I've been using NiceHash app for some time 5-6 years ago. (It was a simple app for mining cryptocurrency and you get paid in bitcoin on their wallet, then you could transfer bitcoin to another wallet.) It was working fine until they got hacked (or fooled us) and lost all crypto. Luckily I didn't loose much like some guys did. I decided not to use the service anymore and I'm still receiving stupid e-mail newsletters. I tried to unsubscribe and It asks me for login, I know password, but don't have 2fa anymore. Also I don't have backup 16 words.
Now support told me that this is the only way and I feel ridiculous about taking selfie just to unsubscribe. Am I protected against this somehow? I live in Europe and I think Nicehash is located in neighbourhood.
And of course I never wanted to subscribe...and I don't think I ever verified account with a document.
What are my options other than just filtering that shitty domain as spam?
Don't point out how all their bullshit requires middlemen and accounts holding their currency to make it work. That makes it looks silly. Almost like it's just more complicated harder to use money that people can more easily steal from you.
Additionally use any report functionality at your disposal, which may cause some mail providers to block them or cause them to offer proper opt out in the future.
All marketing emails are supposed to have a simple opt out without needing anything other than your email address.
It's probably not for marketing emails. They probably require login to disable account alerts. Imagine a threat actor gets access to your account, turns off transaction alerts so you aren't notified, then transfers out all your crypto.
I'm certain the marketing emails don't require login to unsubscribe.
But if OP did not provide "selfie" during registration, providing it now doesn't help confirming his identity so it doesn't fall into that category. I would aks them how do they justify that and if they are trying to discouraged me from deleting the account.
GDPR didn't give you cookie banners, it's shitty websites that do.
If they were to just follow activated "Do not Track"-Preferences, they wouldn't need to ask, instead they would deactived them by default. Or you could just not use cookies, it's not like somebody forces you to give cookies out to your website's users.
Probably an unpopular opinion - but I actually think requesting overriding 2fa is a big deal and companies shouldn't do that lightly. If I had a lot of money in crypto I would sure hope the exchange would scrutinize a request to turn off 2fa. And if op had saved their backup words they wouldn't have been in this situation.
Now requiring that to change an email subscription is not great, but again - turning off 2fa without the proper backup options should be difficult and scrutinized.
Requiring logging in to unsubscribe is absolutely bullshit. I mark all emails as spam that don't automatically unregister with ONLY clicking a lick. I'm not providing my email, I'm not logging in.
It's probably not for marketing emails. They probably require login to disable account alerts. Imagine a threat actor gets access to your account, turns of transaction alerts so you aren't notified, then transfers out all your crypto.
I'm certain the marketing emails don't require login to unsubscribe.
For bypassing 2fa this does seem reasonable. But anyone who can access the email address should have the permission to unsubscribe from messages.
For example on my service there is the concept of a "primary email" which is the only one that can be used to reset the password. But even if you have lost the password and access to your primary email you can still unsubscribe any other email from notifications as long as you can show access to that particular email. You won't regain access to the account but you can turn off emails.
If you really want to be keep using the service, get a non watermarked random guy's pic (he must be holding something) from the internet, write what they want on a paper and edit the pic so that the guy is holding what you wrote. This might not work because of the personal ID requirement but trying it doesn't hurt.
They usually have a face detection algorithm running along with ocr and rarely check if this is a stock photo. I need to use Instagram to be in the loop. They blocked my account for using Barinsta so I did this and they unblocked it.
If its just to verify does that mean they already have the information on record, like their picture? If not whats stopping someone from using someone elses picture and photo editing in the requirements?
They dont have a picture, but they have some information, probably a minimum that was required to create account. I dont remember exactly, it was long time ago.
Photo editing requires skill and time. Maybe I can ask AI 😂
If it's just the newsletters that bug you then just use a filter that automatically deletes them.
I do this on my email account I use for websites I don't trust too much and will probably sell the email address for advertising purposes. Sometimes they then subscribe me to their newsletter and the unsubscribe button in the newsletter is often fake. So I use filters that delete them immediately.
well at least they provide this as an option. usually if you lose your 2fa, hardware keys (such as android phones) AND recovery codes, your account is gone. period.
there's literally no other way to confirm your identity without something like id or a credit card if your credentials are gone.
That is your opinion. Personally if I have a password + 2FA configured for an account I don't want anyone without access to those two things getting in. Ideally this would be configurable per-account, this way people who are fine trusting their email can do that and those who aren't can not allow that.
But it is a question of security versus access. Some people would rather lose access to an account than give someone else access.
That's stupid and illegal in Europe since you only want to unsubscribe from emails. The few sites for which the unsub button does nothing, I usually contact them and tell them they are breaking the EU law and if they don't stop, I will report them. Works all the time.
How exactly does that verify that you are the owner of the mentioned account nor verify legitimate interest in withdrawing consent from being included in their marketing campaigns!?