Discuss privacy

[nakedfrog]

You know the problem with privacy? It doesn't exist.

There may be some instances where you are off-grid far enough that you might have some. The Internet isn't as much of an issue as the way it allows companies and organizations to buy and sell your data.....or make agreements that then have it flowing freely where others can compromise it. So you have an account with Company A. Well, company A doesn't want to pay their IT staff or support the infrastructure required to run the business, so they buy Software-As-A-Service from Company B to lock in savings and ship all their records to them in a nightly feed. If the data is ever compromised, unless the attack happens at Company B and can be proven, they won't be blamed. Company A was only doing what was best for the investors, so you can't blame them either... To make matters worse, the people who make the decisions of what data to ship back and forth are often idiots and at the end of the day, they had lawyers draw up agreements that insulate themselves from litigation risk, but don't solve the problems if any data breach actually occurs.

We actually had this one company's engineer send an FTP list of passwords to us via Email by mistake for 120 of their clients that was stored in plain text on a Google Drive. Those contracts were around $150k annually for each client company. He lost his job over it, but the company never told the other clients about it. We tried to get out of the contract with that firm when it happened, but were locked in by then....


On the physical side of things....I work outside a lot and while I don't see a soul, every now and then I see a drone fly overhead. It makes me want to start carrying a shotgun when those things fly over my property.

I "got" to build a client email notification tool because one fuck-up who should already have been fired for incompetence (ones of those assholes that failed upwards, got shifted into another position because the original department was tired of him) attached the wrong document to an email notification he was sending via Outlook, and also included all the clients on the To: list instead of BCC:
He didn't finally get fired until we got acquired and they did some house-cleaning, 2-3 years later.

 

[Fanatical Meat]

That violates my HIPAA.

Or better “Because of HIPPA I cannot tell you, otherwise I would tell you”
God damn morons....

 

[Fanatical Meat]

You know the problem with privacy? It doesn't exist.

There may be some instances where you are off-grid far enough that you might have some. The Internet isn't as much of an issue as the way it allows companies and organizations to buy and sell your data.....or make agreements that then have it flowing freely where others can compromise it. So you have an account with Company A. Well, company A doesn't want to pay their IT staff or support the infrastructure required to run the business, so they buy Software-As-A-Service from Company B to lock in savings and ship all their records to them in a nightly feed. If the data is ever compromised, unless the attack happens at Company B and can be proven, they won't be blamed. Company A was only doing what was best for the investors, so you can't blame them either... To make matters worse, the people who make the decisions of what data to ship back and forth are often idiots and at the end of the day, they had lawyers draw up agreements that insulate themselves from litigation risk, but don't solve the problems if any data breach actually occurs.

We actually had this one company's engineer send an FTP list of passwords to us via Email by mistake for 120 of their clients that was stored in plain text on a Google Drive. Those contracts were around $150k annually for each client company. He lost his job over it, but the company never told the other clients about it. We tried to get out of the contract with that firm when it happened, but were locked in by then....


On the physical side of things....I work outside a lot and while I don't see a soul, every now and then I see a drone fly overhead. It makes me want to start carrying a shotgun when those things fly over my property.

Had something similar happen to me 12 years ago or so.
Big company everyone would know the name.
Bunch of us got an email saying “we’re giving you 3 years of enhanced credit protection” but not everyone go that offer.
Questions were asked and apparently some HR person lost or had a laptop stolen that had a whole mess of people’s ssn, address, DOB and year to date salary.

Me and several others were like WTF why is someone walking around with that data? What possible purpose was there to having that data and why the F is anyone allowed to download and store that data when I could be fired for not shredding a shipping receipt?

 

[Svnla]

Iphone users, Apple is watching you. Kiss your privacy good bye. Don't let me start with government agencies. Privacy is a myth.

Apple to scan U.S. phones for images of child abuse

.

 

[MtnMan]

There is privacy and there is security. The lines between blur frequently.

