A requirement beyond an email address to unsubscribe from an email newsletter is illegal in most western countries.
What's wrong with filtering their domain?
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
A requirement beyond an email address to unsubscribe from an email newsletter is illegal in most western countries.
What's wrong with filtering their domain?
That looks like a proper request to disable 2FA. Their problem is requiring login to unsubscribe from newsletter emails, which is total BS.
If support won't take your email out of their list, just block the address / domain and move on, I guess.
I wouldn't give them any extra personal info after what happened.
Additionally use any report functionality at your disposal, which may cause some mail providers to block them or cause them to offer proper opt out in the future.
All marketing emails are supposed to have a simple opt out without needing anything other than your email address.
This is what I do when I can't unsubscribe in a minute. No reason to waste time on this, it is a solved problem.
It's probably not for marketing emails. They probably require login to disable account alerts. Imagine a threat actor gets access to your account, turns off transaction alerts so you aren't notified, then transfers out all your crypto.
I'm certain the marketing emails don't require login to unsubscribe.
OP is receiving newsletters
Unsubscribing and disabling 2FA seem like two different things.
Probably an unpopular opinion - but I actually think requesting overriding 2fa is a big deal and companies shouldn't do that lightly. If I had a lot of money in crypto I would sure hope the exchange would scrutinize a request to turn off 2fa. And if op had saved their backup words they wouldn't have been in this situation.
Now requiring that to change an email subscription is not great, but again - turning off 2fa without the proper backup options should be difficult and scrutinized.
For bypassing 2fa this does seem reasonable. But anyone who can access the email address should have the permission to unsubscribe from messages.
For example on my service there is the concept of a "primary email" which is the only one that can be used to reset the password. But even if you have lost the password and access to your primary email you can still unsubscribe any other email from notifications as long as you can show access to that particular email. You won't regain access to the account but you can turn off emails.
For marketing emails I totally agree.
For important account security and verification emails, no I don't think that should be done without being able to log into the account.
If somebody breaks into your email, they shouldn't be able to compromise everything silently
This is a good point. Maybe you could have some sort of exit plan such as 3 emails confirming that you have been unsubscribed at 1d, 30d and 365d. This way if the email takeover is temporary then the user will eventually see a warning but there is still a finite amount of emails still to be received.
It isn't perfect, because an attacker could set up filters or something so that these aren't noticed. But at this point the attacker could set up a filter to hide the regular account emails so it really isn't any worse.
I think in most cases confirming you own the email should be sufficient to unsubscribe.
In high security situations there should be a more extensive method, but it should still be possible. Perhaps the timed unsubscribe, i.e. a month of access. Or mailing a letter to the account holders address. (I.e. take 4 weeks to give the account holder time to opt out)
ahh, the sponsor from LTT that mined your PC while at idle :)
I actually made enough each month to pay rent for almost 2 years during the Covid pandemic (subtracted the energy bill).
You should just block them. Otherwise try with ai generated images, i heard midjourney works really good. But if you wanna cause damage threat to sue them if they dont whant to unsubcribe. You can probably do it since you are on european union and they take this type of shit seriously afaik, probably could do something aboit the money you lost too if it turms out they where being fishy aboit it.
Thanks. Im not gonna sue them, but I might report that if I find the right address. Ill first wait for their response to my last email. Thx for input
If you really want to be keep using the service, get a non watermarked random guy's pic (he must be holding something) from the internet, write what they want on a paper and edit the pic so that the guy is holding what you wrote. This might not work because of the personal ID requirement but trying it doesn't hurt.
They usually have a face detection algorithm running along with ocr and rarely check if this is a stock photo. I need to use Instagram to be in the loop. They blocked my account for using Barinsta so I did this and they unblocked it.
Hehe this made me laugh. Thank you!
Your story is also about nicehash? I might do that if I manage to digure out that pic. I will try
No. I was banned from Instagram. Good luck! Hope it works for you :p
Don't send any data that you haven't sent already! Just block 'em f out, feels so nice :D Or they'll demand a nude selfie next time!
If I ever send picture it will be nude selfie for sure 😂
I can't speak for Europe, but a certified letter saying in no uncertain terms that you don't wish to be contacted again, sent to their legal department should carry the day.
