this post was submitted on 23 Jan 2025
41 points (90.2% liked)

Privacy

32947 readers
586 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
41
Asking online stores to stop sending receipts via email. (lemmy.ml)
submitted 21 hours ago by tiz@lemmy.ml to c/privacy@lemmy.ml
16 comments fedilink hide all child comments
 

This post is not really about questions I have. I just feel like I need to write this somewhere to express my concern.

First of all, online stores have become a huge part of our society and I admit I heavily rely on that. That alone could be privacy issue but I’d ignore that for the sake of not missing the point of this post.

The problem is rather in the way these online stores send out their receipts. You might already know that emails are by default not client side encrypted. That means your email server admin (Google if you use Gmail, Apple if you use iCloud mail. And Proton if you use Protonmail. Yes Proton claims it stays encrypted as soon as the emails arrive to their server but who can really vouch this? It’s behind the curtain anyway. ) has access to your receipts including of the past.

Now email has been around for a really long time. And the client side encryption part has been worked in a lot of forms such as S/MIME. But none of the online services really implement it even though they contain critically personally identifiable info such as items I bought along with my name & address.

And the thing is even though these online sellers acknowledge this privacy risk, they don’t have options to not email us receipts. For example, Amazon has a dedicated page on their site where I can see the list of everything I bought. That’s literally enough for me. They can stop sending me the receipts in the worst possible way! At least they could provide us with better way (even WhatsApp will do) yet they don’t. This is a severe privacy issue.

I can’t help feeling, with all the sophisticated technology we have at hand, that we deserve better.

top 16 comments
sorted by: hot top controversial new old
[–] theRealDonaldDuck@lemmy.ml 1 points 22 minutes ago

Given that an E2EE solution requires all online stores switching technologies, it's unlikely to happen. The next best option is using a VPN-like solution for email. I use Privacy Portal email aliases with email encryption for this. There are multiple other alternatives but I like Privacy Portal because it has one of the strictest privacy policies and because I'm a little biased (I'm an engineer on the team).

Emails sent to you from online stores get sent to Privacy Portal's relay servers. These servers act like VPN servers meaning no logs, no writing to disk, zero storage, ... The emails get encrypted in memory with your public PGP key (or certificate) and get sent encrypted to your email provider. Only you will be able to decrypt them on device.

If you use Proton mail as your email provider, it supports PGP encryption by default. You can simply copy your public PGP key from proton and submit it to Privacy Portal and you're done. Proton won't have access to your emails. Alternatively you can use any email provider with an email client that supports PGP (e.g. Thunderbird, K9). And if all else fails you can even use S/MIME with Apple Mail on iOS but that has some drawbacks.

With this solution you would be separating providers into 2 categories:

  • The first provider receives the unencrypted data but has no authorization to log or store anything.
  • The second provider is responsible for storing your encrypted emails but does not access the unencrypted version.

On top of that, you can also reply to emails without exposing your the unencrypted versions to your email provider because encrypted emails sent by Privacy Portal contain public keys used for decrypting outbound mail before relaying it to its destination.

The cherry on top is that the online store won't have access to your personal email. So if they start spamming you, you can stop the email alias.

[–] kixik@lemmy.ml 3 points 13 hours ago (1 children)

What do you suggest? If they get forced to use something encrypted, they won't choose XMPP for sure, most probably something like whatsapp or telegram.

Being forced to use non standard protocols, and specially non federated ones is also a concern. Where I live, it's assumed that all clients/users must use whatsapp, so they don't answer your questions, you can't ask them anything, you can't share any doc with them if in need for support, it it's not through whatsapp. And everyone seems happy with it.

e2ee by itself is not enough for privacy, metadata counts, and on proprietary communication systems one doesn't even have a clue what data is mined by the company/owners or even worse if they have non disclosed mechanisms to do that or even worse to introduce back doors.

If I'd suggest something, that would be a standard and federated protocol with e2ee like xmpp + omemo. But again, I'd be naive to assume that's a possibility, if forced to do something corporations will choose what's more convenient to them not to the user, and that usually translates into proprietary abusive mechanisms.

Now about nerds using gnuPG/openPGP keys, ohh well, thunderbird chose what to me is the wrong path of not using gnuPG underneath (now by default all keys are exposed unencrypted, unless you choose to use TB's master password for example, between several other limitations, the good thing is that there's sequoia-octopus-librnp to the rescue), but that path allows them to offer a really easy way for users to interact with openPGP keys. On Android K9, now a days Thunderbird, has made it really easy as well to use gnuPG/openPGP keys when accompanied with openkeychain for example. There's nothing obscure neither truly complex about current gnuPG/openPGP usage these days. I would agree like 15 years back one really needed to learn how to maintain the gnuPG keyring, how to add and manage public keys and how to manage your own private keys. But even then there was Enigmail, which after TB chose that path turned into just a shell to help move from Enigmail to the chosen TB's librnp way, and Enigmail made it really easy to do all that gnuPG stuff. Besides thunderbird, which I wouldn't say is a nerdy thing, there were/are several other easy alternatives to use and handle gnuPG/openPGP keys. So, not really nerdy, I'd think just willing to go a bit beyond what the corporations offer you, for "your own convenience". But how many people even care? I'd say we're a sleepy society, accepting everything imposed to us, even when there's no need to, because of the hassle to look for truly privacy respectful, security respectful (from the user perspective, not just the corporations perspective), and also really important user liberties/freedom respectful, which Today's corporations with the help of some communities and the banning culture we all embraced, have been successful in convincing us that's unnecessary in favor of more "practical" alternatives, including proprietary ones...

[–] tiz@lemmy.ml 1 points 8 hours ago

I suggest Matrix if I could choose.

[–] gomp@lemmy.ml 13 points 19 hours ago (2 children)

We do deserve end-to-end encrypted communication but then nobody except nerds could be bothered about managing private keys, so in the end providers would manage our keys and still be able to read our messages.

If the problem is that goggle/etc can read your email, not using them for your email is the solution.

Then, yes, there's also an issue where ecommerce sites submerge us in useless email (is "your package has been shipped" an event so important that I must be immediately notified? Because I only care about when the package will be delivered) and could use a "notificaiton settings" page.

Of the sites I use, the worst offender is aliexpress, which sends (IIRC) "order confirmed", "package shipped", "packages reached customs", "package cleared customs" and "package has been delivered" for every friggin' item you ordered.

[–] AtariDump@lemmy.world 3 points 15 hours ago

“…but then nobody except nerds could be bothered about managing private keys…”

I’m a nerd and have no desire to maintain and swap keys. It needs to be seamless, like Signal.

[–] tiz@lemmy.ml 1 points 17 hours ago

I know right. “All important stuff -> emails” has to change.

[–] reinar@distress.digital 8 points 20 hours ago (1 children)

get a domain name, host stalwart somewhere and set up email with this new domain there, get receipt emails there and autoforward it to your main email with S/MIME, gpg or whatever enabled.

usual disclaimer 'do not host your email blablabla' (at least don't get fucking digitalocean 'droplet' for it), but there's no other way around that, ecommerce won't enable shit.

[–] tiz@lemmy.ml 1 points 17 hours ago (1 children)

I think this is one viable solution to me (not for other normal people).

But again, with my own domain, I’m basically announcing my presence all over the services I sign up to because I’m no longer a part of the mass of Gmail, iCloud etc. users. I fear this will expose myself even worse in case of personal info breaches. And buying multiple domain is not cheap.

[–] reinar@distress.digital 1 points 12 hours ago

with mass services requiring mandatory phone number binding I think being in user mass is a viable option - you cannot get reliable "secondary" email anymore and people don't look through data leak dumps by eyes anyway, script doesn't care about email address string - it all becomes hash anyway. Whois protection is pretty reliable to divert snooping 3rd-parties.

As for expensive... yeah, sad state of affairs is that there's nothing cheap about hosting your own infrastructure. Price of not really trusting anyone or having obscure technical requirements.

[–] ZeDoTelhado@lemmy.world 5 points 19 hours ago (2 children)

One of the problems I personally see is the reliance on a standard that was done since the dawn of the internet and got stitches all these years.

Emails as a service is useful, and has several properties that make sense to exist. However, it is simply not easy nor intuitive to have encryption on it (and even then, there are limitations).

What we would need on the long run is simply replace email with a common standard that actually encrypts in transit (at very least) with auto negotiated keys on exchange.

But we would need to change the mind of a lot of people to make that a priority.... (For better or worse, it is the market that states the incentives and priorities. And it is abundantly clear security is not on the top list)

[–] reinar@distress.digital 7 points 19 hours ago* (last edited 19 hours ago) (1 children)

Encryption in transit is pretty much solved these days with TLS, what OP wants is E2E - encryption from sender to recipient with no intermediate parties having an idea about contents of the message. Problem with E2E is inconvenience: emails are inaccessible without private keys and key management is pain. Users don't want additional headache of managing their keys between bajillion of devices where they might use emails

[–] ZeDoTelhado@lemmy.world 1 points 15 hours ago

Yes e2e is a different beast. Pgp as an algorithm is actually quite solid, but the amount of effort to make it work on emails is straight up insane. And in the end, subject line does not get encrypted

[–] Matt@lemdro.id 5 points 19 hours ago (2 children)

What we would need on the long run is simply replace email with a common standard

That would be ideal, but realistically, if email ever goes away, it would be replaced with a proprietary locked down ecosystem. Likely a messenger app. Link a WhatsApp or Facebook account and you will get messages and notifications through that. I just do not see current tech companies supporting a new open standard for communication.

Despite all of emails flaws, it is one of the few remaining universal forms interoperable communication with little vendor lock-in. It would be great to have something more modern, but not at the expense of openness and interoperability which is likely what would replace it at the current time.

[–] ZeDoTelhado@lemmy.world 1 points 15 hours ago

That would be a fair concern. Until we collectively understand standards should be open and fairly documented for everyone to use, we are going to have a lot of these "standards but not really" pretty much everywhere (but again, we are asking this of people that also do not see security as being on the top list of considerations. I am sure interoperability is not even know to most)

[–] tiz@lemmy.ml 1 points 17 hours ago

Yeah. I agree they will definitely go with proprietary solution. I would much prefer something like Matrix adopted. But that has to be blow up in popularity to replace emails…

[–] autonomoususer@lemmy.world 1 points 17 hours ago* (last edited 17 hours ago)

They have more power, so they get away with it. Fixing that is not single player. Start with easy stuff, rejecting Discord, Instagram, iOS, and other anti-libre software if you have not already.