How to Protect your Privacy -- Personal, Financial, Digital

I’ve got some SQUID tokens to sell you…

Says you after having read my warning and the article .

People become conditioned / accustomed to certain security practices. PayPal sends me a SMS with a code to verify my account after logging in sometimes. As I have more than one account and take turns using them, this happens pretty frequently (well, at least it did until I started using Containers in Firefox, which allows me to save all them cookies in the right places).

Credit card issuers sometimes call to confirm / authorize an unusual transaction. I don’t know if PayPal calls for transactions, but IIRC they can call if you request it from the customer service section online.

Authentication is a difficult problem, and people tend to stop thinking once a task becomes automated in the brain. This scam is a combination of multiple common techniques – if you already expect them on their own, the combination might not raise any red flags.

That’s you logging in and prompting them to make sure it was you who logged in. It’s the reverse process. When Paypal calls you, they are the party who initiates the process. You receiving the call should be the one sending Paypal an authentication request to make sure they are who they claim to be, not the other way around. Basically, it’s down to people having no understanding of what 2FA is (checking something you know (password) and something you physically have (phone)) and how it accomplishes it in various scenarii.

They won’t ask you to give them a 2FA code since they know they called your number. And they shouldn’t ask for account information. Just confirm that you’re the person whom they’re trying to reach and who’s on the account.

You’d be surprised. I’ve had a bank do that to me once a few years ago (IIRC, and this shouldn’t surprise anyone – it was Shitibank). They called me, then they tried to get me to verify my information. I actually tried to explain how ridiculous that was. I then called the public CS number. Turns out theirs was a real call and they really did need some info, but now I was the one calling so it made sense.

Anyway, you don’t need to explain authentication to me, I’ve been deep in it for a lifetime. I’m just explaining why this trick works on many people who aren’t on their toes.

With PayPal mine wasn’t a call, it was an e-mail. So perfect, but a scam anyway.

Only time I have been taken by a crook. Unfortunately I gave the solicitor all the.information needed to take over my credit card.

Luckily I keep control over my accounts, and discovered the mistake quickly. Only a few uses, gas purchases are particularly easy for a crook. Restaurant buys.

All the fake uses were eliminated by PayPal. Also I learned my lesson. PayPal expressed many ways the scammers execute their deeds.

Never take honesty of people unknown for granted. I did and found out the hard way.

No wonder people are confused when the banks CS don’t even seem to understand it themselves.

That’s a good example of what to do though. You have to refuse to submit 2FA code when they call you, and instead call them back so you know it was really the bank calling in the first place. It’s not that easy to do when the banks call you with an alleged fraud alert and you feel you have to comply right away.

Amazon spending big bucks to buy off your privacy protections through nationwide lobbying campaign.

https://www.reuters.com/investigates/special-report/amazon-privacy-lobbying/

Amazon has fought bills that would require the company to notify customers that it keeps their recordings and to secure their consent. The devices’ default setting stores all voice recordings and transcripts…Placing voice assistants in homes, cars and offices is central to Amazon’s goal of becoming ubiquitous in consumers’ lives

expanded a program called “watering the flowers,” an effort to cultivate politicians… The highest tier included leaders in Congress and in the legislatures of two key states: California and Washington, where Amazon fought privacy legislation.

The Virginia law allows technology companies to track consumer searches on their platforms to create marketing profiles. It gave tech companies exemptions to collect and analyze smart-speaker recordings without customer consent. And it prevented consumers from suing companies over privacy violations.

Marsden described the Amazon-drafted bill as a “compromise” between corporate and consumer interests. Consumer advocates were never consulted on the bill and only learned of it shortly before it passed

U.S. Amazon customers can obtain their data by filling out a form on Amazon.com.

Seven Reuters reporters also obtained their Amazon files. The data reveals the company’s ability to amass strikingly intimate portraits of individual consumers. Amazon collects data on consumers through its Alexa voice assistant, its e-commerce marketplace, Kindle e-readers, Audible audiobooks, its video and music platforms, home-security cameras and fitness trackers. Alexa-enabled devices make recordings inside people’s homes, and Ring security cameras capture every visitor.

I had used an Alexa dot and kindle in the past but I was wondering if it was possible to simply delete my Amazon account and request to have all my data wiped before opening a new account and whether that was a worthwhile thing to do to shrink back the information they have on me.

Obviously it won’t remove the information they can get from my orders after I open a new account but I was afraid they’d black-list me or something for requesting that so never went through with it.

Generally speaking, a bank calling you about a fraud alert when you just tried to make the purchase they are calling you about is not something to worry about. The other day I tried to buy a laptop with a citibank card I never use (because I had a $50 best buy credit on it). The charge didn’t go through and citi called (or texted, I can’t remember). I had no reason to worry if it was really them reaching out. Scammers aren’t logged into my bank account waiting for me to make a charge so they can call me and get my information (they would already have all the information needed if they could see the charges I make). So generally those fraud alerts where they have the actual info of the purchase you are trying to make aren’t worrisome.

Some data, not all. Login to your amazon account with a web browser → Your Account → Your devices and content → Privacy Settings (direct link):

• Alexa Privacy → Manage Settings → Manage Your Alexa Data. Look around at all the options, there are ways to request deletion of data, including voice recordings.
• Amazon Devices Privacy → Manage Settings → each device has separate privacy settings with multiple options

These are the settings I see in my account. If you have Ring or other services, you may see more choices. Some devices (like the Fire TV stick) also have some privacy settings through their own menus. I always go through all the available settings on every new device before using it.

