Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Have always been curious about this; if you stole data or are using stolen data why wouldn’t you just strip out the breadcrumb?


Two answers for that:

1. Crooks are lazy. Actually humans are lazy and crooks are human, but even more so criminal activity doesn't tend to come with any quality control. Even obvious data cleanup like fixing escaping often isn't done, because there's no incentive.

2. Breadcrumbs tend to be obvious to a human but a variety of schemes might be employed which means automation to strip them would need to be relatively sophisticated or it'll miss many of them. I used to use breadcrumbs of the form emanniamodXX@my-breadcrumb-domain.vanity.example where XX is two digits signifying when I updated this email address, like maybe 14 means May/June 2009. A human can stare at that address, see it says domainname backwards and realise it's a breadcrumb. But a trivial regex match will miss it.


I’ve been using spamex for years. You can generate completely random email addresses.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: