Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 months ago.
Improve this question
Currently google single sign-on gives your real email address to everyone. Instead it could give each party a different identifier for you, such that these third parties wouldn't be able to correlate your data.
Moreover spam could be more easily identified and stopped. Google could manage a fleet of "salted" email addresses for each user, tracking which third parties send spam. Signin/gmail synergy.
My question: Does this exist already? Why does this not already exist? Do any other auth vendors do this?
Followup: Why is my email address even used as my primary id? I'd rather keep it private.
Your email is not used as a primary identifier at least not by Google. When a website such as Airbnb does an open ID connect dance with Google, Google replies with a unique identifier to Airbnb. That identifier does not mean anything to Airbnb as to what your email first name last name are. What also happens is that Airbnb can ask Google for your email and that is how they end up having your email.
Note that Apple have a privacy preserving mechanism where instead of returning your real email address they will return an Apple email address that points to your email. That gives you one level of indirection and more privacy.
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 days ago.
Improve this question
I'm building a web app with firebase (fire storage, functions, hosting).
The location of the project is eur3.
I will not use google analytics. I will not use google fonts.
Do I have to inform the user that I'm using firebase?
Is user data sent to the US (or US Google servers) even though my project location is eur3?
Does firebase set cookies through the iframe on the user device with unique identifiers?
if yes, is that identifier used to track the user elsewhere?
I want to set one cookie to check if the user visits for the first time. Do I have to inform the user?
Is there a flowchart by google to make my web app EU ready?
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 months ago.
Improve this question
I received 30+ emails in all languages (often eastern European) that always say the same thing :
"hello
We received a request to access project-0000000000 with this email address. If you want to sign in with your (your email) account, click this link:
Access to project-0000000000
If you didn't request this connection, ignore the email.
With respect,
project-0000000000 team"
I have received 30+ of these, without any prior action on my side. They generally have an URL "leading to the project". The URL seems based on firebase as well (xxxxxxx.page.link/?link=https://0000000000.firebase.com/...), but I wonder if it could be malicious, depending on what comes at the end of the URL, I guess.
If it's an attack, I guess the vector attack is the URL, because I cannot see any other option.
If it's not an attack, I wonder why on earth I receive all the emails, and what I can do about it.
The strangest thing, for me, is that I once received an email in Turkish thanking me for my contribution to one project. This email had no URL, so no obvious attack vector. I don't know if it was a case of social engineering, or if someone is impersonating my email address to use firebase.
Do someone know what could be going on ?
It's spam, I've been getting those emails on different languages lately. Do not click any links in them!
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
This is a very general question. I am working on a project with my fellow students, and we are trying to create a blockchain-based communication platform.
One of the flaws we found in email security today, is that metadata is not encrypted.
I am finding it difficult to find an explanation of why metadata is not encrypted in the first place?
We separate an email into these two parts:
The payload (or content), which contains the actual text of the messages (or photos, or whatever you may send).
The metadata, which contains the information about the message, but not the message itself.
Consider the metadata as being the information on an envelope. Surely, if you want to deliver a message, you have to write the recipient's address on the front of the envelope. Also, on the back you may want to write your address, so that the postal company (mail server) can return the message when it is not delivered. Furthermore, the postal company knows additional information. For example, they know when the message was sent and when it was delivered. They also know the weight of the envelope.
All in all, the metadata cannot reasonably be encrypted, because 1) it is required for the email to be delivered, or 2) because it is an property of the email itself.
If we encrypt the recipient's address, the postal company would not know where to deliver the message. Encrypting the size of a message doesn't even make sense (although we could try to obfuscate it).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
I've just been informed by my boss that I will be taking over our company's CRM application. It is a web-based, .NET MVC, single-code-base, multi-tenant application. As the product was explained to me, it became clear that the email feature is a nightmare to maintain. I'm looking for alternatives to doing it in-house. I'll explain:
The app logs and track all forms of contact with prospective customers... phone calls, emails, etc. Thus, one feature is the ability to send emails from within the product, and then to have any reply emails also be stored in the CRM's sql database as well.
The problems with this kind of email system built into our web-based, self-hosted CRM product are abundant, but the largest of the problems is the work we need to do to prevent our IP from being black listed. It's a nightmare. There has got to be a better way.
I asked my boss if he had looked into outsourcing the email management. He said yes, but he didn't find anything that had the features we need and still allow us the control we want.
I'll explain the features we need, and I'm hoping somebody knows of a service that might work for us.
What we need...
I envision a vendor which offers a service-based product which we can consume via some sort of API or POST. When our client sends an email from within our CRM product, we would toss over the wall (in a secure manner) to the vendor the following:
Body of the email
Sender's name, email, userid & password
SMTP address of our client
Recipient's name and email
Some sort of unique id that identifies this email, so that threads and conversations can be tracked.
The service would then validate the sender's email against their SMTP server, and send the email on his behalf.
The kicker would be being able to also track reply emails, and to get them back into our CRM product. The vendor could perhaps push them to us, or, every x minutes, would could query them to see if there are any replies waiting to be sucked up.
So, does any such service exist? If so, have you used it, and what has been your experience?
MailGun and SendGrid are two transactional email service options that you might want to consider. They offer API-based email at scale.
I know that with MailGun you can use their API to validate email addresses before attempting to use them. This may help with your blacklisting problem. Check out the API here: documentation.mailgun.com/api-email-validation.html
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
I want to register a domain name in order to do political activism. I want to hide my personal information from being displayed. For that I'm considering registering a provide domain from a website like godaddy.com
My question: how safe is that? Can anyone access the private personal information of the owner of the domain?
According to arin your contact information will be availble in customer records but not to Whois users. If somebody gets access to the customer records then they can access your contact information. Whether this can happen depends on service provider policies and also dpends on the laws of the country where your service provider is situated.
You can use privacyprotect.org
for free to hide your contact information. read on the link for more info on how it works and how safe it is.