WhatsApp: “you can now use email to access your account if you can’t use your phone for some reason”
This community: “REEEEEEEEEEEEEEEEEEEEEE”
People acting like a phone number isn’t 100x more personally identifiable than email are delusional. I have like 700 unique emails atm, and can create a new one within seconds. I only have a few numbers.
In my country we’re required to have our own identification tied to the number and we can only legally have a handful of number under a person name. Email is nothing lol.
I have a very, very old SIM card. It’s from the 3G era, which means I miss out on my phone’s 5G capabilities. However, when I went to buy a new card I found out you’re required to take a selfie and send to the telecom company alongside your ID and email, which is creepy enough to keep me using my 3G SIM…
Maybe you can request a new card but under the same number? In my country we can request for a new card that way, though we didn’t need to take a selfie when buying a new number, just have to register your name and ID(quite old fashion but the rule is made in pre-smartphone era to combat scammer)
I’d have to go to a telecom store to do that in person, which I don’t really have an issue with, except that it may take a whole afternoon on a queue waiting for my turn.
Anyway, I rarely use mobile internet and when I do, it’s mostly for text messages, so I don’t feel a pressing need to upgrade.
Ahh, that makes sense
I lived in a country doing that, and couldn’t understand the people making social media profiles with their (actually traceable to a real life identity) phone numbers public. Don’t you love receiving spam calls?
Funny thing is, there’s a time where the hot topic is basically facebook eavesdropping conversation then put on ads with item relevant to the conversation. Everyone talk about it being creepy, but everyone keep using it without any change. I think they just don’t care ¯\_(ツ)_/¯
I have a catch-all address with a personal domain. Infinite aliases for free.
Hmm🤔 I use Migadu and could probably set this up – is this actually a good idea?
A catch-all is not a good idea. But Migadu lets you do something called pattern rewrites which are aliases that can contain wildcards. So you can set up a pattern like
shop-*@yourdomain.tld
and use addresses likeshop-amazon@
,shop-etsy@
etc.It doesn’t have to be “shop” you can use anything you want and make up the pattern in any way you want (“ama.shop.zon@” or whatever you can think of).
It’s better than plus addresses (“realaddress+amazon@”) because it doesn’t have to include your real address, and you can make a pattern that nobody can guess, but still retain the ability to use one address per site so you know who’s spamming you, and you can make them up on the fly.
In fact I no longer use my “real” address for anything except logging into IMAP and SMTP, I use aliases or patterns for everything else.
Edit: If you want to also be able to send email from these addresses make sure to enable “wildcard sender” for the associated mailbox.
These addresses do have one downside similar to catch-all: if one of them starts getting spam you have to make an explicit deny rule for it. Some people contend that this is a messy approach and they’d rather make regular (non-wildcard) aliases and deny everything else. The downside with that however is that you can no longer make up addresses on the fly, you have to go to the Migadu admin to create the alias every time.
Hmm 🤔 interesting, I appreciate the qualified suggestions
“It works for me” ©
Don’t you also get infinite spam?
Spammers don’t bother scanning domains as much nowadays. They used to watch domain registration then spam addresses like admin@, contact@, office@ etc. but nowadays most people aren’t dumb enough to use those anymore. So spammers would rather buy a list of millions of addresses that someone else obtained by breaking into sites like Yahoo or LinkedIn, which are much more likely to be valid addresses.
You can get bitten by catch all if someone who knows you and knows your domain and knows you have a catch all has it in for you and subscribes addresses at your domain to mailing lists and other spammy places. 😊
Actually (and surprisingly), I don’t. Maybe it’s due to WHOIS privacy.
If they’re all attached to the same personal domain then that’s just as personally identifiable though
Not if whois privacy is in place.
True, signing up for several accounts using the same personal domain will create a link between those accounts though (whereas if they’re all
@simplelogin.com
or similar then you’re hiding asking the crowd)Maybe. However, as long as they don’t know my real name/identity I don’t really care. Fact is that is much easier for companies to just block known email alias services than unknown random domain. Some of them do this already. Neither method is perfect, obviously.
how?
I use Proton Mail, which lets you make ‘aliases’, which you can use for different sites. The alias forward staright to your main (or a nominated) email.
You can use https://simplelogin.io/ to do the same, and I’m sure there are similar services around.
