I'm from the UK though, and previously was a 'victim' of identify theft where a few years ago someone walked into a phone store, and walked out with a new iPhone and contract in my name.
Like what?
No on cares.
Clients see this as the cost of doing business and have no incentive to do better. Even after Equifax and OPM.
Until we have a GDPR style law in the U.S. it will continue to be status quo.
I get a data breach notice at least a few times a year. I got one for my kids two months ago for their medical data. I thought HIPPA had huge penalties but I guess not.
The torrent deliver two files like so:
NPD202401.7z 33,456,912,010 bytes (32GB)
NPD202402.7z 20,548,499,322 bytes (20GB)
ssn.txt 176,806,109,779 bytes (165GB)
wc -l ssn.txt ==>> 1,698,302,005 lines
ssn2.txt 120,722,361,611 bytes (113GB)
wc -l ssn2.txt ==>> 997,379,508 lines
Each line is a comma separated record with these fields:
ID,firstname,lastname,middlename,name_suff,dob,address,city,county_name,st,zip,phone1,aka1fullname,aka2fullname,aka3fullname,StartDat,alt1DOB,alt2DOB,alt3DOB,ssn
Generally records have ID, firstname, lastname, middlename, address, city, county_name, st, zip, and ssn. Most records do not have the fields for name_suff (name suffix), phone1, aka1fullname, aka2fullname, aka3fullname, StartDat, alt1DOB, alt2DOB, and alt3DOB.
There are no emails at all. There is no "@" in the files anywhere. Phone numbers are very rare.
I don't know what the ID number at the head of each line represents. I presume it is an internal index used by the organization that compiled the data. The SSN is at the end of each line.
The files have U.S. addresses only as far as I can tell. Nothing from Mexico, Canada, or other foreign countries.
Many of the lines (records) concern the same person at various addresses. Of 7 random people who I personally know that I checked on, all had entries. There were between 3 and 20 lines (records) for these 7 persons, averaging about 10. They usually differed only in the address field. Going by an estimate of 10 records per person, the 2.6 billion lines represents about 2695681513/10 = 269,568,151 distinct persons in the U.S.
The U.S. population is about 337M where 78% is over 18 years of age. In other words, 337000000*0.78 = 262,860,000 Americans are adults. This is pretty close to my estimate of 269,568,151 distinct individuals in the NPD data files.
Of the 7 persons I checked on, the names were spelled correctly, although the middle name was sometimes just an initial. I searched each person by multiple methods (address, last name, birth date) so I believe I would have detected names that were spelled slightly wrong.
The addresses appeared correct but there was no way to tell which was the current address and the order in which they lived at each address. There is a StartDat field but it was almost never filled in. The latest entry was not always the most current address. In a couple cases, the current address, where the person has been living for several years, was absent.
The birth dates were correct in a couple cases, were abbreviated in three cases (that is, instead of showing 19800704, meaning July 4 1980, it showed 19800700, meaning July 1980 without an exact day), and was wrong for one person by a wide margin.
All 7 persons I checked had SSN numbers. It was correct for 1 person but I don't know for the other 6. The SSN numbers were consistent for each of the 7 persons I checked on. By this I mean that a person did not have more than 1 SSN number, at least among the 7 persons I checked on.
does HIBP automatically cover plus addressing variants of an email
example I submit johndoe@example.com
but a breach had johndoe+verizon@example.com
will it match
[1] https://en.wikipedia.org/wiki/Video_Privacy_Protection_Act
[2] https://jolt.law.harvard.edu/digest/dodging-the-thought-poli...
1. Credit histories will be(unlocked) used to file multiple credit applications and tax credits will be applied for.
2. Multiple Cell phones will be hijacked through Sim Hijacking or other zeroday attacks to make it very difficult to get back in.
3. A person's profile will be used to attack the most vulnerable things: - Their families will get fake calls to create confusion. - Their financial services will be frozen or worst weak 2fac auth ones will be compromised.
4. Deep fake image and videos will be created from compromised accounts to sow further mayhem.
This already happens in targeted and one startegy of teh other fashion. Imagine what one could do with a bit more compute and completed profiles and orchestrate this kind of terrible vengeance.
> an intriguing story that doesn't require any further action.
I don’t know what that would look like but if I had congresses attention I’d like them to fix the problem rather than playing whack-a-mole with banning data sources. I don’t think any actual solutions come from that.
Those bits of information are worthless when you need to create a cryptographic signature with your ID card to do almost anything important.
If the card is lost or stolen they can just remove your old one from the keyserver. It's literally just public key crypto.
Identity theft is rampant in the countries that don't have such a system and basically require you give them increasing amounts of private information to prove who you are. In the UK that's every address you've lived in for 5 years, your council tax bill, your energy bill, your bank statement for a month... all because British people think an ID card means you'll get stopped on the street to show your papers.
The government now knows what we do most of the time anyway: layer-2 logs on our phones are constant. We lost any privacy some time ago. So now, getting security back might be a net win.
https://www.abc.net.au/news/2024-08-13/trust-exchange-digita...
Going after data brokers seems like low hanging fruit, and necessary even if the ID system needs to be replaced. This is a top level issue that need to be addressed regardless.
While I think it’d be great to design a system where the information you mention is harmless (I’m curious how this would work without just shifting the problem to whatever new identifier is established), the reality is that this information is not harmless, and will continue to be dangerous to leak for the foreseeable future due to the myriad of systems that use this data in its current form. Any theoretical project to replace this would likely be a long and drawn out undertaking. Addressing the information environment in the meantime seems like a good idea.
We should fix the problem and ban the data-sources. Whack-a-mole makes it sound like we're talking about a ban on one company, but what clearly needs to be done is a categorical ban on super sketchy business practices, and that seems simple enough. Data-brokers, if they are going to exist at all, need to accept the burden of proof to establish that every single row involves consent, and they need to acquire new consent for every single resale of the information. If that makes the whole industry unprofitable, too fucking bad. And if this looks bad for business, it gets even worse: good luck getting consent for reselling what is mine without offering me a cut.
Since the above kind of common sense looks crazy these days, let's throw in something even more radical. For anyone looking to fund UBI, ^ here's a start. The trouble with the often-mentioned idea of "tax the data" as a solution for privacy concerns is that these taxes are just redistributing wealth from corporations to governments, while all of profit is made with our information. Who wants the monetized details of their personal life to pay for the next unjust war, or even the roads in some place they don't live. If we are so valuable, put some of that money back in our hands, and if the price doesn't sound fair to us, then let us opt out of the sale.
Even just name, DOD and last 4 of the SS number and you are done.
It's ridiculous.
https://news.ycombinator.com/item?id=40961834
TLDR Login.gov, and publishing a circular to allow businesses to use it to identity proof. Push all liability onto the business for losses if this method is not used to identity proof. ID card as ljm mentions, such as a passport card. Very similar to credit card EMV chips and the liability shift from magstripe.
> I don’t know what that would look like but if I had congresses attention I’d like them to fix the problem rather than playing whack-a-mole with banning data sources. I don’t think any actual solutions come from that.
Aggregating data means it can be lost. You must therefore make aggregating and storing data toxic, and impossible to be leaked through eventual mismanagement.
https://paulgraham.com/founders.html
> Though the most successful founders are usually good people, they tend to have a piratical gleam in their eye. They're not Goody Two-Shoes type good. Morally, they care about getting the big questions right, but not about observing proprieties. That's why I'd use the word naughty rather than evil. They delight in breaking rules, but not rules that matter. This quality may be redundant though; it may be implied by imagination.
While scoped to founders, I think it broadly applies to a subset of curious people who are wired to solve problems, imho.
I am not too sure of the end goal other than general chaos. Let’s say it’s 2 days of an attack, (that’s about how long any co-ordinated response would need at minimum).
So attackers need to sow chaos across the USA. They apply for a million unsecured loans of say 20k each. That’s 20 billion.
I honestly don’t know what the daily personal loan application rate is, but america has about 150M adults, 1% of them applying on the same day will not only raise flags but would basically grind the system to a halt - each loan office would have daily maximums and a massive spike coukd not be handled. And once the massive crowd is noticed and made public then the financial immune system comes into play.
I can imagine taking out the cell network through a sort of SS7 ddos, but I suspect that cell towers might have a dose more vulnerabilities (probably not as basic as all the admin passwords are ComC4astSux but close)
In general Chaos seems to come from attacking the limited services that act as our safety net (ambulance, police, sewage, electricity). We know these are vulnerable in non obvious ways - crowdstrike for example.
Making otherwise fit and healthy citizens have a shitty day is less impactful than we might think - it will be the “blip” day - as I say 48 hours later the Treasury secretary goes on TV and announces all personal loans that day got cancelled or some other fix - finance has a fairly good immune system when it sees the need.
But overall, if we are going to worry about some attacks, let’s look at the ones that attack our freshwater supplies - and that might not mean some terrorist - in the UK our sewage handling has been under attack by Private Equity for decades and SWAT teams are not allowed to shoot people in Belgravia
The national ID systems I've seen proposed have alot more security from the ground up, and could replace the passport system.
The US Postal Service is in a great position to be the one who executes it. They have access to delivery physical goods to the entire country. They have the staff and procedures to do identity verification for their current products that could be extended to a PKI offering.
It'll never fly, politically.
"Hmmm. I know! Lets get the government to manage a mandatory ID system, and require it for all aspects of citizen's lives! In fact, lets centralize all of their medical, financial and personal data using this ID, and ensure that it can all be accessed using this ID! What could possibly go wrong?"
All that I can see preventing it is deniability and eco-political risk.
So i imagine the "Number of people driven to suicide" KPI is going to be pretty high. They're not going to want to ship something that performs worse.
But I am by tendency an optimist, and the open-source part (if they do that) means we can have eyes on their crypto assumptions behind the protocol and whats on the device.
MyGovID, which I think they're baking into it has been pretty solid. thats distinct from your mygov account, many of which have been hacked, in part because so few people used MyGovID.
(if you've got better info always happy to see it)
The execs are mostly the same. the product contracts run by the same people and even the minister is now the same again. they have no interest in changing or correcting.
Huh?
If your phone is on, your position in time and space to some circular error is also known, continuously.
To say nothing of Bluetooth that's with the advertising hoardings and inside the store mainly.
Basically, any privacy nut with a phone and simcard is in denial.
> Identity theft is rampant in the countries that don't have such a system
The first is religious nuts who think it would be a "mark of the beast"
The second is anti-government types who are, well, anti-government anything.
The third is many business owners, because it would become much harder/risky to hire illegal immigrants to work.
The anti-government types do hate the idea of a national ID, but they're already forced to carry a drivers license/state ID, and SS card so they've pretty much lost the battle already.
I'm afraid that it's the business owners who are our biggest hurdle.
Make the ID card optional, so that it simplifies things if you have it, but still allows operation without it. If 80% of law-abiding population has the card, only the stubborn deniers will remain targets of easy identity theft and fraud based on it. Partly it will stop being worth the effort, partly it will serve as a good control group.
Allow but do not require to use the card for employee identification. Whoever insists on hiring undocumented immigrants, could continue. Most industries don't do that, and would reap the benefits of a more secure identification.
Don't make the card universal. A bank card with a chip does not identify you for governmental agencies, but prevents a lot of PoS fraud. It could prevent credit fraud if banks allowed me to require the card to take a loan in my name, or to make a transfer larger than $10, and provided the card identity check service to each other and to credit unions. Phones with NFC can read bank cards, so it's a good way to say "it's me, I confirm" in a secure way.
Evolutionary, opt-in, piecemeal solutions often have higher chances to succeed than abrupt all-at-once changes.
They absolutely do, but most of the immigrants have a form of ID that gives the companies some measure of deniability. As long as the I-9 goes through, not my problem. If it doesn't, well that's where contractors come in. Official numbers say around 14 million illegal immigrants. Reasonable estimates are closer to 22 and some non-hyperbolic estimates go as high as 40 million.
Kind of like RealID[0]? It exists right now in the US.
Otherwise there's no protection against impersonation if IDs aren't mandatory.
Any proposal for modern ID needs to have Constitutional protections, checks, and balances or it will eventually devolve into a digital police state.
Everyone's like "a government went on and extermination campaign" and for some reason what would've stopped them is the difficulty in identifying who to exterminate?
As though genocides much care about accuracy.
The big secret of Nazi Germany that isn't a secret at all I is that they put a lot more then just Jews in those camps.
One doesn’t need to be anti-government to fear governmental intrusion on one’s rights without due process. Our current government does that now.
agree and second -- history shows that this sort of thing goes badly due to "humans"
Big one, but even though employing illegal immigrants is a crime, it's almost never prosecuted.
That's probably because all of the anti-immigration and anti-foreigner people who are asking the government to stop people and ask them for their papers... this is not unique the the UK, Canada, or the United States either, and some of the countries plan to do more than just deport people.
Strong identity is increasingly a meaningful technical requirement, but glossing over the human impact of strong identity controls by the government is not going to have good outcomes either.
I think very few of those so-called right-wingers are -say- against doctors immigrating to one's country if there's a doctor shortage. As long as immigration is all done using legal means. And with proper checks and balances.
I'm a right winger (but not born and raised in the UK). And I am very much against illegal immigration. I also don't want to be required to wear an identity card / passport with me at all times.
Actually, with proper immigration policies in place, the state can be sure that most people inside the state are legal, law-abiding citizens. I don't think in such cases it does make sense to require people to wear an id card with them at all times.
That depends on the type of attack you're protecting against. It might prevent an attacker from filing your taxes for you, but many companies are still going to use this kind of information as primary key. But it's not going to stop an attacker from pretending to be a bank employee, calling a genuine bank employee via a secret internal-only number, and claiming they've got Mr. Doe in their branch trying to do a critical transaction but their phone broke so they can't use the bank app. Yeah, the Mr. Doe living at 987 Main Street, that one. See, you even verified their ID, and it has a SSN of 123456 printed on it - just compare that to our customer database to make sure it's legit!
It also opens up a whole new type of attack. The problem with those smart cards is that there isn't really a way for the user to know what operation is actually happening. You're using a regular PC or smartphone to interface between the smart card and whatever entity you're trying to communicate with. But that could just as well be a phishing website pretending to be that entity, or malware doing a MitM. Or even just a random website pretending to need a signature for "age verification" when it's actually applying for a loan behind the scenes.
There's no "Do you really want to sign over your house to XYZ?" message on the card itself. And suddenly the government/bank/whatever is getting a request with a cryptographic signature which can obviously only be made by you - why would they have to double-check it if it cannot possible be fraudulent?
I agree that we should be moving to more secure systems, but those ID smart cards aren't a one-size-fits-all solution.
https://en.m.wikipedia.org/wiki/Common_Access_Card https://en.m.wikipedia.org/wiki/FIPS_201
My country's version uses separate mechanisms with separate passwords for "identify me, revealing my name/DoB/number" and "sign something". Obviously not impossible to pretend that you're signing an innocuous document and have you sign something else, but it at least removes some of the low-hanging fruit.
It's not like it's rocket science to have the reader application detail what the request is used for, and encoding it in the request/response, verified when used, so that it can't be used for anything but the approved purpose.
The reader application can, sure, but what ensures that that "reader application" is genuine and can't be subverted? The card's own processor is supposedly tamperproof, but all the display etc. is in the reader which is probably owned and controlled by whatever third-party you're identifying yourself to, or at best it's a random application running on your PC/phone with whatever malware you have.
Imagine having a bunch of ID cards in you wallet, like you already have (driver's license, library card, office access card, store loyalty card) that all have interoperable smartcard interface, and a QR code of their built-in public key.
They would be much like contactless bank cards you also keep in your wallet.
Banks and phone network operators are uniquely positioned to sell a validation service for such cards, being highly connected and already having data about their existing customers, which would be an easy initial audience pool.
What you're describing requires the actual terminal you're interacting with to be malicious, and it can only be used to authorize individual transactions.
As things stand in the US, a much broader class of attacks are not only possible but common, in which the attacker takes over the identify of the victim and can authorize any number of transactions in their name.
https://www.snopes.com/fact-check/hobby-lobby-mark-of-the-be...
> Human beings can't read a bar code.
- they can, and more importantly they almost never have to
> A lot of our product comes from cottage industries in Asia that couldn't mark their goods with bar codes if they tried.
- They can be added at the store/warehouse level, not every product needs one, and I've never seen a store that worked entirely on bar codes 100% of the time anyway.
> Inventory control by computer is not as accurate as you think.
- This assumes what I think, and it only needs to be more accurate than your current method. If it actually weren't more accurate, I don't think they'd have to fall back on "as you think" in their argument.
> Employees take more pride in their work when they know they are in charge, not some faceless machine.
- this doesn't even make sense.
> Customer service is better.
- questionable, but not impossible to support
> The time savings at check-out is minimal — and easily squandered.
- possible, but time savings at checkout is only one benefit.
- Reprogramming the computer for sales would take a huge effort in our case, because we put so many individual items on sale each week.
- It would take effort, but stores with much more inventory manage it just fine, even when new products are constantly coming in and sales are weekly.
> Twenty million dollars is a lot of money.
- I have no idea from the article what this is in reference to. Maybe the amount it would take for them to make the the switch? It's hard to say how much money it would save them so it's fair to say cost is a concern. I will say that over a long enough time period, it'd probably save more than it costs.
None of this means that concern over "the mark of the beast" is really the reason, but the reasons they gave don't make a lot of sense either. It could just as easily be that poor record keeping and manual entry at the register allow them commit fraud or something.
I suspect that if the mark of the beast plays any role at all, it's that no having barcodes panders to the christian customer base they've always heavily pandered to. Even just the rumor is basically viral marketing for them to that crowd.
It was based on a false rumor that spread on social media that the perpetrator of a recent triple murder was a Muslim asylum seeker. It turns out that the perpetrator is a British citizen who was born in Britain and is Christian.
What this reminds me of are pogroms in Eastern Europe, which were often sparked by false rumors about Jews.
But please give some more details on that. The only case I've heard about was a single attacker who was incorrectly called an immigrant.
My point is to not make it easier for them.
Figures like 29 million (not to mention 113 million, which would hardly leave anyone in the USSR) are simply not credible. I suspect the 29 million figure comes from counting the victims of the Nazi invasion of the USSR, but those deaths are on Germany's balance.
If you think the holodomor and red terror only killed a couple million people, I've got some beachfront property to sell you in Idaho.
If the ID is on your phone, you can make it so that the transaction details have to be digitally signed by the person authorizing them in order to be valid. Then, if 3€ shows up on your phone, that's what you're authorizing, not 300€.
Nothing advanced is required. And sure, your phone can be hacked, but there’s only so much fearmongering to go around.
The person was a immigrants child. Considering there obvious (violent) refusal to integrate they are too an immigrant.
Like, that context arguably makes it worse than if there was no inciting incident, because it's so blatantly blaming a huge group for one person.
it is a pattern.
Police were reluctant to investigate political grooming gangs, those in the House of Lords, nobility, etc.
Police were reluctant to investigate religuous grooming gangs, Christian Brothers ets.
I can't see how immigrant pedos are infinity worse rather than just more of the same.
The reluctance to investigate seems to be the issue, now it's compounded by scapegoating.
GPS coords then? Street names?
Any chance of a decent curry?
I guess they failed to sell it because links to the leaked data on usdod.io have been available on Breachforum/Leakbase for over a week now. Someone created a magnet link yesterday and it's fully seeded so speeds are fast.
The data in the breach is irreversibly public now.
Are you against simply sharing the infohash here? I'd like to download the leak to see what information it has on myself and my family, but I don't really relish the idea of signing up for a breachforums account and sifting though its posts if I can avoid it.
bWFnbmV0Oj94dD11cm46YnRpaDozY2FhNzFmM2VjOGNiY2NjNmZjYTRmZWI3MTg1ZGEyYmFiMTQ5YmE3JmRuPU5QRCZ0cj11ZHA6Ly90cmFja2VyLm9wZW5iaXR0b3JyZW50LmNvbTo4MCZ0cj11ZHA6Ly90cmFja2VyLm9wZW50cmFja3Iub3JnOjEzMzcvYW5ub3VuY2U=
Allegedly, the password (also base64 encrypted) is:
aHR0cHM6Ly91c2RvZC5pby8=
I haven't downloaded it, but my understanding is that the data comes compressed and with a (weak) password.
https://npd.pentester.com/search
This will save you the effort of a 30min search per `grep` on the original breached files.
After everyone "has been pwned" then there is no need for HIBP. The answer is always "yes". Yet I am certain sites like "HIBP" will never go away. Something about email marketing.
Some HN commenter(s) will inevitably try to defend HIBP. But this comment also refers to sites "like HIBP" that use data breach dumps opportunistically to generate web traffic, collect IP and email addresses. Some folks just do not see what is wrong with the idea.
And of course you can download SHA ranges and do lookup offline: https://www.troyhunt.com/ive-just-launched-pwned-passwords-v...
He even previously encouraged to download via torrent, but now it seems there is a custom tool to download that data.
You can be repeatedly pwned with updated/different information. It is not a one and done thing.
But the stupidity of the IRS means that people are easily targeted by false tax return attacks. File a fake tax return for someone, using their SSN/name/address, but tell the IRS you changed address. Then the IRS sends your tax refund to the new address, and boom, you just collected some poor sod's refund. To add insult to injury, the IRS is probably going to audit the person whose refund you stole.
The IRS doesn't have the authority to mandate the creation of a secure national ID system and enforce it's use by the financial system. Only congress has the ability to really do that. The IRS collects revenue.
Even if it did have that authority, it doesn't have the budget to accomplish that goal.
except then funding is raised, and it's still a problem of funding. and inevitably, it's the evil side of the government (you know the one) that is to blame, even if there is no money to spend.
how does a public service determine when they have enough funding?
Anyone have experience with these sort of services? A search brings up a lot of scammy looking results. But if services exist to reduce my profile id be interested.
I'd wholeheartedly support any candidates that push for a data/privacy "Bill of rights".
https://oag.ca.gov/news/press-releases/attorney-general-kama...
https://arstechnica.com/tech-policy/2024/08/5th-circuit-rule...
Since this is in conflict with a Fourth Circuit ruling, we will probably see it in front of the Supreme Court.
Ah, yes, but they're businesses, you see - the most important class of entity in America. We the people can evidently go fuck ourselves if it means some scumbag gets to make a buck.
Seems like Troy is skeptical about this being a real full breach?
Part 1 has been accomplished. Let's get part 2 going!
Aside: It amazes me how the American public has allowed defrauded companies to assign the company's loss as a liability to innocent individuals (in the form of "identity theft"). It would be great if we could get that changed in the minds of the public. A well-informed public could collectively turn "identity theft" into the "bank's problem" (from the old adage "If you owe the bank a billion dollars they have a problem..."). The insurance industry would swoop in as the defrauded parties start making claims and shoddy security practices would get tightened-up.
(Edit: I fear insurance companies coming in to "fix this" to some extent-- citing my experiences with PCI DSS compliance auditing and Customers who have had 'cyber insurance' policies coming with ridiculous security theatre requirements. Maybe we can end up with something like a 'cyber' Underwriters Labs in the end.)
(Also: Yikes! I hate that I just typed 'cyber' un-ironically.)
This is a bit of a tangent but I feel like if we can prove this statement then these data aggregators should be made illegal. How can you consent to something that you don’t know you’re consenting to? Likewise why do these entities have the right to collect detailed personal information like SSN without your explicit, beyond reasonable doubt, consent? To me this is the most obvious failure of the legal system, it clearly goes against well established legal principles that a basic requirement of an agreement is that all parties know what they are agreeing to.
Obviously there is some leeway with agreements where it’s not possible to clarify every eventuality but lets say if you’re applying to rent a place through an online form and that form shares your SSN to a data aggregator, it should be extremely clear about that, and possible to out out while still allowing you to complete the rental application without discrimination.
It’s like, it should be possible to show that no one, with in reason, consented to sharing their data with this aggregator because no one is able to confirm that they did. Sure one person could forget, or lie, but 100s of millions of people? No. Clearly almost zero people knowingly consents.
I recently started using unique emails for everything I sign up for. Thankfully I haven’t seen anything yet, but I have little hope it will stay that way.
With this, Ticketmaster, and the CDK Global car theft, is there anybody on Earth who doesn't need data protection? Poor people in Somalia need data breach notices. People who are not even on the WWW need data breach notices...
If a data broker collects data without the consent of the consumer, then their only real risk is a class action lawsuit which drags on for six years, gets settled for a few days profit, and the consumer gets $13.50 after the legal fees. This massive skew in the risk reward calculus of data brokers is why we have the problem. Because there's little to no real downside, the trend is automatically collect as much data on as many people as possible.
Fixing this means big, mandatory, cash penalties in the law code - say $5k per consumer data leak, directly to the affected consumer, with added penalties if the company lies about the leak or delays payment. The fine must be big, mandatory, and paid directly to the consumer. Only that changes the risk reward ratio.
In that new world, companies would have to re assess their risks. They'd either build invulnerable systems and hire a lot more people reading HN to protect their golden goose, or better still they'd decide to exit the business entirely. That sounds bad, but the only reason the industry exists is because regulators failed to foresee massive leaks like this happening every three months.
We need a consumer data privacy law, with massive fines, to force companies to change their behavior. What we're doing now clearly does not work.
A) It's necessary. When is the government going to start creating laws to help us and prosecute this?
B) It's expensive. Most people cannot afford this. I can barely afford it but my information has been leaked online.
C) It's inconvenient. A majority of calls are spam, but I'll often miss important calls from unknown numbers because Robokiller acts as a proxy and for some reason the call is routed through the Internet.
Anyhow, my wife and I are not on this list. I'm wondering if using Robokiller saved us from a lot of pain here.
Eventually enough data will be leaked to make moot the benefits of securing any personal data. At that point everyone stops trying and moves on to more financially rewarding activities.
I mean even if I’m an elephant, and data breaches are blind men, eventually enough blind men will draw a true comprehensive picture.
Has anyone tried to argue this point in court? Has this survived / how did this terminology shift survive judicial scrutiny?
> Please be advised that we will not collect, use, disclose, sell, or share the sensitive personal information or sensitive data of California, Virginia, Colorado, or Connecticut residents as those terms are defined by the CCPA/CPRA, VCDPA, CPA, or CTDPA, respectively.
The problem lies in how institutions treat the SSN, not the number itself.
The good news is that companies have lost the presumption of competence there. In the 80s if a company said they’d confirmed that an applicant was you using your SSN, a lot of people would falsely believe that was sufficient but by now they’re not going to get far if they sue you unless they can provide better evidence because everyone knows huge breaches have happened many times.
the integrity of SSN security, was lost a long time ago
The security never existed, since they were never intended to be secrets. At best it was theater.
While it uses your email to check (not SSN) odds are if they have your SSN in the dataset they also have your email.
And lock your credit.
Fortunately, it's getting harder without previous addresses or other verification methods.
For non-Americans that don't know, our Social Security number is generally assigned at birth or when you become a citizen by the Social Security Administration. Social Security is a disabled or elderly benefit we all pay into (roughly 7.5% employee and 7.5% employer - ~15% total). It's the only number we all get, since not everyone gets a driver's license; ID; passport; or other identifier. Unfortunately, it's been used to identify us for everything, and until recently was typically in plaintext on most forms (medical; tax; student; etc...).
