• The Equifax breach was disclosed in 2017, exposed financial records of 150M Americans
• FBI Deputy Director David Bowdich: “This is the largest theft of sensitive PII by state-sponsored hackers ever recorded.” Read the rest
Joshua Browder created Donotpay as a teenager at Stanford: originally it was a chatbot that helped you beat traffic tickets, but it has since expanded (thanks to an infusion of venture capital) into a Swiss Army Knife of automated consumer advocacy that can do everything from sue Equifax on your behalf to help you access homeless services to getting you a rebate when your plane ticket's price goes down after you've purchased it.
Read the rest
Joshua Browder created Donotpay as a teenager at Stanford: originally it was a chatbot that helped you beat traffic tickets, but it has since expanded (thanks to an infusion of venture capital) into a Swiss Army Knife of automated consumer advocacy that can do everything from sue Equifax on your behalf to help you access homeless services to getting you a rebate when your plane ticket's price goes down after you've purchased it. Read the rest
Back in 2011, I signed up for a Zappos account so I could buy pants for a wedding I was in. Then I returned them because they didn't fit. I ended up buying them at the local Macy's instead (although I bought the wrong shade of grey, oops).
That should have been the end of my relationship with Zappos. Until I received this email the other day:
Zappos put me at risk by exposing my data. And the best mea culpa they can offer is "Here's a discount so you can help us to increase our Q4 revenue!" That might be even pathetic than the $125 offering from Equifax. Equifax may have exposed more personal information, but unless I plan on buying a $2,000 pair of John Lobb boots from Zappos—thus giving $1800 back to the company that just screwed over my data—then I'm basically getting nothing.
To be clear, Zappos offer here has only been preliminarily approved by the court in charge of the settlement. If enough people say, "I'm not paying you to pay me financial damages," the judge may change their mind. But I wouldn't hold my breath. If the only consequence to expose customer data is increasing Q4 revenue, then there's never going to be any incentive for any company to give a shit about the personal information of the people who keep them in business. And that's not a healthy economy.
Donotpay started as a project to help people automatically fight parking tickets, before its then-teenaged creator, the UK-born Stanford computer science undergrad Joshua Browder expanded it to help homeless people apply for benefits, then to help you sue Equifax for doxing you, then to apply for rebates if your plane tickets' prices went down after you applied for them, then to easily file small claims suits against companies that ripped you off, then to apply for airline compensation for late flights, lost bags, overbookings and cancellations, then to auto-cancel your "free trial offers" by letting you create burner credit-card numbers that would simply not accept future bills when they arrived. Read the rest
The Washington Post's Drew Harwell takes a deep look at the the use of facial recognition products like Bunk1 at summer camps, in a deliciously terrible piece that alternates between Bunk1's president Rob Burns and Waldo Photos's founder Rodney Rice explaining that everyone loves this and it makes everyone happy, and counsellors, parents, campers and photographers (as well as child development experts and civil libertarians) explaining how it is just fucking terrible, which Rice dismisses as "privacy hysteria." Read the rest
If you are an adult human being living in the United States, Equifax is making a lot of money from your personal data (Equifax's annual revenue is $3.1 billion. Its CEO Mark Begor gets over $20 million a year in compensation). As you know, Equifax violated the trust of 147 million people in a massive data breach in 2017, opening them up to identity theft and other abuses. You've also heard that Equifax has agreed to pay everyone affected by the breach $125. That is not close to sufficient, but it's something. However, if you filed a claim for your $125, you will might be surprised that your actual check will be a fraction of that.
From Equifax's FAQ:
If there are more than $31 million claims for Alternative Reimbursement Compensation, all payments for Alternative Reimbursement Compensation will be lowered and distributed on a proportional basis.
That means you will get $125 only if fewer than 250,000 people file a claim. It's likely many more people will file a claim. Suppose 10% of those affected (14.7 million) file a claim. They'd each get a check for $2.11.
Equifax doxed virtually every adult in America as well as millions of people in other countries like the UK and Canada. The breach was caused by an acquisition spree in which the company bought smaller competitors faster than it could absorb them, followed by negligence in both monitoring and responses to early warnings. Execs who learned of the breach used it as an opportunity to engage in insider trading, while failing to take action to alert the public. Equifax nonconsensually gathers dossiers on everyone it can, seeking the most sensitive and potentially damaging information to record. The company was founded as part of a corporate spy-ring employed to root out and identify political dissidents and sexual minorities. Read the rest
If you only look at porn with your browser in incognito mode, your browser will not record your porn-viewing history; but the porn sites themselves overwhelmingly embed tracking scripts from Google and Facebook in every page: 93% of 22,484 porn sites analyzed in a New Media & Society paper had some kind of third-party tracker, with Google in the lead, but also including trackers from some of the worst privacy offenders in Silicon Valley, like Oracle. Read the rest
DoNotPay (previously) is a collection of consumer-advocacy tools automated the process of fighting traffic tickets, help homeless people claim benefits, sue Equifax for leaking all your financial data, navigating the airlines' deliberately confusing process for getting refunds on plane tickets whose prices drop after you buy them, and filing small-claims suits against crooked corporations. Read the rest
Members of the United States Federal Trade Commission (FCC) on Wednesday asked Congress to create a national privacy law that would regulate how technology giants like Facebook and Google gather, store, and share the personal data of users. Read the rest
A new bill from Senator Elizabeth Warren proposes personal, criminal liability for top executives of companies turning over more than $1B/year when those companies experience data breaches and scams due to negligence (many of the recent high-profile breaches would qualify, including the Equifax giga-breach, as well as many of Wells Fargo's string of scams and scandals). Read the rest
Virtually everyone who's ever had the credit-rating system explained to them immediately understood that this was a complete scam: these companies that most of us have never heard of nonconsensually ingest gigantic mountains of data about you and your life and produce a numeric score that is nearly impossible to explain and extremely frustrating to alter, and that number is used to determine your access to work, rental accommodations, loans, mortgages and more. Read the rest
In 2017 the private credit information of 143 millions Americans was stolen from Equifax. But the records have never been offered for sale on the black market, which is highly unusual. (The only person who has so far profited from the breach seems to be Equifax CEO Richard F. Smith, who resigned with an $80 million retirement package.)
So, who stole the records of 1/2 the US population, and why? CNBC interviewed "experts, intelligence officials, dark web data 'hunters' and Equifax" and the consensus seems to be China or Russia did it as a way to recruit spies.
Read the rest
One former senior intelligence official with direct knowledge of the Equifax investigation summarized the prevailing expert opinion on how the foreign intelligence agency is using the data. (This person asked to speak on the condition of anonymity because he isn't authorized in his current role to speak to media.)
First, he said, the foreign government is probably combining this information with other stolen data, then analyzing it using artificial intelligence or machine learning to figure out who's likely to be — or to become — a spy for the U.S. government. He pointed to other data breaches that focused on information that could be useful for identifying spies, such as a 2015 breach of the Office of Personnel Management, which processes the lengthy security clearance applications for U.S. government officials.
Second, credit reporting data provides compromising information that can be used to turn valuable people into agents of a foreign government, influencers or, for lower-level employees, data thieves or informants.