AFAIK the only things you can’t delete from your Amazon account are past purchases and watched videos (and possibly played music), but you can add a check mark / slider on past purchases and “hide” watched videos (on the Improve Your Recommendations page) so that they would not be used for recommendations.

Deleting your account would only prevent you from accessing them, they’re probably going to remain on Amazon’s systems. I don’t think they black list people for this. As far as I know you can have as many accounts as you want, as long as they all use a different email address. In fact, if you create 12 accounts, you can get Prime for free just by rotating the free trial month.

Your state may be one of the thirty-five allowing release of your personal information by your state’s DMV/BMV or whatever it is called in your state. This is legal in those thirty-five states and is a huge source of income for the states:

Linkedin: DMV data-a billion-dollar industry

Motherboard: DMVs Are Selling Your Data to Private Investigators

ETA

Then there is the DLC. All states participate save for five. Even if you are driving out of state your home state is most likely watching:

The Driver’s License Compact (DLC) is an interstate agreement

I know they’re supposedly required to keep order information for tax, accounting, and fraud prevention purposes but eventually they’d have to purge these no?

Either way as long as these old orders are no longer connected with your recent activity on a new account, that should reduce what they have to work with to sell or exploit your data.

That made me wonder if it’d be worth regularly deleting your account and just reopening it a few weeks later as a purge of the info they have.

I don’t think they have to, but I’d guess it’s useless after a few years, so they might.

I personally don’t see the value in doing this. I’ve had one account since forever. One good thing is they don’t sell your data to anyone. They do have a bug (feature?) in their system that allows some marketplace sellers to get not only your name and shipping address (even if shipped by Amazon), but also your email address. Amazon won’t admit this and it’s against their policies, but it happened to me more than once and I’ve seen similar complaints online of people getting direct emails from third party sellers (as opposed to messages from the marketplace messaging system).

Anyways, as far as I can tell the only things they use your data (past purchases, wish lists, and shopping cart contents) is for recommendations. If you uncheck everything on the “improve your recommendations” page I linked earlier and don’t have anything in the shopping cart or wish lists, there are no recommendations. Alexa voice data is probably used to train voice recognition and can be accessed by their human workforce (for quality assurance purposes ), so here you should either not use it or request deletion periodically. They also can send you mail / direct marketing, but you can opt out.

Ha! An article on privacy on Linkedin (and BillyBobGates)? That’s the most pro-privacy thing they’ve ever done.

It used to be that only neighboring states shared driver info. Thus, if you were a resident of TX and got a ticket in FL, your insurance company wouldn’t find out … as long as you paid the FL ticket. Now, everyone knows. In fact you may lose points on your local license.

Tthey didn’t do it, it’s someone’s personal writeup. Linkedin isn’t just for resumes anymore, they’re trying to be a social network.

Which is why I said it’s “on” Linkedin instead of saying it was “by” Linkedin. The mere fact that they’ve left it “on” Linkedin is the most pro-privacy …

An addition to @scripta’s excellent article and comments upthread about bank scams. And for @Shandril , I understand how these things can seem like textbook scams. Maybe for you, they’re textbook in realtime, but for most, it’s only in hindsight. I can see people in their 90’s falling for this, along with the 40 year old mother of 3 in her minivan on the way home from Chick-fil-A.

Oh, and the people in their 90’s are smart enough not to fall for the “grandkid in jail scam”, multiple times.

Useful link to alert people about scams going on.

To “verify the identity” of the customer, the fraudster asks for their online banking username, and then tells the customer to read back a passcode sent via text or email.

The thing is, it also follows the same pattern as previous scams: THEY call you, then demand you verify that it’s you. That makes no sense for a proper bank to request when they are the ones initiating the request.

Even if you fell for the Zelle fishing message, the request for a 2FA code from anyone who just called you should systematically be denied. Period. It serves no purpose for the party calling to request a code.

But the 90-yr old getting scammed by it, sure I can see it happening. That’s something they should probably prepare to not have to deal with. Just gotta learn to ignore these SMS alerts. Say it was legit, how would someone send $5k through Zelle without you knowing (they’d have full access to your account already). What if you don’t respond to the Alert? It’ll be denied by default. I had this happen when I could not answer calls from my bank about a transfer I had initiated. Fraud department calls, if you cannot verify for any reason including not being reachable, they decline the transfer.

Same thing as the grandkid in jail scam. Still gotta think before you send gift cards to a lawyer or give a 2FA code to someone who calls you first.

Some people just don’t get it. I grew up with computers and it always surprises me when I meet younger people who don’t understand what I consider to be basic, but it’s much worse for older people. My parents don’t know the difference between “web browser” and “google”, even though they’ve been online and I’ve been explaining it regularly for years. I have to periodically remind them to always think critically and stay on their toes to not fall for scams, and to call me when they’re not sure.

Not long ago my mother called me that she went to amazon and landed on a scareware page that demanded payment for unlocking the computer. She couldn’t figure out how to close it or get to other programs, because she doesn’t really understand the basics. Our luck it didn’t actually contain an exploit, and a power-cycle was enough. I then figured out what happened – she didn’t “go to amazon”, she googled “amazon” and the first result was an ad linking to the scareware page (which I promptly reported and it disappeared). For some reason her Firefox was missing an ad blocker.

Speaking of getting basics, maybe that article from Kerbs is nice to have to pass on to people because of the basic tag line of Hang up, Look up, Call Back because it may be simple enough for people to remember and hopefully stick to it.