Discogs Security Issue?

Discussion in 'Marketplace Discussions' started by Otis P, Aug 26, 2021.

  1. Otis P

    Otis P Well-Known Member Thread Starter

    Location:
    Ohio
    Hi all.

    I've been using Discogs to catalog my music collection for several years...and today an oddity of sorts arose...a fellow user from another country emailed me to ask if I could send him a wav or flac of a particular album that is pretty much unavailable (at least for reasonable prices).

    Q: How did he know that I had that album in my collection? I have always been under the assumption that my entries on Discogs were private. I'm pretty iffy/naive with technology use...but I don't see a setting where I may have allowed the entire world to see what I've got. Any advice or input on this would be most helpful.

    Q: Would it be unethical in some way to send the requested files via email? Is this any different than selling a used record or cd?
     
  2. lrpm

    lrpm Forum Resident

    Location:
    Barcelona, Spain
    Yes, it is completely different
     
    Crimson Witch, Otis P and Lownote30 like this.
  3. Danby Delight

    Danby Delight Forum Resident

    Location:
    Boston
    Go to Settings and look under Privacy. I think unless you opt out, others can in fact see what's in your collection.
     
  4. pscreed

    pscreed Upstanding Member

    Location:
    Pittsburgh
    No, it is completely the same. And I deleted my entire collection from Discogs after being stalked there by whackos. I maintain it now only on my local server.

    Their security is terrible.
     
    Otis P, Lownote30 and hi_watt like this.
  5. mwheelerk

    mwheelerk You Are What You Listen To

    Location:
    Gilbert Arizona
    Select any one title in your Discogs catalog. Under Statistics on the right hand side it shows "Have" with a number. That number is a live link that shows others who have added it to their collection. Select on of the users name and Send A Message appears.

    Go to Profile and select Privacy Settings and choose your preferences of what others can see and do regarding contacting you.
     
    Brian Lux, Crimson Witch and Otis P like this.
  6. Smith

    Smith I'm cyanide over you.

    Location:
    Toronto.
    Yes.

    You can set your collection and your want list to private.

    Eliminates weirdos begging for flacs.
     
    Otis P likes this.
  7. Smith

    Smith I'm cyanide over you.

    Location:
    Toronto.
    And it keeps your name off the list mwheelerk is talking about.
     
    hi_watt likes this.
  8. warren

    warren Forum Resident

    Location:
    Phoenix, AZ
    Well, this is all good to know. Thank you guys. Off to discogs now! (To set my collection to private.)
     
    Crimson Witch and Otis P like this.
  9. Zongadude

    Zongadude Music is the best

    Location:
    France
    What are you talking about ?
    Click on any album and you will have access to a list of all the Discogs user that have claimed they have it :)

    But as others have said, you can make all this information private if you change the settings.
     
    Otis P likes this.
  10. vinylontubes

    vinylontubes Forum Resident

    Location:
    Katy, TX
    Can we be clear about what actually happened? Did the other user send an message via the messaging system within Discogs or did he sent an actual email address outside the Discogs system? Because even messaging within the marketplace is completed through the internal Discogs messaging network. Availability of your collection is viewable based on your privacy settings. If you don't want others looking at your collection, then change the setting. You can also opt out of allowing others to message you. If someone actually sent you an external email, this would be a security breach. But if someone just sent you a message, it's based on setting you've set. Yes there are default setting that allow both, it's up to the user to change them.
     
    Crimson Witch and Otis P like this.
  11. munjeet

    munjeet Forum Resident

    Location:
    Baltimore
    I had a similar experience a couple of years ago. I got a message on Discogs from a user asking a very specific question about an obscure item in my collection. That’s how I learned that my collection was visible to others (unless you opt-out - which I did, immediately afterwards).
     
    Last edited: Aug 26, 2021
    Otis P likes this.
  12. Otis P

    Otis P Well-Known Member Thread Starter

    Location:
    Ohio
    As in inappropriate?
     
  13. Otis P

    Otis P Well-Known Member Thread Starter

    Location:
    Ohio
    Thanks everyone...!!
    I just assumed (I know...terrible idea) that the default would be privacy.
    Well I've learned my lesson...and will act accordingly.
     
    Last edited: Aug 26, 2021
    skisdlimit likes this.
  14. pscreed

    pscreed Upstanding Member

    Location:
    Pittsburgh
    it should be privacy, but maybe they are modeling themselves after Facebook.
     
