Comment

Comment on Plex now will SELL your personal data

“Hashed emails”. Besides the fact that they can match up a hash from one source to a hash from another source to link them to the same person, emails often have enough predictability to break the hash. Assuming they all end in “@gmail.com”, “@outlook.com”, or “@yahoo.com” will get you the vast majority of emails out there. Unlike a good password scheme, people don’t shove a lot of random data into their email addresses.

source

Sort:hotnew top

misteloct@lemmy.dbzer0.com ⁨4⁩ ⁨weeks⁩ ago
The hash:

liamg@9696yddadgib

source
Redjard@lemmy.dbzer0.com ⁨4⁩ ⁨weeks⁩ ago
Was about to say this.

I saw a small-time project using hashed phone numbers and emails a while ago, where assume stupidity instead of malice was a viable explanation.

In this case however, Plex is large enough and has to care about securiry enough that they either
did this on purpose to make it sound better, as a marketing move,
did not show this to their security experts,
or chose to ignore concerns by those experts and likely others (turning it into the first option basically)

There is no option where someone did not either knowingly do or provoke this.

source