Welp I guess this is the perfect example of companies not deleting your credentials and account info when asking for it… I deleted my Notion account several years ago. And completely randomly today got an email from them about data retention, assuming this is one of those “important” emails they have to send out. Sadly, years ago I wasnt using email-aliases like I am today, so still stuck with them having my email. Fuck I hate this so much. Thought I’d just share this lesson, use alises my friends!

  • umbrella@lemmy.ml
    link
    fedilink
    arrow-up
    12
    ·
    6 months ago

    tell me more about how you use aliases.

    you just using a new one for every service?

    • lazynooblet@lazysoci.al
      link
      fedilink
      English
      arrow-up
      11
      ·
      6 months ago

      Back when I used self hosted mail, I wrote an extension that requested a new alias based on the domain of the website.

      Like website.net_d5g4j8@mydomain.com

      If the site got compromised I would update the random characters.

      I still have 800+ aliases left over from this. But after moving to hosted mail I never updated the extension.

      • 9point6@lemmy.world
        link
        fedilink
        arrow-up
        5
        arrow-down
        1
        ·
        edit-2
        6 months ago

        Surprisingly little known fact, email addresses actually have the concept of aliases built in (and it’s relatively well supported despite being a bit niche):

        your.email+some.alias@gmail.com

        Will end up in the inbox of

        your.email@gmail.com

        But will retain the alias in the To field

        The downside is that if a sender is particularly shitty it could detect this and remove the alias again.

    • Sunny' 🌻@slrpnk.netOP
      link
      fedilink
      arrow-up
      4
      ·
      6 months ago

      Yes indeed, password managers have the option to do this, at least Protonpass and Bitwarden. While Bitwarden you need to connect a third party email service. But it’s relatively easy, especially with Protonpass as it will automatically suggest to do this when you create an account somewhere.

    • helenslunch@feddit.nl
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      6 months ago

      Yes, exactly like that.

      I’ve had companies just not respect your opt-out preferences. I’ve seen regularly they add new email categories (presumably maliciously) so that they can continue spamming you.

      Less commonly they will sell your contact info to third parties

      With an email alias you can simply disable that address, and any emails sent to it will be bounced back to the sender.

      Also keep in mind that email is one of your main personal identifiers (PID) on the web. When data mining companies buy up information from various sites and services, they use it to link together your activity in order to expand your profile.

    • toynbee@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      6 months ago

      With self hosted email and at least Proton Mail (and probably other paid solutions), you can set up a “catch all” address. With that, any non existing email gets redirected to one; for me, I have spam@domain.com so, while myname@domain.com goes to my inbox, thisaddressisinvalid@domain.com and, I don’t know, walmart@domain.com both go to spam@domain.com. I don’t need an individual entry for every alias and I can specifically block any address that’s particularly spammy or compromised.

      I hear that you can have a similar setup with something called SimpleLogin, but I’ve never tried that.

  • NeroC_Bass@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    6
    ·
    6 months ago

    I got an email from century link yesterday asking how my service was, when I had it disconnected 8 years ago, and I got one from apple today about my account, when I deleted it 10 years ago. They don’t care.

    • Scolding0513@sh.itjust.works
      link
      fedilink
      arrow-up
      3
      ·
      6 months ago

      yep, they couldnt give two shits, and all the lawsuits in the world are too weak to do anything meaningful.

      Always protect yourself first and foremost, never trust anyone unless you have to!

  • cosmicrookie@lemmy.world
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    6 months ago

    This I would reply and CC my local data authority at the same time, asking for the info that the data authorities need when you file a complaint

    Company official name, address, registration number and preferred means of communication with the data authority (phone number, email address, post adress)

  • youmaynotknow@lemmy.ml
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    6 months ago

    This is a shit show. But from what I’ve been able to see, when you remove yourself from the companies, as time goes by, there’s not much of the data you leave behind that can be easily visible to others, other than whatever company has your data, or who they choose to sell it to.

    I haven’t been in any social network for over 8 years now, except X, that I killed my account, coincidentally, the day before the acquisition was announced. Last night I did a Google search for my name in my country, and another one global, and the only place I found info about me, after digging down 30+ pages, was linked-in, which my wife manages for our business. Granted, they all probably hold all the data they got from me when I was stupider, but I’m sure they understand how useless data becomes over time if it’s not updated.

    I guess my advantage is that I used Gmail accounts for absolutely everything back then, and since I killed all of them, I never get emails from anyone I’m not directly associated with.

    • cosmicrookie@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      6 months ago

      When you ask them to delete your account they should delete your account. There is no excuse for them to have your contact information if you dont have an account with them

      • kevincox@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        6 months ago

        Often what happens is that when you sign up they also make an API call to their email list service. Then when you delete your account they remove you from their DB but often forget to remove you from the other services. This obviously isn’t acceptable but often not intentional.

        • cosmicrookie@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          6 months ago

          In Europe you have to opt in to newsletters. Companies are not even allowed to have the opt in field pre checked!

          You activelly need to tick the opt in check box.

          • hikaru755@feddit.de
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            6 months ago

            Except the email in question is not a newsletter. Companies often use separate mail list services for important product announcements and similar things as well. Obviously there should be a process in place that removes you from these external services too when you delete your account, but I assume this is what broke down in this case

          • kevincox@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            6 months ago

            This is also true in lots of places like Canada and (IIUC) California. But very frequently it doesn’t happen. In Canada you can report it but then nothing happens.