    Otis P, Old Fred and hi_watt like this.
  15. fairaintfair

    fairaintfair I Buried Paul

    Location:
    SF Bay Area
    I often get emails asking if I'm selling my punk rock albums...

    Hardly a "security issue" though
     
    Otis P and faceinthecrowd like this.
  16. Thievius

    Thievius Blue Oyster Cult-ist

    Location:
    Syracuse, NY
    Just to be sure, I made a purchase the other day and would hate to break the line of communication. (The purchase is complete, just waiting to receive the cd.) Setting things to private won't affect that, will it?
     
    Crimson Witch and Otis P like this.
  17. pscreed

    pscreed Upstanding Member

    Location:
    Pittsburgh
    Would it become a security issue if a bad actor was able to associate your address with your collection?

    Not trying to offend or argue, but there can be consequences to making this info public. It doesn’t take much effort for bad guys to tie info from different places together.

    Just be careful would be my advice. I got careless and that’s on me.

    BTW same reason I deleted my gear profile here. It just doesn’t fit my risk appetite.
     
    quicksrt, munjeet and Otis P like this.
  18. jalexander

    jalexander Forum Resident

    Location:
    Canada
    Others have addressed the privacy issues. As to the ethics of sending digital files, I think it’s a grey area.

    In the 80s, everyone was dubbing stuff onto tapes and passing them around. My dad taught me this was violating copyright law, illegal, and thus ethical. If you want an album, save your money and buy it.

    Then CDRs. And eventually digital files that make the cost of copies basically nothing.

    Is sending someone the digital file the same as selling a used album? No. When you sell a used album, you are transferring ownership. You no longer have a copy and the person who paid you does.

    Send a digital file, and you both have it, even though the artist has only been paid once. Same thing as a cassette dub in the 80s.

    However, if we’re talking about ultra rare records, I don’t really see the harm. One of these for me is The Cure’s 12” single Primary released in 1981. I’ve purchased the b-side on a couple of compilations over the years, but the a-side is an exclusive remix. When they released a deluxe version of their remix album a few years ago, they included all but three of their archival remixes. This was one of the exclusions.

    In the 90s, a fan sent me a copy on a cassette (and I sent him some equally rare tracks on a dubbed cassette). Illegal? Yes. Violated copyright law. Unethical? I’d argue no. There was no way we could compensate the band (beyond the legitimate releases I was already buying and concerts I was already attending).

    I’d argue that extends to cases like yours. Impossible for someone to get anymore without paying a fortune on the used market? I don’t see the harm I sending them a digital copy.

    And this summer is finally did buy a used copy of that 12” when I found one at a price I was willing to pay.
     
    Otis P likes this.
  19. SRC

    SRC That sums up Squatter for me

    Location:
    New York, NY
    I think there are specific settings for making either your collection or your wantlist private, or both, or neither. So I don't think it's any kind of general privacy, that would cause someone to not be able to message you who had been previously. All of your order-related communications, with a seller you've engaged with, should be unrelated to privacy settings.
     
    Otis P likes this.
  20. fairaintfair

    fairaintfair I Buried Paul

    Location:
    SF Bay Area
    My discogs address? Still not a security issue for me.
     
  21. pscreed

    pscreed Upstanding Member

    Location:
    Pittsburgh
    Speaking about associating your email address or physical mailing address with your collection. If you have bought or sold items on discogs, shipping address either from or to you is in their database. If you are using a PO Box or drop maybe not so much an issue.

    Hey I’m no security guru, that’s another department where I work :)

    But any bad guy that has your email can get to your shipping address if they have a motivation, if it’s linked in the same database or published/leaked anywhere.

    This might be interesting to others if not you… search to see if your data has been part of a breach:

    https://haveibeenpwned.com/
     
    Otis P likes this.
  22. mr.datsun

    mr.datsun Incompletist

    Location:
    London
    I dont have a problem with people seeing what is in my collection. I have had one pm asking to buy or trade an obscure record i have in duplicate. That’s fine as i may have decided to take advantage of the request and sell it. Another pm offered me a record in my wants list. It’s not like sharing a collection list is a huge invasion of anyone’s privacy.

    Secondly - sharing a file of an out of print album? That’s up to you. Personally I can’t see a problem with it. Remember cassettes?
     
    Otis P likes this.
  23. Crimson Witch

    Crimson Witch Forum Resident

    Location:
    North America
    If you are referring to communications between yourself and another buyer/seller via business transaction then no, it does not affect those lines of communication.
     
    Thievius and Otis P like this.

Share This Page

molar-endocrine