I love you @404mediaco, but I really wish I had a password auth instead of the whole "email you a magic link" thing every time I sign in.
-
@dacmot I routinely use RSS but not on every device, frequently enough I come across a link organically and run into these messes!
@vkc definitely sub-optimal.
-
@admin I use a service to generate fake emails for this sort of thing, it's awesome! I can always tell *exactly* who sold my email to folks, or where email leaks came from.
I almost never give out my real email to anyone other than a human I know in the real world.
I have been doing the same thing for years, and I found Linkedin to be one of the big offenders.
-
I love you @404mediaco, but I really wish I had a password auth instead of the whole "email you a magic link" thing every time I sign in.
As someone who deletes all cookies daily across a half dozen devices, it adds a bunch of friction.
@vkc Yeah, I want to log in and read this now, not whenever the email with the magic link percolates through the intertubes.
-
I love you @404mediaco, but I really wish I had a password auth instead of the whole "email you a magic link" thing every time I sign in.
As someone who deletes all cookies daily across a half dozen devices, it adds a bunch of friction.
@vkc @404mediaco 100% agreed. As someone who is not signed in to email on every device, having to click a magic link on my phone and then send the link to my PC, these sign in prompts are a gigantic pain in the ass.
-
I love you @404mediaco, but I really wish I had a password auth instead of the whole "email you a magic link" thing every time I sign in.
As someone who deletes all cookies daily across a half dozen devices, it adds a bunch of friction.
@vkc @404mediaco "Magic Links" are the dumbest "security" I can think of.
-
I love you @404mediaco, but I really wish I had a password auth instead of the whole "email you a magic link" thing every time I sign in.
As someone who deletes all cookies daily across a half dozen devices, it adds a bunch of friction.
@vkc @404mediaco I didn't pay $88 for a YubiKey just to have a website mail a password to my phone so I can log onto my computer.
-
"But Veronica! Why don't you just click the link?"
Because I'm often not signed in to that email provider! "Hang on, let me dig out my phone" is friction, which for some folks might be welcome! But I'm ancient and prefer the old fashioned password prompt, which can sync across all devices without cookies.
@vkc
I understand why 404media does this, but it is annoying and I wish I had an answer for this. -
@admin I use a service to generate fake emails for this sort of thing, it's awesome! I can always tell *exactly* who sold my email to folks, or where email leaks came from.
I almost never give out my real email to anyone other than a human I know in the real world.
@vkc Same! Well, not a service, just wildcard aliases. Although I use hyphens in mine and occasionally sites roll their own validation code and decide hyphens aren't valid
Surprisingly enough, forwarding RFC5322 to customer service usually helps! LolHonestly what I've learned is that most sites -- at least the ones I use -- are fine. Got a wave of spam from friggin Patreon when they got breached years ago...and I now filter out any ActionNetwork links from my feed on here...but that's basically all I've had an issue with in the >10 years I've been doing this.
-
I love you @404mediaco, but I really wish I had a password auth instead of the whole "email you a magic link" thing every time I sign in.
As someone who deletes all cookies daily across a half dozen devices, it adds a bunch of friction.
@vkc @404mediaco
Same here. I thought I was the only one. -
@dacmot I routinely use RSS but not on every device, frequently enough I come across a link organically and run into these messes!
@vkc @dacmot I'm a government contractor. I have a new project in the last few months where we moved our Issues and Git repos into the government client's [Brand Name] cloud project management.
Now every time I want to look at an Issue, if I haven't touched the issue database for 6 hours, I have to CLICK a BUTTON after password login, to SEND a one-time password via email, then go get that code.
I have so many "Mordac, the Preventer of Information Services" situations! It's maddening!
-
@vkc @404mediaco I also complained about it to them before. Hopefully your voice carries more weight.
Like..... some of us have good passwoord hygene and have password managers and such...
Magic links are great... but as an option. Not if they're mandatory@thibaultmol @vkc @404mediaco This also breaks #wallabag for me, as it cannot auto login and retrieve articles.
@404mediaco @wallabag -
@admin I use a service to generate fake emails for this sort of thing, it's awesome! I can always tell *exactly* who sold my email to folks, or where email leaks came from.
I almost never give out my real email to anyone other than a human I know in the real world.
-
I love you @404mediaco, but I really wish I had a password auth instead of the whole "email you a magic link" thing every time I sign in.
As someone who deletes all cookies daily across a half dozen devices, it adds a bunch of friction.
@vkc @404mediaco A service I use occasionally *migrated* to this from good ol' fashioned passwords. It was exasperating.
-
@vkc Same! Well, not a service, just wildcard aliases. Although I use hyphens in mine and occasionally sites roll their own validation code and decide hyphens aren't valid
Surprisingly enough, forwarding RFC5322 to customer service usually helps! LolHonestly what I've learned is that most sites -- at least the ones I use -- are fine. Got a wave of spam from friggin Patreon when they got breached years ago...and I now filter out any ActionNetwork links from my feed on here...but that's basically all I've had an issue with in the >10 years I've been doing this.
@admin @vkc Are you using ++ aliases or something that allow you to generate aliases from a common base, making less obvious your real address ?
I was wondering if there was a way to generate indistinct e mail address on the fly different than using a domain name. I think that using a domain name is a good solution but it makes it easy to correlate my addresses to my real identity no ? -
I love you @404mediaco, but I really wish I had a password auth instead of the whole "email you a magic link" thing every time I sign in.
