It's definitely worth taking the time to set up a credit freeze with the three big agencies (Experian, TransUnion, Equifax). Initially setting it up is a pain in the butt and is rage-inducing, as you have to provide a bunch of personal data when the whole problem in the first place is that they're careless with your data.
However, once you've got it set up, it's very easy to freeze and unfreeze them. Just keep all the URLs, usernames, and passwords in a secure note somewhere, and any time you need to apply for credit, unfreeze them for a day or a week.
I used to have all sorts of identity theft problems (people taking out credit in my name) but freezing my credit has solved it.
As a long time freeze user, it seems literally every time I go to unfreeze the process has changed at one of them and it can't be unlocked with the username +password I setup. The last time was because I didn't log in for 3 years, meant that the account was locked without a bunch of additional validation. Sometimes the validation is just knowing the usual historical address/etc info they ask when you initially set it up (which seems insecure itself), or its more involved.
So, give it time, when you least expect it, they will take 60 days to validate something about your account before allowing you to unfreeze it.
This is my experience as well. Saving a username and password almost feels like it's worthless with these cretins. And then the dark patterns to upsell you on garbage hiding the actual unfreeze/thaw button.
It is pretty wild that people can take out credit in your name without the issuer of the credit doing their dd, and then it causes you trouble afterwards. They should be fined massively for every time that this happens.
It was never more than marketing for "identity theft protection". When you put it like that, it starts to sound an awful lot like paying a protection racket doesn't it?
That's ancillary; the biggest thing is offloading liability that would sensibly lie with the institution that lent money to a fictitious version of you.
Before I actually had kids was the first .com bust... I was unemployed as were many in bay area and I filed for unemployment or medical (i cant recall now) but I was told that I was ineligible for benefits because I had a bunch of unpaid child support and other debts in Los Angeles... (never lived there, no kids at time, avoid LA all my life)
It took me months to prove that I wasa childless, 20-something dork in bay area...
My nephew is now 20. When he was 5 we gifted him some cash in a savings account (to teach him about money stuff). We were immediately served notice that he was overdue on two mortgages. It took three years to get that straightened out (and find out that his ss# was already compromised).
What a mess. What kind of an agency would see the ss#for a literal child and just think, yep, this is fine.
LexisNexis Risk reported two inaccurate judgements in my risk report, preventing me from getting a mortgage in my name for almost a decade. It was finally settled in a class action, and I received a check for $625. I wish a terrible time to the individuals who were directly involved at LexisNexis, because someone, somewhere decided to just not care about their data hygiene because there was no incentive to.
I mean that's really what it comes down to, isn't it? The incentives. Why should any of them care? They make thousands of errors with regularity that cause millions of consumers endless hours of agony trying to get jobs, trying to buy homes, trying to buy cars, but like, we can't not use them. In my entire long life I have never once done business with Equifax, Experian, and TransUnion. Yet each of them have an entire drawer's worth of data on me, all of which is stored incredibly insecurely, is rife with errors, and the only time I really hear from them is when they've once again screwed something up and have dropped it in my lap like a cat showing up with a dead bird: "Heads up, you gotta handle this."
Like, name one thing they actually do right. Literally anything. I challenge anyone who reads this to name a single bad thing that would happen if all these leech companies got Thanos-snapped out of the universe tomorrow.
Banks would have to find an alternative. And that's a vacuum which could be filled with worse actors. I keep close tabs with all 3 bureaus because that's the reality we live in.
That's awful. I assume you didn't remove yourself from the class action, because you didn't have or want to invest the time and resources into suing them yourself? $625 is a laughable amount of money for the amount of bullshit they put you through.
Your assumption is correct. Time is non renewable and I instead focus on higher leverage efforts, such as donating my time to Congressional representatives and federal regulators who craft legislation or attempt enforcement actions (respectively). Do things that scale and all that jazz.
Sounds kinda similar to a former coworker ~2 decades ago. Tried to get a mortgage, rejected, he obtained his credit file...and ~80% of the stuff in "his" credit report was for similar-named people (mostly living in the same part of the U.S.). Report said that he had purchased a house at age 5, based on the well-paid job he got at Ford Motor Co. at age 4, etc., etc.
It's pretty much impossible to get your free annual credit report these days. It used to be relatively painless, but now you get slammed with ads for credit monitoring or whatever useless products. Or, the website just doesn't work, redirect to a page telling you to send a letter to some rando PO box.
I used to get my free credit report every year, but I stopped, which I'm sure is exactly what these scumbags want.
Which website (AnnualCreditReport.com? or the three bureaux' own sites? or some other third-party website (which?)) and what do you mean "the website" just doesn't work?
Be aware there are tons of unaffiliated copycat websites claiming to be the official one and just want to serve you ads; don't use them.
IME AnnualCreditReport.com was easy-to-use and never sends ads. It sounds like you were tricked into using something else. If you genuinely had an issue with AnnualCreditReport.com (unlikely), please do tell the FTC:
https://consumer.ftc.gov/articles/free-credit-reports
So that was 15 years ago when these mortgages were taken out in his name? Placing it between 2007 and 2008.
That's basically right at the inflection point when the housing market had gotten out of control and started crashing down. This was caused because anyone could get a mortgage, regardless of whether they could afford it or who they were. The banks were accused of doing zero due diligence. In some cases no income verification, no identity verification, no job verification, etc.. You could take a mortgage out in your dogs name, and also apparently a 5 year old's name too.
I like to think that the system is better now, but that's probably a fantasy.
I have a very common name and some guy 20-30 years older than me had past due child support. I also have no kids. This was my first house purchase so I was completely ignorant of the process. What blew my mind is that before verifying whether or not that was me, they informed the sellers of it. I forget the process I went through to prove it wasn't me, I probably just showed them the guys age vs mine or something. That was wild though, like, the sellers could've just cancelled the sale right there if they didn't want to sell to a supposedly deadbeat dad. I couldn't believe they informed the sellers.
Buying a house is awful. Telling someone all of my finances and everything else when I already have an approved mortgage. Ugh. I did have a worse experience SELLING that house though, if you can imagine.
What a miserable process. Worst thing is that these functions will increasingly be black boxes. You'll just get a negative result from the seller or buyer or landlord or bank and have no recourse. And that's especially unfair when we're talking about something as vital as shelter for decent citizens.
Let me rephrase it so the meaning of what you just said impregnate my mind: you were denier money because their records showed you badly needed it. Sound to me the credit agencies aren't the only evil.
Agreed. It is astounding to me that a private company can accuse me of a crime with no proof that I did it, and then the government will enforce that without question. You would think they would need fingerprints or something to prove that a particular person did something.
They're not accusing you of a crime, though. They're pinning debt on you. It's not just a pedantic difference either, because it means it falls under an entirely different body of law for assumption of liability.
It's a major concern. When someone steals your identity, they can incur debts, commit crimes, and manipulate data under your name. Victims often spend extensive time and energy clearing up the aftermath. While it seems counterintuitive, banks and institutions usually hold you liable until you can definitively prove the activity wasn't yours. Essentially, in the realm of identity theft, it's often 'guilty until proven innocent' rather than the other way around
Sure I can guess that too. I haven't ever seen anyone with problems though. Does it really happen? Given that nearly every SSN and address has leaked you'd think it would be everywhere.
I had this experience after the Equifax hack a while ago when something like 100M+ people's info was stolen. Until I froze my credit I was getting phone calls every few days asking if I had _really_ tried to open some line of credit I had never heard of. The people calling me explained that ever since the Equifax hack they had to do a bunch more due diligence because all they were getting was fraud. No lines of credit were successfully opened in my name, and the issue stopped completely once I froze all my credit.
I think the lesson is when bad stuff happens you really don't want to be in the small minority of people who it is happening to. Once it's happening to everyone then the problem actually gets solved.
In the Southern District of Florida, United States of America:
But then she was charged in the United States with offences including trademark infringement, and was told to pay damages of $US1.2 million ($1.8 million).
Her 'bogo-debt' can still be sold for cents on the dollar to local (Australian) collecters who might haress her, future vacations to US STeates and Territories are now ill advised, etc.
That's odd, I'm in Pennsylvania and have had multiple fraudulent purchases with my accounts over the years. Every single time, the bank put the money back in my account within days and I never heard anything more about it.
Obligatory rant against the "Identity Theft" deception promoted by banks.
The victims of fraud in these cases are the banks, not you.
You still have your identity. The banks/creditors gave their money (not yours) to a criminal through their own neglect.
It's an unconscionable fantasy that you as an individual are the victim in these situations when you had no involvement whatsoever.
Laws need to be updated to reflect this reality. Banks will continue to act haphazardly so long as they are allowed to pass the bill for their own carelessness onto innocent people.
Awareness should be spread by disavowing the entire "identity theft" deceit any time it comes up in a public forum.
Fraud. It's called fraud. Someone is defrauding the bank. The bank is the victim. However, the person whose identity was referenced by the criminal has nothing to do with the interaction. The criminal did not steal an identity. They stole money from a bank through fraud.
That term was already coined as a synonym. I wonder which form of fraud does not involve some kind of misrepresentation though. What makes it notable that a person who actually exists is being used as the conman's fictitious identity if we aren't interested in somehow offloading the risk to that person? Presumably this happened before the 1960s when it began to be called "identity theft" (and if you look at an ngram the term really only comes to be widely used in the mid-to-late 90s).
You build up a reputation for being a reliable borrower of debts or a good/clean societal record and someone steals that identity to abuse it and leave you with the baggage. You report "Identity Theft" to regain that identity and reputation, not on behalf of the money banks lost to fraudsters, hence the name.
There are plenty of things wrong with the current credit identity system, the name of identity theft is either not one of them at all or near the bottom of the list.
This is exactly the fantasy that we need to dispel, not rationalize.
Nobody steals your identity. You always have your identity, and nobody else ever does. Your identity is not the few pieces of trivia a criminal can easily discover about you.
The criminal never takes or has your identity. The bank is simply neglecting to correctly identify someone.
> steals that identity to abuse it
Criminals are not abusing your identity, they are abusing the banks' careless failure to correctly identify people.
> to abuse it and leave you with the baggage
The criminal is not leaving you with the baggage, the bank is. They use willfully inept processes, because they have tricked you into believing you should bear the responsibility for the consequences of their own hubris.
I mostly agree with you that banks are hiding their victim status but I think your framing is too intense. The magical idea of identity as an intangible self isn’t helpful.
It is bank fraud and imitation with the intent to abuse the reputation of the person imitated. It should be illegal to imitate you when it negatively hurts you. It’s illegal to imitate police and doctors etc because it uses their reputations for fraudulent means. This is the same thing.
Banks are the financially defrauded victims in this situation, but the victims are also individuals because banks passed the reputational risk of fraud to the customers. If your credit score is hurt and you need to hire lawyers to fix it or you get denied for a mortgage (or just a good rate), you’ve experienced tangible harm.
Banks know they experience harm here. They plan for it. It’s baked into the prices and financial statements. Read the essays by Patrick McKenzie, he’ll argue that fraud is intentionally tolerated. They know that the consumer won’t be expected pay once the fraud is discovered. That’s not their goal, and they’re not being deceitful here.
You can argue if this system is overall good or bad, but it almost certainly has led to cheaper credit for everyone. Outsourcing credit worthiness to a magic national number (or 3) is cheaper than every credit union assessing risk themselves, with less knowledge.
> the victims are also individuals because banks passed the reputational risk of fraud to the customers
In that case I am not a victim of the fraudster, I am a victim of the bank.
The banks do not have sufficient incentive to improve their identification methods, so long as we tolerate the concept that we bear any responsibility for a transaction that involves only themselves and a fraudster who knows the answers to a few trivia questions about me.
That's not a good analogy. If those people believe the fraudster and give them something.. I'm not liable for whatever they gave that person. You're leaving out the most important part. Avoiding != Requiring something.
> The banks do not have sufficient incentive to improve their identification methods
On the contrary, they stand to risk 100% of the loaned money. What more could be at risk. Also the fair credit reporting act has pretty strict requirements for what a bank or credit agency should do when you’ve told them the debt is fraudulent, returning you to whole eventual.
What would be required to fix false identity frauds? Is that more or less tolerable for society than X% of people dealing with a stolen identity. What about people who have some problematic history (ran away from home, prior homeless, etc)? How would strict requirements impact them?
Really I guess my question. Oxygen_crisis, why do you believe identity theft is actually a problem that needs solving?
> It is bank fraud and imitation with the intent to abuse the reputation of the person imitated. It should be illegal to imitate you when it negatively hurts you.
I think the argument is that the hurt is generated by the bank. Why isn't it the bank's responsibility to have their shit together and not do that?
You are not wrong at all. There is a certain level of fraud tolerated by banks so that they can more easily make loans to people. It's the classic security vs. convenience trade-off.
Two big problems are:
1. If you happen to be one of the victims of the fraud, it hurts!
Sometimes a lot! A lot more than it hurts the bank.
2. If you don't like the level of (in)security that the banks have chosen, what other options do you have? Right now I don't know, I think maybe Bitcoin is your best bet?
Even if I pretend for a minute to seriously believe Bitcoin is less susceptible to fraud, using a different financial product doesn't help since the entire fraud takes place without your participation in many cases. They can just as well open credit lines with banks you don't use as ones you do.
I don't see how bitcoin changes much, other than you have to convince CoinBase that it wasn't your identity. Bitcoin specifically tries to avoid being tied to identity.
It might generate even cheaper credit if the banks were allowed to randomly seize your assets whenever they felt like it with no justification whatever, so long as you weren't one of the unlucky targets.
