I'm not sure what they're supposed to do. If they give you the information, they're giving you information that's not yours, which is clearly a violation of privacy.
If you have access to the email address, and you use that to get access to data that's not yours, then you're the one doing the privacy violation. What they should have is a way to say "this isn't my account". I've seen that commonly on first attempts (ie, Google's sign up will send a validation message to your alternate/secondary email address, and that has a "this wasn't me" link in it), but it's not common after the fact. With some mail, I've seen that you can edit the delivery preferences without any other kind of login, I've done that sometimes to stop getting the messages, even if that hasn't actually "fixed" the underlying problem. It's obviously a problem with address re-use as well. I'm not sure if these specific hosts have ever implemented Yahoo's RRVS extension, if so you might be able to get them to stop that way. Brandon On Tue, Aug 16, 2016 at 1:34 AM, Michelle Sullivan <miche...@sorbs.net> wrote: > Benoit Panizzon wrote: > >> Hi Michelle >> >> Have a similar (though substantially smaller numbers) with Apple >>> iCloud accounts... main problem there is people sending receipts for >>> their purchases... you'd think they (the consumers) might be worried >>> about a third-party getting all their (valid) credit card details, >>> but I guess not.... >>> >> Apple has privacy issues with their AppleID's. I also got hit by emails >> sending me newsletters and recipes from stuff I apparently purchased @ >> apple. First I thought they were some kind of spam or phishing emails, >> but upon close inspection, they looked genuine. >> >> So according to swiss privacy laws, I asked Apple to send me all the >> data that was connected to my apparent AppleID and the source where >> they got that data from. >> >> Their reply was: We cannot send you this data, because that AppleID >> obviously does not belong to you and we have to protect the privacy of >> that other person. And they kept sending me newsletters etc. pretending >> that I was not the owner of the said email address used as AppleID. >> >> So I proceeded in recovering the password of that AppleID. Logged into >> that account, found all the billing and personal information from a >> person in Canada with a Name similar to mine. With that information I >> asked apple again, how this person could create an AppleID with my >> email address and learned, that the Email Address used as AppleID, when >> created in an Apple Shop, are not being verified. What probably happened >> was that the dealer mistyped the canadian customer's email address when >> he bought an iPhone (the one I got the bill for) and had it configured >> by that shop. >> >> Which the funny thing is with such details I can now get people's emails, > access to their password lists (if they stored in their iCloud keychain), > locate them, erase their devices etc.. such a security risk in the name of > privacy... not to mention as you pointed out privacy is out of the window > when you use the 'recover password' function... along with security of any > credit card associated with the account. > > -- > Michelle Sullivan > http://www.mhix.org/ > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
