseuAug 27, 2023
This is what I do when I can't unsubscribe in a minute. No reason to waste time on this, is a solved problem.
Show threadAmju WolfAug 28, 2023

Additionally use any report functionality at your disposal, which may cause some mail providers to block them or cause them to offer proper opt out in the future.

All marketing emails are supposed to have a simple opt out without needing anything other than your email address.

Show threadpianoplantAug 28, 2023

It’s probably not for marketing emails. They probably require login to disable account alerts. Imagine a threat actor gets access to your account, turns of transaction alerts so you aren’t notified, then transfers out all your crypto.

I’m certain the marketing emails don’t require login to unsubscribe.

Show threadEager EagleAug 28, 2023
OP is receiving newsletters
Show threadcandle_lighterAug 28, 2023
Nothing says decentralized currency like having a corporation that controls your assets 😋
Show threadAstroturfedAug 28, 2023
Don’t point out how all their bullshit requires middlemen and accounts holding their currency to make it work. That makes it looks silly. Almost like it’s just more complicated harder to use money that people can more easily steal from you.
Show threadIgnacioMAug 28, 2023
Unsubscribing and disabling 2FA seem like two different things.
Show threadrolandtb303Aug 28, 2023
ahh, the sponsor from LTT that mined your PC while at idle :)
Show threadcordlesslampAug 28, 2023
I actually made enough each month to pay rent for almost 2 years during the Covid pandemic (subtracted the energy bill).
Show threadExoMonkAug 28, 2023
I made enough to pay for the 3080 I was mining on and heat my office in the winter at the same time.
Show threadbetwixthewiresAug 28, 2023

A requirement beyond an email address to unsubscribe from an email newsletter is illegal in most western countries.

What’s wrong with filtering their domain?

Show threadExtrasAug 28, 2023
If its just to verify does that mean they already have the information on record, like their picture? If not whats stopping someone from using someone else’s picture and photo editing in the requirements?
Show threadrambosAug 28, 2023
They dont have a picture, but they have some information, probably a minimum that was required to create account. I dont remember exactly, it was long time ago. Photo editing requires skill and time. Maybe I can ask AI 😂
Show threadwAkawAkaAug 28, 2023
Don’t send any data that you haven’t sent already! Just block 'em f out, feels so nice :D Or they’ll demand a nude selfie next time!
Show threadrambosAug 28, 2023
If I ever send picture it will be nude selfie for sure 😂
Show threadicepuncher69Aug 28, 2023
You shoukd just block them. But if you wanna cause damege threat to sue them if they dont whant to. You can probably do it since you are on european union and they take this type of shit seriously afaik.
Show threadrambosAug 28, 2023
Thanks. Im not gonna sue them, but I might report that if I find the right address. Ill first wait for their response to my last email. Thx for input
Show threadiamakAug 28, 2023

If you really want to be keep using the service, get a non watermarked random guy’s pic (he must be holding something) from the internet, write what they want on a paper and edit the pic so that the guy is holding what you wrote.

They usually have a face detection algorithm running along with ocr and rarely check if this is a stock photo. I need to use Instagram to be in the loop. They blocked my account for using Barinsta so I did this and they unblocked it.

Show threadrambosAug 28, 2023

Hehe this made me laugh. Thank you!

Your story is also about nicehash? I might do that if I manage to digure out that pic. I will try

Show threadiamakAug 29, 2023
No. I was banned from Instagram. Good luck! Hope it works for you :p
Show threadVexzAug 28, 2023
If it's just the newsletters that bug you then just use a filter that automatically deletes them.
I do this on my email account I use for websites I don't trust too much and will probably sell the email address for advertising purposes. Sometimes they then subscribe me to their newsletter and the unsubscribe button in the newsletter is often fake. So I use filters that delete them immediately.