CGP Grey has a good summary of how it came about and why it's become a problem: https://www.youtube.com/watch?v=Erp8IAUouus
What's a quick way to search if my SSN is in the file? I ask before diving in, it's currently extracting and ETA is 40 minutes.
LC_ALL=C fgrep 'ssn' file.txt
Quite a bit. Often if you request removal or opt-out, you'll reappear in a matter of a few months in their system, regardless of whether you use a professional service as a proxy or do it yourself. The data brokers usually go out of their way to be annoying about it and will claim they can't do anything about you showing up in their aggregated sources later on. They'll never tell you what these sources are. A lot of them will share data with each other, stuff that's not public. It's entirely hostile and should be illegal. I am trying to craft a lawsuit angle at the moment but they feel totally unassailable.
I'm extremely skeptical of any services that claim they can guarantee 100% removal after any length of time of longer than 6 months. From my technical viewpoint and experience, it is very much an unsolved problem.
I should be hearing back from them in the next 32 days, as this was 13 days ago.
Not to minimize the harm that can be done by such collections, but the law is justifiably looking for a scalpel treatment here to address the specific problem without putting the quest to understand reality on the wrong side of the line.
Of note, opting out of a service by yourself by hand was only 70% effective ($0). Using EasyOptOuts was around 65% effective ($20) and using Confidently was only 6% effective ($120).
[1] https://innovation.consumerreports.org/wp-content/uploads/20...
Simple Opt Out (manual list):
Anecdotally, searching my name on Google pretty much no longer returns those scummy "People Finder" pages that just scrap any public records they can find.
That said, I hope incogni is happy enough with my money that they themselves don't do anything scummy.
Also, freeze your credit at the big three. do it now.
And I say this, because I was on a TV show years ago, so my real name is all over the internet from an entertainment point of view. But, if you search my real name, there are little to none pointing back to "public record" websites and the such.
Then, as fate would have it, a HNer(tjames7000) mentioned he made EasyOptOuts for this reason, so I signed up. Cheap, seems effective, absolutely no complaints.
Has the opt-out services leaked as well? Or is noone using them? How would we know?
for (i = 0; i < 900000000; i++)
insert(first: random_firstname(), last: random_lastname(), ssn: i);
While I have never dealt with one of the paid services someone ran one on me as an example of what is out there (nothing malicious about it) and just about everything on it was accurate or close to it. Only one thing on it wasn't at least pretty close to the truth--it had me living in a state I've never set foot in. And quite a few other people seemed to have the same address at one point or another.
When I looked into it, it turns out the "original" breach is comprised of files named ssn.txt and ssn2.txt which only contains Americans details, and doesn't contain any e-mail addresses.
It seems what happened is there was one leak of US SSNs which the leakers attributed to NPD, then some people bundled that leak up with a bunch of other data (including e-mail addresses and details of non-americans) and who knows if the latter data actually came from NPD?
American Express by way of Experian alerted me to my SSN having been leaked precisely by this incident.
The number was seemingly correct, but everything else associated with it such as name and address were nonsense.
So assuming we're talking about the same thing... can confirm?
I looked up several family members and although most of the phone numbers and addresses were out of date, they were accurate as were the listed social security numbers. However, it didn't include any of the more recent immigrants in the family or myself, possibly because I take opsec seriously.
Funny enough it looks like it has data for Tom Brady, former FBI director James Comey, Barack Obama, and Donald Trump (just some of the names that popped into my mind to look up).
It’s a comedy bit but I take its point seriously: if the bank gives away money, it’s the bank’s job to make sure it is repaid. Not mine, unless I was actually a party to the agreement.
I know there's a fuck load of situations where the banks are 100% screwing the customer to their benefit, but there's a legit conversation about people who give out their passwords, or claim they did, when money gets wiped out.
If you meet all the requirements to identify yourself to the bank, at what point does the bank have to say "this is that person, and that transaction is legal".
Now granted:
1. With passkeys and biometrics and 2FA we've got a lot of better ways to make these accounts secure, and hopefully more idiot proof. I'm hoping we start getting rid of email/phone for 2FA as a valid option though.
2. The moment the police are treating it as an identity theft case, the bank should be required to pony up. I don't know if that's the case (and wouldn't be surprised if they fight it tooth and nail), but at that point you have a state or federal entity acknowledging this is not a legit transaction, and therefore you should be compensated by the bank, and they can get their money back from the insurance companies that insure against this kind of thing.
I couldn't remember their names and absolutely was thinking of this.
Use would likely diminish markedly.
Maybe this will give a second chance at a conversation around that, but I’m not too hopeful.
In the 80s, the very popular Aussie prime minister, Bob Hawke wanted to introduce a National ID card, complete with a unique number, that would then be used for everything from Medicare to tax filing. The government however did not have the numbers to pass it through the Senate. Hawke called a double dissolution (dissolving both lower and upper houses of parliament) over the issue. He was returned to power after the election but still without a majority to get the bill through.
There were then attempts to use "other" government issued ID cards like the Medicare number, for this purpose. To prevent this, a few years later, a bill was passed that would prevent any such use.
In reality, this means businesses can ask for government issued numbers but it has to be optional and voluntary, and never used as a primary ID. When I go to my doctor for example, I can provide them with my medicare number, in which case they will claim the Medicare rebate on my behalf automatically, or I can refuse to provide them this number, pay the doctor's fee in full, and claim the rebate from medicare myself separately. Similarly I can provide my bank with my tax file number, in which case they will automatically tax my interests earned according to my income band. Or I can not provide them my tax file number, in which case they'll tax my interest rate at the highest income band, and I can then get the money back from the tax office when I file my tax returns at the end of the year.
In Australia we don't have a Bill of Rights. We don't even have a right to freedom of speech. The police can ask us to unlock our phones without a warrant; etc etc. Yet when it comes to privacy, our laws are very clear. For a country with such a history of protecting individual liberties, it always amazes me that the United States takes such a laissez faire approach to privacy.
https://www.abc.net.au/news/2024-08-13/trust-exchange-digita...
The first step is to call it what it is: fraud by misrepresentation. The owner wasn't deprived access to their identity (a key component of theft), they weren't even involved in the transaction. Companies want to have their cake and eat it - have low barriers to making sales/offering loans without rigorously verifying the identity of the person benefiting and be shielded from losses when their low-friction on-boarding fails lets in fraudsters.
If a home buyer is duped into transferring deposit into a fraudsters account, they don't blame it on corporate "identity theft" and put the escrow agent on the hook by default.
e.g. You get hauled into court for a lawsuit demanding the loan repayment, for a loan someone else used your name to get?
- It wasn’t me.
That's why SSNs are still such a big deal. Why fix the problem when you can just make it someone else's problem?
If we were going to do something, we’d make government ID include an NFC token for PKI purposes since public keys can’t be compromised in the same way, but nobody is jumping to pay for that, especially in a country where you have so many people prone to wild conspiracy theories (I am especially amazed by the guys who freak about a national ID as big brother but never say a word about the credit reporting industry) and the enduring “Mark of The Beast” religious fears.
Another alternative would be to go the other way: Pass a law prohibiting the use of social security numbers for any purpose other than social security. Don't provide any globally unique identifier for companies to use.
Instead each institution would issue their own identifier which would have no value outside of that institution. If they get breached or you lose your ID, they mail a new one to the address they have on file or some similar recovery method and you don't have to worry about someone using your ID somewhere else because the breached one gets disabled and you get a replacement.
The obvious advantage here is that companies can't use it to correlate your activity across institutions without your knowledge or consent.
Login.gov gets us pretty far until NFC can get baked into credentials. Would love to see passport cards evolve into this [2], but again, lots of work and political will to make that happen. In the meantime, remote and in person proofing to bind IRL gov credentials to digital identity must do.
(As of December 31, 2023, over 111 million people have signed up to use Login.gov to date, with over 324 million sign-ins in 2023; this is ~1/3rd US population; no affiliation)
[2] https://travel.state.gov/content/travel/en/passports/need-pa...
Please do not give the government any more power over me than they already have, thanks.
If the system needs to be revamped, then step one should be pressure/force so that companies stop treating the numbers as secret. And if we do that we don't need new numbers anymore.
I recently froze my credit with the big 3 and it was easier than I pictured. I don't know if they slow you down if you try to unfreeze it immediately after clicking "forgot password".
don't mix your pet grievances together, having full public knowledge of every person in your country is democratizing, frankly, an aid to democracy, not a hindrance. Not saying I want to live in that world, but it's not an impure democracy.
Norway (and others?) already publishes everybody's income statements. Not healthy imo but I guess would aid more accurate snitching (and envious resentment).
Fortunately that’s not what I’m doing. I suggest reading more carefully and trying to come up with a scenario where the government having standard identifiers meaningfully harms your privacy but a mess of identifiers and a huge private industry linking them does not.
Edit: nvm, ``` findstr /i /r ".000000000." ssn.txt ``` did the trick in powershell, with the zeros replaced with the ssn. Also there is a star after each period that HN has changed to italicize the text instead of showing it.
filed for injunctive relief from emotional duress due to actions of defendant.
and cant speak any further as instructed by legal cousel
There is no offline availability for the Have I Been Pwned data on which emails were present in which breaches. Access to thus data is rate limited and paid API keys are needed for bulk access.