E.g. I can’t have feckwhatsapp@feckfacebook.com as my WhatsApp email, and it would forward to whatever account I normally use.
I do this for pretty much everything on line, so they all have their own bespoke email for me.
Would you say Proton Mail’s aliases are better in some way than Firefox Relay? Do you have experience with both to give your impression of which you’d recommend over the other? Or perhaps anyone else would care to weigh in, feel free to do so. Thanks, friends!
I don’t, I’m afraid. But I can say that creating and managing them through protons password manager is a breeze.
Nice. So you do that through the password manager and not the email interface?
You don’t need to do it through the email interface. You can do it through many password managers (API key). With simplelogin and a custom domain you can set it up to use regexes and control the flow of emails to any number of inboxes. It’s like a fine grained catch-all where you don’t need to create the emails ahead of time and can “send as” any of them… or disable any if they start receiving spam.
If I wanted to activate a new Facebook I could just type fuckbookNOV2023@customdomain.com into the signup field and verify it seconds later. If I wanted it to go to both me and my brother, I could add his custom string (e.g. fuckbookNOV2023bruzz@customdomain.com).
I’ve been doing this for 2 years and only recently received my first spam. All I had to do was change the email with the service and disable the old address. Easy peasy. You can also disable the catch-all at any time if someone starts fucking your life. Then all you have to do is create a dozen emails ahead of time and assign them as needed.
Also u/umbrella
Sorry, yes you do. Because it’s so interlinked in my mind I got that wrong. But deffot the easiest way to do it I’ve found (as long as you’re using proton mail though, I guess…)
Any email service will let you make aliases. If it doesn’t, or if it price-gouges you for how many aliases you can make (which are basically zero cost for them) — find a better email service.
Also, there’s no need to use a 3rd-party alias service unless the address you’re protecting cannot be used on an email service, like if it’s a gmail address for example so you’re stuck with gmail. But even so you can buy a domain, forward your Gmail address to it, and start enjoying aliases and all kinds of cool features.
Look into services like MXroute or Migadu.
Cool. I’m fine with using a 3rd party tool though. As a Linux user I’m quite used to having separate tools that do a single job well. 😊 I’ve been using Firefox Relay so far with positive results. But the free version is quite limited and you can’t really customize the aliases at all.
But if Proton Mail already comes with aliasing, that would be a good alternative as I already have an address there. Just not a paying customer yet.
Trying to separate myself from Google a little bit as of late, so I’m looking for alternatives, but nothing too obscure and no self-hosting yet. I’d love a complete package like Google offers, kind of like Proton does.
What will be very hard for me to shake off is Google Drive and Google Documents (Sheets, Docs, etc). Very useful services that do their stuff well. Unfortunately. And very integrated into the only phones I enjoy using – Pixel phones. 😑
Proton doesn’t offer its own aliases, they use a third party service as well. It would basically be very similar to what you already get from Relay.
Have a look at Mailbox.org if you’re looking for integrated services, they offer packages with more than just email. It’s a long-running German service.
Please be wary of “encrypted” mail services, they make it fairly hard to migrate away from them later, if you need to. You need special tools to get your mail out of them, and those tools are at their whim.
The problem is that they’re reaching for emails in addition to phone numbers. Don’t think for a second they’re going to let you login with just email. They want email just to have yet another data metric to profile you with.
- using an insecure medium like email to facillitate access to e2eencrypted messages. 1) you cant do that with Signal
My reeeing depends on if they are going to make it mandatory. And I have a feeling they are coming full force on the enshittification bandwagon.
You mean instead of tying into a phone, right ?
The only point in time my lack of a phone number becomes an issue is for archaic stuff like this.
Maybe they need it to link WA accounts to FB accounts.
Signal FTW.
Signal
Which wants a phone #.
They are working on doing away with the requirement
As far as I know, it would still be needed at registration, just would give you an option to hide it and thus it would stop being your main identifier.
I know Signal is technically better but Telegram provides a much better user experience than Signal or WhatsApp and is also less problematic than WhatsApp.
The problem with telegram is that it’s not even e2e encrypted by default.
But the ui is really nice. I wonder why no other project simply forked telegram’s client and focused on the encryption and server side code
Considering Telegram has partnered with Tencent, I wouldn’t say it’s less problematic.
My understanding is that Telegram is partnered with a non profit crypto group, and that group is partnered with like 20 different companies that validate transactions, one of which is Tencent.
Granted I only read a couple articles on it in the last five minutes cause this was the first I heard of it, there could be more to the story I missed.
Yep.
Telegram is a decent middle ground. UI/UX matters, I’m not sure how the folks at Signal are completely missing that point.
The Signal UI is OK, as a competitor to SMS. But it’s terrible compared to Telegram. This matters to non-technical people, it’s how you get them to use it. Plus the seamless connection between devices - that’s crucial. I can chat using whatever device is in front of me.
Just out of curiosity, since I am fine with the Signal UI/UX: what would you say are the top features that make Telegram better?
I’m guessing you’ve never seen Telegram? It looks like a modern messaging system.
This is a screenshot: https://dribbble.com/shots/12242096-Telegram-Messenger-Free-Download
While Signal looks like any generic SMS app. Heck, both NextSMS and Textra look as good/better and have more “features” (interface customization).
As a technical person who cares more about functionality that stuff doesn’t matter much to me, but it’s easy to see how a typical user would perceive them (and honestly, the difference is so great it even affects me).
Signal looks dated, like SMS, Telegram looks (and behaves) modern.
That doesn’t appear to be a screenshot of Telegram, but of a designer’s portfolio piece example redesign of Telegram.
It doesn’t look anything like Telegram for Android, though a quick look at real screenshots suggests it’s more similar to Telegram for iOS.
I’m not OP, but I’ve switched to Telegram a while back because I loved the silent message option. Scheduled are also awesome, and recently added quote part of reply is very neat.
This is all UX, the UI is sleek but nothing too extraordinary for me.Telegram has some clumsiness in it’s UX too, which I find annoying (attaching a pic on Android, for example).
I’m usually pretty indifferent to UI so long as UX makes sense. But even I feel the difference between Signal and Telegram, so much so that I have friends on both and we use Telegram instead of Signal.
That to me is pretty telling - we know better, we promote Signal to other people, and would still rather use Telegram because of UI/UX.
You need to explicate the hell out of this cuz I vehemently disagree and point out, in terms of user experience its dogshit for me (but also implicitly that Telegram is conveniently insecure by default and even if you “encrypt”, ifs a non-documented public slop version of messaging encryption [novel + security by obscurity]
Consequently, I would never be comfortable trusting it
What do you want expectorated, why IMO Telegram is less problematic than WhatsApp or why the UI is way better than Telegram or Signal? Cause they’re very different things.
Expectoration is more about coughing up phlegm so not sure how toaddress that quite yet ;) Tell me more :)
I was just kinda poking fun at your choice of word haha explicate is exactly the right word but it’s not really a common word to use.
To be fair, I’m a bit of a—lets say rare bird, 🤠
Meta acct
I am waiting for Cross Messenger Law of Europe it means that Signal and Whatsapp User can talk to each other.
If Whatsapp really wants to scare away there Users many are gonna switch because of the Email old persons have EMails but no clue how to use it.
Its easier to install another Messenger than EMail Verifikation.
I think Signal is against that because it compromises their security model. Also I think they aren’t required by law to implement it but I’m not sure.
DDG proxy here I come
watsapp, fellow kidz?!
Removed by mod
In the realm of “business WhatsApp Web,” this advancement could signal a heightened focus on providing secure and reliable communication tools for enterprises. Businesses often leverage WhatsApp Web for efficient communication, and the introduction of email verification could be a proactive measure to address the unique security needs of corporate users.
Hahaha fuck off
LMAO yeah, how dare they provide an alternative way to log into your account if you lost your phone 😂😂
What? They don’t suport a username+password login?
No. Only phone number. The password is sent by SMS on every login.
I hate apps and services doing that.
great. I always wanted to receive passwords via sms
/s
It’s not a password it’s a one time code to confirm you have access to the phone number.
Still bad. TOTP is better than that.
Like I said, the goal is to verify access to the phone number, because that’s the main account identification.
TOTP is not related to the phone number in any way.
The boomers who are using zuckerapp do have emails. It will work out fine 😁
WhatsApp isn’t only for boomers. Pretty much everyone with a smartphone uses it.
