Email problem never ends
- Inicie sesión o regístrese para enviar comentarios
What does the community propose to solve this common problem? I know from decades the PGP option
I need to negotiate something with a company.
The company gives me a contact form and asks me to send them an email. I send it to them.
They reply to my email from a Google or Microsoft account asking for my personal data and sensitive information. What's more, they phish me by saying they have a corporate email address when it's actually a Google or Microsoft email address for business
I reply from my "PGP" email address and they don't reply.
I reply without PGP, giving them my personal data, and they reply.
What happens:
They do not identify themselves, which means that the phishing could have been done by a third party.
My data is compromised.
Therefore, the company forces me to send sensitive data to resolve issues that can sometimes cause serious economic damage. A third party could also sell my data and use it to cause me again economic harm.
Here are some ideas
1 Get a web form so they can reply to me the way they do.
2 Use decentralized networks (onion email).
3 Give them an XMPP address (which they won't use).
Any of these 3 are dificult to do and be accepted
Any other suggestions? Any guidelines on how to do this?
Are private email-companies the solution in any way?
thank you.
Educate your interlocutor maybe using https://emailselfdefense.fsf.org
Thank you . I know for decades of this campain . Anyway to explain this to any bank or company.
Decades from no anwsers even with all consecuences known, so everyone need to accept.
Just like JS trap.
I personally still do it from time to time when it's someone new. But yes the people working in the banks treat all their customers as idiots, playing devils advocate they do see a lot of people incapable of doing proper basic money management.
But that's not a reason imo, treating people as cattle will not make them improve.
The same goes with us when we see them doing improper computing usage/management.
The thing is that they will obey orders from high up and never ever go aside because of the fear of sanction, notably because there's so much fraud.
I'm currently battling with my bank to have the now mandatory "strong authentication" for web purchase via OTP email, the bank I have is already partly respecting the DSP2 by allowing OTP via SMS, but they are mandated to give you OTP via email if you request it, except, as always, the people at the front desk of the bank are lied by omission, they don't even known or have read the DSP2.
My bank manager gave me the contact to the national CAT-5 siège at paris, so I sent papers for my request, no response yet.
But lets also consider the view point of the banks.
They're obviously malicious.
The only reason why they don't fully go awol is because of the law and also because citizens would start lynching them.
There is a truth in all this is that most terminals (computers) are infected with malware, be it by the definition of "security" companies or by the true definition.
They can't tell people that all their computers are doomed, because they also have interests that people are infected.
They also can't tell people to just use fully free/libre software/OS as hardware compatibility is not strong enough for what is currently available, plus their own economical interests.
They won't propose people to get a nitro key or any hardware that works with fido2. Even tho it would "mitigate" the said issues properly.
They'll also justify this by saying that "people will never buy this" yet they'll propose sim card terminal for 15eur a month.
They don't even propose https://en.wikipedia.org/wiki/GrIDsure which would be the easiest thing even for old people.
So in the end they propose the most useless and annoying method, the banking app, which is riddled with malware.
More people are getting fed up with this too.
https://linuxfr.org/users/elessar/journaux/les-banques-et-l-authentification-a-deux-facteurs
https://linuxfr.org/users/hg203/journaux/exigeons-des-banques-une-vraie-mise-en-oeuvre-de-la-dsp2
I am a translator!
The issue with GPG is how to be sure that the public key you have is really the one of who you want to send something to.
If you can make a phone call and have good confidence that the person you are talking to is the person you want to send your document to, you could try making them install magic wormhole. I like magic wormhole because it does not require any configuration, you just need to tell a number and a few words to the other party.
By the way, does anyone know how to change the wordlist used? English only is a big problem for most people I know.
I didn't know about wormhole, it looks pretty cool. I'll try it the next time I want to share some files.