EMail for Registration
#1
OK, having my own site, I understand the basic NEED for an email type registration practice, to hopefully keep away the scammers. Captchas are mostly useless and very, very annoying. There are services desgined to spoof them.

What I dont understand is why it is required on 'file sharing' or more bluntly 'pirate' type sites, where there is a potential risk to the user base.

The alternative is simple: Anonymous and temporary email services accessed through a VPN or TOR for all registration purposes. Instead, i see that some sites are banning the IPs of such email servers. Dont make sense.

Shouldnt the 'scene' being encouraging everyone to retain as much anonymity as possible??
Reply
#2
Because anonymous and temporary e-mail services along with VPN and Tor are regularly used to abuse file sharing and pirate sites.
Reply
#3
It is a "chicken or egg" kinda situation... Pirate sites being boarded by rogues. To be pragmatic, any service today needs to reinvent itself.

Maybe TPB could suggest or partner with simpler, safer email services; using Facebook or Hotmail, for example, is a poor choice. Tongue
Or even create their own email, and or use other (less invasive) tactics, like an IRC registration bot (and call it Honesto)?
Reply
#4
This site has one of the worlds most hunted user bases outside of the darkweb.
I would not dare post anyting to TPB under this nym, or under resistration info and IP numbers that were not obfuscated by any and every means possible.

The current methods do not prevent floods of infected trash, and require constant monitoring to flush them down the toilet.

Ideally, ALL personal info would be expunged after a short period of time. On my ecommerce site all customer info is expunged after a period of time just long enough to ensure the customer is not goint to return the item.

Nyms and passwords are all that is needed.

A scammer can just open up an account on Bluehost, create dozens to hundred of REAL email accounts, flood this and every other site with garbage and spam, and then go dark until the next account is set up. Usually with obfuscated registrations actively being marketed by hosting sites. My host even accidentally obfuscated one of my domains.
Reply
#5
(Mar 06, 2018, 14:55 pm)spikemite Wrote: This site has one of the worlds most hunted user bases outside of the darkweb.

No it isn't.  Let's not pretend that there is any real value to finding out who is really behind any accounts here.


(Mar 06, 2018, 14:55 pm)spikemite Wrote: The current methods do not prevent floods of infected trash, and require constant monitoring to flush them down the toilet.

Maybe, but we aren't going to make it easier just because it isn't foolproof.




Anyone concerned can already register a random username using an alternative e-mail address and a VPN or Tor.

Eliminating the e-mail address would also prevent anyone from ever recovering their account should they lose their password. Even if they use a disposable address, they can still recover their account if they remember the exact address they used to register.


Really, if you are that paranoid, your best bet is to never register an account.
Reply
#6
(Mar 05, 2018, 21:41 pm)spikemite Wrote: OK, having my own site, I understand the basic NEED for an email type registration practice

That is your problem right there: your "need" to talk in absolutes. It leads you to make mountains out of molehills. To consider simple non-issues a big deal when they really aren't.

The truth is there is NO NEED for an email type registration practice. That is simply a choice which a site operator makes. A choice which they, as a site operator are perfectly entitled to make.

As an individual human being you are entitled to choose whichever level of anonymity you feel comfortable with. As a site operator, faced with people who wish to use our website to harm others, we are entitled to allow whichever level of anonymity we feel comfortable with.

I'm comfortable with the balance we have struck. If you are uncomfortable with it--if you NEED to forgo uploading here--so be it.
Reply
#7
No 'absolutes' here. I have tried every method *I* can find to allow auto-verification, which I regard, IMHO, as the ideal.
But none of them work.

Note that this a general issue and certainly not a criticism of this or any site.

We are reminded constantly of the dangers of surfing P2P without a VPN, but of equal importance is the security of the real emails in membership lists of sites.

A real life example: When they busted up satellite piracy they not only went after companies and sites, they also went after member lists and threatened virtually everyone who simply purchased smart card programmers.

Perhaps there is no real concern for those in countries outside the Empire and its Five Eyes, but to those of us in it - every precautionary bit of security is well worth considering.

Perhaps this is just a kind of RFC on the idea of sites using a cryptographic type verification that does not expose originating emails/IPs of users. It should also be usable for retrieving passwords.

In the meantime, where private interaction between site and users is desirable: Are any of these of aprticular use:
https://www.lifewire.com/best-secure-ema...es-4136763

Once again, do not take umbrage, as I certainly regard this site as benign, and should its user base be 'stolen' in my case there is little to no concern on my part.
Reply
#8
The TPB database complete with emails and whatnot has been breached before and nothing came of it. Besides a security upgrade. There are plenty free email providers that will give you a disposable address for signup anywhere. In case you loose your password, you can post in the account issues forum (too lazy to link), and the mods will fix it for you. While being quite on the dont fuck with me side of nice, they are actually quite nice (most of them [as long as you dont try to keep up a disagreement with them]).

There are lots of safety measures you can take if you are paranoid. A few have been mentioned here (TOR / VPN). In case you are really really paranoid, switch to linux. Beef up your firefox with noscript, adblocker, some cookie destroyer, and that plugin that sends random search queries to all engines every five minutes, and more bloat.

The real truth is that copyright trolls target torrent swarms. Not the sites. Torrent swarm are extremely vulnerable, and it was proven years ago by a couple of russian programmers creating a site where theyd show you what you'd been downloading over the last few days. Only way to escape that is a VPN or a seedbox.
Reply
#9
No umbrage, simply an apparent misunderstanding.

I thought you were saying that we should allow anonymous and temporary email services to be used for registration on TPB. We do, actually, except where they are excessively abused. And we won't be changing that policy.

If you are merely saying that other options exist, that's perfectly true. We won't be implementing them but they certainly do exist.
Reply
#10
Abusive users.

Best way is to keep on as normal, no need to give them any new ideas into their head.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Anyone know of a way to anonymously mass email others? Ladyanne3 0 1,342 May 09, 2024, 10:41 am
Last Post: Ladyanne3
  I'm starting a newsletter on substack but I've only got 5 email addresses. LadyAnn 5 14,151 Dec 15, 2021, 23:43 pm
Last Post: RobertX
  Safe encrypted email provider shutting down WW3hasstarted 0 9,273 Nov 12, 2019, 09:22 am
Last Post: WW3hasstarted
  Creating a @Fake.onion email FrankGriffin 5 17,207 Jul 31, 2018, 05:47 am
Last Post: FrankGriffin
  [[email protected]] rzimmermanpirate 5 16,903 Nov 18, 2017, 10:24 am
Last Post: contrail



Users browsing this thread: 1 Guest(s)