The issue I am raising is not whether a particular website operator claiming to be in posession of data breach dumps, that any web user can download themselves, is "trustworthy" or not. The point I am raising is the unnecessary data collection. If these downloads were available from the website from day one, then there would be no "paid API" nor partnerships with so-called "tech" companies or HN HIBP following. There would not be "HIBP" proponents trying to suppress any criticism of it, defending its every move despite its past mistakes. Most importantly, there would less/no need for "trust".
HIBP is a particularly ugly symbol of the problem of web intermediaries/middlemen and everything/anything "as a service". As expected, HN commenters will not like this viewpoint as they may themselves be trying to profit from such intermediation and the data collection it enables. They may have even convinced themselves they are doing good.
> ... but it was the first time since the overhead of managing the service had gone off the charts.
Around 2020 he decided not to: https://www.troyhunt.com/project-svalbard-have-i-been-pwned-...
He then reveals source of stress and the way it impacted HIBP: https://www.troyhunt.com/sustaining-performance-under-extrem...
Just think about it: HIBP hinges on a person doing his stuff, putting in his time and finances. That affects personal life. However that is a very valuable utility that guy is doing. Good that CF donates cache and help is here and there... but do you think you would have managed that service better?
Would it have been better if HIBP was sold and managed by a real company? Who knows. But long term it is of course healthier if HIBP isn't affected by a single person personal life situations.
The most widely spread breached address is LinkedIn by a wide margin. Houzz is second. Zynga, Imgur are also in contention.
When I started getting porn spam from the Diver's Alert Network, I alerted them to a breach. They misunderstood and just told me how to change my password.
The most annoying thing is that I found my personal robert@ email address is HIBP under the evite breach. I so jealously guard my personal address. A well meaning friend invited me to something with evite. And that's all it took.
I hate when this stuff happens. I setup an email address like that for myself and I have never used it because I’m so afraid it will have something like that happen.
My dad is guilty of doing stuff like that often. He was renting a VRBO for the family and wanted us all to see the invite, but he threw in my email address that I only use for family correspondence. When I went to sign up (because he didn’t tell me this), I used a different address and it was a mess. I had to get him to re-invite me to the trip with the new email, but VRBO still started sending me some nonsense to my good email. He also gave it to some financial planner he uses and they started emailing me left and right. I was really upset. Like you said, he means well with it, but I don’t think anyone should be handing out other people’s email addresses.
The other thing that can get you are social sites that ask users to upload their contacts to find people they know. If your friend or family member uploads their address book, you’re account ends up in the Facebook, LinkedIn, Twitter, or whatever other site might do it. I’ve never used that feature for this reason, I don’t want to do that to people. But I know some of my friends and family have done it and my addresses are sitting in other DBs because of it, probably with my name, phone number, address, and maybe even birthday as well.
"I called him on the phone and he told me!"
Which is how it plays out when someone dies, generally, and the family is there dealing with the aftermath. FYI.
>probably a paperwork mixed up around pensions when his ex-spouse died
Recent hiring expansions have increased audits for high earners and generated additional revenue. Turbotax’s lobbyists are losing influence and we’re enjoying free filing options for individuals in some states. It’s also reasonable to say that a revenue service is not responsible for defining authentication security standards.
Why do you think reallocating funds is worth it as a response to this issue? Where would those funds go?
0. https://www.gao.gov/products/gao-24-106112
1. https://www.irs.gov/newsroom/irs-launches-new-effort-aimed-a...
Yes, I agree that there is a cultural undercurrent of fear around a national ID system, and I also agree that politicians are likely to game their political capital for the greatest return in their career.
What I do NOT believe is that the Social Security number just sort of came about and started being used by government services such as the IRS without anyone being responsible for that huge organizational decision or the initial (current?) lack of security controls around its implementation.
To me, it seems to be an almost certainty that it is both an organizational problem at the government service level AND (as a result) a funding problem.
They didn’t “just sort of come about”, they were created for this exact purpose of tracking government services. Over the years, the number of government services expanded because of the lack of other alternative like I said.
And the lack of security around SSNs is because they weren't intended to be secret. It is generally private sector groups like banks and credit agencies that have turned this into a problem by treating SSNs as if they are a proof of identification. They were created as usernames, but people treated them as passwords.
That's one of the biggest political fights in the past century: austerity, cutting public spending, and means-testing the fuck out of every social program the government even still offers. This has been the case since the 80s reagan-thatcher year. You can literally look at the budgets of major cities and easily see where the majority of spending goes. Hint: it ain't public schools. Were you not paying attention when people were talking about how much police departments get paid out of the budgets of their cities a couple years back? Have you EVER thought to actually substantiate your beliefs by actually looking up the policies that effect public spending and government budgets?
Is the answer "no"?
And it isn't just a problem with funding, it's a legislative and cultural problem too. But in the short term, without drafting up new laws or changing the culture of society, the best we can do to fix these issues is provide more funding.
I imagine it's similar in the public sector, where funding is determined by the needs of the public, political considerations, long-term planning, and so on.
I gave you examples, where you reciprocated with a personal attack. This is one of the ways in which US internal politics has become infantile and tedious. I would appreciate it if you left it there.
That info is, in fact, already easily obtained trough leaks, but I just wanted to give your "utilities" case some clarity. Now the fraudster can apply for a creditcard in your name, and before the month has passed you are on the hook for $3000 in cc charges/debt which cost the fraudster a mere 12 minute phone call and 10 minutes skimming trough the leaked records from this HN post to find your SSN.
Just because people ask for something, doesn't mean you have to give it to them. I leave fields blank all the time on different (paper) forms (including when they ask for SSN), virtually no one hassles me.
3,000,000,000 leaked Social Security Numbers is a statistic.
-Joseph "Social Credit" Stalin
...Is it obvious I, as an American who can confirm my SSN (and whatever else) was leaked by this, sincerely couldn't care less because this is leak incident number 897165176548795647564576415671?
That $10 UberEats gift card from CrowdStrike would be more valuable than another batch of Free Credit Monitoring(tm).
It's like phone books--a collection of data, no creative content.
Fully agree, but I don't see how this refutes what I and the root-level comment (anti-IRS sentiment aside) are saying.
> the lack of security around SSNs is because they weren't intended to be secret.
The lack of security is not BECAUSE they weren't intended to be secret. The lack of security is because numerous organizations (including the IRS, until their introduction of an IP PIN) treated these "usernames" as though they were passwords.
It's not a design problem with original intent of SSNs, it's an implementation problem with any organization using them improperly. Gov't services are just as responsible as banks and credit agencies when they misuse them.
Sure, but the US has a precedent in HIPAA. Not saying it's copy-paste, but... maybe it should be.
I would prefer the law be more restrictive than less, because I don't believe this is true:
> law is justifiably looking for a scalpel treatment here to address the specific problem without putting the quest to understand reality on the wrong side of the line.
I believe the law may use that noble goal as cover for the actual goal: restrict the ability of capital holders to accumulate capital as little as possible. Data sharing isn't a public good in any way. It's mostly not even useful for the targeting purposes it claims. It's extremely reckless rent-seeking that knowingly allows innocent people to have their lives wrecked by identity theft.
I think we are going to discover, once people do the research, that HIPAA has done net harm by delaying flow of information for critical-care patients resulting in lack of patient compliance, confusion, and treatment error.
Yes, there is harm potential in insurance companies denying coverage or claims because they are privy to too much information about clients (a scenario that, I'd note, we could address directly by law via a national healthcare system or banning denial of coverage for various reasons) or by employers or hostile actors (including family) discovering medical facts about a patient. I have to weigh that harm potential against my day-to-day of having to fight uphill to get quality care because every specialist, every facility, and every department needs a properly-updated HIPAA directive for a patient (and the divisions between these categories aren't clear to the average non-medical observer).
You won't find any disagreement from me that HIPAA is very complicated. However there's a certain level of whining and foot dragging that happens in the industry that we should take with a massive grain of salt. There's so many HIPAA compliant and still convenient ways these days to have patient communications, but the industry doesn't want to invest and doesn't care about patience experience enough, and then go "sorry, HIPAA :-(((" every time.
With GDPR, after Schrems II happened and it became clearer that the EU-US Privacy Shield was no longer a valid workaround, I personally observed companies (including the one I was in) suddenly moving mountains to complete migration projects and privacy upgrades in just a few months that the industry previously deemed was technically unfeasible or impossible, cost prohibitive, business destroying, etc. And they still remained massively profitable and growing. If they had just done the right thing early on it wouldn't have been on such a tight deadline either.
That was the final straw for me in terms of being very firmly convinced that we should be telling companies to shut up and comply a lot more because they will never do the right thing on their own even if it wasn't /that/ hard. Another approach here is to start holding them liable for the personal costs of data breaches etc and let the incentives take care of themselves. In fact, why not a bit of both?
There are definitely exceptions, but it puts strict scrutiny on any novel prior constraint of speech.
I fail to see the problem with that. As you said, it's an identifier, like an username or your full name. There should be no issue with everyone knowing your full name, or your username; why there should be an issue with everyone knowing your SSN, or it being in plaintext everywhere?
Checks are actually the source of the problem. If you have access to blank check stock and MICR laser toner (both readily available on Amazon, since business accounting departments will routinely print their own checks for payroll / bills), you can make seemingly valid checks to withdraw funds from any account number. This is still a problem.