There seem to be stories in these comments that leave consumers as victims without there being any intentional imitation. e.g., the five year old child getting mortgage payment demands. Or the person struggling to get a mortgage because of someone else with the same name but different age.
Having your identity stolen and having your identity permanently removed are not identical actions. If I use a keylogger to grab your passwords and impersonate you in emails, forums, and so on then your identity is stolen, it's in use by someone else instead of you without consent for a period of time. This does not mean your identity has been removed from you permanently. This also does not mean your identity was always in your control just because the sites should have done more verification to see if it was you. It was still stolen but the fraud wasn't caught, and the lost money due to fraud falls between the criminal and 3rd party regardless independent of your identity being fraudulently used. Keep in mind that's how it is today, if your identity is stolen it is already the bank that eats the loss due to fraudulent lending.
If you still disagree please try to make an argument without mentioning banks. Identity theft covers a lot more than banking fraud so the explanation shouldn't explain how you want the term to be changed to something which focuses solely on banks.
The processes in place do suck. That has nothing to do with the name of the crime though.
If you still disagree please try to make an argument without mentioning banks.
I don't think it's possible to avoid mentioning the banks. They are the ones committing the harm against you.
They are a stand-in for numerous other institutions who abuse you. You can take the name "bank" to mean any organization who is defrauded, and then abuses you to obtain repayment for that fraud.
I think it's important to recognize that this is a two-step process. The middle-man in this procedure is crucial, because they are the ones with a lot of power to use the legal system against you. If they were somebody other than a bank or other significant corporation, you'd be able to say, "No, I'm not the John Smith you gave money to. Go away and find that person." The imbalance makes it necessary to define the argument in terms of banks and similar institutions.
Criminal identity theft is one class of examples. An example scenario from this class is someone passes your identifiers off as theirs while committing a crime. Nobody was defrauded, no money exchanged, but you'll still want to report identity theft.
Claiming identity theft is precisely the process to notify the bank (or others) they cannot legally abuse you to get repayment for that fraud or you are not responsible for those crimes or whatever occured on your behalf. Under identity theft laws they are responsible for the loss due to fraud, not you. The same as credit card companies. The legal system is used but as much by you saying "I didn't buy that house, clear my records and eat the losses" as by the bank initially saying "this person didn't pay their loan". To not involve the legal system by both parties just opens up an even worse can of worms of fraud.
One thing I do agree on is that anything that can reasonably be done to make the process easier on the victim of identity theft should be as the process is too hard on them right now. Probably more fines to most middlemen to increase the cost further beyond their losses. I just don't think changing the name of the crime has anything to do with that kind of improvement.
> If I use a keylogger to grab your passwords and impersonate you in emails, forums, and so on then your identity is stolen
This is actually a great example.
If you impersonate me in an e-mail and talk someone into sending a thousand dollars they owed me into some strange account, a reasonable victim isn't going to come to me and say "we're square now, because I paid that fraudster's account what I owed you."
Instead they should admit they made a mistake in assuming it was me based on suspiciously inadequate information and pursue the fraudster if they want their money back.
Identity can’t be stolen. You can be impersonated. I think the point they’re making is that it’s not the victims fault if someone is impersonating them. I would agree. It makes zero sense for the victim of impersonation to be held accountable in any way for the actions of the criminal.
There is just more than a singular definition of identity in English and one of them can't be stolen while several others can. Impersonation is one way of stealing one of those definitions identity theft refers to. This doesn't mean the definition of identity is simultaneously violated.
The victim of impersonation isn't held accountable for the action of the criminal, particularly with banks. That's precisely what identity theft laws protect. I'm in favor of making that process even easier for the victim wherever possible but changing the name is not that.
> identity, noun, The condition of being a certain person or thing.
Someone who steals my passwords can impersonate me, they can not become me. Someone who tricks people into thinking they are me is still not me. An account is not an identity.
My online accounts are not me, and I am not my online accounts.
If it's open to interpretation, you're choosing the worst interpretation.
How this is interpreted is the primary problem that needs to be solved in order to legislate the issue, and from the interpretations you're supporting, it seems you're firmly on the side of the parties failing to identify fraudsters correctly, versus the innocent individuals.
"Worst interpretation" isn't about matter of preference on which interpretation is moral rather intentionally choosing the least supportive definition as proof the phrase is a misnomer. Ignoring the Cambridge one, which seems to be post phrase, definitions like "sameness of essential or generic character in different instances" are very stealable things, even if another definition is not.
As I've stated I'm in favor of the individuals. When doing so, I like to stick to factual and logical reasons why instead of insist the root of the problem is the chosen definition of "identity" does not match my preferred one. The root of the problem is the current process for dealing with identity theft is more burdensome than it needs to be on individuals. If you change the name it's still too burdensome because, outside of you, everyone already interprets "identity" to mean what it should in this case. That the process is bad is not proof the interpretation of the phrase is bad and needs to be fixed, it's proof the process is bad and needs to be fixed.
Just because someone disagrees with one component of your stance does not mean they automatically agree with all opposing positions that followed from it.
"Identity provider" in technology is something that should be disavowed heavily, too. Identity is hard to define, but it's definitely not something that should be provided, unless we're talking about assuming others' identities.
Giving up ownership of our own identities led to very harmful results.
You're confusing two concepts that share a word: Your identity in the sense of self worth and personal ideals, and other people's view of you, your identity to them - Their interpretation of the former, to some extent, but also their judgements on your trustworthiness.
It's the latter that's being stolen. It's a crime against both you and your friends and creditors.
> Q. Can I opt out of pre-approved offers based on NCTUE data?
> A. Yes. NCTUE provides information to companies that provide consumers with pre-approved offers of credit. If you would like to Opt-Out and exclude NCTUE information about you from being used in lists provided to companies that make pre-approved offers of credit (as provided in the Fair Credit Reporting Act), you may call us toll free at 1-888-327-4376.
> You may also submit your request via mail to NCTUE at the address below. Please include your name, address, Social Security number and date of birth in your request.
I wonder which is worse: not setting up a freeze and risk being the victim of identity theft, or setting up a freeze by submitting your info and risk having it stolen from NCTUE?
I really don’t remember. But I kept getting people creating different accounts that I wouldnt know about until it went to collections and dinged my credit. Took me a couple years to finally get it locked down. After 5ish police reports and ftc identity theft reports that all these energy/cell phone companies require for you to dispute.
It’s maddening that these companies give out service with wrong variations of my name and no ID but then want me to jump through hours of hoops to get it removed from collections.
Luckily I got it all resolved prior to rates shooting up so I was able to refi at all time low rates or this would have cost me a lot of money.
Yes, still worthwhile. The bureaus collect all sorts of information and attach it to you regardless of whether the information is even correctly attributed. A freeze might prevent some of that nonsense.
I had a difficult time getting loans to go to college many years ago. Come to find out my credit was through the floor due to all 3 agencies misattributing dozens of pages of bad loans to me starting when I was only a toddler. The middle initials & socials were 1 character off each, but it all still went to my name.
Unfortunately I didn't have the knowledge to freeze my credit when I was 3 years old - my fault, I should have known I would later suffer the consequences of my inaction.
You have to be the dumbest toddler I have ever met!
-
We need a financial revolution (which is what OWS was all about -- and you know how they responded to that - especially in SFO.... "people are mad at the FED!, so must remove all planter boxes in front of the SF FED and install giant granite bollards and update our lifting stop gate at the entrance - and we have to get our fed workers to stop bragging about their $30,000 a month bonuses loudly on BART (yes this is an actual thing)
Issue isn’t if you have debt or not. Credit rating agencies start tracking very early, and what they’ll track for you is basically “no data/low credit score.”
That doesn’t mean you’re not in the system, or more importantly - doesn’t mean qn attacker can’t take out debt in your name.
A freeze is the only thing that stops this for you and your kids. I hate that it works this way but such is life.
That's a really good question that I don't know the answer to. I would guess that they have a file on you somehow – Utility bills? Landlords checking your credit? But I'm not confident enough to know what would be the best thing to do in that scenario.
Somebody using your social security number and other information would be able to apply for credit. As soon as they do that, the bureau(s) called by the lender would have a file on "you".
The federal government requires that all three major bureaus (Experian, Equifax, TransUnion) provide you one credit report each per year, for free. You can request it here, the official source for these mandated free reports:
First, you should take this quiz by telling "us" your mother's maiden name, the name of the street you grew up on, your elementary school's name, the name of your first grade teacher, the name of your first pet, the make/model of your first car, and to help make sure we know it's you, please enter your SSN# which also helps keep all of this info from being confused with someone else. After all of that, please, continue to avoid taking on any debt. We will relieve you of that burden
Have you paid a utility bill? Signed up for a utility account? Had a credit check run for an apartment for made payments on a lease? You are probably in the system. Learn to play it before it plays you.
It doesn't matter that you don't take on debt. The point is to protect yourself from unscrupulous individuals who want you to take on debt on their behalf.
Hmm, given the average age of a millenial is ~33 the statistic and the claim (exaggerated as it is) don't necessarily need to be totally out of alignment.
The primary problem with this claim as it usually presented is that it tends to ignore that earlier generations did not go from kindergarten to home ownership in a year: you grow up with your parents' generation's condition as "normal" when it actually represents 30-50 years of "accumulation".
So yeah, 10 years ago, very, very few millenials owned a home. But that was true for 23 year old boomers too.
Out of my international circle of friends between twenty five and forty, only one outright owns their own house. And they have a high paying internal software development job for a big European company. The rest of us either split rent or live with family. Those of us in said circle living in the U.S. will likely never own houses because of what ChrismarshallNY below stated: The few places that aren't McMansions and aren't in HOA developments and thus are actually affordable are being bought by massive investment firms and flipped into being duplexes for rental.
Even the trailer parks aren't safe, as the companies buy them from the owners, evict all the tenants living in their own houses, and then develop the land into more unaffordable HOA clone mega houses, luxury apartments, or McMansions. Near where I live six of the eight trailer parks have disappeared in the last four years and have been turned into two separate campgrounds, a car wash, a dirt parking lot waiting to be redeveloped, a warehouse, and a new luxury senior apartment complex, with intent to redevelop the others into retail or housing shortly. There's been a spike in homelessness because the people living in these trailer homes couldn't afford to move their houses and didn't have anywhere left to go even if they could.
1. just ignore it, on the basis that the statistical data collected by many private organizations and the federal government say that it is incorrect.
2. as much as I hate quoting Bezos, he does have a good line about how, if anecdotes and data don't align, there's probably something wrong with the way the data is being measured and/or collected.
3. Accept that the data is correct, and that this sort of anecdotal reporting is also correct, but represents conditions that were also the case for previous generations yet somehow never became part of the zeitgeist.
I don't know which to choose. Maybe there are others.
If you don't think these rental investment corporations are a problem, then I won't gainsay that. I just have some local IRL experience in the matter, and have seen it discussed.
I'm not in a debate. I made an offhand comment, which was not unique to me (it has been bandied about in popular culture for quite some time), you called it "false," in a fairly harsh manner, and I didn't attack back, because I like to behave myself, here.
If my offhand comment offended you, then I am sincerely sorry, and you have my apology, but it won't change the way I think or interact, and I'll likely offend again. I'm a decent person, and don't mean to offend, but I also have the approach I have, and some people find it offensive. I'm not sure why, because no one ever takes the time to explain. They just attack. I've learned not to attack back, and make my best guess at what their problem was. Given that data (my guess), I may (or may not) choose to modify my approach in future interactions.
In the aggregate, I yam what I yam, and some folks like it, and some folks don’t. Seems most folks find me easy to get along with.
You made a remark about millenial home ownership that, according to data collected by the relevant agencies, doesn't appear to be correct.
I just pointed out that millenial home ownership is only a little behind the age-adjusted levels for the last 4 "generations".
I think this is important - if the data is correct, then it's essentially a myth that millenials have no access to home ownership, and there's a certain kind of psycho-social danger to this idea being believed (particularly among millenials).
It is of course possible that the data is incorrect, or misleading, and I'm interested in that possibility, because the "story" about millenials and home ownership is widespread, and perhaps we should be alert to the idea that the data is not representing reality correctly.
Then you mentioned corporate residential real estate investment, which I certainly agree is a problem, but that seems orthogonal to the basic question of whether or not millenials do or do not own housing at roughly the same level as prior generations. I wondered if you saw some specific reason to mention it. If it were true that they do not, then certainly corporate RE investment could be a part of the reason. But it appears that in broad terms, they do, and so although it would be nice to end corporate RE investment somehow, it doesn't seem to be a particularly large problem.
It's worse for renters. Any arbitrary thing could cause them to be denied for a rental. Good luck fishing out what that is at each rental company/landlord.
I don't plan on ever getting a mortgage. I am extremely debt averse, I'd rather live frugally than essentially being a slave to the bank/creditor for years.
Do you have a credit card? That is technically debt.
If someone has your information, they can open a credit card under your name and max it out. Or even more common, they’ll get a car loan under your name. Since loans are furnished at the end of the day, they’ll often get 2 or 3 car loans in the same day.
Like FB, LinkedIn etc the credit bureaux maintain a file on everyone they come across. So they likely have a file on you regardless.
In addition, in the US these files are used for other purposes than taking out a loan, for example renting an apartment, for some jobs, etc.
I recommend building up a credit history even if you don't need it now. You might later. There are plenty of articles on the web about how to start, basically getting a credit card (perhaps secured) and slowly building up your credit.
I am lucky enough to be a cash buyer. I tried to rent a house for a year a few months ago but my credit rating was not good enough. I have a couple of credit cards which I pay off every month (so good, my credit utilization is low) but by the rating companys' POV there wasn't enough to go on: not enough accounts, and no accounts apart from the CCs: no mortgage, no car payments etc. The fact that I'm a homeowner doesn't appear in the report.