Never met an it-pro using that thing. And beside some boomers and younger technically challenged, i have never seen one using it. To each his own. People actually use facebook too. Or even twi… Errr. X.
In Europe it’s used by almost everyone.
I’m also in Europe. And for me it’s as i said. Wouldn’t even know one reason FOR whatsapp besides the popularity.
Yeah, that’s small little thing, that everyone uses it. I’ve been waiting to get away from WhatsApp for years, but I would be an idiot to say that I can get away from it and still communicate with my family and friends via text.
If everyone would think this way, all other messengers would be extinct and Zuckerberg would rule over everyones most personal data. And then, oh wonder, it suddenly has a subscription-cost too.
Not for me. If people are so stubborn to use it, they gotta go back to email or sms if they really wanna reach me. I don’t use that crap, nor facebook or twitter or instagram or tiktok or…
It is extremely widespread in Europe. In Germany, a good 50 million people (out of 80) use it every day. I would describe myself as very tech-savvy and privacy-conscious and would normally never use it , but since everyone in the family and friends use it without exception, there is no escape. plus quite a lot of business now use whatsapp for contact / support.
Same here (South America). You can not use it yourself but it will mostly keep you out of the loop on everything. Most of the phone companies don’t charge you whatsapp message data just to make it more inescapable.
How is that even a thing? are your data-plans that shitty that this bit of whatsapp-traffic matters? Unless you’re sending some hour-long movies every days.
Data plans exists, but there is no good middle ground. You have the unlimited 4g connection for 20 USD , or the WhatsApp only for a few dollars.
Most of the people, specially older age or people who already have unlimited data from work phones, do not need 4g unlimited connection, so why spend extra 15 USD (which is a lot in latin America), if you can still communicate perfectly fine via WhatsApp.
Depends on the country, in mine data plans are not that expensive (add some asterisks to that). But they include those “whatsapp free” or some streaming service traffic with no cost to get the edge over other phone companies. All of them mostly have the whatsapp free thing.
I used to live in a different country and it did make a significant difference, as @desconectado@lemm.ee points out below.
You mean the WA-traffic made a significant difference? But how? It’s still mostly just text, no?
Here data is expensive, but a messenger wouldn’t make a difference (unless you’d exchange a lot of large files) so that any provider would gain a benefit over the competition. Including TV or netflix or tidal hifi, that’d would. Weird…
I’m german too, and I just deny using a tool just because “everyone else does it”. Those who use it and want to contact me, have bad luck or just use a decent messenger. This “there-is-no-escape”-mentality helps that shitty company to keep its grasp on people. I try to educate and offer alternatives. If it’s not accepted, then at least I tried.
Nah man, I value way more the contact with my mum and close friends than refusing to use an stupid app.
If my mum is in trouble and try to message me via WhatsApp: “sorry mum, I don’t answer WhatsApp messages, good luck next time trying to get someone to help you”. Nah man, that’s so shitty.
So. They can choose the app, but you mustn’t? That’s a weird reasoning imho.
You know, there’s still a thing like sms or email if they really have to and ignore my simple wishes.
Yeah, they do, that’s what living in a society is, not everyone does as you want, and you have to compromise.I have my own choices (in other aspects) which they probably have to live with. But I’m not going to ghost my mum (and close family) just because she uses WhatsApp, that’s plain entitlement and immaturity.
I can’t contact my mum via msm (not the same country), and are you seriously suggesting email over chat messages? They serve two different purposes.
IT Pro here. I use it. WhatsApp was around way before Zuckerberg was involved with it.
I’m all for getting away from WhatsApp but at this point it’s well ingrained with the general population. I’d love to see RCS take over.
You have never been to South America.
Sadly no. But would not change my stance anyway 😊
People who use edge maybe.
In Europe, it’s so common that it is a requirement for some parts of society.
No, just everyone in Europe and South America and India.
And almost everyone in Central America and Mexico and 45% of Canadians and high 90% range for most of Africa. So like, everyone but the USA, China, Japan, and Russia.
In Russia it is VERY widespread actually, at least with the older generation. But Telegram is probably more prevalent among younger people.
Telegram won’t bow to countries. Russians know that Pavel had to emigrate due to that. WhatsApp surely complies to all russian inquiries :-)
At least edge is a better browser than whatsapp a messenger :-)
just barely, they are pretty close in their bullshit levels.