As someone who deletes all cookies daily across a half dozen devices, it adds a bunch of friction.
@vkc @404mediaco you know what? I'll hop on this bandwagon. Maybe we can be a big enough group to ask nicely, and they'll add it in for us.
-
@mcbaumwolle @admin I use Fastmail which integrates it.
-
@mcbaumwolle @vkc @bane Well, the wildcard alias part of it is done through a domain and mail account I pay for through Namecheap. They call it a "catchall" address, other providers might call it a wildcard alias, but basically *anything* @mydomain will all go to a single inbox. The nice part of that compared to some of the services that generate addresses (not sure if this would apply to Fastmail) is I don't have to do anything to register or set up a new address, which is nice when giving out my email in offline spaces. Although it does get weird when the Jiffy Lube cashier sees my email is 'jiffylube-shop@...' and goes 'Oh you must work for corporate' xD
Of course, I can't leave it that simple
I have a mail server in my basement -- fetchmail pulls incoming mail from Namecheap, and there's a very small shell script that parses it out into different accounts -- so for example anything that ends in '-shop@mydomain' will go into the 'Shopping' inbox, while anything ending in '-pers@mydomain' will go into the 'Personal' inbox. Then dovecot serves those to my devices via IMAP, and any outgoing mail can bounce through an emailrelay instance on the same server and get forwarded back out via Namecheap.I hear trying to send email from a residential IP is a damn nightmare so that's why I route via Namecheap, but there's still both technical and legal benefits to pulling it all local and not leaving it all on third-party server indefinitely....
Does make it possible to correlate to my real identity, especially because my domain for that is my actual name xD But most domain registrars can anonymize the whois information, so it won't be private from law enforcement or something but it should be private enough from randos on the internet...as long as you aren't tying that domain to your real identity in other ways.
-
@mcbaumwolle @vkc @bane Well, the wildcard alias part of it is done through a domain and mail account I pay for through Namecheap. They call it a "catchall" address, other providers might call it a wildcard alias, but basically *anything* @mydomain will all go to a single inbox. The nice part of that compared to some of the services that generate addresses (not sure if this would apply to Fastmail) is I don't have to do anything to register or set up a new address, which is nice when giving out my email in offline spaces. Although it does get weird when the Jiffy Lube cashier sees my email is 'jiffylube-shop@...' and goes 'Oh you must work for corporate' xD
Of course, I can't leave it that simple
I have a mail server in my basement -- fetchmail pulls incoming mail from Namecheap, and there's a very small shell script that parses it out into different accounts -- so for example anything that ends in '-shop@mydomain' will go into the 'Shopping' inbox, while anything ending in '-pers@mydomain' will go into the 'Personal' inbox. Then dovecot serves those to my devices via IMAP, and any outgoing mail can bounce through an emailrelay instance on the same server and get forwarded back out via Namecheap.I hear trying to send email from a residential IP is a damn nightmare so that's why I route via Namecheap, but there's still both technical and legal benefits to pulling it all local and not leaving it all on third-party server indefinitely....
Does make it possible to correlate to my real identity, especially because my domain for that is my actual name xD But most domain registrars can anonymize the whois information, so it won't be private from law enforcement or something but it should be private enough from randos on the internet...as long as you aren't tying that domain to your real identity in other ways.
@admin @mcbaumwolle @vkc Oh okay, you indeed are slightly cyberpunk ;D
Your setup rocks but I certainly won't have the motivation to do the same lmao , i'll just register my domain in my mail provider if it allows it.
I guess you self host your mastodon instance too ? Are you federating easily ? -
@mcbaumwolle @vkc @bane Well, the wildcard alias part of it is done through a domain and mail account I pay for through Namecheap. They call it a "catchall" address, other providers might call it a wildcard alias, but basically *anything* @mydomain will all go to a single inbox. The nice part of that compared to some of the services that generate addresses (not sure if this would apply to Fastmail) is I don't have to do anything to register or set up a new address, which is nice when giving out my email in offline spaces. Although it does get weird when the Jiffy Lube cashier sees my email is 'jiffylube-shop@...' and goes 'Oh you must work for corporate' xD
Of course, I can't leave it that simple
I have a mail server in my basement -- fetchmail pulls incoming mail from Namecheap, and there's a very small shell script that parses it out into different accounts -- so for example anything that ends in '-shop@mydomain' will go into the 'Shopping' inbox, while anything ending in '-pers@mydomain' will go into the 'Personal' inbox. Then dovecot serves those to my devices via IMAP, and any outgoing mail can bounce through an emailrelay instance on the same server and get forwarded back out via Namecheap.I hear trying to send email from a residential IP is a damn nightmare so that's why I route via Namecheap, but there's still both technical and legal benefits to pulling it all local and not leaving it all on third-party server indefinitely....
Does make it possible to correlate to my real identity, especially because my domain for that is my actual name xD But most domain registrars can anonymize the whois information, so it won't be private from law enforcement or something but it should be private enough from randos on the internet...as long as you aren't tying that domain to your real identity in other ways.
-
@admin @mcbaumwolle @vkc Oh okay, you indeed are slightly cyberpunk ;D
Your setup rocks but I certainly won't have the motivation to do the same lmao , i'll just register my domain in my mail provider if it allows it.
I guess you self host your mastodon instance too ? Are you federating easily ?@bane @mcbaumwolle @vkc The mastodon instance is on a VPS, I have been thinking about pulling it literally in-house, but not sure I want my home IP tied to my social media. Feels safer to keep all of this on a different continent