Note that Experian runs their own protection racket called “Credit Lock” that is different from a freeze. It costs money. The freeze doesn’t cost money only because congress mandated that it be free. That’s right, these fuckwits are so irresponsible and greedy that congress actually got off their sorry asses and made a tiny piece of legislation that actually protects consumers.
Save you a click: the secret weapon is paying a criminal on a Telegram group $15 to dox someone. The article is mostly about where the doxxing services are getting their data, which changes. TransUnion's TLOxp is a popular service right now.
Wait, you mean the data that any random company can access when I apply for a credit card or job is also available to other people with money but don't care if I agree to it first?
From the article... TU (and the other credit bureaus) decided your PII can be sold without much regulation. Despite laws that require credit reports to have tighter controls. They just say "it's not a credit report; it's just PII" and poof they're magically in the clear.
Because PIs are nominally regulated. It's a popular career with ex-cops who have investigative skills but are over the physical danger aspect of dealing with crime.
No, it is a real question. There is a consistent thread of bureaus selling to criminals. It's part of their revenue stream at this point. Doing anything that involved cutting back on this would threaten their profits.
I'm pretty confident that the parent is using sarcasm and fake surprise to illustrate how the point should be rather obvious that just any old person can get a credit report on another person because in reality the credit companies wouldn't have the capacity to validate the credentials of someone requesting the data without creating other significant disturbances such as making it nearly impossible to start a company. But this feels like a lot more words and doesn't actually convey as much as what you get when you have to internalize the rhetoric.
In text sarcasm generally works best when it is either appropriate for the setting or it is blatantly obvious. If one employs it otherwise then being treated seriously should be expected. When in doubt many will opt to treat it as genuine since reacting to a serious comment as if it were sarcasm comes across as condescending.
First, we notice the comment isn't an actual question, as there is nothing to actually be answered. This is a clear indication that its usage is therefore that of rhetoric. This is likely why they didn't respond, as there was nothing informative you could say unless you are significantly updating the premise which is being mocked.
Second, the diction and pattern of the sentence matches a commonly user sarcastic pattern of "wait, you're saying x but y?!" and the only thing missing is a surprised pikachu gif. It even does this at an abstracted level as it emphasizes the arbitrariness of the entity requesting the information. The pattern is up there with "I have a modest proposal" and I am having difficulties in even coming up with a more prominent pattern. There are several prominent memes built off of this.
Third, it involves additional flare to indicate a mocking of the obviousness of the claim made by the article which is summed by the parent. The comment is quite pejorative, with a clear disdain for the lack of accountability of the credit agencies.
As far as sarcastic comments go, this is about as blatant as one can get. Even my sarcastic addendum ("Is sarcasm dead?") is less obvious than the comment. Similarly the sarcasm you are employing is far less obvious. But none necessitate vocal inflections. I think your detector is defunct and you may wish to take it in for repairs or an upgrade.
I also disagree with your interpretation of when sarcasm works and I would suggest a different strategy. Your strategy will have a high false positive rate and teach you to misidentify sarcasm rather than learn to identify it. If a comment appears reactionary and condescending without a abundantly clear question to answer, either assume sarcasm or bad faith. In the latter case, one should not engage as you're only encouraging hostility. Simply downvote and move on. If you are wrong, you have just downvoted a sarcastic comment (which may not be adding too much to the conversation, as is the case here), which also sends a signal to the user that they need to work on their sarcasm or save it for other forums. You can take a middle case and hedge by saying "I think this is sarcasm, but if not..." This also goes with a different strategy of not responding if you don't have much to contribute. If you don't have a clear question to answer then the only reasonable responses are to ignore or ask for clarification, least you just create more noise. Internet conversations are well known to degrade easily and quickly.
We also should mention satire, as it is often employed. Satire's foundation is that of an alternative interpretation. The simple metric here is "would a reasonable person state this?" If there is any doubt to this, I suggest reading this document which describes the definition of satire while also making heavy use of it[0].
I mention that my addendum employs sarcasm, through exaggeration, but there is some real question to it, as lately I have seen severe identification even with the use of "modest proposals." Language itself is compression and if one is to take a literal interpretation of everything then you will be unable to accurately communicate and are likely to frequently enrage and annoy others. Due to the compressive nature, you will always be required to "read between the lines" otherwise even this sentence would be uninterpretable.
Translation: "I think I'm better than you for being better able to detect sarcasm, and, as the better being, I think you should adapt to me rather than I to you. I believe that I will always be a perfect sarcasm detector, and immune to any akwardness or embarrassment from miscommunication. If lesser people are confused, I don't care."
>The simple metric here is "would a reasonable person state this?"
You're saying there's universal agreement over the set of statements that are considered reasonable? Check out /r/PoesLaw.
Oops, I mean: Yes, because there's universal agreement over the set of statements that are considered reasonable.
Oh, and in a parallel thread, a error I'm sure you would never make /s:
> First, we notice the comment isn't an actual question, as there is nothing to actually be answered.
You noticed. My answer got 11 upvotes so far, so I think it was far from obvious without a careful reading, which I did not give it.
> This is a clear indication that its usage is therefore that of rhetoric.
Rhetoric is the art of writing or speaking effectively. It does not mean 'a questions which does not require an answer', which is a type of rhetorical device, but certainly not 'rhetoric'. I wouldn't bother mentioning this except you started the lecturing so I am proceeding in kind.
> This is likely why they didn't respond, as there was nothing informative you could say unless you are significantly updating the premise which is being mocked.
I don't try to ascertain the motives of people's non-responses. Guessing one option out of infinity seems like a losing game if you do it consistently.
> Second, the diction and pattern of the sentence matches a commonly user sarcastic pattern of "wait, you're saying x but y?!"
Sorry that I am not as up to date on meme phrasing as you are. Or maybe you are retrofitting a pattern after you already established it?
> As far as sarcastic comments go, this is about as blatant as one can get.
After re-reading it carefully, you may be correct.
> Even my sarcastic addendum ("Is sarcasm dead?") is less obvious than the comment.
You wrote 'honest question'. That is not sarcasm, not even a little bit. If you intended it to be, then I will absolutely call you a liar for using that terminology because some things should be taken literally and 'an honest question' is one of them. Like the 'biohazard' sign, it should never be used improperly, and if you are trying to press it into use as a non-literal phrasing, then I call you out and ask you to cease and desist.
> Similarly the sarcasm you are employing is far less obvious.
I have employed zero sarcasm in any of this correspondense. Perhaps your meter is faulty?
> I also disagree with your interpretation of when sarcasm works and I would suggest a different strategy.
Cool. I don't care.
> Language itself is compression and if one is to take a literal interpretation of everything then you will be unable to accurately communicate and are likely to frequently enrage and annoy others. Due to the compressive nature, you will always be required to "read between the lines" otherwise even this sentence would be uninterpretable.
