Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Websites grabbing your email address the moment you merely visit them  (Read 1988 times)

Weaver

  • Kitizen
  • ****
  • Posts: 4004
  • Retd sw dev; A&A; 3 7km ADSL2; IPv6; Firebrick
Logged

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3275
Re: Websites grabbing your email address the moment you merely visit them
« Reply #1 on: August 11, 2016, 03:24:35 PM »

Depressing.   >:(

As a rule whenever a website, even one that I trust, requires me to 'Register', or even just supply an email address, unless there is no other option, I leave the site and take my business elsewhere.  Sometimes, like paying utility bills, it can be done by phone instead, which I generally also do.

But modern life would be impossible without making exceptions to that rule, and I just haven't the time or the legal skills to pour over T&C of every website to see if they might be participating in dirty (but legal) tricks such as this.  :(
Logged

Weaver

  • Kitizen
  • ****
  • Posts: 4004
  • Retd sw dev; A&A; 3 7km ADSL2; IPv6; Firebrick
Re: Websites grabbing your email address the moment you merely visit them
« Reply #2 on: August 11, 2016, 03:30:03 PM »

In this case it seems to be that the breach of trust begins with Facebook or similar, as they're the only people who know your email address to begin with.
Logged

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3275
Re: Websites grabbing your email address the moment you merely visit them
« Reply #3 on: August 11, 2016, 04:53:47 PM »

In this case it seems to be that the breach of trust begins with Facebook or similar, as they're the only people who know your email address to begin with.

Indeed, but thinking more upon the 'exploit' since it depends upon getting a 'respectable' site to play ball.... I wonder if it can be largely mitigated by forming a habit of always logging out when done, which is an excellent habit at the best of times?   

I would expect 'respectable' services to delete cookies that identify a specific individual once they log out.  Moreover, if the same exploit continued to work after logging out, and the computer were shared between different people, the email address might be wrong.  That would make it much less valuable for onward sale. :-\
Logged

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4948
Re: Websites grabbing your email address the moment you merely visit them
« Reply #4 on: August 11, 2016, 05:01:59 PM »

Tons of sites share email's out its a sad state of affairs.

A couple of years ago I did some tests with spare domains and about 200 email accounrs, about 100 were used to sign up to various forums, game sites, news subscriptions, and posting on blogs (which for some reason require you to enter a email address, odd eh),

Over half of the email addresses started getting spam shorty after been used.  The unused email accounts did not get a single spam and I could see from mail logs then spam was 'not' sent out speculatively (like random@domain.com), they knew these were live addresses.
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3275
Re: Websites grabbing your email address the moment you merely visit them
« Reply #5 on: August 11, 2016, 05:24:52 PM »

This is more than just sharing email though, it's much more targeted.

You might for example be browsing a website for some hotel chain you are thinking of using, and have never used, but you decide against it before giving them any details.   And a few days later, you get a personalised email from the hotel chain... they got your email just from you visiting their site.

Weaver's link explains how it's done.
Logged

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4948
Re: Websites grabbing your email address the moment you merely visit them
« Reply #6 on: August 11, 2016, 05:29:49 PM »

yes there is tracking for targeted advertising, but the worst part of it is them getting the email address, without that they cannot send you the spam.
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2309
Re: Websites grabbing your email address the moment you merely visit them
« Reply #7 on: August 11, 2016, 05:47:15 PM »

I often make up fake email addresses for the domain I'm visiting if an email is required, if they require further info I've often entered the websites phone number as well. I've often entered "I just want a price" as my name as well.
Logged

renluop

  • Kitizen
  • ****
  • Posts: 2685
Re: Websites grabbing your email address the moment you merely visit them
« Reply #8 on: August 11, 2016, 05:59:22 PM »

@Ronski
I do as you do, and also with sites that are hopeless to unsubscribe from, where a new false address does wonders.
Logged

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3275
Re: Websites grabbing your email address the moment you merely visit them
« Reply #9 on: August 11, 2016, 07:06:24 PM »

Another tactic, if you have your own domain, is to register with the real domain but a modified user name, eg if registering with Vodafone instead of 7lm@... I might use 7lm-Vodafone@...

I still get the emails as it passed to the 'catchall'.    But if I subsequently receive spam addressed to 7lm-Vodafone, at least I know who to blame.

For clarity Vodafone is just an example, I tried the above tactic with them and three years on, not a single spam.  Vodafone are clean. :)
Logged

LordFox

  • Just arrived
  • *
  • Posts: 18
Re: Websites grabbing your email address the moment you merely visit them
« Reply #10 on: August 11, 2016, 10:24:49 PM »

It really is time that governments made some useful laws regarding the internet, instead of just making ones allowing more censorship and spying on us. Like making automatic opt-in completely illegal.

When the internet was still young, I bought a catch-all email account from Clara. MY SOP has always been to make unique addresses for every entity I gave an address to. None of them existed as a configured address anywhere; I manually changed the headers when replying to anything incoming from them and most were never even sent to.

Over the years, I estimate about 75% of those have ended up on spam lists. I used to follow it up with the companies who had the address and only ever met with stone-walled silence and outright denials.

Still, the account was highly usable and received relatively little spam. What it did receive was easily dealt with as I just added the above addresses to my bin list.

That is until Plusnet 'lost' some personal data somewhere, including many users' unique-to-PN billing addresses. Whoever they lost it to now sends hundreds of spam emails per day and has figured out that they can use different addresses to the main account domain. All of them are similar enough to know it was this 'loss' that has caused it, but not so similar that I can easily blanket-bin them. It's now a case of just bailing out the boat and patching up the holes continually. Thanks to PN my nice email address that I had for many, many years is ruined.

This is the sort of thing that should be illegal!

/rant, lol.
Logged
PN 80/20 FTTC with /29 subnet. Zyxel VMG8324 modem. Mikrotik RB850Gx2 Router. T1600G-52TS switch. HE IPv6 tunnel.

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4948
Re: Websites grabbing your email address the moment you merely visit them
« Reply #11 on: August 11, 2016, 11:32:09 PM »

I often make up fake email addresses for the domain I'm visiting if an email is required, if they require further info I've often entered the websites phone number as well. I've often entered "I just want a price" as my name as well.

yeah I use fake addy's when replying to blog posts and the like as they dont check them.

When registering for companies I use email's just for them e.g. my sky account uses sky@mydomain, for mobile its ee@mydomain.  Interestingly sky havent sold my email address, no spam at all, but ee gets bombarded.

Another indication of a selling of details is if the spammer happens to guess your name right as well.
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

Weaver

  • Kitizen
  • ****
  • Posts: 4004
  • Retd sw dev; A&A; 3 7km ADSL2; IPv6; Firebrick
Re: Websites grabbing your email address the moment you merely visit them
« Reply #12 on: August 12, 2016, 02:21:12 PM »

As well as using fake addresses, I have contemplated using temporary, disposable email addresses. It's very easy for me to generate them, just have to remember to switch them off.
Logged
 

anything