LOL. You can’t explain quantum physics to plebs. The people who can do something about this don’t answer phones. My guess is nothing will change until something really big and bad happens and it goes public. Like someone impersonating a big bank CEO via voice to drain his accounts.
2 Likes
Screw that, you can clone your voice for a buck now: AI Voice Cloning: Perfect Clone in Minutes
2 Likes
I don’t know if I ever posted this here:
It’s part of a series now. Basically if you ever get locked out of your Experian online account, you can just create a new one by providing your info including SSN and DOB and answering a few “security” questions. It straight up creates a new account and disables the old account without notifying the user of that account (by email, for example) to confirm whether it’s them or not. This means that anyone with enough information about you can access your Experian account and see your report and score. What’s worse is they can unfreeze your report, which would then allow them to apply for credit in your name.
4 Likes
Is there a way to get better security on your account? Set up 2FA, or at least get some notifications?
Edit.
Some steps you can take to increase security:
Freeze your credit with all three credit reporting agencies. Note that freesze is different from credit lock, that the agencies try to sell you. A credit freeze is free.
Get your free, annual credit report and examine it for suspicious activity.
If you have a Discover credit card sign up for their free credit monitoring service. Other cards may offer similar.
2 Likes
This is kind of my point – freezing is a good idea, but with Experian any crook that has your information can also unfreeze your report.
They have some kind of 2FA, but according to Krebs’ reporting it’s not done for every logon and it appears to be completely bypassed when you try to create a new account. When a new account is created they do send an email to the previous email address informing of email address change. So you’ll know it’s happening, you just won’t have any way to permanently prevent it. You have to take over your own account the same way as the crooks did – by opening a new one. It’s a game of cat and mouse.
We have a thread on free credit monitoring and it’s already linked in the wiki. Experian’s free account, the one that is being discussed as lacking security, includes credit monitoring.
4 Likes
I could not find the wiki. Link?
Edit. A thread on free credit monitoring at the Bogleheads
1 Like
It’s in the “other tips and tricks section” titled “monitor your credit”
1 Like
I just got my LexisNexis report for the first time and it contains a few things I didn’t expect to see, like my auto insurance policy details (limits, copays, car info with VIN #), a few old email addresses, and a phone number I thought I’ve been careful with by exercising the “do not share” options in every privacy policy.
Some good news on the email front is that since I’ve started using my own domain and aliases for everything, and exercising my privacy rights, only one company (now defunct) gave away my email address.
Almost all of my physical addresses were reported by the USPS. A few appear to have been reported by some data aggregators, but that was before I became vigilant about privacy.
4 Likes
To protect your privacy, cancel your Costco membership.
Costco Insider, a website that says it gets its tips from readers, on Jan. 8 shared photos on social media of what appears to be a tablet attached to a stand along with a sign that reads, “You will be asked to scan your membership card before entering the warehouse,” at the Issaquah, Washington state, store.
They’re checking to make sure the photo matches the person What do you think?!" Costco Insider wrote on both Facebook and X, the platform formerly known as Twitter.
Not quite. They already have your photo and they’re not scanning your face – they’re scanning your card and an employee compares your face with the membership photo. Even if they tried using automated face recognition there’d be no additional invasion of privacy (as long as they don’t store any new photos or outsource the facial recognition).
Apparently members are letting non-members borrow their cards and use self-checkout. So really it’s because of self-checkout. It’s still kind of silly given that non-members are allowed to shop there already (alcohol, prescriptions and cash card), just requires a visit to the counter for a guest pass.
2 Likes
I did not say the scanning was automated. We don’t know, and it certainly does not preclude this happening in the future, I do not like that but it’s up to you if you want to pay to be subjected to this search. My local Walmart, Target, and other stores welcome me to shop in their store with no need to show papers at the door.
You also dont need to be a member to gain access to those other stores.
It’s no different than the amusement park that scans your season pass for entry, and compares the pass picture with the person using the pass.
Would you be more open to them requiring a drivers license that matches the name on the membership card?
1 Like
Exactly. Why would anyone shop at a store that charges you to enter and then invades your privacy?