Privacy... very little "social media" presence, and what there is, without my actual name or any images. I have accounts as a convenience and as a source of information. Too often businesses and other groups that interest me rely far too much on social media, and basically neglect their web presence if they have any. If the platform doesn't like the fact I use a nondescript alias, then to hell with them. The fact my name is unique enough so that a Google search of my name brings up me, and a musician, is a huge part of that motivation.

Security, specifically keeping my financial information and accounts secure. People will always try and find ways to relieve you of your money. People are still stealing checks out of mailboxes, and protection against these are a hassle. Mail only from a PO, and don't have a mailbox at the street, but rent a PO Box where you have to go to the PO.

Online banking, etc. is just convenient to not utilize. Passwords from hell and 2FA when available are my normal. I also don't have every monthly bill, utilities, etc., draft my account. That gives too many entities access to my accounts. Instead, I utilize the online bill payments service from my credit union. Convenient yet without having half a dozen or more companies able to extract funds from my accounts.

Limit financial transactions on my phone unless the benefit to me outweighs the risk. And, when I do perform any financial tasks on my phone I make sure I am not connected to a local WiFi (other than my home WiFi) but connected to my providers network.

I lump it all under "TNO"

Spoiler

Trust No One

 

[Scarpozzi]

Yes, you know what? I suspected that. Haven't given it a lot of thought recently, but yes, I have been of that opinion, i.e. that privacy doesn't exist. I suppose in some contexts the term has meaning, but that there is no real privacy attainable for most people in a lot of situations.

I was the sole database administrator and programmer for the mission critical database of a service company that had contracts with many of the largest companies in the USA, many if not most of them Big Tech (Microsoft, Texas Instruments, companies of that nature). It's been about 20 years, so don't remember all the companies. We provided perks for their employees. I personally had the credit card numbers, names, contact info for thousands of employees from among scores of companies. We had an encryption algorithm but it was nothing special, it was actually quite weak and hackable. Besides that, I could see the data unencrypted anytime I wanted. I had all the code, and the code itself wasn't particularly well guarded. I could take all that home, code, data, no problem. I had integrity and I would never have considered doing anything with that info that would besmudge my reputation. But just the situation had me realizing that data security was pretty much a mirage. When I see stories of companies' customers data hacked, even credit agencies, I'm not surprised in the least. It's one of the reasons I like credit cards. If my card's number is ill-gotten and I get charged for something I didn't order, they have my back. It's happened to me. Don't know how, but doesn't matter. I don't get dinged, just get a new card number.

I had a credit at Walmart disappear. Somebody siphoned off the cash from it. I bitched like hell until they restored it. I figure it was an inside job. Didn't surprise me in the least, but pissed me off, more than anything because it wasn't easy dealing with it.

I'm not obsessed with privacy because I figure there isn't any. I'd rather think that I'm proud of myself, who I am, what I believe in, am good to my word than that who I am is my business and nobody else's. The latter attitude is insane, sort of paranoid. At one time I thought anonymity was cool, but I changed my mind. Fortunately, in the USA you don't have to hide who you are... at least I don't think so!

I posted recently about my Facebook account getting hacked. I figure that was an inside job too because the password was unique to FB for my account and they did something funky with 2FA to defeat it. They had to know the password to get in....so I'm suspecting it was a breach. In any case, whoever hacked the account has all of the messages between me and my facebook friends. Mostly just banter between me and a guy I went to high school with about pro football. Imagine all the extramarital affairs going on....I'd be willing to bet some of those hacks are used as a way to blackmail people when/if they discover any funny business going on that doesn't match someone's relationship status.


As MtnMan said...there's privacy and security. If the security is flawed, there is no privacy (if you log anything personal on those accounts).

The best thing you can do is limit your digital footprint to minimize risk. I'm going to start pulling mine back even more after this hack. It's the first account I've ever had compromised before that I'm aware of and I have a 5 character yahoo account that's my first name and middle initial.....I've been around. =P

 

[Muse]

I posted recently about my Facebook account getting hacked. I figure that was an inside job too because the password was unique to FB for my account and they did something funky with 2FA to defeat it. They had to know the password to get in....so I'm suspecting it was a breach. In any case, whoever hacked the account has all of the messages between me and my facebook friends. Mostly just banter between me and a guy I went to high school with about pro football. Imagine all the extramarital affairs going on....I'd be willing to bet some of those hacks are used as a way to blackmail people when/if they discover any funny business going on that doesn't match someone's relationship status.


As MtnMan said...there's privacy and security. If the security is flawed, there is no privacy (if you log anything personal on those accounts).

The best thing you can do is limit your digital footprint to minimize risk. I'm going to start pulling mine back even more after this hack. It's the first account I've ever had compromised before that I'm aware of and I have a 5 character yahoo account that's my first name and middle initial.....I've been around. =P

I have a digital footprint... not sure what you mean by that, but I do stuff online. I have investment accounts, stocks, online savings accounts, I do business with my banks online... so I have passwords, usernames, I even have a Facebook account, but seldom do anything with it. Facebook to me is a giant boundless whoop-di-doo circus, which I for the most part do not comprehend. I don't even know my passwords most of the time. I have data concerning them but if anyone saw my data they wouldn't be able to figure out what my passwords are... I use hints, which only I know the meaning of. Some super sleuth system might be able to hack that stuff, but I figure the odds of that are zero. Now, my browsers do know my passwords, and I wonder if that's hackable. AFAIK, no, but I really wonder about that!

I could eliminate that stuff, but it's convenient. I have statements mailed to me, I look them over for anything suspicious, pretty much all the time. I look at my credit score once in a while to make sure it's OK.

 

[Scarpozzi]

I have a digital footprint... not sure what you mean by that, but I do stuff online. I have investment accounts, stocks, online savings accounts, I do business with my banks online... so I have passwords, usernames, I even have a Facebook account, but seldom do anything with it. Facebook to me is a giant boundless whoop-di-doo circus, which I for the most part do not comprehend. I don't even know my passwords most of the time. I have data concerning them but if anyone saw my data they wouldn't be able to figure out what my passwords are... I use hints, which only I know the meaning of. Some super sleuth system might be able to hack that stuff, but I figure the odds of that are zero. Now, my browsers do know my passwords, and I wonder if that's hackable. AFAIK, no, but I really wonder about that!

I could eliminate that stuff, but it's convenient. I have statements mailed to me, I look them over for anything suspicious, pretty much all the time. I look at my credit score once in a while to make sure it's OK.

Digital footprint is just saying, "how many accounts you have across all the various servers and services out there". I was thinking of it like having all these lines of credit. If you don't need the lines of credit, you should cancel them....so they aren't there to be compromised.

As a systems administrator/security guy, I audit my organization's security annually and look for accounts that haven't logged into the system for 2+ years. Those accounts get shut down and the people that own them have to reapply for access. We should do that with any accounts we have and don't use (if we can remember how many we have).

 

[Muse]

Digital footprint is just saying, "how many accounts you have across all the various servers and services out there". I was thinking of it like having all these lines of credit. If you don't need the lines of credit, you should cancel them....so they aren't there to be compromised.

As a systems administrator/security guy, I audit my organization's security annually and look for accounts that haven't logged into the system for 2+ years. Those accounts get shut down and the people that own them have to reapply for access. We should do that with any accounts we have and don't use (if we can remember how many we have).

I had a line of credit with one of my banks and I no longer do with them. I don't remember if I cancelled it or it expired, but I realized I was NEVER going to use it and it did me no good. When I got a letter from them asking if I wanted to set up another I ignored it. I'm not hurting for cash, so why have a LOC?

I do have a few credit cards that I don't use. Don't know if I should cancel them. Thing is, I heard some years ago that if you do cancel a credit card it negatively effects your credit rating. Is that true? Don't really know. I figure it couldn't hurt it too badly.

 

[Muse]

On front page of NYTimes online today:

Opinion | The Illusion of Privacy Is Getting Harder to Sell

Locked into Apple’s or Google’s ecosystems, our data is as secure as their policies.

www.nytimes.com

A snip:

A major reason for the failure of Apple’s defense is that the photo-scanning program confirms a fear many users already harbor: Personal data, even the most sensitive, is effectively out of users’ control, accessible at the flip of a switch.

