Reddit account for 13+ years. Constantly prompted to provide email. Have no desire to have any personal information in it whatsoever, so never provided any. However, it is the only account I’ve ever used for extensive long term discussion and community involvement. Thousands of comments in discussions with other folks on topics I’m interested in. Logged in from many different locations and platforms over the years. Opted to never enter an email. Have never forgotten password, never needed to reset password. Didn’t care about recovery. If the account is lost, so be it. Logged in recently to a banner saying my account has been “suspended for suspicious activity security reasons” and the above message. The only way to recover the account is to “reset the password by entering an email”. Created a random anonymous email online, entered it as a fresh new email never provided before, reset link shows up in email, reset password, back in the account.
If I had to make a cynical skeptical guess - looks like an obvious stunt in advance of the IPO to grab a bunch of emails for accounts that didn’t have emails in order to drive up account metrics used for valuation. Side note, I did receive the IPO invitation.
I spend more time on Lemmy now because the phone apps are awesome. I only hang on to Reddit because there are some communities that exist there that don’t have Lemmy equivalents. But I have been thinking about running one of those account comment / post scramblers and then deleting. This is bringing me closer to that decision.
Time to let go
All the more reason to use something like SimpleLogin. Sure they can have my email, but it’s unique to them and can’t be linked to me for data harvesting that easily.
single use email. might as well have your username@reddit.com as your email address
I’m not surprised, I started receiving bans as soon as there were rumors of an IPO. Everything about the site experience has degraded since then. I still check it from a few teddit/libreddit instances, but otherwise never giving reddit a single monetizable gesture ever again.
Based.
How would this provide any measure of security if your account had been hacked? So the hackers just need to provide literally any email address? That doesn’t pose much of a barrier.
I think newer accounts can only be created, when providing an email address. There may be some old accounts that don’t have an email address associated. So, in most cases, you’d just be able to restore the account if you have access to both the account password and the email address. This breaks apart, if there’s no email address associated so I think they provided this way of recovery although it doesn’t improve security since it only applies to very few accounts?
So you think it’s just a mistake overlooking a small number of accounts? Seems possible. I am curious how many such accounts there are.
Not quite. If they had overlooked a few accounts, they’d probably not even implemented that function. They’d just said "well, if you forget your password - or need to change it - you need to use the forgot password workflow that sends an email. Everyone without an email Adresse associated with their account would be SOL.
Since they implemented it, they are aware of such accounts. But since “providing freely any email address for a password reset” makes absolutely no sense, this should only work for this special case - accounts without an associated email address.
Whether it’s only done for unlocking accounts, whether this would have also worked when clicking on “Forgot Password” or whether this account lock and unlocking workflow might even be intentional to associate an email address to such accounts, is unknown (to me)
Last time I checked, you can still make one without an email, but you have to click on a very small ambiguous hyperlink during creation. It’s possible this is no longer the case.
Being able to make throwaway accounts has been the back bone of Reddit for a long time. People want a right to privacy.
Damn that sucks, sorry your not a legacy user anymore.
This happened to me several years ago on a similarly old account. I don’t think it was actually compromised, and I had no way to recover it as I had never set an email.
Same exact situation. This is what I thought was meant by “Reddit Email Grab” they were deliberately culling non-emailed accounts.
Leopardsatemyface
I avoided all this by creating a unique Gmail address ages ago and set the Reddit account just to that email. Then set up two factor authentication on everything.
It’s a pain but whenever I jump into a new social media account I create separate emails and separate authentications to everything.
If the account ever gets compromised, I don’t really care because it was setup as a standalone account. If the service gets weird like what happened to Reddit, I was able to just delete the account content, delete the account and none of it was directly identified or connected to any of my actual services I use.
I’ve done the same with Lemmy and every other service I want to try out but am unsure of.
I had Reddit for ten years and I felt safe and happy dumping my account.
Hopefully the same won’t happen to Lemmy but no one ever knows how these things will pan out.
Check out Anon Addy or Simple Login. The second one is partnered with Protonmail. They are automated email forwarding. I generate a random email for every account. You can also turn on and off said emails. Not affiliated with either, just a happy customer.
there’s also mozilla relay thingy
Yeah because this very server doesn’t also require you to verify your emails 🙄
OP’s account is on SJW and that instance does not require email verification. Plenty of instances don’t.
My client is showing lemmy world 🤷♂️
Either way any server with a hint of popularity is going to require it. They are just looking to be pissed off.
The post ist on lemmy.world
I didn’t know what to tell you. My client is showing@lemmy.world. this isn’t the first time I’ve seen sync fuck up so I don’t doubt you 🤷♂️
OP’s account is @v4bttcza@sh.itjust.works. You can post on pretty much any federated instance as long as you have a valid federated account. I’m replying to you from an account on an mbin instance.
(long string of numbers) @ mailinator.com?
OP highlights some damage caused by data harvesting, that is not widely spoken: users reacting against providing data to sites or software, even when doing so might potentially increase the security of their data.
Including myself. Frankly? If I got the same message as the OP, my knee-jerk reaction would be: “oh great they’re trying to associate my Reddit account with my e-mail, and my e-mail with everything else, for the sake of data profiling. The claim that it’s for my security is probably bull fucking shit.”
The worst part? As a wise man once said, “just because you’re paranoid doesn’t mean that they aren’t after you”. …okay, I’m joking about Kurt Cobain being a wise man, but not about the rest - the risk that the “it’s for your protection, your user, chrust us” discourse is bullshit and that they want to sell your data is very real.
Bro u gotta go delete all ur old content give them nothing
doesn’t work. They have that shit locked down.
Huh i deleted all my content i got some js code to do it somewhere if ya want it.
I would double check that. I deleted an old account only to find it still up. I then proceeded to deleted EVERY. SINGLE. POST. on that account.
Guess what. They’re still up.
They have backups and the ability to see mass edits. Guaranteed they are selling the undamaged data.
Im sure they are but users cant see it and ive been noticing a lot of deleted content in reddit chains when googling for answers its nice to contribute to the destruction of human knowlege now and then.