The reason why checks are popular is because until recently there hasn't been a cheap + accessible + official + unencumbered way to do electronic transfers between personal accounts. The infrastructure existed (ACH), but only businesses could actually initiate deposits/withdrawals. Individuals could initiate full-service wire transfers, but those are risky (there's no way to reverse one done in error) and banks typically charge $25/transfer - which is far too expensive to use for anything routine.
PayPal came into existence so people could purchase goods online (on eBay, specifically) and have the option of performing a chargeback if the goods weren't delivered as advertised.
(Checks will probably still persist for some time, since all the online payment services want to charge percentage fees if they think you're acting as a business. The beauty of checks is that they just work and don't insist on taking a cut of the payment.)
Because far too many businesses, esp. financial ones (banks/credit unions/etc.) have also incorrectly used it as a password to authenticate that "voice on phone" is really John Q. Public and/or that "grifter in chair across desk" is really John Q. Public. I.e., they used the fact that "person X" knew number Y as proof that person X was really person X.
We can argue that it was never intended to be used this way (a true statement), that knowledge of it provides no such proof (also true), and that using it as such was always wrong on the part of these businesses (also true), but the fact is, many did use it this way, and, sadly, many still do use it this way. And it is this misuse that is the "issue" with everyone knowing everyone's SSN.
Think of it as being the username and password. That's how many institutions have treated it for a long time.
Voting requirements and eligibility are set individually by each state, sometimes even in finer detail, New York City wanted to give immigrants the right to vote in local school board elections for example.
SSN are administered by the federal government and are opt-in(however most people apply for one) so it is not something a state can really use as a voting requirement.
State I currently live in(GA), you need to bring a photo ID for in person voting: - Drivers License(from any state or federal government) - State ID card - Student ID card - ID badge from any state or federal workplace - Passport - Military ID - Tribal ID Data was cross check to an online voter registration database.
Prior state (NC), I think the ID requirements were similar(possibly more relaxed) but at that time the data was checked to the voter roll, a book with the name and address of all the people in the precinct. When you went to vote, you signed by your name and then it was crossed off the list.
If you are concerned about politics being “infantile and tedious”, try to set an example of the rigor you’re looking for. For example, you could point to specific verifiable actions by a candidate like I did.
You do not want to make it easier for every carnivorous for-profit corporation and wannabe apparatchik to pressure every citizen to cough up an identifier that can be used to track their every move.
That’s what the people making those claims are talking about. If you haven’t talked with paranoid religious extremists before, it’s eye-opening: they are literally saying that a mandatory government ID will serve the beast mentioned in Revelations.
That’s not the only concern or group raising it by any means but I mentioned it because governments have to consider edge cases - if you make SSN a required field you have to figure out how to avoid turning away children from those households. If you’re building a website to sell t-shirts, that’s fine but if its government services you might be breaking the law and especially might be harming people who need help (a 17 year old who ran away from that house might have trouble getting the ID they need to live independently).
> a central authority gives everyone a serial number then it will be used to track them by powerful institutions, which is a tool of oppression.
It’s only a tool of oppression if you have a government prone to abuse and without constraints. If that’s true, since the computer age the distinction increasingly useless. The Stasi paid clerks to move paper around and if you’re comparing IDs by hand having a single number is a huge timesaver. In 2024, however, all not having one means is that they use software to link them – the context for this story is the huge industry doing that for all kinds of data, and they don’t mind having to link a couple of different identifiers. Faced with an oppressive government, we should be calling for legal restrictions and accountability for leaders. Not having a unique identification number is like wearing a breastplate into battle after the invention of the machine gun.
Untrue for three reasons.
One, it's a spectrum, and where you are can change. While the current US government is pretty bad, they're not rounding up citizens based on their race and throwing them into internment camps right now. But they have in the past, so let's not leave them anything that helps them if they decide to Be Evil again eh?
Two, there are different governments. Suppose the federal government is bad but not heinously bad and the Colorado government is pretty good but the Mississippi government is corrupt and racist and oppressive. Create the system federally and you're handing it to Mississippi officials to abuse, whereas they couldn't create their own because free travel between the states is constitutionally protected.
Three, it's not just governments. Create something like this and corporations will use it. Then all you need is for the government to fail to stop them, which is the status quo.
> In 2024, however, all not having one means is that they use software to link them – the context for this story is the huge industry doing that for all kinds of data, and they don’t mind having to link a couple of different identifiers.
The single identifier is what enables them to be linked -- it's why the surveillance apparatus keeps pushing it on us. Without it you have to speculate and will commonly get it wrong. If someone is signed into Google and then signs into their bank, does that mean they're the same person, or just two people who use the same computer?
If you pull an old PC off a skid destined for the recycler and use it exclusively for buying things on Amazon (which inherently has your shipping address), and use a different machine for social media which you never use for Amazon, a single identifier would still force you to associate the two no matter what measures you use to separate them.
It is important to preserve the ability to keep them separate.
Also notice the form of your argument: Things are currently bad so it's fine to make them worse in a way that's sticky and hard to undo. Maybe instead we should make things better?
People are calling these "religious fears" because they are fears very often based on religion. People who fear the Mark of the Beast aren't simply worried about being tracked by powerful institutions, they're looking for prophetic signs of the antichrist and Satanic one world government that their holy book says will lead to the second coming of Christ and Armageddon. Even though it was really talking about Nero Caesar. You can't separate the fear from the religion.
>You do not want to make it easy for every rapacious for-profit corporation to pressure every citizen to cough up an identifier that can be used to track their every move.
Then ban cellphones. Those are far more useful as a means of surveillance and control than any serial number in a database. They're also held in the hand and to the head, and used to buy and sell goods, which conforms far more closely to the mark of the beast than, say, RFID chips or SSNs or serial numbers on currency. Which the mark of the beast people were all against, in their time.
Unless you want to go full Kaczynski and run off into the woods to live off the grid, you can't avoid having identifiers attached to you. Your birth certificate, vaccination history, criminal record, credit score, address and phone number, the license plate on your car. Even the cookie that leaves you logged in to Hacker News. Governments and corporations already know who you are and where you are. Are there massive negative externalities to having our identities controlled by forces we have no agency over? Absolutely. But fearing every number as a slippery slope to a global satanic dystopian hellscape isn't reasonable. Unfortunately that's the context in which many people have this conversation, and that needs to be recognized.
This is the "weak man" version of the argument. It goes in the book because the (relatively wise and experienced) authors wanted to warn people of the dangers of a real problem. Nutters read metaphors as literal and then people who want to discredit the argument point to the least credible of the nutters as the proponents. But you don't have to believe in The Devil to believe that authoritarians exist and have provably caused great pain and oppression throughout history.
Isaac Newton was a Christian but you don't have to believe in God to believe in gravity.
> Then ban cellphones.
The problem here isn't so much "cellphones" the abstract concept in which you have a portable computer with a network connection, as the current implementation of cellphones which are in actual fact implemented as tracking devices. Which, okay, let's also make cellphones that are actually controlled by their owners and don't act as mass surveillance devices. Sounds good.
> Unless you want to go full Kaczynski and run off into the woods to live off the grid, you can't avoid having identifiers attached to you.
There is a difference between "you have a social security number which the social security administration uses exclusively for social security and no one else uses for anything" and "you have a social security number which every corporation and bureaucracy uses as the primary key in a database to correlate everything you do in your entire life". The kind of ID systems people keep proposing are the ones that do the second one, and that's the bad one.
So my bank will continue to use my SSN as proof of identity for loans.
https://beeckcenter.georgetown.edu/wp-content/uploads/2021/1...
Unfortunately that strategy is deeply flawed and dangerous because nobody cares if the data they have on you is accurate or not. They still can, and still will, use it against you at every opportunity. Every scrap of data they have, accurate or not, can be used to hurt you.
The only way to flood data brokers with garbage data that can't hurt anyone is to fill it with entirely fictitious people who somehow can't be mistaken for any actual people. Even that runs the risk of hurting real people though. For example, an insurance company might go to a data broker and ask for the number of people within a certain neighborhood or zip code who bought fast food more than once a week in the last year and how many have a gym membership. If the number of frequent fast food buyers is higher than it was last year and/or the number of gym members is lower the insurance company might decide to raise the rates of every single member within that neighborhood or zip code. Even fake people could skew those numbers if their fake data said they lived in those zip codes or neighborhood and ate out a lot or didn't have a gym membership. Indirectly, the fact person is mistaken for being a real one in that community.
The best way to deal with data brokers is to regulate them with strong data protection laws. Anything you give them risks hurting someone and gives them another data point to sell.
Wouldn't that be against redlining laws? https://en.wikipedia.org/wiki/Redlining
And that data has been made public likely in some form, and is probably replicated to dark corners of the planet.
Don't get me wrong, regulation on these industries seems like a no-brainer, but it seems unlikely to remediate the damage already done.
What are some examples of inaccurate data, as in completely false data, being able to hurt me?
"It says here that this shipment is for Firstname Lastname at 1 Main St, Yourcity, born January 1st in the same year as you. Your license has a different address and different birth day and month, so you're not the same person."
(Granted, most people here with an SSN should be older than that.)
[1] https://en.wikipedia.org/wiki/Copyright_law_of_the_European_...
