Last Active: Mar 23, 2018
Threads: 6
Posts: 26
Reputation:
0
OK, having my own site, I understand the basic NEED for an email type registration practice, to hopefully keep away the scammers. Captchas are mostly useless and very, very annoying. There are services desgined to spoof them.
What I dont understand is why it is required on 'file sharing' or more bluntly 'pirate' type sites, where there is a potential risk to the user base.
The alternative is simple: Anonymous and temporary email services accessed through a VPN or TOR for all registration purposes. Instead, i see that some sites are banning the IPs of such email servers. Dont make sense.
Shouldnt the 'scene' being encouraging everyone to retain as much anonymity as possible??
Last Active: Oct 03, 2024
Threads: 67
Posts: 6,381
Because anonymous and temporary e-mail services along with VPN and Tor are regularly used to abuse file sharing and pirate sites.
Last Active: Oct 03, 2024
Threads: 226
Posts: 6,319
Reputation:
26
It is a "chicken or egg" kinda situation... Pirate sites being boarded by rogues. To be pragmatic, any service today needs to reinvent itself.
Maybe TPB could suggest or partner with simpler, safer email services; using Facebook or Hotmail, for example, is a poor choice.
Or even create their own email, and or use other (less invasive) tactics, like an IRC registration bot (and call it Honesto)?
Last Active: Mar 23, 2018
Threads: 6
Posts: 26
Reputation:
0
This site has one of the worlds most hunted user bases outside of the darkweb.
I would not dare post anyting to TPB under this nym, or under resistration info and IP numbers that were not obfuscated by any and every means possible.
The current methods do not prevent floods of infected trash, and require constant monitoring to flush them down the toilet.
Ideally, ALL personal info would be expunged after a short period of time. On my ecommerce site all customer info is expunged after a period of time just long enough to ensure the customer is not goint to return the item.
Nyms and passwords are all that is needed.
A scammer can just open up an account on Bluehost, create dozens to hundred of REAL email accounts, flood this and every other site with garbage and spam, and then go dark until the next account is set up. Usually with obfuscated registrations actively being marketed by hosting sites. My host even accidentally obfuscated one of my domains.
Last Active: Oct 03, 2024
Threads: 67
Posts: 6,381
(Mar 06, 2018, 14:55 pm)spikemite Wrote: This site has one of the worlds most hunted user bases outside of the darkweb.
No it isn't. Let's not pretend that there is any real value to finding out who is really behind any accounts here.
(Mar 06, 2018, 14:55 pm)spikemite Wrote: The current methods do not prevent floods of infected trash, and require constant monitoring to flush them down the toilet.
Maybe, but we aren't going to make it easier just because it isn't foolproof.
Anyone concerned can already register a random username using an alternative e-mail address and a VPN or Tor.
Eliminating the e-mail address would also prevent anyone from ever recovering their account should they lose their password. Even if they use a disposable address, they can still recover their account if they remember the exact address they used to register.
Really, if you are that paranoid, your best bet is to never register an account.
Last Active: Jul 12, 2018
Threads: 54
Posts: 2,461
Reputation:
2
(Mar 05, 2018, 21:41 pm)spikemite Wrote: OK, having my own site, I understand the basic NEED for an email type registration practice
That is your problem right there: your "need" to talk in absolutes. It leads you to make mountains out of molehills. To consider simple non-issues a big deal when they really aren't.
The truth is there is NO NEED for an email type registration practice. That is simply a choice which a site operator makes. A choice which they, as a site operator are perfectly entitled to make.
As an individual human being you are entitled to choose whichever level of anonymity you feel comfortable with. As a site operator, faced with people who wish to use our website to harm others, we are entitled to allow whichever level of anonymity we feel comfortable with.
I'm comfortable with the balance we have struck. If you are uncomfortable with it--if you NEED to forgo uploading here--so be it.
Last Active: Mar 23, 2018
Threads: 6
Posts: 26
Reputation:
0
No 'absolutes' here. I have tried every method *I* can find to allow auto-verification, which I regard, IMHO, as the ideal.
But none of them work.
Note that this a general issue and certainly not a criticism of this or any site.
We are reminded constantly of the dangers of surfing P2P without a VPN, but of equal importance is the security of the real emails in membership lists of sites.
A real life example: When they busted up satellite piracy they not only went after companies and sites, they also went after member lists and threatened virtually everyone who simply purchased smart card programmers.
Perhaps there is no real concern for those in countries outside the Empire and its Five Eyes, but to those of us in it - every precautionary bit of security is well worth considering.
Perhaps this is just a kind of RFC on the idea of sites using a cryptographic type verification that does not expose originating emails/IPs of users. It should also be usable for retrieving passwords.
In the meantime, where private interaction between site and users is desirable: Are any of these of aprticular use:
https://www.lifewire.com/best-secure-ema...es-4136763
Once again, do not take umbrage, as I certainly regard this site as benign, and should its user base be 'stolen' in my case there is little to no concern on my part.
Last Active: Jun 30, 2024
Threads: 115
Posts: 4,812
Reputation:
32
The TPB database complete with emails and whatnot has been breached before and nothing came of it. Besides a security upgrade. There are plenty free email providers that will give you a disposable address for signup anywhere. In case you loose your password, you can post in the account issues forum (too lazy to link), and the mods will fix it for you. While being quite on the dont fuck with me side of nice, they are actually quite nice (most of them [as long as you dont try to keep up a disagreement with them]).
There are lots of safety measures you can take if you are paranoid. A few have been mentioned here (TOR / VPN). In case you are really really paranoid, switch to linux. Beef up your firefox with noscript, adblocker, some cookie destroyer, and that plugin that sends random search queries to all engines every five minutes, and more bloat.
The real truth is that copyright trolls target torrent swarms. Not the sites. Torrent swarm are extremely vulnerable, and it was proven years ago by a couple of russian programmers creating a site where theyd show you what you'd been downloading over the last few days. Only way to escape that is a VPN or a seedbox.
Last Active: Jul 12, 2018
Threads: 54
Posts: 2,461
Reputation:
2
No umbrage, simply an apparent misunderstanding.
I thought you were saying that we should allow anonymous and temporary email services to be used for registration on TPB. We do, actually, except where they are excessively abused. And we won't be changing that policy.
If you are merely saying that other options exist, that's perfectly true. We won't be implementing them but they certainly do exist.
Last Active: Sep 12, 2021
Threads: 28
Posts: 2,900
Reputation:
36
Abusive users.
Best way is to keep on as normal, no need to give them any new ideas into their head.
|