Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Isn't this it though, the engineers designing the ad targeting system at Facebook is linking the random emails you use as "catch all" to your main identity so you can be targeted specifically even though neither party has full knowledge of the linkage between your catchall email and your main identity email.

If you use the method described in the grandparent, you use a unique email address for every site (e.g site1@yourdomain.tld, site2@yourdomain.tld, etc). The domain will be the common part, which would be very hard for a company to use because most domains are shared between many separate users.



This is no longer "just a little bit of effort and minimal cost" - most likely no one will use unique emails for every site as well as use private browsing mode permanently in order to avoid cross cookie / cross site contamination via 3rd party (non facebook) tracking. Which is cited as a "feature" - allowing clients to bring their own ad tracking database and integrating that into the FB one in order to make ad targeting more specific.


> most likely no one will use unique emails for every site

I do and have done so for over 10 years. It’s been very eye opening to say the least to see how many sites have leaked my email.


> This is no longer "just a little bit of effort and minimal cost" - most likely no one will use unique emails for every site

It takes a tiny amount of effort: you setup your domain with a wildcard so all you need to do to create a new email address is to use it. You could send mail to barkingcat@real.domain.for.394549.net right now, and it will be delivered to my inbox with no setup required.

It's also great in case you start spamming me. I don't have to struggle with your unsubscribe links, I can just blacklist all mail sent to barkingcat@real.domain.for.394549.net, and be done with it without any collateral damage.


Lots of people do this, in the past it has exposed data leaks.

My if my site-specific email giqjtodvdksu@... has been getting spam lately then it is likely that either they sold it or they got hacked.


>Lots of people do this...

You mean a very small percentage of FB users do this?

The point being as parent comment said it’s not “a little effort and minimal cost”. Figure a $10-15 overhead cost for the domain and maybe $5/month/e-mail account? Effectively to minimize tracking on Facebook one would have to spend a minimum of $70/year?

It doesn’t seem like a great solution...go with a “free product” like Facebook in exchange allowing them to collect and monetize your data, only to pay to combat their business model? May as well offer a competing service that doesn’t track you, collect/monetize your data and pay say...half the cost of a domain and email.


No, it sucks, but it is the only way.

> May as well offer a competing service that doesn’t track you

I would kill for that. But this day and age it would be hard. Also, even subscription services typically see fit to track you and serve you ads.


Sort of like at first people thought paying for cable tv would mean that there would be lots of channels without ads. Didn't happen. Only a few where you get to pay even more for now ads. Now Netflix begins the cycle anew.


It is completely possible to fingerprint a browser and then group all the email accounts used on it and treat them as a single user. When was the last time you lent your device to someone so they could check their email?


Google claims that multiple people checking their e-mail in the same browser is common enough that they had to redesign browser log-in around it.


Doing this seems like it would slow down an adversary with Facebook like capabilities for a handful of milliseconds.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: