Hello nice people,
I’ve been using NiceHash app for some time 5-6 years ago. (It was a simple app for mining cryptocurrency and you get paid in bitcoin on their wallet, then you could transfer bitcoin to another wallet.) It was working fine until they got hacked (or fooled us) and lost all crypto. Luckily I didn’t loose much like some guys did. I decided not to use the service anymore and I’m still receiving stupid e-mail newsletters. I tried to unsubscribe and It asks me for login, I know password, but don’t have 2fa anymore. Also I don’t have backup 16 words.
Now support told me that this is the only way and I feel ridiculous about taking selfie just to unsubscribe. Am I protected against this somehow? I live in Europe and I think Nicehash is located in neighbourhood.
And of course I never wanted to subscribe…and I don’t think I ever verified account with a document.
What are my options other than just filtering that shitty domain as spam?
edit: typo
Nothing says decentralized currency like having a corporation that controls your assets 😋
Don’t point out how all their bullshit requires middlemen and accounts holding their currency to make it work. That makes it looks silly. Almost like it’s just more complicated harder to use money that people can more easily steal from you.
That looks like a proper request to disable 2FA. Their problem is requiring login to unsubscribe from newsletter emails, which is total BS.
If support won’t take your email out of their list, just block the address / domain and move on, I guess.
I wouldn’t give them any extra personal info after what happened.
This is what I do when I can’t unsubscribe in a minute. No reason to waste time on this, it is a solved problem.
It’s probably not for marketing emails. They probably require login to disable account alerts. Imagine a threat actor gets access to your account, turns off transaction alerts so you aren’t notified, then transfers out all your crypto.
I’m certain the marketing emails don’t require login to unsubscribe.
OP is receiving newsletters
Unsubscribing and disabling 2FA seem like two different things.
GDPR allows for the company to verify your identity before proceeding with deletion. Source: https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/dealing-citizens/how-should-requests-individuals-exercising-their-data-protection-rights-be-dealt_en
[The company] can ask [you] for additional information in order to confirm the identity of the person making the request.
Also, Im not trying to delete account (but that eould be ideal), Im just trying to unsubscribe. I guess it doesnt matter here FML 😂
They should unsubscribe you by simple request and only need your e-mail for that. You could verify by clicking a link in an unsubscribe email.
They can’t ask for more information than what they needed to create your account.
But maybe they’re seen as a bank and then they have to confirm your identity with a copy of your id.
Ive never heard of bank asking selfie. I wouldnt even provide ID, but that would make bit more sense
In Germany I’ve had multiple contracts that needed identification. They use trustworthy third party services for verification though.
KYC (Know Your Costumor) Here you have a small overview.
When you create an account online, a selfie along with a copy of your id is deemed minimal verification.
Ive used face scanning on some other crypto service, but didnt know its a thing in banking. Thanks for sharing, but it still doesnt explain why I need that just to unsubscribe. I could accept that they are trying to protect me, but they obviously have diferent plans. My experience and recent communication with support proved NiceHash is ran buy toxic garbage and not by people who run a bank or anything close to that.
They need to be sure it’s you who’s unsubscribing, I suppose. There’s been enough social engineering to not rely on emails only.
I see that selfie is the only solution to unsubscribe (if not involving lawyer or just spam filter).
I understand what you are saying, but If I lost my email why would they send newsletter to a new owner? It just makes no sense since 99% can be unsubscribed with no login or whatever they ask.
Sorry, its hard to accept any safety meassure as explanation due to bad reputation of NiceHash. Also after talking to human support I just feel even less safe tbh, but it doesnt surprise me at all, its company that took my crypto back in a day.
Ill try fake pic when I get some time to burn
Thanks for the link. Feels bad tho 😭 gdpr gave me Accept/Reject cookies and some more pain as a bonus it seems 😂
GDPR didn’t give you cookie banners, it’s shitty websites that do.
If they were to just follow activated “Do not Track”-Preferences, they wouldn’t need to ask, instead they would deactived them by default. Or you could just not use cookies, it’s not like somebody forces you to give cookies out to your website’s users.
Read the other replies to the parent comment. This is not on GDPR.
Probably an unpopular opinion - but I actually think requesting overriding 2fa is a big deal and companies shouldn’t do that lightly. If I had a lot of money in crypto I would sure hope the exchange would scrutinize a request to turn off 2fa. And if op had saved their backup words they wouldn’t have been in this situation.
Now requiring that to change an email subscription is not great, but again - turning off 2fa without the proper backup options should be difficult and scrutinized.
Requiring logging in to unsubscribe is absolutely bullshit. I mark all emails as spam that don’t automatically unregister with ONLY clicking a lick. I’m not providing my email, I’m not logging in.
It’s probably not for marketing emails. They probably require login to disable account alerts. Imagine a threat actor gets access to your account, turns of transaction alerts so you aren’t notified, then transfers out all your crypto.
I’m certain the marketing emails don’t require login to unsubscribe.
For bypassing 2fa this does seem reasonable. But anyone who can access the email address should have the permission to unsubscribe from messages.
For example on my service there is the concept of a “primary email” which is the only one that can be used to reset the password. But even if you have lost the password and access to your primary email you can still unsubscribe any other email from notifications as long as you can show access to that particular email. You won’t regain access to the account but you can turn off emails.
ahh, the sponsor from LTT that mined your PC while at idle :)
You should just block them. Otherwise try with ai generated images, i heard midjourney works really good. But if you wanna cause damage threat to sue them if they dont whant to unsubcribe. You can probably do it since you are on european union and they take this type of shit seriously afaik, probably could do something aboit the money you lost too if it turms out they where being fishy aboit it.
Thanks. Im not gonna sue them, but I might report that if I find the right address. Ill first wait for their response to my last email. Thx for input
deleted by creator
Don’t send any data that you haven’t sent already! Just block 'em f out, feels so nice :D Or they’ll demand a nude selfie next time!
If I ever send picture it will be nude selfie for sure 😂
I would just block their shit in email
Yup. I try to unsubscribe nicely once. If it isn’t honored they are going straight on my provider’s spam list.
If it’s just the newsletters that bug you then just use a filter that automatically deletes them.
I do this on my email account I use for websites I don’t trust too much and will probably sell the email address for advertising purposes. Sometimes they then subscribe me to their newsletter and the unsubscribe button in the newsletter is often fake. So I use filters that delete them immediately.Thx, thats what will happen unless I unsubscribe somehow
I mean, just mark as spam?
It hurts them more if a bunch of people mark them as spam and it becomes a trend doesn’t it? Just seems like a design issue on their part.
I always figured that companies generally wanted to avoid that.
If you asked to delete or alter the account, then it makes sense. To unsubscribe from emails… Well normally not but I guess it’s financial information, and you can’t use 2FA, so I guess it makes sense that they need to protect themselves.
If you never used a document to sign up, then it’s ridiculous to ask for more information… Not sure if it’s actually illegal though, as long as they handle the data correctly.
It would be less morbid if they were asking for documents, but selfie comon…
They are not providing anything important to my email, its just crap like:
Why should you overclock your GPUs? Help us make NiceHash better! Etc
Im contacting them from the same email tho. Obviously company I dont trust and I have to stick to spam folder it seems
Documents don’t help against identity theft. I guess selfies don’t either in the age of deepfakes, but it gives them plausible deniability.
The problem here is that you lost the 2FA, so that makes it difficult.
But yea as long as it’s just emails from a company you don’t care about, setting them as spam is the easiest solution.
well at least they provide this as an option. usually if you lose your 2fa, hardware keys (such as android phones) AND recovery codes, your account is gone. period.
there’s literally no other way to confirm your identity without something like id or a credit card if your credentials are gone.Email is a perfectly fine second factor for recovery, at least when it was unchanged for so many years
That is your opinion. Personally if I have a password + 2FA configured for an account I don’t want anyone without access to those two things getting in. Ideally this would be configurable per-account, this way people who are fine trusting their email can do that and those who aren’t can not allow that.
But it is a question of security versus access. Some people would rather lose access to an account than give someone else access.
Are they considered a bank? Because a be’abnk had to verify your identity and for that they can use a copy of your id.