If you have a lawyer friend, bonus points for saying all future correspondence must go through your legal representative, and no other methods (email, phone, sms) are welcome. I believe that notice carries legs in the US.
In europe I suspect the GDPR should let you get all your data, and account removed without jumping through their hoops.
If its just to verify does that mean they already have the information on record, like their picture? If not whats stopping someone from using someone elses picture and photo editing in the requirements?
I would just block their shit in email
Yup. I try to unsubscribe nicely once. If it isn't honored they are going straight on my provider's spam list.
I mean, just mark as spam?
It hurts them more if a bunch of people mark them as spam and it becomes a trend doesn't it? Just seems like a design issue on their part.
I always figured that companies generally wanted to avoid that.
I'd setup a thing to auto-mark them as spam and forget about it. CAN-SPAM and FTC guidelines dictate that for non-transactional emails like newsletters, the user must be able to unsubscribe without a fee and without requiring a login. IDK anything about European law.
You could block them and the emails will be sent to your spam folder.
It is in spam all the time, I just found some non-spam e-mails there. Trying to clean the folder a bit now
If it's just the newsletters that bug you then just use a filter that automatically deletes them.
I do this on my email account I use for websites I don't trust too much and will probably sell the email address for advertising purposes. Sometimes they then subscribe me to their newsletter and the unsubscribe button in the newsletter is often fake. So I use filters that delete them immediately.
Thx, thats what will happen unless I unsubscribe somehow
well at least they provide this as an option. usually if you lose your 2fa, hardware keys (such as android phones) AND recovery codes, your account is gone. period.
there's literally no other way to confirm your identity without something like id or a credit card if your credentials are gone.
That's stupid and illegal in Europe since you only want to unsubscribe from emails. The few sites for which the unsub button does nothing, I usually contact them and tell them they are breaking the EU law and if they don't stop, I will report them. Works all the time.
You should report them either way.
Report where?
In the UK there is Trading Standards and a relevant ombudsman (ofcom for communications for example), as well as the Information Commissioner's Office for something specific like reporting a company for spam, there should be something similar wherever you are.
In my experience a rude reminder to the company that you don't want to receive their emails and that by not giving you an easy way to unsubscribe they are breaking the law and that you will (or have) reported them to the relevant bodies, is enough to get them to stop.
Thx
For anyone curious, it's illegal in the US too, and you can threaten to report them to the FTC for violation of the CAN-SPAM act.
What happens if you just send the example selfie instead of your own? Do they actually check it?
I might try that, but doesnt look promising
If you asked to delete or alter the account, then it makes sense. To unsubscribe from emails... Well normally not but I guess it's financial information, and you can't use 2FA, so I guess it makes sense that they need to protect themselves.
If you never used a document to sign up, then it's ridiculous to ask for more information... Not sure if it's actually illegal though, as long as they handle the data correctly.
It would be less morbid if they were asking for documents, but selfie comon...
They are not providing anything important to my email, its just crap like:
Why should you overclock your GPUs? Help us make NiceHash better! Etc
Im contacting them from the same email tho. Obviously company I dont trust and I have to stick to spam folder it seems
Documents don't help against identity theft. I guess selfies don't either in the age of deepfakes, but it gives them plausible deniability.
The problem here is that you lost the 2FA, so that makes it difficult.
But yea as long as it's just emails from a company you don't care about, setting them as spam is the easiest solution.
I felt bad for the person being manipulated like this but then I saw that this was a cryptomining service and I approve of this as a punishment
Hehe, I dont blame you for approving that as a punishment. I feel lucky for not losing more than 50-100$
If it's just a newsletter I would set up a mailbox filter that just sends all of their mail to the trash. GMail makes this pretty easy (highlight a spam message, select "filter messages like these" from the top menu), but idk how to do it on other mail servers.
Are they considered a bank? Because a be'abnk had to verify your identity and for that they can use a copy of your id.
Nothing says decentralized currency like having a corporation that controls your assets 😋
How exactly does that verify that you are the owner of the mentioned account nor verify legitimate interest in withdrawing consent from being included in their marketing campaigns!?