Reps Anna Eshoo [D-CA] and Zoe Lofgren [D-CA] have introduced HR 4978, the "Online Privacy Act," which is a comprehensive set of federal rules for privacy, interoperability, and protection from algorithmic discrimination and manipulation. Read the rest

When Salem, NJ's Fred C. Arena applied for a job at Philadelphia's Navy Yard, he underwent an FBI background check in which he falsely claimed that he was not a member of the Vanguard America, a white nationalist group that was part of the lethal far-right "Unite the Right" 2017 gathering in Charlottesville; whose members posed with the murderer James Alex Fields Jr for a photo hours before he killed Heather Heyer. Read the rest

One important detail from this week's admission from Doordash that they'd suffered (and remained silent about) a breach of 4.9 million records: Doordash, by its nature, includes the home addresses of people who otherwise avoid disclosing where they live. Read the rest

There are dozens of free "peoplefinder" sites that buy up commercial databases and combine them with other sources to make your home address searchable. You can find instances where this has happened to you by googling your name and home address, and then you can google the removal forms for each of the services and get yourself delisted. But your name will keep getting re-added: if you set a Google Alert for a search on your name and address, you'll get a message every time you get caught in these databases and you can remove your name again. This won't work on the for-pay background check sites that Google doesn't index, but it will keep your name and address clear of low-level scumbags who stick with free sites for their doxing activities. Read the rest

Qanon is a person or group behind an unhinged right-wing conspiracy theory that is really too stupid to elucidate (you can listen to this Reply All if you're really interested); it's a kind of trumpian Pizzagate successor that includes great, unhealthy lashings of secret Democratic pedophile rings (because far-right assholes are more worried about imaginary children in nonexistent pizzeria basements than they are actual children in ICE cages). Read the rest

A leaked set of disclosures made by Equifax to the US Senate have revealed that the breach of 145.5 million Americans' sensitive financial data was even worse than suspected to date: in addition to data like full legal names, dates of birth, Social Security Numbers, and home addresses, it appears that Equifax also breached drivers' license numbers and issue-dates. Read the rest

Wired's new Guide to Digital Security is an excellent addition to the genre of simple-to-follow how-tos for reducing the likelihood that you'll be victimized by computer-assisted crime and harassment, and that if you are, the harms will be mitigated. Read the rest

A group of NYU and University of Illinois at Chicago computer scientists have presented a paper at the 2017 ACM Internet Measurement Conference in London presenting their findings in a large-scale study of online doxings, with statistics on who gets doxed (the largest cohort being Americann, male, gamers, and in their early 20s), why they get doxed ("revenge" and "justice") and whether software can detect doxing automatically, so that human moderators can take down doxing posts quickly. Read the rest

An anonymous security researcher has shown Motherboard evidence that they warned Equifax in December 2016, six months before its catastrophic breach, disclosing numerous elementary deficiencies in Equifax security that left all of its data vulnerable to being stolen. Read the rest

Equifax division TALX has a product called The Work Number, where prospective employers can verify job applicants' work history and previous salaries (it's also used by mortgage lenders and others): you can create an account on this system in anyone's name, provided you have their date of birth and Social Security Number. The former is a matter of public record, the latter is often available thanks to the many breaches that have dumped millions of SSNs (the latest being Equifax's catastrophic breach of 145,000,000 Americans' data). Read the rest

On September 29, weeks after Equifax admitted to having lost the most sensitive financial and personal information of 143,000,000 Americans (but a week before Equifax admitted that the total was actually 145,500,000) (and counting), the IRS awarded the company a no-bid contract for $7,250,000 to verify taxpayer identities and curtail fraud. Read the rest

Turns out that the total number of people whose lives Equifax ruined by doxing them and then dumping all their most sensitive personal and financial data is 145,500,000, not 143,000,000. The company's new CEO apologized for the misunderstanding, and persisted in calling the people his company destroyed "customers" despite the fact that the vast majority of them were not Equifax customers, just random people whom Equifax compiled massive dossiers on, and then lost control over. Read the rest

Donald Trump is running a national-scale voter-suppression effort, billed as a "Voter Fraud Commission," whose first act was to illegally demand that state election officials dox every registered voter by sending their lifelong voter records to the White House. Read the rest

In the wake of CNN threatening to out a critic if he does not limit his speech in the future, former federal prosecutor and First Amendment champion Ken White has published an eminently sensible post about the incoherence of the present moment's views on free speech, and on the way that partisanship causes us to apply a double standard that excuses "our bunch" and damns the "other side." Read the rest

A Utah State House of Representatives bill would outlaw doxing—publishing someone's private info with the intent to facilitate harassment—but the EFF says the planned law's language is so broad it would target free speech.

At fault, Sam Machkovech reports, is the fact that the law doesn't clearly define its terms.

[Lead sponsor State Representative David E.] Lifferth's suggested amendment, on the other hand, offers no such specific, harassment-minded qualifiers in regard to "personal identifying information." The legislation as written would punish citizens for posting a laundry list of information about anyone if a court determined there was intent to annoy, alarm, or offend them, including names, birthdays, phone numbers, place of employment, photographs, or other realistic likenesses. The penalty for first-time offenders would be a class B misdemeanor, punishable by up to six months in jail and a maximum $1,000 fine.

Among other things, such legislation might limit citizens' ability to hold public officials and other influential members of society accountable for their actions.

Lifferth has promised to fix the bill's language. Read the rest