this post was submitted on 16 Aug 2024
28 points (96.7% liked)

privacy

3005 readers
7 users here now

Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.

Partners:

founded 2 years ago
MODERATORS
top 31 comments
sorted by: hot top controversial new old
[–] whotookkarl@lemmy.world 10 points 3 months ago* (last edited 3 months ago)

They aren't secret and never were meant to be. If you can't change it (biometrics, ssn, etc) it's not a password.

[–] Vieric@lemmy.world 7 points 3 months ago* (last edited 3 months ago) (2 children)

Yeah, the SSN system is the stupidest freaking thing ever for all the crap we use it for. but trying to implement a better system is met with cries of "GOVERNMENT OVERREACH, COMMUNISTS! OH GOD IN HEAVEN, MUH RIGHTS!!!1!". So....we haven't really done anything about it, and probably won't in my lifetime.

[–] chicken@lemmy.dbzer0.com 1 points 3 months ago (1 children)

It's unfortunate that SSN has come to be used as a form of proof of existence as a person, but I'm glad at least that more effective means of formally tracking and quantifying us have been successfully fought back. Banks, governments, service providers and employers having some friction and uncertainty in whether their database entry accurately corresponds to you is itself a valuable form of privacy.

I've been reading the book Seeing Like A State and I think it has some pretty good points about how civic legibility and record keeping is established as a tool of centralized control and can be a dangerous double edged sword.

[–] Zorque@lemmy.world 2 points 3 months ago

Any tool that is misused can be harmful, that doesn't mean you shouldn't use it. It just means you should regulate how it's used.

The tool is not the problem, the user is.

[–] viking@infosec.pub 0 points 3 months ago (1 children)

Why do those numbers even exist? In my country we got ID cards and passports, plus some tax identifier that is used for social security and tax payments by our employer into the accounts, and that's that. All that's required for actual identification is a valid ID (including passport as long as you have a recent address registration). Their numbers change every 10 years, or you could apply to have it replaced earlier.

[–] Drusas@fedia.io 3 points 3 months ago

SSN isn't even meant to be used to verify identity, really. It's just supposed to be used to track people paying into the social security system. Somehow it got tied up in identity verification even though all it is is some essentially random number.

[–] SmilingSolaris@lemmy.world 3 points 3 months ago (3 children)

Take your social security number. Change the last number by one. Congrats, you have stolen someones number.

It isn't secure or random in any way. Infact, by doing the above you will have the number of a person born probably in the same hospital as you.

[–] dingdongmetacarples@lemmy.world 1 points 3 months ago (1 children)

That's not true anymore. My kids have very different SSNs.

[–] TheFriar@lemm.ee 1 points 3 months ago

Are your kids twins?

[–] BCsven@lemmy.ca 0 points 3 months ago (1 children)

Is usa numbering just incremental? Canadian ones use a checksum type setup to determine if it is a valid SIN

[–] Atlas_@lemmy.world 1 points 3 months ago

There's some brackets based on area and similar https://www.ssa.gov/history/ssn/geocard.html

[–] joshhsoj1902@lemmy.ca 0 points 3 months ago (1 children)

Isn't it the address being leaked with it that makes this notable?

You can't add a number to a SSN and also add a number to the street address to then narrow down which full names are associated with that SSN to then possibly be able to use it.

I didn't think the number had any use on its own

[–] SmilingSolaris@lemmy.world 1 points 3 months ago (1 children)

The address does make it a lot more useful, but the point that I am making is simply that the number itself has never been secure, and this kinda failure was inevitable due to only needing slightly more info than the number itself. A number which itself is already partially identifying.

We shouldn't use social security numbers like we do.

[–] TropicalDingdong@lemmy.world 2 points 3 months ago

I mean it says right on the fucking card not to .

But some institutions insist.

[–] Corgisocks@programming.dev 2 points 3 months ago

There was another post or comment about this topic and a person posted a list of websites to freeze your credit. Does anyone know where that comment went?

[–] Mango@lemmy.world 2 points 3 months ago

Maybe we should use something better for identity, geez.

[–] sugar_in_your_tea@sh.itjust.works 2 points 3 months ago (4 children)

I'm pretty sure mine has been stolen a dozen times at this point. You should never assume your SSN is private information, but you should treat it as such to limit how many people have it.

The main issues here are:

  • applications for credit - freeze your credit at the major credit bureaus - Experian, Equifax, Transunion (bonus points for ARS and SageStream); make sure to unfreeze if you apply for a credit card or bank account though
  • impersonating - like applying for jobs and whatnot; this shouldn't directly impact you, and it's on the employer to make sure they know who they're employing
  • password resets - the best you can do is use MFA, though many services will allow resets with just personal information; I hope this changes, and some orgs are doing things to prevent abuse (e.g. Fidelity has voice recognition to cut down on support scams)

Honestly, we really need to stop using the SSN as identification.

[–] BearOfaTime@lemm.ee 2 points 3 months ago

And it even says so right on the card. 🤦🏼‍♂️

[–] Xanis@lemmy.world 1 points 3 months ago* (last edited 3 months ago) (1 children)

To further protect yourself, you can also:

  1. Formally request that large transactions through your bank be done with you present, in person. Ask if you can set a limit and only if done in person also temporarily lift that limit.

  2. Obtain a credit card. Either you fight to get your money back when fraud hits, or they fight to get their money back. You can guess which team is better staffed. I was procrastinating for ages getting one myself. Then another fraudulent transaction hit. Despite having a fair amount of knowledge in this realm and doing a solid amount of research independently AND reporting it immediately, it still took days to get money actually placed back into my account. AND THEN IT HAPPENED AGAIN with a brand new card within 30 days. Likely the shitty auto update service large organizations can subscribe to, or I got unlucky on a brute force attempt. Either way, a CC will save you this hassle.

