During the five weeks after hackers stole 143 million Americans' data from Equifax, and while its execs were selling off their stock by the millions, the company sprang into action, producing an insecure site for checking whether your own data was breached that produces the same output no matter what name and SSN you input.
But though the website has a broken cryptographic certificate and is running an unpatched stock version of WordPress, it's not wholly useless: the site does subject you to a "license agreement" that makes you give up your right to sue Equifax (the company claims that this clause was not intended to limit your ability to sue it over the mass breach).
Like many forced arbitration clauses, the Equifax EULA makes a nod towards equitable treatment: after clicking it, you have 30 days to inform the company, in writing, that you do not agree to arbitration.
Paul Butler, "a quant in New York City," has put up a website called "Unarbitrate" that has a form you can fill in to produce a printable letter to this effect. He's even offering to print and mail your letter for you. He promises not to retain or share your data.
Why should I trust you?
It's ultimately your judgement call, and you're right to be skeptical of a stranger on the internet. The best I can offer is that I have a long-established social media presence (Twitter, GitHub), and this isn't the first time I've used it to take a stance against legal strong-arming. If you decide not to trust me, I still encourage you to opt-out; if you use the Print button to mail the letter yourself the data will never leave your browser.
Equifax binding arbitration opt-out (unofficial)
[Paul Butler/Unarbitrate]
(via Dan Hon)
