Welp I guess this is the perfect example of companies not deleting your credentials and account info when asking for it… I deleted my Notion account several years ago. And completely randomly today got an email from them about data retention, assuming this is one of those “important” emails they have to send out. Sadly, years ago I wasnt using email-aliases like I am today, so still stuck with them having my email. Fuck I hate this so much. Thought I’d just share this lesson, use alises my friends!
Send a GDPR demand to delete your data.
Don’t sweat it pal, i got emails from FedEx for 8 years.
Yeah, I really shouldn’t. It’s just annoying, that’s all.
tell me more about how you use aliases.
you just using a new one for every service?
Back when I used self hosted mail, I wrote an extension that requested a new alias based on the domain of the website.
Like [email protected]
If the site got compromised I would update the random characters.
I still have 800+ aliases left over from this. But after moving to hosted mail I never updated the extension.
Surprisingly little known fact, email addresses actually have the concept of aliases built in (and it’s relatively well supported despite being a bit niche):
Will end up in the inbox of
But will retain the alias in the To field
The downside is that if a sender is particularly shitty it could detect this and remove the alias again.
This is what I use today. However spammers can easily remove the plus address to send email normally so isn’t quite so effective.
What frustrates me is so many websites strip the ‘+’ from the address, either as inline JavaScript or even worse, after submission.
Note: not every provider supports this.
Also, gmail addresses ignore periods. [email protected] and [email protected] will end up in the same inbox
Yes indeed, password managers have the option to do this, at least Protonpass and Bitwarden. While Bitwarden you need to connect a third party email service. But it’s relatively easy, especially with Protonpass as it will automatically suggest to do this when you create an account somewhere.
With self hosted email and at least Proton Mail (and probably other paid solutions), you can set up a “catch all” address. With that, any non existing email gets redirected to one; for me, I have [email protected] so, while [email protected] goes to my inbox, [email protected] and, I don’t know, [email protected] both go to [email protected]. I don’t need an individual entry for every alias and I can specifically block any address that’s particularly spammy or compromised.
I hear that you can have a similar setup with something called SimpleLogin, but I’ve never tried that.
Yes, exactly like that.
I’ve had companies just not respect your opt-out preferences. I’ve seen regularly they add new email categories (presumably maliciously) so that they can continue spamming you.
Less commonly they will sell your contact info to third parties
With an email alias you can simply disable that address, and any emails sent to it will be bounced back to the sender.
Also keep in mind that email is one of your main personal identifiers (PID) on the web. When data mining companies buy up information from various sites and services, they use it to link together your activity in order to expand your profile.
I got an email from century link yesterday asking how my service was, when I had it disconnected 8 years ago, and I got one from apple today about my account, when I deleted it 10 years ago. They don’t care.
yep, they couldnt give two shits, and all the lawsuits in the world are too weak to do anything meaningful.
Always protect yourself first and foremost, never trust anyone unless you have to!
This I would reply and CC my local data authority at the same time, asking for the info that the data authorities need when you file a complaint
Company official name, address, registration number and preferred means of communication with the data authority (phone number, email address, post adress)
this is the company that Skiff sold out to. sad.
This is a shit show. But from what I’ve been able to see, when you remove yourself from the companies, as time goes by, there’s not much of the data you leave behind that can be easily visible to others, other than whatever company has your data, or who they choose to sell it to.
I haven’t been in any social network for over 8 years now, except X, that I killed my account, coincidentally, the day before the acquisition was announced. Last night I did a Google search for my name in my country, and another one global, and the only place I found info about me, after digging down 30+ pages, was linked-in, which my wife manages for our business. Granted, they all probably hold all the data they got from me when I was stupider, but I’m sure they understand how useless data becomes over time if it’s not updated.
I guess my advantage is that I used Gmail accounts for absolutely everything back then, and since I killed all of them, I never get emails from anyone I’m not directly associated with.
When you ask them to delete your account they should delete your account. There is no excuse for them to have your contact information if you dont have an account with them
Often what happens is that when you sign up they also make an API call to their email list service. Then when you delete your account they remove you from their DB but often forget to remove you from the other services. This obviously isn’t acceptable but often not intentional.
In Europe you have to opt in to newsletters. Companies are not even allowed to have the opt in field pre checked!
You activelly need to tick the opt in check box.
This is also true in lots of places like Canada and (IIUC) California. But very frequently it doesn’t happen. In Canada you can report it but then nothing happens.
Except the email in question is not a newsletter. Companies often use separate mail list services for important product announcements and similar things as well. Obviously there should be a process in place that removes you from these external services too when you delete your account, but I assume this is what broke down in this case
I have a hard time believing they actually delete anything.
Had the same experience with Lydia advertising their new brand name by email yesterday.
deleted by creator
I’d even recommend going one step further and deleting their account, but I didn’t read the post
:p i keed