And we must also account for non-perfect readings. The compressive nature of language means you are not reading every letter and every word all the time, you are fitting patterns and using previous experience to match them to correlations. This is an imperfect process. If your writing style cannot account for misreadings then I argue that you are doing it wrong.
Your pandering lecture has been noted and discarded.
TLOxp is the latest version of the game-changing technology that ushered in the science of data fusion
Who Uses TLOxp
Collections
TLOxp for Legal Professionals
General Counsel
TLOxp for Licensed Investigators
Financial Services
TLOxp for Insurance
Corporate Risk
Investigative Reporters
TLOxp for Law Enforcement
State, Local, and Federal Government
Asset Recovery and Repossession
Some of the "people finder" type websites have most of the data they mentioned for free. I assume they source it from the credit bureaus because it had the same mistakes that I sometimes get asked to confirm when a financial institution is trying to verify my identity.
It's good to google yourself a couple times/year and file a request for those sites to remove you. Most of them do it fairly quickly.
If you want to be more aggressive, you can pay a service like Kanary that Googles you, submits removal requests, and then does a deeper search across data brokers and people search sites and submits removal requests as well.
It's unfortunate, but useful if keeping your info off these sites is important for safety/security. We're advocating for the CFPB to tighten regulation so this isn't such a challenge for people (and companies).
If interested in the technical challenges of scaling this, we're also hiring.
Cool service and I hope you do well. Feedback: it's a little expensive for me. I'd pay about $50/year for a scan every 3 months. I know you want the ARR but I'd also pay $15/scan. Then you could have an opt-in reminder option to remind me again in 1/2/3/4/5/6/etc months.
good feedback ty - we'd like to test a lower cost tier. This is very helpful and common feedback from folks who don't need as intense support as our earliest adopters.
I feel like this is a dismissive response to the article, as if there were some sort of “gotcha” clickbait going on. I perceive it to have delivered exactly what the headline promised: Doxxing (and worse) for sale using lightly regulated lookup tools provided by credit bureaus.
Was there something that diminutives these claims?
Wrong approach. Person's identity and authentication should not be based on the immutable and public information like social security number, driver's license number, address history, etc. There are many ways such information can leak and when it does its stays there forever. We need a proper digital ID, certification and conflict resolution mechanisms. It would not be cheap but the alternatives are costlier in the long run.
Not sure. Here in Denmark we have a digital id called "MitId" (my id). It is used for all kinds of official stuff, from looking at your prescriptions to signing real estate deals. But not for posting comments on random websites etc.
We have something similar in the US, actually. It's a Federal standard that states have been asked (told) to adhere to called REAL ID [0]. Hysterically, it was conceived by and pushed by the Ministry of Peace.
100% possible technically, and some countries may have/may already have had success in this area. Sadly, at least according to our popular narrative, America was founded on the principle of extreme distrust of the government. Combine that with mass ignorance and a technological solution to these issues becomes impossible politically.
We only even have SSL because no governments needed to be convinced to approve of it, and the list of operating system and browser vendors is so short that it became possible to essentially self-organize a set of generally-trusted root certificates.
Agree re struggling with implementation.. Zero knowledge stuff seems impossible on the surface so explaining it to political folks is extremely difficult as I have first hand experience with. "Guaranteeing I've paid my taxes without revealing anything else about my finances" tends to get them to listen up long enough for me to explain it to them most of the time though.
Re govt distrust, not uniformly. As my older leftist friends remind me they grew up in a time were they thought anything was possible for their government to do, with enough protest they could get the civil rights act, the voting act, the infrastructure spending , etc with all their dreams on the horizon. Then a few people got a little too loud about ending poverty and other more ""radical"" progressive stuff and got killed for it. But it is possible, we've just been beat down for 50 years by neoliberal austerity politics.
Very interesting stuff re SSL. Any book recommendations you might have on the history of stuff like that? How security standards manifested and became adopted? from https to aes to pgp I vaguely know about all these things but would love to read more. I thoroughly enjoyed chip wars and master switch and stuff in that vein.
As I have taught my children: there are so many cameras around you are always being watched, or can be traced through cameras.
As for the "free internet", I told my kids it's already fucking dead.
In practice for recent bank and brokerage account opening they seem to have moved to take a pic of your passport and then take a selfie or vid of you holding said passport. Bit of a pain but quite hard to hack. Of course it doesn't work if you don't have a passport or comparable ID.
> “On the very rare occasion where we confirm misuse of TLOxp, we coordinate with law enforcement to help prosecute those responsible,” TransUnion added.
This is categorically false.
I've had transunion hand my entire credit report over to hackers who had nothing but public information, and transunion absolutely do not give a shit.
This is why someone who has a large stage should do it, like a journalist or a performer or a politician. They can't come after them without Streisand effecting it.
I bet if there were meaningful consequences for sloppy custody of data (i.e. fines large enough to hurt, as opposed to the "LOL whoopsie doopsie have some free credit monitoring" nonsense), credit bureaus would clean up their act. I do not anticipate this happening anytime soon.
Free credit monitoring for a year, then ato-renews at $89.99/yr after that. Oh, and to sign up for credit monitoring you have to share even more personal data with them, but they pinky promise not to lose it this time.
The GP would need to see if they have ever used any Transunion service. There is probably a click-wrap agreement that you can't sue for basically any reason. Maybe it will go to arbitration, where they won't do squat for regular people.
Transunion can't do shit about some Belarusian teenager stealing your identity any more than anybody can indict them for deploying ransomware on government networks. The framework for prosecution of international cybercrime does not exist.
Domestically, Transunion absolutely will shut down access to data furnishers who do not vet employees, in cases where an employee is bored and looking up their exes and random celebrities. It is a violation of the FCRA and subjects the bureau and the furnisher to fines. The bored employee scenario usually just results in termination but if there are other factors at play like identity theft/fraud, law enforcement absolutely gets involved.
This rogue employee scenario is the mechanic I'm guessing is being exploited here, only it seems crowdsourced to obfuscate attribution (so one person isn't making hundreds of fraudulent requests that gets them noticed).
This stuff happens at Equifax all the time too. People are always trying to look up Donald Trump, athletes and rappers in misguided attempts to see how much money they have or where they live. (Celebs have taken to getting around this by buying properties in relatives' names.)
I'm not sure what makes you think that, given you don't know any of the details involved.
In my case, TransUnion received credit checks for me with dates of birth 1 Jan, 2 Jan, 3 Jan, 4 Jan and so on until they hit upon my date of birth, then a credit account was opened that same day, then later in the day a third party credit monitoring agency accessed my credit report and they were allowed to pass 'knowledge based authentication' using their knowledge of that credit account.
I am completely sure TransUnion could have detected and foiled this incredibly obvious attack. I'm also completely sure they could have identified other victims of the same attackers and informed them, but they chose not to.
TransUnion also has full control over what authentication mechanism they use. On the extreme end, they could require a Yubikey to be used. However, they deem the hassle to implement better auth not to be worth it while it's users who carry the cost of TransUnion's inability to properly authenticate people.
They also see zero reason to spend even a dime on better security of processes when they saw that the entire company could be pwned and distributed on the dark web and you end up losing zero revenue, maybe a million bucks in a class action suit.
> I am completely sure TransUnion could have detected and foiled this incredibly obvious attack. I'm also completely sure they could have identified other victims of the same attackers and informed them, but they chose not to.
It's entirely possible that nobody at TransUnion knows how to achieve this given the state of their databases' and/or staff. For example, maybe their system was set up before constraints were a thing and they stopped development once it started printing money, so the only person "working" on it does light maintenance as a portion of their other duties.
They can but they don't. There being no framework for prosecution doesn't mean it's impossible to not hand out data to anybody that asks with minimal info provided.
That kind of unbounded massive privacy violation would result in million € fines (if not dozen or hundreds of millions) under GDPR law. And it was already not possible at scale in major European countries before GDPR. What permit it to happen in the USA at scale, is that the baseline of protections is so low compared to Europe. Depending on the state it is getting better, but there is still this culture about making massive files on everybody about everything and then selling them to anybody who ask and pay. Such databases are often forbidden in Europe to begin with because we think of what could happen if they are misused.
The notion that the fault would completely be on a "Belarusian teenager stealing your identity" and no responsibility whatsoever on people organising a system of massive private data collection in the first place, and then not even able to keep such data secure, is ludicrous. And even when you know that privacy invasion is attempted all the time you don't reach the conclusion that at the very least better securing the data would be needed, that task I'm not sure can be done by any "Belarusian teenager" - and that task has de-facto not be done by whoever is collecting and maintaining the private data that has leaked and is still leaking.
If they aren't responsible enough to handle the data, then they shouldn't have it in the first place. The end. Fine them out of existence if they hand over PII to random 3rd parties.
The criminal made a false request for credit report.
TU released the credit history without confirming ID.
The bank relied on that credit report to extend credit.
The problem is, as a whole, ruining the credit of a few thousand people/year (and making them jump through hoops to regain their ID) is less costly than clamping down. TU absolutely contributes to the problem; they just have no incentive to fix it.
Here is another thing I despise about these Credit Bureaus.
Ive walked into Commercial Real Estate brokerages where every single broker had a license to a credit bureau - with many of the junior brokers using it daily to look up real estate owners to call their mobile phones.
Obviously TLO knows theres no way a huge chunk of the CRE brokerage industry should be in their product on a daily basis if they were actually using a GLBA compliant use case... and they look the other way and find a way to monetize.
You really dont need to go digging in some dark corner of the internet to obtain this information... you can walk in through the front door
Just a reminder to never give private info to someone who calls you, even if they seem to have a lot of your private data already to "prove they are legit".
Always call back on a number you look up, not one that they give you.
Also, don't call from the same phone you received the call on, if on a landline. One time (I can't find the reference) scammers called from the bank, suggested the person called back to the number on their credit card. The person hung up, picked up, and the scammers had held the line, played a fake dial tone, and had someone else "pick up".
In USA telephones, unless you timetravel to "party lines" (when sets of local numbers had the same line, so picking up while a call was in use allowed people to listen or join in), hanging up any one end of a line disconnects the call the departing user from the call.
If the described scam happened, in should have required a simultaneous fault in the phone system. Or more likley, the scammer played a recorded sound of a disconnect+dialtone, which could tricker the target into dialing.
This is incorrect at least on Bell Atlantic's (and then Verizon's) network in the late 90s. Since there is no double-billing on landlines in the US, the person initiating the call is the only one that can immediately terminate a call to a landline. There's a timeout for the reverse direction, but it at least used to be fairly long.
Someone pulled a trick where they took advantage of this. Had a friend call and keep the line open. Then claim that you have the entire phone book memorized. To prove it, ask someone to name a random name, punch in 7 digits and hand it off to the person who named it. They ask for the name and your friend says "yes that's me" (or "they're not home now if the gender mismatches).
> There's a timeout for the reverse direction, but it at least used to be fairly long.
This brings up one of those cultural things: ever noticed how in movies and TV shows from the 80s and 90s, if the caller hung up, the person called immediately got a dial tone?
It's a trope that prop wranglers, set designers, and writers picked up because the telephone company around Los Angeles (Pacific Bell) had switches that would reset the line state for the destionation back to "ready for call", which meant dial tone, when the origin side disconnected. If the destination side disconnected, the origin would only be disconnected after approximately 20 seconds.
Almost all other exchanges would put the destination--after the origin disconnects--into an off-hook-but-not-ready and then, after 10 or so seconds, play the "if you'd like to make a call, please hang up and try again" recording, then Special Information Tones, then a rapid busy.
Yet because the service in and around LA is what a lot of people in the TV and movie business experienced, it is what got baked into those productions.
I was a rather violent sleeper when I was young and would occasionally knock the phone off the hook while sleeping. Then I woke up to the fairly loud rapid busy sound. Hadn't thought about that a while.
Interesting. I always assumed that the immediate dial tone after origin disconnected in movies & TV was for dramatic effect to let watchers know that the person hung up the phone.
Now that you mention it, I did vaguely used wonder why some phones took longer to hang up than others. Some, I would hear the receiver go onto its rest, and 'immediately' hear a dial tone. Some, it took a few seconds.
Related to what some other commenters pointed out…
- The delay did seem to get longer when call-waiting became avaliable in an area.
- Sometimes, right after pressing your own hook and then releasing it, I could not dial; I had to wait a couple seconds.
- I never used a system where you could hang up and have time to run to another extension, but I may have known a couple people who claimed they could? If so, I probably dismissed it as "weird".
- My direct experiences were with various regions of just three Bells, so another commenter's remarks about LA/PacBell were interesting.
The time required for a good hangup might vary a little bit from exchange to exchange. I recall occasionally being able to transfer to different handsets hanging up one before picking up the other. But not to the extent reported in some anecdotes where one end can hold the call open indefinitely.
This is definitely true. I remember being able to quickly press and release the hangup button on a single phone and if I was quick enough the other person would remain on the line. I don't recall exactly where the threshold was, but I believe it was around a half a second or so.
I remember being able to hang up the phone in one room, run to the next room, and pick up the phone and continue the conversation. My friends and I did this on several occasions.
This was in the Atlanta area, in the late 1980s.
IIRC, the originating party's on-hook will immediately disconnect the call, while if the receiving party goes on-hook, there is a short but significant delay before disconnect is finalized.
This may have something to do with service offerings such as call-waiting and 3-way, which depend on detecting a "flash" signal.
I believe that potential exploit only work(s|ed) in the UK telephone network, and maybe those of countries developed in parallel using similar technology. Either way, it is a zero-cost precaution so you might as well do it just in case.
They used to operate this way in the UK - the line would stay occupied until the call initiator hung up. We used to play with this when I was a kid, but I've not had a landline since early 2000s, so I've no idea if this survived the transition to digital exchanges. TBH I doubt it, and I know lots of people complained about it, because it was really annoying if someone who'd called you hadn't hung up properly as then you couldn't make any further calls yourself.
I do. My mom is terminally ill with cancer and most all of the caregivers, physical therapy, palliative care, pharmacy, oncologist, etc still use good old telephone calls to communicate. Sometimes it comes from a predictable number I can put in my contacts list, but not always. So I turned off the call blocking on my phone so I don't miss important calls.
I have a lot of medical appointments these days and it's a nightmare how many offices insist on communicating over the phone, calling from a different number than the original one I found. All phone calls must be considered personal attacks until proven otherwise.
My new insurance company cajoled me into "opting in" to their SMS spam for a $100 gift card, but evidently I didn't even need to consent to voice spam.
Thankfully, their CID is "Unknown/Unknown" and my spamblock sends it direct to voicemail.
I keep my phone on silent 24/7 except for the very rare occasions when I'm expecting a call I don't want to miss.
Sometimes I notice the screen when someone calls, otherwise I call back when I next notice the phone, usually within an hour. If they're busy then, I just send a message instead.
I used a paid app to block the whole entire area code my number is from because 99.999% of the spam calls I got were from there. The phone app is in the "Notification Jail" folder 3 pages deep on my phone.
Getting a call and being like "I don't use my phone for that." and ignoring it is a realistic description. Now it hardly ever rings, but it's still spam 85% of the time.
The reason it is relevant is because after the scammer gets your details, they call you and say they are they bank and need to verify some information, and then you trust them because they seem to have details that only the bank should have.
IMHO this is only going to get worse from here.
There are piles of data that simply have not been categorized because noone cared enough about it.
now a good llm will do that for you.
That whole industry needs to be banned. Courts should record loan defaults, and make that information available to creditors. Nothing else should be in the report.
Lenders already require independent verification of income and (for mortgages) monthly expenses.
The rest of the information that’s in your report and that is used to compute your credit score seems to be there to force people to get credit cards and to perpetuate systemic racism.
This stuff was apparent 20 years ago when PIs gave talks at hacker cons telling them all the legal ways you could get any information you ever wanted. If you Google around there are 500 online services (public companies, not hackers) to dig up private info for a small fee. I guess somebody just finally made a bot to make it easier.
Articles like this read to a hacker like an article that door locks aren't secure.
On a tangential note, slightly less than 20 years ago I got a phone call from an ex of a girl I was seeing at the time telling me to back off. All he had to go on was my name and what college I went to. I asked him how he got my number, he said he used a service like you're describing. This has never been particularly hard for someone who was determined.
I mean even whitepages.com surfaces and aggregates quite a bit of public data if you buy their $20 background check, and all you need is the person's phone number.
A lot of the deep web stuff has gone behind $20 or so paywalls so I haven't looked in a while. But, yeah, even 20 years ago it was obvious that by knowing very little about a person, especially if their name wasn't very common, you could find a huge amount of information about them.
Has anyone ever used that DeleteMe [1] service the article mentions? It's not very cheap, and I'm wondering the value or if anyone has any first hand 2 cents on using it?
I have not used DeleteMe, but I’ve used Optery [0], which does seem to at least reduce my information footprint.
Consumer Reports also provides a free service called Permission Slip [1] that auto-submits opt-out requests for a variety of retailers/services as well as data brokers.
It is difficult to tell how effective these services are, but if nothing else, I’d prefer to minimize my footprint as much as possible. I don’t think this does much to help with the credit bureaus, though.
is permission slip available as a service, vs an app?
forcing users to install apps, which can harvest much more personal data, seems sketchy to me, especially for a service that's supposed to understand that the user doesn't want that
I’ve only interacted through the app so I’m not sure if there’s a web interface. That said, the fact that this is a service by Consumer Reports carries some weight, and the privacy label in the App Store shows minimal information collected.
I haven’t combed through the privacy policy on their website, but the way I see it, I’m not worse off by sharing a few bits of data with CR, and as far as I can tell, they’re not doing obviously nefarious things.
I've been using it for a few years and am a happy customer. However - what deleteme does is remove you from "Spokeo"-type websites, it will do nothing to protect you against the issue in this article, which is people buying your data from the credit bureaus.
I think the concept of "Remove yourself from all major data broker websites for 1 year." is what worries me, like do they just resubmit your info once you stop paying? Do I just have to pay for this until forever? haha Or do you think you could get away with paying for a year, then again in like 5-10 years after you cancel the first year?
I wonder how often or how fast it would get back on there once it stops being removed? Maybe with the typical life events that trigger it? Buying a house, new drivers license, etc. etc.
Yes exactly. I don't know much about deleteme but I know a decent amount about the aggregation and reselling of data. Any time an event happens with some entity they will sell/contribute your information to a data aggregator which puts it everywhere. So if you buy a house or get a credit card or a loan, your info is back.
If you want to be horrified, use a different email address for each service. I have a domain that I configured to forward to me, so for example if I got a loan through Hacker News Home Loans, I'd give them email "hackernewshomeloans@example.com" . Doesn't work for everything, but it is a good eye opener.
> Submit personal information for removal from search engines.
This sounds very much like trusting a fox to guard the henhouse. When do they then do with the submitted personal information? Why should we trust that they will behave ethically with it? What happens if, and when, they have a data breach?
> This sounds very much like trusting a fox to guard the henhouse. When do they then do with the submitted personal information? Why should we trust that they will behave ethically with it? What happens if, and when, they have a data breach?
They have no incentive to behave incorrectly as all their business is based on trust.
> Does not factor out data breaches. And "our business is based on trust" also has the caveat of "for now". What if they're bought out?
Then nobody knows. "What if?" works for litterally anything anywhere and nobody can respond to all of them, so I’m not sure what you’re expecting here.
And offer a deleteme-like service with broad coverage and an affordable rate for removals and monitoring. We received a grant from YC for our work in 2019.
I had DeleteMe for a year. It was pretty good but for whatever reason "whitepages . com" would continue to publish all of my PII and even DeleteMe couldn't take care of it.
However, once you've got it set up, it's very easy to freeze and unfreeze them. Just keep all the URLs, usernames, and passwords in a secure note somewhere, and any time you need to apply for credit, unfreeze them for a day or a week.
I used to have all sorts of identity theft problems (people taking out credit in my name) but freezing my credit has solved it.
Experian: https://www.experian.com/freeze/center.html
TransUnion: https://www.transunion.com/credit-freeze
Equifax: https://www.equifax.com/personal/credit-report-services/cred...
I truly hate these companies but holding my nose and going through the process was worthwhile and I'd recommend it to anyone.