Reddit account for 13+ years. Constantly prompted to provide email. Have no desire to have any personal information in it whatsoever, so never provided any. However, it is the only account I’ve ever used for extensive long term discussion and community involvement. Thousands of comments in discussions with other folks on topics I’m interested in. Logged in from many different locations and platforms over the years. Opted to never enter an email. Have never forgotten password, never needed to reset password. Didn’t care about recovery. If the account is lost, so be it. Logged in recently to a banner saying my account has been “suspended for suspicious activity security reasons” and the above message. The only way to recover the account is to “reset the password by entering an email”. Created a random anonymous email online, entered it as a fresh new email never provided before, reset link shows up in email, reset password, back in the account.

If I had to make a cynical skeptical guess - looks like an obvious stunt in advance of the IPO to grab a bunch of emails for accounts that didn’t have emails in order to drive up account metrics used for valuation. Side note, I did receive the IPO invitation.

I spend more time on Lemmy now because the phone apps are awesome. I only hang on to Reddit because there are some communities that exist there that don’t have Lemmy equivalents. But I have been thinking about running one of those account comment / post scramblers and then deleting. This is bringing me closer to that decision.

  • LibertyLizard@slrpnk.net
    link
    fedilink
    arrow-up
    61
    arrow-down
    1
    ·
    edit-2
    8 months ago

    How would this provide any measure of security if your account had been hacked? So the hackers just need to provide literally any email address? That doesn’t pose much of a barrier.

    • elvith@feddit.de
      link
      fedilink
      arrow-up
      7
      arrow-down
      1
      ·
      8 months ago

      I think newer accounts can only be created, when providing an email address. There may be some old accounts that don’t have an email address associated. So, in most cases, you’d just be able to restore the account if you have access to both the account password and the email address. This breaks apart, if there’s no email address associated so I think they provided this way of recovery although it doesn’t improve security since it only applies to very few accounts?

      • LibertyLizard@slrpnk.net
        link
        fedilink
        arrow-up
        2
        ·
        8 months ago

        So you think it’s just a mistake overlooking a small number of accounts? Seems possible. I am curious how many such accounts there are.

        • elvith@feddit.de
          link
          fedilink
          arrow-up
          3
          ·
          8 months ago

          Not quite. If they had overlooked a few accounts, they’d probably not even implemented that function. They’d just said "well, if you forget your password - or need to change it - you need to use the forgot password workflow that sends an email. Everyone without an email Adresse associated with their account would be SOL.

          Since they implemented it, they are aware of such accounts. But since “providing freely any email address for a password reset” makes absolutely no sense, this should only work for this special case - accounts without an associated email address.

          Whether it’s only done for unlocking accounts, whether this would have also worked when clicking on “Forgot Password” or whether this account lock and unlocking workflow might even be intentional to associate an email address to such accounts, is unknown (to me)

      • Couldbealeotard@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        Last time I checked, you can still make one without an email, but you have to click on a very small ambiguous hyperlink during creation. It’s possible this is no longer the case.

        Being able to make throwaway accounts has been the back bone of Reddit for a long time. People want a right to privacy.

      • cqthca@reddthat.com
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        I can say by using multiple portable chrome instances that reddit now requires an email, but you seem to have an option not to verify it. But it has a nag to verify. example h@h.hw would be good enough for an account, but they would send a verify email to that account. I got tired of their petty crap after I’d be in for 10K karma and some person would be angry with my reasoning and since I deleted my comments by script, I didn’t have an appeal option. I’m trying this place out

  • Lvxferre@mander.xyz
    link
    fedilink
    arrow-up
    37
    ·
    8 months ago

    OP highlights some damage caused by data harvesting, that is not widely spoken: users reacting against providing data to sites or software, even when doing so might potentially increase the security of their data.

    Including myself. Frankly? If I got the same message as the OP, my knee-jerk reaction would be: “oh great they’re trying to associate my Reddit account with my e-mail, and my e-mail with everything else, for the sake of data profiling. The claim that it’s for my security is probably bull fucking shit.”

    The worst part? As a wise man once said, “just because you’re paranoid doesn’t mean that they aren’t after you”. …okay, I’m joking about Kurt Cobain being a wise man, but not about the rest - the risk that the “it’s for your protection, your user, chrust us” discourse is bullshit and that they want to sell your data is very real.