First of all, knowing who you are with your agreement is not exactly an invasion of privacy. As far as I know, Costco has never sold or shared my information with anyone and they’ve never even been hacked or leaked anything.
And second, you don’t know what you don’t know, apparently. Even though this is off-topic here, I can briefly summarize why I pay the fee to shop there:
- Most things they sell are priced lower than competition.
- Organic produce is usually more fresh, lasts longer, and is cheaper than other stores.
- Goods are “curated” and are of higher quality (not hand-made Enzo, but also not cheap throw-away Pinto), including well-known brands at bargain prices.
- Appliances come with a 2 year manufacturer’s warranty, delivery, installation, and haul-away (and the price is almost always the same as competition, which only comes with 1 year warranty and charges extra for delivery, installation, and haul away).
- The best rental car booking site (cheapest and no cancellation fees).
- Tires at great prices, warranty, free nitrogen, free rotation & balance every 5K mi.
- Great return policy.
- Good credit card - 4% gas, 3% travel and restaurants.
- Occasional discounted gift cards and resort tickets.
- Cheap glasses, frames, and vision exam.
- There’s a ton of other benefits I might be forgetting, like no-haggle car purchases, insurance, cash back on various home services, etc, but I also don’t use them.
Target is nice for some things in a hurry, but for produce their organic selection is limited and more expensive. Kroger or Albertsons subsidiaries are also usually more expensive than Costco or Trader Joe’s for the same stuff (except Food4Less that basically sells expired “food”). Walmart is too far from me and its always a zoo with long lines; I don’t even know the quality of their produce section. Aldi’s is a favorite for many but too far for me, they don’t always have the things I need, and my understanding is that their food selection always rotates. Whole Foods costs twice more (their discounts are a gimmick).
We get most of our groceries from Costco and TJ’s. I go to Costco 2-3 times a month. Executive membership costs $120/yr (split with a friend) and gives an extra 2% cash back, which more than pays for the membership fee.
3 Likes
IIRC, they’re also the POC/MGR for CLUE reports. Interactions with them were abysmal, at best. They asked me to send my SSN and other PII (if it’s still called that) through email. That told me all I needed to know about their “focus” on security, and how they “take security very seriously.” Obviously, they are idiots who can’t even spell security.
Good luck on getting corrections applied, but be careful how much factual information that you provide to them.
2 Likes
Here is a long thread that discusses the pros and cons of membership
2 Likes
For those who roll their own domains to use for email and aliases/forwarders, I just realized that Have I Been Pwned has a domain search tool: Have I Been Pwned: Domain search.
It allows you to sign in using an email address (they send an authentication/authorization link) and add your domain name(s) with multiple domain verification methods, then show any and all email addresses that were pwnd with links to info about each breach.
I thought I knew which of mine were exposed simply because I received spam on them, but funny enough the ones I thought were exposed didn’t show up, and it showed at least one I didn’t know about.
4 Likes
Trump and some of privacy advocates on both sides in the House (“fringe, national security hating extremists”) failed to stop the continued surveillance state spying on Americans.
https://www.wsj.com/politics/policy/house-passes-fisa-trump-285d634c
The legislation, which will expire next week unless renewed, now heads to the Senate, where it is expected to pass, and President Biden backs the measure. It would renew Section 702 of the Foreign Intelligence Surveillance Act for just two years instead of the five sought by Johnson earlier in the week, a compromise designed to placate Trump and his allies.
Trump had urged members to “KILL FISA” in a social-media post Wednesday, and holdout Republicans then blocked the bill from proceeding, forcing leaders to scramble to rework the proposal. The setback also underscored the precarious state of Johnson’s leadership in the House
A privacy oriented amendment was rejected
Judiciary Committee Chairman Jim Jordan (R., Ohio,), whose panel authored the provision, said: “It’s not complicated. If you want to spy on American citizens, you need to get a warrant.”
2 Likes
I wouldn’t worry about this too much – if they could successfully spy on Americans, maybe Jan 6 wouldn’t have happened 