Apple says, relentlessly, that privacy is the central feature of its iPhones. But as the photo scanning demonstrates, that’s true only until Apple changes its mind about its policies.

The iPhone is a gluttonous collector of user information. The devices beam location data as well as information about Wi-Fi usage and internet usage to Apple’s servers, even when we think the devices are slumbering. That type of data opens up iPhone owners to alarmingly accurate tracking by third parties, including their whereabouts, political leanings, job and family status, ethnicity and net worth.

 

[lxskllr]

Any security, privacy, whatever that depends on policy, doesn't exist. That can be changed with a pen at any time, or even outright ignored, and all you'll get is an "Oopsie", with a promise to do better next time(lol). Most of that can be changed, but people don't want to give up trivial conveniences, and companies aren't interested in giving up potential revenue sources. There's even a cheap partial fix to the inherent tracking in cell phone infrastructure, but nobody's gonna want to do it...

A simple software fix could limit location data sharing

With Pretty Good Phone Privacy, carriers wouldn’t always know where you are.

arstechnica.com

 

[nakedfrog]

I had a line of credit with one of my banks and I no longer do with them. I don't remember if I cancelled it or it expired, but I realized I was NEVER going to use it and it did me no good. When I got a letter from them asking if I wanted to set up another I ignored it. I'm not hurting for cash, so why have a LOC?

I do have a few credit cards that I don't use. Don't know if I should cancel them. Thing is, I heard some years ago that if you do cancel a credit card it negatively effects your credit rating. Is that true? Don't really know. I figure it couldn't hurt it too badly.

Yes, it can hurt your rating, age of your oldest account is a factor. If you're not paying any annual fees or anything, it's probably better to keep.

 

[Muse]

Yes, it can hurt your rating, age of your oldest account is a factor. If you're not paying any annual fees or anything, it's probably better to keep.

I have always ignored any CC offer that involved annual fees. Goes straight into the "round file." I do get letters occasionally from a CC saying I haven't used their card for a long time and if I don't use it they will cancel. I've let a few expire that way. Maybe I should just use it and keep it alive to increase my rating. But I'm around 800 CR now, varies, is probably a bit over (I don't check all the agencies, just get a peak here and there from whatever), and I haven't needed to test my credit for anything in a long time. When I apply for a CC (rarely happens nowadays) I get it, or ask for an increase in monthly credit limit I usually get it, don't recall being denied. Still, seems like a good thing to get your CR as high as possible. I don't really know the issues.

 

[nakedfrog]

I have always ignored any CC offer that involved annual fees. Goes straight into the "round file." I do get letters occasionally from a CC saying I haven't used their card for a long time and if I don't use it they will cancel. I've let a few expire that way. Maybe I should just use it and keep it alive to increase my rating. But I'm around 800 CR now, varies, is probably a bit over (I don't check all the agencies, just get a peak here and there from whatever), and I haven't needed to test my credit for anything in a long time. When I apply for a CC (rarely happens nowadays) I get it, or ask for an increase in monthly credit limit I usually get it, don't recall being denied. Still, seems like a good thing to get your CR as high as possible. I don't really know the issues.

If you're sticking around 800 and don't have any particular need for additional credit, I think you're doing a-okay.

 

[Muse]

If you're sticking around 800 and don't have any particular need for additional credit, I think you're doing a-okay.

I have all my periodic charges auto-deducted from a checking account. I never buy on time. It's pretty easy to keep my credit clean, the way I do things it's basically automatic!

 

[MtnMan]

Privacy is an illusion. It doesn't really exist in today's world.

 

[Muse]

Privacy is an illusion. It doesn't really exist in today's world.

Kind of like God.

The Future of an Illusion - Wikipedia

en.wikipedia.org

 

[Red Squirrel]

Unfortunately we seem to live in a world where it's very hard to fight for privacy and most people are just complacent with it. You can take steps to minimize your privacy infringement by avoiding the worse offenders but it's very hard to get 100% privacy these days. Just having a smartphone means you basically have a microphone and various sensors following your every move and constantly listening to you. Then that info is sold to 3rd parties. The smartphone ecosystem sucks too, there is not a Linux equivalent, like there is for PC.

I often consider just getting a flip phone as my next phone, but I really hate trying to text on those things, and the cameras usually suck, and I doubt any of them will work on HSPA, most of those are CDMA which is no longer operating.

But it's not just phones, credit card companies sell your info, pretty much any store you shop at sells your info, the government sells your info etc... it's brutal.

Then there's the mass surveillance programs like NSA, CSIS etc where they monitor all your internet traffic.
Governments sometimes try to push making encryption illegal though, so that tells us maybe the encryption is actually working, so there's that. But I would not count on it 100%, these alphabet soup agencies are quite advanced beyond our understanding. Probably 100 years ahead of what is accessible to consumers.

The thing I REALLY hate though is the fact that they keep pushing for every day products to require an app or an account. It's one thing being spied on when you are sending info across a public network, I see that the same way as walking on a public road that has security cameras. But to be spied on by things that you buy and are using in your home is where I really draw the line. There is zero reasons why those things should even have an internet connection. Smart TVs, smart fridges, most action cams, drones etc all require to be tied to the cloud now, it's really ridiculous. Even cars now seem to be following the cloud/app trend now like Teslas. Anything that ties to a phone is a big red flag. Phone ecosystems are designed around spying on you, so it's almost 100% guarantee that anyone pushing you to download an app is only doing it to spy on you. There is no reason why whatever those apps do can't be done with a separate stand alone device or even just a website. (ex: food ordering).

Apple Iphones now actually scan all your data to look for "contraband" (child porn etc). They are using "for the children" as an excuse, but it's guarantee they will abuse the hell out of this.

 

[Muse]

Unfortunately we seem to live in a world where it's very hard to fight for privacy and most people are just complacent with it. You can take steps to minimize your privacy infringement by avoiding the worse offenders but it's very hard to get 100% privacy these days. Just having a smartphone means you basically have a microphone and various sensors following your every move and constantly listening to you. Then that info is sold to 3rd parties. The smartphone ecosystem sucks too, there is not a Linux equivalent, like there is for PC.

I often consider just getting a flip phone as my next phone, but I really hate trying to text on those things, and the cameras usually suck, and I doubt any of them will work on HSPA, most of those are CDMA which is no longer operating.

But it's not just phones, credit card companies sell your info, pretty much any store you shop at sells your info, the government sells your info etc... it's brutal.

Then there's the mass surveillance programs like NSA, CSIS etc where they monitor all your internet traffic.
Governments sometimes try to push making encryption illegal though, so that tells us maybe the encryption is actually working, so there's that. But I would not count on it 100%, these alphabet soup agencies are quite advanced beyond our understanding. Probably 100 years ahead of what is accessible to consumers.

The thing I REALLY hate though is the fact that they keep pushing for every day products to require an app or an account. It's one thing being spied on when you are sending info across a public network, I see that the same way as walking on a public road that has security cameras. But to be spied on by things that you buy and are using in your home is where I really draw the line. There is zero reasons why those things should even have an internet connection. Smart TVs, smart fridges, most action cams, drones etc all require to be tied to the cloud now, it's really ridiculous. Even cars now seem to be following the cloud/app trend now like Teslas. Anything that ties to a phone is a big red flag. Phone ecosystems are designed around spying on you, so it's almost 100% guarantee that anyone pushing you to download an app is only doing it to spy on you. There is no reason why whatever those apps do can't be done with a separate stand alone device or even just a website. (ex: food ordering).

Apple Iphones now actually scan all your data to look for "contraband" (child porn etc). They are using "for the children" as an excuse, but it's guarantee they will abuse the hell out of this.

TBH, I barely try to fight it. I do have my only activated phone powered off most of the time and a lot of the rest of the time in Airplane Mode. I use a heart monitor app on an unactivated Android phone when I skate. It can find out my heartrate, BFD. I turned off the GPS tracking in that app.

I get letters every few weeks from people hoping to buy my house and flip it. Got one a couple days ago. I figure they looked up my property, saw how much I paid for it (anybody can do that) and figured I could be a mark. I just throw all that stuff away with a few curse words.