  • IninewCrow@lemmy.ca
    link
    fedilink
    English
    arrow-up
    10
    ·
    8 months ago

    I avoided all this by creating a unique Gmail address ages ago and set the Reddit account just to that email. Then set up two factor authentication on everything.

    It’s a pain but whenever I jump into a new social media account I create separate emails and separate authentications to everything.

    If the account ever gets compromised, I don’t really care because it was setup as a standalone account. If the service gets weird like what happened to Reddit, I was able to just delete the account content, delete the account and none of it was directly identified or connected to any of my actual services I use.

    I’ve done the same with Lemmy and every other service I want to try out but am unsure of.

    I had Reddit for ten years and I felt safe and happy dumping my account.

    Hopefully the same won’t happen to Lemmy but no one ever knows how these things will pan out.

  • voicesarefree@lemmy.world
    link
    fedilink
    arrow-up
    8
    ·
    8 months ago

    This happened to me several years ago on a similarly old account. I don’t think it was actually compromised, and I had no way to recover it as I had never set an email.

    • shimdidly@lemmy.world
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      8 months ago

      Same exact situation. This is what I thought was meant by “Reddit Email Grab” they were deliberately culling non-emailed accounts.

  • jsonjson@lemmy.sdf.org
    link
    fedilink
    arrow-up
    5
    ·
    8 months ago

    I’m not surprised, I started receiving bans as soon as there were rumors of an IPO. Everything about the site experience has degraded since then. I still check it from a few teddit/libreddit instances, but otherwise never giving reddit a single monetizable gesture ever again.

        • GBU_28@lemm.ee
          link
          fedilink
          English
          arrow-up
          4
          ·
          8 months ago

          They have backups and the ability to see mass edits. Guaranteed they are selling the undamaged data.

          • muntedcrocodile@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            8 months ago

            Im sure they are but users cant see it and ive been noticing a lot of deleted content in reddit chains when googling for answers its nice to contribute to the destruction of human knowlege now and then.

        • Alpha71@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          I would double check that. I deleted an old account only to find it still up. I then proceeded to deleted EVERY. SINGLE. POST. on that account.

          Guess what. They’re still up.

    • cqthca@reddthat.com
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      be aware that if delete (and overwrite) your comments, that someone can accuse you of saying anything. I had a script that did it automatically. Someone didn’t like what I said, by the time it came to them to look at it , the comment was deleted — just what someone would do with a “uncivil” comment. So, be aware of that. The script I was using edited with random overwrite and then deleted, from the newest comment backward in time until a certain date. I’m not a jscript ninja, but it was open source and within a day I think a reasonable person with any coding experience would be able to moderate the script to their liking. I wasn’t aware of how nasty these people are. Very very sensitive.

      • muntedcrocodile@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        Huh whats the issue people saying u said something fucked and u couldnt prove otherwise cos it was deleted. Bro who cares what random fuckers on the internet say?

    • Nerd02@lemmy.basedcount.com
      link
      fedilink
      arrow-up
      11
      arrow-down
      1
      ·
      8 months ago

      OP’s account is on SJW and that instance does not require email verification. Plenty of instances don’t.

      • IsThisAnAI@lemmy.world
        link
        fedilink
        arrow-up
        3
        arrow-down
        9
        ·
        edit-2
        8 months ago

        My client is showing lemmy world 🤷‍♂️

        Either way any server with a hint of popularity is going to require it. They are just looking to be pissed off.

          • IsThisAnAI@lemmy.world
            link
            fedilink
            arrow-up
            2
            arrow-down
            8
            ·
            edit-2
            8 months ago

            I didn’t know what to tell you. My client is showing@lemmy.world. this isn’t the first time I’ve seen sync fuck up so I don’t doubt you 🤷‍♂️

            • mephiska@kbin.run
              link
              fedilink
              arrow-up
              5
              ·
              8 months ago

              OP’s account is @v4bttcza@sh.itjust.works. You can post on pretty much any federated instance as long as you have a valid federated account. I’m replying to you from an account on an mbin instance.

  • beebarfbadger@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    8 months ago

    “That’s a nice account you got there. Be a shame if someone were to lock it unless you give us some personal data.”

  • kia@lemmy.ca
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    8 months ago

    All the more reason to use something like SimpleLogin. Sure they can have my email, but it’s unique to them and can’t be linked to me for data harvesting that easily.