More importantly, your insurance company is never going to tell you that that's why they raised your rates. You're just going to see a high bill. Same way that a potential employer isn't going to tell you that you didn't get the job because of something you said on social media 14 years ago, or because the information they got from a data broker says you drink a lot. You just get ghosted.
That's the problem with surveillance capitalism. Even as all that data increasingly impacts your life you're almost never aware that it's happening and have no ability to appeal or correct the record.
> If someone is signed into Google and then signs into their bank, does that mean they're the same person, or just two people who use the same computer?
You misunderstood my argument as “it’s okay to make things worse” rather than “spend your time on things which can matter”. You’re grossly overstating the importance of the unique identifier in era where databases are widespread. In your examples, you’re characterizing as hypothetical risks things which are routinely done by private companies right now. The modern Stasi wouldn’t need to an army of clerks to link government IDs, they’d pay Google or some other ad tech companies who’ve already linked your online activities (how many people even know if their bank uses Google Analytics?) and your email addresses and your phone numbers and your credit card transactions and the location data which the phone companies and mobile app analytics firms have already collected, etc. As a government agency, they’d even get stuff like the precise locations your phone is at. Even if you had your Amazon burner on a separate network, used a different email address with a different provider than you do for everything else, perfectly adhere to not using it for social media, etc. all you have to do is forget to turn off your phone once to link them, especially if you don’t live in a very crowded environment with many new people coming and going at unpredictable intervals.
Yes, having one identifier would make it easier but they’re already doing a good enough job that anyone who cares about it should be thinking about the safeguards which prevent abuse rather than pretending that there’s one weird trick to stop it. If we were in a scenario where any of the feared outcomes of a government are imminent, the range of bad outcomes either way overlap too much for the difference to matter.
The key thing to understand is that they don’t need it to be perfect: authoritarian governments don’t need to jail everyone who disagrees as long as they keep those people from organizing an effective opposition. If you’re opposed to them but keeping quiet and not doing much, they win. If you pull off perfect opsec and stay undetected, but they catch you because someone you know made a mistake, they win.
Worse, in the absence of effective accountability, minor mistakes only help build the fear of doing anything dodgy or subversive – if news gets out that someone went to a protest and the cops busted their roommate after linking the wrong phone, it _might_ help that one person be released but it will definitely ensure that a hundred other people get kicked out or turned in by roommates who don’t want to have the same thing happen to them (read accounts from East Germany, Russia, China, Mexico in the 70s, etc. for a reminder of how toxic the effects on social networks are), and a thousand people will stay quiet and avoid the next protest.
But it's not about clerks.
You go to your bank and sign in. If the bank is using Google Analytics then Google knows you've signed into your bank. But they don't know that this is the same "you" that signs into YouTube under a different account on a different machine.
If you make a government ID which is trivial to check over the internet then everything would start checking it, and then Google would know that it's the same "you" because you'd have to present your ID in order to use YouTube and it's the same ID you have to present to the bank.
> Even if you had your Amazon burner on a separate network, used a different email address with a different provider than you do for everything else, perfectly adhere to not using it for social media, etc. all you have to do is forget to turn off your phone once to link them, especially if you don’t live in a very crowded environment with many new people coming and going at unpredictable intervals.
This is the spy scenario where they magically associate the phone with you based on a single ambiguous data point. It doesn't work like that because if it did you could do it on purpose to link your identity with someone else. It also assumes that the other problems can't be improved. Suppose we stop forcing people to disclose a single identifier and we get phones that don't forcibly report our locations to large institutions. Then you have defense in depth and can make a single mistake without being automatically screwed.
> Yes, having one identifier would make it easier but they’re already doing a good enough job that anyone who cares about it should be thinking about the safeguards which prevent abuse rather than pretending that there’s one weird trick to stop it.
It's not that there's one trick to stop it, it's that forcing a single identity to be disclosed in order to do anything would defeat all other privacy measures. There is no point in preventing browser fingerprinting or using a VPN with a shared IP address or posting under a pseudonym if everything you do is still tied to your centralized ID number which in turn is tied to your face and home address and full transaction history with every extant bureaucracy.
> If we were in a scenario where any of the feared outcomes of a government are imminent, the range of bad outcomes either way overlap too much for the difference to matter.
Those are just the worst-case scenarios. If you get Nazis, they're going to push this on everyone anyway as soon as they can. It's better to slow them down as much as possible than leave everything already implemented and all they have to do is turn key, but that's hardly the only bad thing that can happen.
If corporations know everything about you, they can use machine learning to do price discrimination. They can predict when is the best time to present you with an agreement that has you sign your rights away for a song. They can influence public opinion to control election outcomes. Censor whistleblowers who are now incapable of publishing anything under a pseudonym. Blackmail anyone because no one has any secrets from them.
The longer it's possible for people to do these things, the more likely that they happen, and the more often. So it needs to be made not just illegal but technologically unavailable. That way it's harder to happen because they have to do two things and not just one.
Especially because many of these things are not necessarily things done by people who are already in power, they're things done by people who have the surveillance data and use it to seize power. "Accountability" doesn't work if the technology can be used to seize control of the government before the government can enforce a prohibition on that use of the technology.
It does work like that in too many cases. Yes, one data point is not definitive but since they can get many data points it works well enough to be a major privacy risk - for example, this was a cheap attack which required no governmental access:
https://www.vox.com/recode/22587248/grindr-app-location-data...
I would suggest writing down exactly what you are concerned about in a structured manner. You’ve shifted the scope significantly and are well off topic from the original point. I appreciate the emotion but it’s hard to build a policy on quicksand.
There could also be a shared, trusted opt-out service that accepted information and returned a boolean saying “opt-out” or “opt-in”.
Ideally, it’d return “opt-out” in the no-information case.
You store a hashed version of my SSN, or my phone number, to represent my opt-out? Someone can just hash every number from 000-00-0000 to 999-99-9999 and figure out mine from that.
You hash the entire contents of the profile - name+address+phone+e-mail+DOB+SSN - and the moment a data source provides them with a profile only containing name+address+email - the missing fields mean the hashes won't match.
A trusted third party will work a lot better IMHO.
And of course none of the data brokers have much reason to make opt-outs work well, in the absence of legislation and strict enforcement - it's in their commercial interests to say they "can't stop your data reappearing"
That's what salts are for, right? It wouldn't be too hard to issue a very large, known, public salt alongside each SSN.
> And of course none of the data brokers have much reason to make opt-outs work well, in the absence of legislation and strict enforcement - it's in their commercial interests to say they "can't stop your data reappearing"
This is the actual reason, IMHO.
But how would they keep making money that way?
If these devs that scrape/dump/collate all this info are anything like the ones I've seen, and they're functioning in countries like the US and UK whereby you don't have individual identifiers that are pretty unique, then I'd say the chance of them being able to get such a "unique" key on you to remove you perpetually, is next to impossible. And if it's even close to being "hard", they'll not even bother. Doubley-so if this service/people/data is anything like the credit-score companies, which are notoriously bad at data de duplication and sanitation.
Likewise, if you want them to do some sort of removal using things other than a unique identifier, then you have to have some sort of function that determines closeness between the two records. From what I've heard, places like Interpol, countries' border-control and police agencies usually use name, surname and dob as a combination to match. Amazingly unique and unchanging combination, that one! /s
2. Sounds like "data brokers" that sell private information just shouldn't exist...
They would leak that in the next data breach.
When you tell a data broker to delete all of the data about you, how can you be sure they get ALL of the data about you, including the ones where your name is misspelled or the DoB is wrong or it lists and old address or something? Even worse if someone comes around later and discovers the orphan data when adding new data about you and fixes the glitch, effectively undoing the data delete.
It's a catch-22 that if you want them to not collect data about you they need a full profile on you in order to be able to reject new data. A profile that they will need to keep up-to-date, which is what they were doing already.
You don’t have to solve it perfectly to be an improvement.
Also this is BS. Not every bit of data is perfectly formatted and structured but both of your examples are structured data. You can 100% reliably and deterministically hash this data.
There’s so much in your argument that can be replied with “imperfect is better than status quo”. If you give someone the wrong DOB, it’s “not you” anyways, at least let me scrub my real data even if the entry is imperfect for some people or some records.
edit for clarity: by criminal records, I mean for the official management of them, not for scraping their content.
Our current system is entirely built on ridiculous levels of trust, mostly for convenience / cost saving reasons. I've made payments over the phone with nothing more than the information found on the bottom of every check I've ever sent. I routinely hand my credit card to waitstaff making 7.25 an hour and in that moment I'm handing every last one of them the ability to snap a photo of my card on their phones and go on a shopping spree at my expense.
As insane as our system is, it's mostly worked. Even though I've been made to pass around my account info countless times, I've never once had my accounts cleaned out. If a single mother with less than 1k in her account gets robbed, I have a hard time blaming her. She had zero say in the design of this system, and she's the person least able to deal with the cost of the consequences of it.
On the other hand, I have very little problem putting the blame on the banks which do control much of the system and who can more than afford to cover the costs of such incidents. This puts a small amount of financial pressure on them to improve the systems they've created and forced the rest of us to use in order to participate in society.
There are all kinds of things they could be doing to reduce fraud, but they don't. Mostly for convenience / cost saving reasons. I consider their refusal to take even simple steps to improve the security of their systems as their implied consent to continue accepting the responsibility for the still rare instances where criminals take advantage of their inaction.
Note that payments or deposits to a given account require little authentication over the destination though more for the payee. I've long been amused by US banks which require me to authenticate to an ATM to make a payment but will accept cheques dumped into a deposit slot.
I agree that the system mostly works, but fraud costs are in the billions, and that's U.S. credit cards alone:
"As Nationwide Fraud Losses Top $10 Billion in 2023, FTC Steps Up Efforts to Protect the Public " (2024) <https://www.ftc.gov/news-events/news/press-releases/2024/02/...>
The denominator is roughly $4 trillion, so it's an 0.25% fraud rate:
"The Average Number of Credit Card Transactions Per Day & Year" <https://www.cardrates.com/advice/number-of-credit-card-trans...>
Paging patio11: https://www.bitsaboutmoney.com/archive/optimal-amount-of-fra...
... over SMS!
2FA over SMS is not a valid form of 2FA and I will die on that hill.
That's whole point, they should use standardized authentication process. The problem is that they don't use any authentication at all. They just give money away because they can extort them back from unsuspecting victim like some gangsters.
Even if you have all the passwords and bioinformatics, passkeys, 2FA, etc - how can you prevent theft like this?
It might be different now, but in the late 90s I sold some laptops to a buyer using a stolen credit card. The cardholders had no fraud liability but my company ended-up having to eat the cost of the stolen laptops. The credit card company simply didn't pay the amount of the fraud in their settlement with us.
You could be incorrectly flagged as having more money than you do, causing companies to charge you more than they charge your neighbors for the exact same items. Discriminatory pricing has been happening for a very long time. Just using a different browser can cause prices for some online services to change. (https://www.bostonglobe.com/business/2014/10/22/online-shopp...) For example, Apple users might be seen as having/spending more money and so the prices they get for hotels and airfare can be higher. Increasingly, brick and mortar stores have been trying to get in on the action too. (https://link.springer.com/article/10.1057/s41272-019-00224-3)
If you have a browser extension that randomly visits sites and clicks on ads. Maybe it clicks a bunch of ads for alcohol or marijuana. Maybe it clicks on ads for mental health services, addiction/recovery services, or suicide hotlines. That data can be used against you in court during a divorce/child custody case. It might make a company less likely to hire you. It might cause your health insurance company to charge you more.
Maybe it clicks on ads for DUI attorneys and suddenly your auto insurance rates go up. The company isn't going to tell that's why. They might not even know why. their algorithm just decided you were more high risk than before.
Every data broker is creating a dossier with your name on it, and they are stuffing it with every scrap of data they can get their hands on. That data can cost you a job or a rental contract (see https://nypost.com/2022/12/20/how-employers-spy-on-your-sear... and https://themarkup.org/locked-out/2020/05/28/access-denied-fa...).
The data being collected on you can get you arrested or questioned by police. (see for example https://www.nbcnews.com/news/us-news/police-google-reverse-k... and worse https://www.nbcnews.com/news/us-news/google-tracked-his-bike...)
Any data for sale, accurate or not, is going to be used against you. The people paying data brokers for information about you aren't doing it because they want to help you. They want to help themselves at your expense. And its insane how many people are buying up that data and using it whenever they feel it might give them even the smallest advantage. Companies are using that data to decide things like how long to leave you on hold when you call them. (https://www.nytimes.com/2019/11/04/business/secret-consumer-...)
Very true! Great examples and reply, thank you!
Isn't that the opposite of innocent until proven guilty?
The problem with putting a value judgement on this is that it will precondition people to assume good faith or bad faith on the validity of the assessment based on how they interpret the fairness of the court system.
Instead, we could just say that the majority of the cases are people trying to get out of legitimate debts. If we wanted to go farther, we could say that's because some people just don't feel responsible for their own debts and some people make a choice that a last ditch effort to get out of a debt they know they should pay rather is the lesser of two evils when the alternative is to continue to fail to provide adequately for their family given their circumstances, and how different people may draw that line at different points.
That's harder to articulate and a larger discussion that may be a tangent people aren't interested in discussing though, so it's probably just simpler to keep the value judgements out of it if the intent is to keep the discussion productive.
There's another discussion which could be had about just how legitimate even "legitimate debts" actually are in some cases but that's even more in the woods.
Are we saying that if you can show you have enough income / assets, it'll be that much more likely that you'll be fine in those cases?
If they knew it wasn't you, they wouldn't have written the loan in the first place. They're asking you to repay it because they really do think it was you.
If "it wasn't me" was all anyone had to do to get out of paying a loan, many people would do it.
For example, when you purchase online, some merchants do not check who is the owner of the card, or the address. It's done on purpose, because some people borrow the card of the others, some people don't want to use their card, etc. And overall it's all about risk management, but if the holder is really the one in front of you is just one factor among others.
Even if online payments were eliminated, and you had to show up in person with a birth certificate and passport to perform a transaction, fraud would be non-zero.
To have a functioning business, people need to be able to use the system.
But in this scenario, there is basically zero evidence it was you
I hope this helps you
Edit: I missed you said Windows. Probably Powershell have similar utilities, so you can do `ReadFileLineByLine \r \d big_file | ReturnHitBySearchTerm \v \t \s my_term` or something similar.
Nor do you want to use cat (UUoCA) but that's very much a minor point in comparison.
EDIT: answer: 2 files, 176GB and 120GB, total is 298GB.
Freeze your credit reports, folks.
The quick doesn't mean "fast". It means "alive".
In the context of "quicklime" the quick refers to the heat of the reaction when making lime for slaking on walls, etc.
"Quick" historicaly has been applied to plants and animals (alive), rivers and streams (moving), coals, fires, quicklime (burning, heat producing, glowing), to speeches and pamphlets (Lively, full of vigour or sharp argument), to tastes, to smells, and more.
The full blown Oxford English Dictionary entry for quick is a lengthy one, multiple cases and variations over a page and more.
I hadn't heard of it before.
I'm not publishing or leaking any data either. I'm linking to something that was already made public which contains my own data.
Also it's just a really crappy thing to do IMO.
They don't want to solve your problem. You aren't their customer. They want to comply with the letter of the request in as much as it covers their own butt in terms of regulatory requirements and/or political optics.
Hashing a birthday and SSN is deterministic. We could deterministically keep that data deleted. This would be better than we have today, and could be done reliably and affordably.
The companies can easily be required (by law) to implement the “good” solution. Everyone complaining it’s not “perfect” is stopping “good”.
If you can’t get your SSN right, you can’t expect a company to delete it.
Since the salts are random, unique to each SSN and long: a) you'll find no existing rainbow table that contains the correct plaintext for your SSN hash and b) each SSN now requires its own bruteforcing that is unhelpful for any of the other SSNs
Combine that with a very expensive hashing method like PBKDF2 (I'm sure there's something better by now) and you've made it pretty dang hard for non state actors to bruteforce a significant chunk of SSNs. There's also peppers that involve storing some more global secrets on HSMs.
I'm sure the crypto nerds have like a dozen better methods than what I can come up with but the point is this is not a feasibility issue.
In a password database, salt is not secret because the password combined with it is secret and can be anything. Even if you know the salt for a particular user, in order to crack that user, you need to start hashing all possible passwords combined with that salt. If a user picks a dumb password like password123, then they are not safe if the salt leaks. Other users with password=password123 will not be immediately apparent because other users have different salts. You would have to try password123 combined with each user’s salt to identify all the users with password123.
You said “It wouldn't be too hard to issue a very large, known, public salt alongside each SSN.” That means there should be some theoretical service where you pass it an ssn and get back the salt, right? So what have you gained? Any attacker with an ssn can get the salt, and nothing was gained. Or if attackers don’t have ssns they can just ask for all the salts, the mapping from ssn to salt is public so they know 000-00-000 has salt1, 000-00-001 has salt2, etc, so you haven’t increased the amount of hashes attackers have to do to do whatever it is they want to do.
You’re right about commercial interests being at play. That’s why we don’t have laws like GDPR in the USA. Crypto nerds have thought about this long and hard and if it was that easy we wouldn’t need stupidly complex laws like GDPR. They would “just add salt.” Or other services would “just add salt” instead of relying on more complex and expensive forms of identity verification and protection.
You don’t need to be a crypto nerd to try to describe a flow where having a public known salt per ssn helps with privacy. You do not need to be a crypto nerd to design secure one way hash functions that would plug into that flow.
Even if such a service doesn’t exist, and you just have a list of all the salts without knowing which ssn they map to, you’re just hand waving how hard it will be to hash the entire salt*ssn set.
Hashing a salt+ssn can’t take too too long because data brokers need to be doing it frequently in order to verify identities.
In this report, https://files.consumerfinance.gov/f/documents/cfpb_consumer-..., it says monthly volume of credit card marketing mail is in the hundreds of millions per month. Can we assume that each piece of mail is roughly associated with one instance of hashing a salt+ssn? Given that number, how expensive (in terms of time, compute cycles, whatever) can it possibly be to hash a salt+ssn? If we make it too expensive, expensive enough to support your “age of the universe” claims, credit markets would grind to a halt.
Poster above me just said “add salt” and waved their hands without describing anything concrete, like just saying some magic words can solve hard problems.