Hello nice people,
I’ve been using NiceHash app for some time 5-6 years ago. (It was a simple app for mining cryptocurrency and you get paid in bitcoin on their wallet, then you could transfer bitcoin to another wallet.) It was working fine until they got hacked (or fooled us) and lost all crypto. Luckily I didn’t loose much like some guys did. I decided not to use the service anymore and I’m still receiving stupid e-mail newsletters. I tried to unsubscribe and It asks me for login, I know password, but don’t have 2fa anymore. Also I don’t have backup 16 words.
Now support told me that this is the only way and I feel ridiculous about taking selfie just to unsubscribe. Am I protected against this somehow? I live in Europe and I think Nicehash is located in neighbourhood.
And of course I never wanted to subscribe…and I don’t think I ever verified account with a document.
What are my options other than just filtering that shitty domain as spam?
edit: typo
candle_lighter ( @candle_lighter@lemmy.ml ) English102•10 months agoNothing says decentralized currency like having a corporation that controls your assets 😋
betwixthewires ( @betwixthewires@lemmy.basedcount.com ) 59•10 months agoA requirement beyond an email address to unsubscribe from an email newsletter is illegal in most western countries.
What’s wrong with filtering their domain?
IgnacioM ( @IgnacioM@lemmy.ml ) English38•10 months agoUnsubscribing and disabling 2FA seem like two different things.
OsrsNeedsF2P ( @OsrsNeedsF2P@lemmy.ml ) 30•10 months agoGDPR allows for the company to verify your identity before proceeding with deletion. Source: https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/dealing-citizens/how-should-requests-individuals-exercising-their-data-protection-rights-be-dealt_en
[The company] can ask [you] for additional information in order to confirm the identity of the person making the request.
Blizzard ( @Blizzard@lemmy.zip ) English40•10 months agoBut if OP did not provide “selfie” during registration, providing it now doesn’t help confirming his identity so it doesn’t fall into that category. I would aks them how do they justify that and if they are trying to discouraged me from deleting the account.
Also, Im not trying to delete account (but that eould be ideal), Im just trying to unsubscribe. I guess it doesnt matter here FML 😂
Schlemmy ( @Schlemmy@lemmy.ml ) 9•10 months agoThey should unsubscribe you by simple request and only need your e-mail for that. You could verify by clicking a link in an unsubscribe email.
Schlemmy ( @Schlemmy@lemmy.ml ) 11•10 months agoThey can’t ask for more information than what they needed to create your account.
But maybe they’re seen as a bank and then they have to confirm your identity with a copy of your id.
Ive never heard of bank asking selfie. I wouldnt even provide ID, but that would make bit more sense
Kissaki ( @Kissaki@feddit.de ) English3•10 months agoIn Germany I’ve had multiple contracts that needed identification. They use trustworthy third party services for verification though.
Schlemmy ( @Schlemmy@lemmy.ml ) 1•10 months agoKYC (Know Your Costumor) Here you have a small overview.
When you create an account online, a selfie along with a copy of your id is deemed minimal verification.
Ive used face scanning on some other crypto service, but didnt know its a thing in banking. Thanks for sharing, but it still doesnt explain why I need that just to unsubscribe. I could accept that they are trying to protect me, but they obviously have diferent plans. My experience and recent communication with support proved NiceHash is ran buy toxic garbage and not by people who run a bank or anything close to that.
Schlemmy ( @Schlemmy@lemmy.ml ) 1•10 months agoThey need to be sure it’s you who’s unsubscribing, I suppose. There’s been enough social engineering to not rely on emails only.
I see that selfie is the only solution to unsubscribe (if not involving lawyer or just spam filter).
I understand what you are saying, but If I lost my email why would they send newsletter to a new owner? It just makes no sense since 99% can be unsubscribed with no login or whatever they ask.
Sorry, its hard to accept any safety meassure as explanation due to bad reputation of NiceHash. Also after talking to human support I just feel even less safe tbh, but it doesnt surprise me at all, its company that took my crypto back in a day.
Ill try fake pic when I get some time to burn
Thanks for the link. Feels bad tho 😭 gdpr gave me Accept/Reject cookies and some more pain as a bonus it seems 😂
Schlecknits ( @Schlecknits@feddit.de ) 12•10 months agoGDPR didn’t give you cookie banners, it’s shitty websites that do.
If they were to just follow activated “Do not Track”-Preferences, they wouldn’t need to ask, instead they would deactived them by default. Or you could just not use cookies, it’s not like somebody forces you to give cookies out to your website’s users.
