Hello nice people,

I've been using NiceHash app for some time 5-6 years ago. (It was a simple app for mining cryptocurrency and you get paid in bitcoin on their wallet, then you could transfer bitcoin to another wallet.) It was working fine until they got hacked (or fooled us) and lost all crypto. Luckily I didn't loose much like some guys did. I decided not to use the service anymore and I'm still receiving stupid e-mail newsletters. I tried to unsubscribe and It asks me for login, I know password, but don't have 2fa anymore. Also I don't have backup 16 words.

Now support told me that this is the only way and I feel ridiculous about taking selfie just to unsubscribe. Am I protected against this somehow? I live in Europe and I think Nicehash is located in neighbourhood.

And of course I never wanted to subscribe...and I don't think I ever verified account with a document.

What are my options other than just filtering that shitty domain as spam?

edit: typo

  • OsrsNeedsF2P@lemmy.ml
    ·
    1 year ago

    GDPR allows for the company to verify your identity before proceeding with deletion. Source: https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/dealing-citizens/how-should-requests-individuals-exercising-their-data-protection-rights-be-dealt_en

    [The company] can ask [you] for additional information in order to confirm the identity of the person making the request.

    • Blizzard@lemmy.zip
      ·
      1 year ago

      But if OP did not provide "selfie" during registration, providing it now doesn't help confirming his identity so it doesn't fall into that category. I would aks them how do they justify that and if they are trying to discouraged me from deleting the account.

    • rambos@lemm.ee
      hexagon
      ·
      1 year ago

      Also, Im not trying to delete account (but that eould be ideal), Im just trying to unsubscribe. I guess it doesnt matter here FML 😂

      • Schlemmy@lemmy.ml
        ·
        1 year ago

        They should unsubscribe you by simple request and only need your e-mail for that. You could verify by clicking a link in an unsubscribe email.

    • Schlemmy@lemmy.ml
      ·
      1 year ago

      They can't ask for more information than what they needed to create your account.

      But maybe they're seen as a bank and then they have to confirm your identity with a copy of your id.

      • rambos@lemm.ee
        hexagon
        ·
        1 year ago

        Ive never heard of bank asking selfie. I wouldnt even provide ID, but that would make bit more sense

        • Schlemmy@lemmy.ml
          ·
          1 year ago

          KYC (Know Your Costumor) Here you have a small overview.

          https://www.thalesgroup.com/en/markets/digital-identity-and-security/banking-payment/issuance/id-verification/know-your-customer

          When you create an account online, a selfie along with a copy of your id is deemed minimal verification.

          • rambos@lemm.ee
            hexagon
            ·
            1 year ago

            Ive used face scanning on some other crypto service, but didnt know its a thing in banking. Thanks for sharing, but it still doesnt explain why I need that just to unsubscribe. I could accept that they are trying to protect me, but they obviously have diferent plans. My experience and recent communication with support proved NiceHash is ran buy toxic garbage and not by people who run a bank or anything close to that.

            • Schlemmy@lemmy.ml
              ·
              1 year ago

              They need to be sure it's you who's unsubscribing, I suppose. There's been enough social engineering to not rely on emails only.

              • rambos@lemm.ee
                hexagon
                ·
                1 year ago

                I see that selfie is the only solution to unsubscribe (if not involving lawyer or just spam filter).

                I understand what you are saying, but If I lost my email why would they send newsletter to a new owner? It just makes no sense since 99% can be unsubscribed with no login or whatever they ask.

                Sorry, its hard to accept any safety meassure as explanation due to bad reputation of NiceHash. Also after talking to human support I just feel even less safe tbh, but it doesnt surprise me at all, its company that took my crypto back in a day.

                Ill try fake pic when I get some time to burn

    • rambos@lemm.ee
      hexagon
      ·
      1 year ago

      Thanks for the link. Feels bad tho 😭 gdpr gave me Accept/Reject cookies and some more pain as a bonus it seems 😂

  • iamak@infosec.pub
    ·
    edit-2
    1 year ago

    If you really want to be keep using the service, get a non watermarked random guy's pic (he must be holding something) from the internet, write what they want on a paper and edit the pic so that the guy is holding what you wrote. This might not work because of the personal ID requirement but trying it doesn't hurt.

    They usually have a face detection algorithm running along with ocr and rarely check if this is a stock photo. I need to use Instagram to be in the loop. They blocked my account for using Barinsta so I did this and they unblocked it.

    • rambos@lemm.ee
      hexagon
      ·
      1 year ago

      Hehe this made me laugh. Thank you!

      Your story is also about nicehash? I might do that if I manage to digure out that pic. I will try

  • StellarTabi [none/use name]
    ·
    edit-2
    1 year ago

    I'd setup a thing to auto-mark them as spam and forget about it. CAN-SPAM and FTC guidelines dictate that for non-transactional emails like newsletters, the user must be able to unsubscribe without a fee and without requiring a login. IDK anything about European law.

  • AOCapitulator [they/them, she/her]
    ·
    1 year ago

    I felt bad for the person being manipulated like this but then I saw that this was a cryptomining service and I approve of this as a punishment

    • rambos@lemm.ee
      hexagon
      ·
      1 year ago

      Hehe, I dont blame you for approving that as a punishment. I feel lucky for not losing more than 50-100$

  • uralsolo
    ·
    edit-2
    1 year ago

    deleted by creator

  • Schlemmy@lemmy.ml
    ·
    1 year ago

    Are they considered a bank? Because a be'abnk had to verify your identity and for that they can use a copy of your id.