  3. Bitwarden.

  4. Passwords only on your phone. No biometrics without a backup plan.

[–] sugar_in_your_tea@sh.itjust.works 1 points 3 months ago (1 children)

Yeah, I only use credit cards or cash these days, and leave my debit cards frozen/locked. The only time I would need my debit card is to use an ATM, and it's easy enough to login on my phone and unlock it. I've had several fraudulent charges on various cards, and so far it has been resolved with a short phone call and a reissue, and my replacements seem to come faster than new credit cards. The rewards are nice, but the purchase protections are the real reason I use them.

biometrics

Biometrics are really nice, and on newer phones, way more secure than a PIN. They're also local-only, so they're quite privacy-friendly.

But absolutely have a backup. I use a long PIN as my backup, and my bank lets me use a long PIN on my debit card as well, so I keep them the same (easier to remember that way). I use my fingerprint for pretty much everything, but I also have my phone reboot itself after a period of inactivity, which forces a PIN login (again, helps me remember it). Oh, and it's a random PIN, so not something anyone could guess (I'm a developer, so I used a small Python script: import random; ''.join(str(random.randint(9)) for _ in range(N)) where N is your desired length). I ran three of those and picked one.

And yeah, Bitwarden is fantastic. I apparently have >300 logins, and there's no way I'd be able to remember that many unique passwords.

[–] Xanis@lemmy.world 1 points 3 months ago

I got a NEW credit card faster than my bank was able to reissue and send me a replacement debit/credit. By like half the time.

I wasn't aware biometrics were more secure. My info is clearly out of date! Though I was also thinking of the forced unlocking of phones by, er...other people.

Police. I'm talking about the popo.

Good old Tasker should be able to handle the bulk of automating things like an auto-shutdown. Might still need to insert custom code BUT they have a community. A couple searches and verification that you're not being a dumbass and downloading something malicious and wham bam easy - or manually type it out. I dunno. Don't be big dumb.

Tasker ain't obsolete yet, dammit!

Remember, folks! NONE OF THIS MATTERS IF YOU GIVE UP YOUR CREDENTIALS JUST CAUSE SOMEONE CALLED AND SAID GRANDMA WAS INJURED IN A MOTORCYCLE ACCIDENT.

[–] stoy@lemmy.zip 1 points 3 months ago (2 children)

Wait, is the SSN used to verify a person's identity?

Why would a static key ever be used like that?

[–] BearOfaTime@lemm.ee 4 points 3 months ago (1 children)

It's not supposed to for anything but government. And it's not a key, it's an ID number. Not sure how else other than static you could do that.

It's also not supposed to be used for anything, but government (specifically, Social Security), and it even says so on the card.

[–] sugar_in_your_tea@sh.itjust.works 2 points 3 months ago (1 children)

Yet pretty much everyone uses it for identification:

  • apply for a credit card - SSN
  • apply for a bank account - SSN
  • apply for a job - SSN
  • get a mortgage - SSN

Basically, any time an org needs to prove you are who you say you are, they'll ask for state-issued ID and your SSN. Every time. Sometimes they'll even want a copy of your SSN card, which is extremely stupid.

The SSN should only be used for SS benefits. If we want a federal ID, we should make a federal ID system based on challenge/response.

[–] ininewcrow@lemmy.ca 3 points 3 months ago

I'm up in Canada and we have the same problem with SSN .... as a kid one of my uncles told me that the SSN is only for government use and nothing else ... he explained that even banks shouldn't ask for it as it is not required. He helped me set up my first bank account when I was 15 and he insisted and fought with the bank branch that SSN were not required. After a bit of back and forth, they finally agreed and I got my first bank account ... which I've kept ever since over 30 years ago. And in all that time, I've protected my SSN from banks and credit services. Because I was able to start that first account, I could start new ones and grow from there.

Best part was ... about ten years after that, I got my first Credit Card and the form the bank gave asked me to verify my information ... INCLUDING MY FULL SSN WHICH THEY HAD IN THEIR RECORDS.

The privacy and security of these dumb SSN cards and numbers is a joke.

[–] macarthur_park@lemmy.world 2 points 3 months ago

Because the US doesn’t have a federal identification card. At the state level you can use the id number of someone’s drivers license or state id for identifying them, which is marginally better since it changes with new id cards.

SSNs weren’t intended to be used for identification, but since there’s no other national option they effectively are.

[–] BlackLaZoR@fedia.io 0 points 3 months ago (1 children)

SSN as identification

Laughing in EU

[–] sugar_in_your_tea@sh.itjust.works 1 points 3 months ago (1 children)

Eh, there are good parts to it as well. The only Federal ID I have is my passport, so there's no reason for them to track me across state lines. If I get pulled over in Oregon, they don't necessarily know my driving history in California or Nevada, so I'm more likely to get a warning than a ticket. If I had a Federal ID, they'd probably communicate across state lines more.

It's mostly bad, but with a silver lining.

[–] BlackLaZoR@fedia.io 0 points 3 months ago (2 children)

I'm more likely to get a warning than a ticket

How about driving reaponsibly instead?

I mean, I do. I've had three tickets over my entire driving career, each in a different state, and nothing in the last 10 years. I've also never been in an accident.

But I've been pulled over something like 10 times total for various reasons (registration expired, headlight out, speeding), and because I'm a responsible driver (no infractions or warnings in the prior year or two), I generally get warnings. If warnings were national, one or two of those might have turned into a ticket, and those would probably be fightable in court (but I'm not going to travel hundreds of miles to fight a $100 fine).

[–] TachyonTele@lemm.ee 1 points 3 months ago

How about understanding what an example is?