ReversalHatchery ( @ReversalHatchery@beehaw.org ) 6•10 months agoRead the other replies to the parent comment. This is not on GDPR.
rolandtb303 ( @rolandtb303@lemmy.ml ) 27•10 months agoahh, the sponsor from LTT that mined your PC while at idle :)
cordlesslamp ( @cordlesslamp@lemmy.today ) 5•10 months agoI actually made enough each month to pay rent for almost 2 years during the Covid pandemic (subtracted the energy bill).
ExoMonk ( @ExoMonk@beehaw.org ) English5•10 months agoI made enough to pay for the 3080 I was mining on and heat my office in the winter at the same time.
iamak ( @iamak@infosec.pub ) 14•10 months agoIf you really want to be keep using the service, get a non watermarked random guy’s pic (he must be holding something) from the internet, write what they want on a paper and edit the pic so that the guy is holding what you wrote. This might not work because of the personal ID requirement but trying it doesn’t hurt.
They usually have a face detection algorithm running along with ocr and rarely check if this is a stock photo. I need to use Instagram to be in the loop. They blocked my account for using Barinsta so I did this and they unblocked it.
Hehe this made me laugh. Thank you!
Your story is also about nicehash? I might do that if I manage to digure out that pic. I will try
iamak ( @iamak@infosec.pub ) 1•10 months agoNo. I was banned from Instagram. Good luck! Hope it works for you :p
jet ( @jet@hackertalks.com ) English9•10 months agoI can’t speak for Europe, but a certified letter saying in no uncertain terms that you don’t wish to be contacted again, sent to their legal department should carry the day.
If you have a lawyer friend, bonus points for saying all future correspondence must go through your legal representative, and no other methods (email, phone, sms) are welcome. I believe that notice carries legs in the US.
In europe I suspect the GDPR should let you get all your data, and account removed without jumping through their hoops.
AnonTwo ( @AnonTwo@kbin.social ) 7•10 months agoI mean, just mark as spam?
It hurts them more if a bunch of people mark them as spam and it becomes a trend doesn’t it? Just seems like a design issue on their part.
I always figured that companies generally wanted to avoid that.
Extras ( @Extrasvhx9he@lemmy.today ) 7•10 months agoIf its just to verify does that mean they already have the information on record, like their picture? If not whats stopping someone from using someone elses picture and photo editing in the requirements?
They dont have a picture, but they have some information, probably a minimum that was required to create account. I dont remember exactly, it was long time ago. Photo editing requires skill and time. Maybe I can ask AI 😂
glacier ( @glacier@lemmy.blahaj.zone ) 6•10 months agoYou could block them and the emails will be sent to your spam folder.
It is in spam all the time, I just found some non-spam e-mails there. Trying to clean the folder a bit now
olorin99 ( @olorin99@artemis.camp ) 4•10 months agoWhat happens if you just send the example selfie instead of your own? Do they actually check it?
I might try that, but doesnt look promising
Vexz ( @Vexz@kbin.social ) 4•10 months agoIf it’s just the newsletters that bug you then just use a filter that automatically deletes them.
I do this on my email account I use for websites I don’t trust too much and will probably sell the email address for advertising purposes. Sometimes they then subscribe me to their newsletter and the unsubscribe button in the newsletter is often fake. So I use filters that delete them immediately.Thx, thats what will happen unless I unsubscribe somehow
voxel ( @vox@sopuli.xyz ) 3•10 months agowell at least they provide this as an option. usually if you lose your 2fa, hardware keys (such as android phones) AND recovery codes, your account is gone. period.
there’s literally no other way to confirm your identity without something like id or a credit card if your credentials are gone. ReversalHatchery ( @ReversalHatchery@beehaw.org ) 3•10 months agoEmail is a perfectly fine second factor for recovery, at least when it was unchanged for so many years
kevincox ( @kevincox@lemmy.ml ) 6•10 months agoThat is your opinion. Personally if I have a password + 2FA configured for an account I don’t want anyone without access to those two things getting in. Ideally this would be configurable per-account, this way people who are fine trusting their email can do that and those who aren’t can not allow that.
But it is a question of security versus access. Some people would rather lose access to an account than give someone else access.
Schlemmy ( @Schlemmy@lemmy.ml ) 2•10 months agoAre they considered a bank? Because a be’abnk had to verify your identity and for that they can use a copy of your id.