Privacy

30856 readers

388 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

401

When privacy expires: how I got access to tons of sensitive citizen data after buying cheap domains (inti.io)

submitted 3 months ago by [email protected] to c/[email protected]

33 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 20 points 3 months ago* (last edited 3 months ago) (1 children)

This needs a government / IEEE / domain registrar policy of some sort. Maybe it should simply be that all expired domains are put into stasis for 10 years.

If you want to buy it and have access to it sooner, then you need to run (and pay for) a program of works to catch and proactively kill all linked accounts, and build a register of embargoed existing email addresses that must be set to bounce.

I knew this was a problem, but wow, had no idea it was this bad...

Because I have a [email protected] type email, I get SOOO many people signing up for accounts with my email, forgetting that theirs had some number suffix. I get peoples phone bills, pizza receipts, Amazon orders, parking meter e-receipts, Xbox live accounts, Dropbox logins, you name it.

I NEVER thought of what that would look like at a domain level!

[–] [email protected] 7 points 3 months ago

I read a great post where a guy bit-squatted (bought a domain that was 1 flipped bit away) Google and managed to replace the Google logo on google.com for millions of people. He did the same for facebook and ended up getting thousands of post requests with user data which normally would have failed to resolve or just timed out.

There is still plenty of unexpected fun to be had with domains.