Anonymous declares war on Qanon

Qanon is a person or group behind an unhinged right-wing conspiracy theory that is really too stupid to elucidate (you can listen to this Reply All if you're really interested); it's a kind of trumpian Pizzagate successor that includes great, unhealthy lashings of secret Democratic pedophile rings (because far-right assholes are more worried about imaginary children in nonexistent pizzeria basements than they are actual children in ICE cages). Read the rest

Leaked Equifax documents provided to US Senate reveal that they dumped all our drivers' licenses, too, but Equifax says it's OK, so...

A leaked set of disclosures made by Equifax to the US Senate have revealed that the breach of 145.5 million Americans' sensitive financial data was even worse than suspected to date: in addition to data like full legal names, dates of birth, Social Security Numbers, and home addresses, it appears that Equifax also breached drivers' license numbers and issue-dates. Read the rest

Wired releases a surveillance self-defense guide

Wired's new Guide to Digital Security is an excellent addition to the genre of simple-to-follow how-tos for reducing the likelihood that you'll be victimized by computer-assisted crime and harassment, and that if you are, the harms will be mitigated. Read the rest

A quantitative analysis of doxing: who gets doxed, and how can we detect doxing automatically?

A group of NYU and University of Illinois at Chicago computer scientists have presented a paper at the 2017 ACM Internet Measurement Conference in London presenting their findings in a large-scale study of online doxings, with statistics on who gets doxed (the largest cohort being Americann, male, gamers, and in their early 20s), why they get doxed ("revenge" and "justice") and whether software can detect doxing automatically, so that human moderators can take down doxing posts quickly. Read the rest

Six months before the breach, a researcher warned Equifax that all its data was unprotected

An anonymous security researcher has shown Motherboard evidence that they warned Equifax in December 2016, six months before its catastrophic breach, disclosing numerous elementary deficiencies in Equifax security that left all of its data vulnerable to being stolen. Read the rest

Equifax will give your salary history to anyone with your SSN and date of birth

Equifax division TALX has a product called The Work Number, where prospective employers can verify job applicants' work history and previous salaries (it's also used by mortgage lenders and others): you can create an account on this system in anyone's name, provided you have their date of birth and Social Security Number. The former is a matter of public record, the latter is often available thanks to the many breaches that have dumped millions of SSNs (the latest being Equifax's catastrophic breach of 145,000,000 Americans' data). Read the rest

After massive breach Equifax gets $7.25m no-bid IRS contract to "prevent fraud"

On September 29, weeks after Equifax admitted to having lost the most sensitive financial and personal information of 143,000,000 Americans (but a week before Equifax admitted that the total was actually 145,500,000) (and counting), the IRS awarded the company a no-bid contract for $7,250,000 to verify taxpayer identities and curtail fraud. Read the rest

Equifax: we missed 2.5 million people when we counted the size of our breach

Turns out that the total number of people whose lives Equifax ruined by doxing them and then dumping all their most sensitive personal and financial data is 145,500,000, not 143,000,000. The company's new CEO apologized for the misunderstanding, and persisted in calling the people his company destroyed "customers" despite the fact that the vast majority of them were not Equifax customers, just random people whom Equifax compiled massive dossiers on, and then lost control over. Read the rest

Trump doxes people who wrote with concerns about leaks of their sensitive personal data

Donald Trump is running a national-scale voter-suppression effort, billed as a "Voter Fraud Commission," whose first act was to illegally demand that state election officials dox every registered voter by sending their lifelong voter records to the White House. Read the rest

Debullshitifying the free speech debate about CNN and Trump's alt-right wrestling GIF

In the wake of CNN threatening to out a critic if he does not limit his speech in the future, former federal prosecutor and First Amendment champion Ken White has published an eminently sensible post about the incoherence of the present moment's views on free speech, and on the way that partisanship causes us to apply a double standard that excuses "our bunch" and damns the "other side." Read the rest

Utah's proposed doxing ban too broad, says EFF

A Utah State House of Representatives bill would outlaw doxing—publishing someone's private info with the intent to facilitate harassment—but the EFF says the planned law's language is so broad it would target free speech.

At fault, Sam Machkovech reports, is the fact that the law doesn't clearly define its terms.

[Lead sponsor State Representative David E.] Lifferth's suggested amendment, on the other hand, offers no such specific, harassment-minded qualifiers in regard to "personal identifying information." The legislation as written would punish citizens for posting a laundry list of information about anyone if a court determined there was intent to annoy, alarm, or offend them, including names, birthdays, phone numbers, place of employment, photographs, or other realistic likenesses. The penalty for first-time offenders would be a class B misdemeanor, punishable by up to six months in jail and a maximum $1,000 fine.

Among other things, such legislation might limit citizens' ability to hold public officials and other influential members of society accountable for their actions.

Lifferth has promised to fix the bill's language. Read the rest