Hacker News new | past | comments | ask | show | jobs | submit login

To you and the others: yes you can. You can also upload phone #s. They are hashed.



You're still letting FB know that its existing users are your customers, which breaches your customer's privacy. Imagine that Ashley Madison did that!


In case anybody else has no idea what Ashley Madison is: it's an online dating service that seems to be focussed on people who are already in a relationship and cheat on their partners. Or something like that.

I agree that the privacy violation is bad as it is, but I don't see how this is a good example for why it's bad.


Well... I imagine that you wouldn't want random advertisers and FB employees knowing that you're interested in cheating on your spouse.


> They are hashed

So what if they are hashed? Facebook has the solution to all the hashes.


One could give away a unique e-mail address to every web site. Quite a hassle though.


I've been doing it for years without problem, it's a lot easier than you'd first think. Markov chain makes the leader of the email address, domain is selected from a random pool.


Are those your own domains?


For things I care about the domains are owned by me, for things I consider spammy I have a round robin of afraid.org aliases which are for all intents and purposes disposable. They are very effective for this sort of thing, but you would be wise to do your research into the history of the domain you're piggybacking to be sure it's not going to disappear.


if you use a gmail account, you can use a + after yourusername

So cpach@gmail.com and cpach+hackernews@gmail.com would both end up in the same inbox, then you can use gmail filters to separate them


This trick only works because it's not that popular. If a substantial amount of people started doing it, firms would simply start removing the extra +info that you pad to your address.


Good point. But I doubt any significant share of users will consider doing it. Most of them are of course unaware that it’s even possible.

Perhaps someone here has some statistics to share? It would be interesting to know how common this trick is :)

[Edit: Better wording]


This could potentially be solved by using alias emails instead of just adding a tag to your normal e-mail address. I can imagine gmail offering a quick "generate alias" button that creates a EkTG522f3fhgtfh@gmail.com address that instantly forwards to your real address. Obviously you can delete this alias if you find that you are being spammed.


Regrettably a significant number of back ends (principally Microsoft ones in my experience) regard the +bit as malformed and reject the email address.


Actually yes, I remember now that's why I use - in my Postfix instead.

Postfix allows you to choose any character as a separator.


Yep. But it can be circumvented if one’s mail server use another delimiter. E.g. ”.” will hardly be filtered.


You set up a catch-all on your domain, and just make up whatever@domain.tld whenever you need an address. I have all my domains set up that way. Not even for unique addresses, just for convenience.


I have exim set up to accept all mail to my domain that starts with a particular prefix. So I sign up to websites as myprefix-sitename@mydomain.com.

Setting it up was a bit of a fiddle because I suck at exim, but it's no ongoing hassle.


I am stating facts. Opinions and deductions are yours to make.


FYI - This is the privacy policy for it: https://www.facebook.com/ads/manage/customaudiences/tos.php

"Facebook’s custom audience feature enables you to create an audience using your data such as email addresses and phone numbers. When using Facebook’s custom audience feature, your data is locally hashed on your system before you upload and pass such data to Facebook to be used to create your custom audience (the “Hashed Data”)."




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: