This is so sad. Although the exemptions are understandable, the “follow the money” principle leads me to believe that Equisux et al. will continue to make money from people who’ve frozen their data.
Exemption (J) seems to be the most worrisome. I expect to once again be inundated with junk mail for credit cards, and anyone else that the data whorehouses decide to sell my data to.
I’m also concerned that this prong can be stretched too broadly. There are CRAs like EWS (similar to Chex), SageStream/IDA, and ARS that might be able to make an argument that their reports are used only for fraud screening, not credit risk analysis.
It is worth noting that the federal law will still be an improvement for many people, as some existing state laws contain similar exemptions. Arizona’s, for instance, includes similar exemptions. (But others like California’s do not.)
In some large companies (Google for example) the penalty to mitigate your information from being sold or shared must be in the multi millions. This is the information age. You can do things proactively to minimize your exposure but the reality is every websearch you do, every credit card you use, anywhere you go with a smart phone or any picture you post to facebook can potentially track you; the things you buy, the places you go to, the things you do. As more data becomes compiled across many companies it’s even more susceptible to hacker or data breach. There’s really nothing we as a consumer of society can really do.
Most people don’t care. Data analytics and data capturing is the future and it will be a billion dollar industry. Choose to live off the grid or recognize there will be a lot of data you truly can’t protect and no company is guaranteed to protect it (no bank accounts, smart phone, and cash only purchases anyone? Better stock up on your guns & ammo and food stuffs). Even then it’s only a matter of time before facial recognition software begins to advertise to you walking into a store. You have all seen the sci fi movies and netflix films of the last decade, right?
Edit: I appreciate the OP is about minimizing spam mail, etc, and perhaps this is a de-rail/rant. However, it’s imprtant to recognize the trend for the future. Political play and regulation of some sort must come into the picture eventually, but how many years did it finally take to start taxing internet sales? It’s even farther behind on any kind of legislative enforcement.
We haven’t talked much about online privacy other than email and online ads. There are a few things you can do. Maybe I’ll add it to the wiki.
Go to Google Privacy settings and opt out of web, search, and location history. Better yet, walk through all the privacy settings of all your online accounts and turn off everything you don’t like.
Change camera settings to not embed GPS info into photos/videos (and don’t give the camera app permission to access location service). Unless you need an alibi, that is.
If you want full web privacy, use VPN with a non-fingerprintable browser (with all the javascript and ad blocking).
Don’t post your face online, don’t let friends tag you, don’t use your real name (and educate your friends).
Use application firewalls on all devices (zonealarm, no-root-firewall/droidwall, etc) to prevent offline apps from going online.
Windows10 is a huge piece of shit with built-in tracking and telemetry that’s difficult to disable completely. Disable or avoid if you can. I’m seriously considering finally switching to Linux (especially now that there’s a huge effort to make Windows games playable on Linux).
Not all of those steps will stop all tracking all the time, but they are steps in the right direction.
Not much we can do about Mastercard selling us out, but I believe it is still possible (but not trivial) to disconnect our online presence from our real world identity and render the data useless.
That’s best case scenario. Worst is Enemy of the State and Minority Report.
Also, Gattaca – for the love of the Flying Spaghetti Monster, do not do a DNA test on yourself if you can’t do it anonymously.
A reasonable alternative for non-technical people.
I was contemplating another benefit of using email forwarders (aliases) recently. I realized that most people probably have only one email address, and not only do they use it for their personal email, but also as their User ID / logon for all kinds of accounts, including social media and banking. The User ID should really be treated as a secret the same way as password and secondary backup questions & answers. If you advertise your email address to the world, you’re giving away half of the information required to logon to your other online accounts. You’re also giving someone half of what’s required to get into your inbox, which can cause all kinds of havoc if you use one email address for everything. It would allow the hacker to bypass any multi-factor authentication that sends an email with one-time codes for password resets or for logins from new devices.
Using separate email addresses for all online User IDs and using them exclusively can keep them secret. Even better if those addresses are not fully fledged email accounts, but are forwarders / aliases that just forward the email to another, completely secret address. Even if a hacker obtained your forwarder, they couldn’t login to your email.
The best way to do this is to get your own domain ($10-$15/yr) and web hosting ($3-$10/mo) with unlimited email accounts and forwarders. It’s not easy though.
Agreed. I have my own domain (via Gandi) with email hosted by FastMail. I can create aliases @mydomain or @any of FastMail’s domains. Most of mine are on my domain, but I use aliases @FastMail’s domains for anonymity in some cases.
Also, use U2F 2FA whenever available and disable SMS fallback. FastMail, Google, and Gandi support it. (That’s not meant to be an exhaustive listing.)
If email hosting is the primary purpose, I would definitely suggest using a proper email provider rather than some random shared web host that includes email as a feature (but really just a checkbox on the feature list), unless their email service is actually a G Suite signup (as I recall some hosts doing in the past).
Wiki’d (new word?!) the info from my earlier post on general online privacy.
I read their pricing and it seemed like it was $3-$5/mo per account, so if you have to pay for aliases it’s not very cost effective. Unless an alias isn’t an account and is free…
Wiki’d!
I suppose the following are too obvious for the wiki:
don’t write your password on a post-it note and stick it on your monitor
don’t write your PIN on your debit card
don’t keep your U2F key with your backup key or the devices that need it!
It isn’t really clear from their pricing page, but aliases are not user accounts and are free (up to 600 aliases per account + 15 per user). Aliases are associated with one user account; user accounts are actual separate logins.
don’t use ‘password’ as your password
I’ll add to the wiki that YubiKeys are the most widely used keys, sort of the industry standard right now. There are others (U2F is a standard, though YubiKeys aren’t just U2F keys), but I’d be cautious.
Quite well thought out … or maybe I think that because I’ve got them covered.
I am not aware of a non-fingerprintable browers. My browser is FF 5x esr (Noscripted) which randomly masquerades as IE, various versions of FF and Netscape. Yet, when I check my fingerprint:
without Javascript - supposedly un-fingerprintable, yet 13.5 bits of info (1 in 12000)
with Javascript - 21 bits of info and 1 in 2.1 million.
Can you share the name of a non-fingerprintable browser?
Along the same vein, I use one browser for surfing places that have non-identifiable or false data. I use a completely separate pc with a different OS and browser for all $ related items. Thus, they may easily fingerprint me, but I’ve already given them the info.
Nope, doesn’t exist. This is more of a wish and an awareness campaign . I hear the Tor Browser actively tries to defend, and the latest version of the most popular browser (Chrome) on the most popular OS (latest Windows) maybe with a common monitor resolution and no custom fonts may result in a very common (i.e. useless) fingerprint.