Privacy Via Doxxing Defense

Nov. 20th, 2014 09:07 am
deirdre: (Default)

Computerworld has a rather excellent guide on Doxxing Defense, aka removing your personal info from data brokers.

Even if you have no fear of doxxing, this may be a good thing to do. Up to you. (Note that it’s not, as writer Ken Gagne points out, a one-time thing. Unfortunately.)

I was very surprised, when I ordered my Lexis/Nexis report ages ago, that it was dozens of pages long.

I’ll add the following:

  1. If you have an online identity with a pseudonym and without, use different email addresses for both. Many of the services Computerworld lists authenticate with an email address. I don’t need to tell you the privacy implications of that.

  2. Every single social media site that you do not pay for, well, you are the product, not the customer. Limit your exposure by limiting your reach.

  3. For every service that offers it, switch to two-factor authentication.

  4. Don’t give real answers to security questions, because those then become socially hackable. Make up screwball questions and answers where appropriate, just keep track of your answers somewhere.

    For example, just pulling up one of the links in the Computerworld article showed that the town of my birth was listed right there in the open. If I’d used that answer to a security question, it’d be one step easier to get access to other things like my bank account info.

    A trick I learned from a friend: don’t give answers of the same noun type as the question. She, a bicycle fancier, provides obscure bicycle brand and model names for location questions, and her favorite trail names for people questions.

    Yes, that’s hard to keep track of, which is why password security software is such a great idea.

  5. Don’t use the same security answers on different sites.

  6. Print out a hard copy of the most important security info, and keep it in a safe or safe deposit box.

As for me, well, if you were so silly as to want to doxx me, you might discover that my contact info is in my domain’s WHOIS record. After Scientology started harassing me (and others) in 1995, I’ve always figured I was safer if my friends were also able to find me.

That said, I still am going to clean up behind me because why should these assholes make money off my info?

Originally published at deirdre.net. You can comment here or there.

Tags:

The Rage Inducing Problems of Not Requiring Double Opt-In

Jun. 4th, 2014 06:54 pm
deirdre: (Default)
You’re now connected to Zaid from Amazon.co.uk
Me:You don’t have a menu option for “someone was a dumbass and used my email address for their Amazon account and it’s pissing me off that you let them do so without double opt-in.”
Zaid:Thank you for contacting Amazon.co.uk. My name is Zaid. May I know your name, please?
Me:Deirdre
Zaid:Hello Deirdre.I understand your concern about the account. I’ll help you with this issue but please refrain from using any inappropriate language.
Me:deirdre@icloud.com needs to be removed from your database.
I don’t know Ms. McCloskey or her email address.
Zaid:Could you please elaborate your issue?
Me:I am not she. She signed up with my email account. I thought that was pretty clear.
Since Amazon doesn’t require confirmation of an email address, that means I’m getting spam.
Zaid:Are you referring that you are receiving e-mails of other person ?
Me:Yes.
Zaid:Thanks for confirmation.
I will help you in changing your e-mail address Deirdre.
Before I’ll be able to view your account, I’ll need to do a quick security check. Would you please confirm the complete name, email address and billing address on your account?
Me:I DO NOT WANT TO CHANGE IT
I AM NOT THAT PERSON
Zaid:I understand, Before I’ll be able to view your account, I’ll need to do a quick security check. Would you please confirm the complete name, email address and billing address on your account?
Me:Please remove MY email address from SOMEONE ELSE’S account.
Get me your supervisor.
How the frak would I even know all that unless I logged into someone else’s account? That’s morally wrong.
Zaid:I’m sorry for the situation.
Before I’ll be able to view your account, I’ll need to do a quick security check. Would you please confirm the complete name, email address and billing address on your account?

Originally published at deirdre.net. You can comment here or there.

Tags:

Interesting WordPress Spam-by-Proxy Today

Mar. 18th, 2014 02:40 pm
deirdre: (Default)

Today, I got one of the classic spammy kinds of comments with English words that don’t make sense when strung together.

I am this is on the list of a great deal important information in my situation.

One of these days, I’m going to get one with the words in the sentence alphabetized, and it’ll make me laugh.

However, what was different about this one is that it didn’t link to a spam domain.

Instead, it linked to a forum profile at an educational site (major university in this case), and that forum happened to show a user’s URL to everyone. The linked site was a spam site. The educational forum allows registration from anyone. (For obvious reasons, I’m not listing the link.)

So, just be aware when you get a comment on your blog, even if the linked site appears to be legitimate, it may be just spam-by-proxy.

Originally published at deirdre.net. You can comment here or there.

Tags:

The Joy of Strong Cryptography Export Controls

Aug. 19th, 2004 06:53 pm
deirdre: (Default)

So, discovering that I had no JDBC driver for Oracle, I go to Oracle’s site to obtain one.

Naturally, I had to assert that I comply with the following:

I am not a citizen, national or resident of, and am not under the control of, the government of: Cuba, Iran, Sudan, Iraq, Libya, North Korea, Syria, nor any other country to which the United States has prohibited export.

I will not download or otherwise export or re-export the Programs, directly or indirectly, to the above mentioned countries nor to citizens, nationals or residents of those countries.

I am not listed on the United States Department of Treasury lists of Specially Designated Nationals, Specially Designated Terrorists, and Specially Designated Narcotic Traffickers, nor am I listed on the United States Department of Commerce Table of Denial Orders.

I will not download or otherwise export or re-export the Programs, directly or indirectly, to persons on the above mentioned lists.

I will not use the Programs for, and will not allow the Programs to be used for, any purposes prohibited by United States law, including, without limitation, for the development, design, manufacture or production of nuclear, chemical or biological weapons of mass destruction.

OK, so if I were part of the Iraq reconstruction process, I couldn’t use the JDBC driver there? Hrm.

Update, the Irony Edition

Irony value: as if having posted about this weren’t enough, what I didn’t say in the original post was that I was working as a Network Geography Analyst for Quova at the time. My job was to determine where in the world IP addresses mapped to, including, understandably: Cuba, Iran, Sudan, Iraq, Libya, North Korea, and Syria.

In 2006 and 2007, I consulted for PGP Inc, ensuring that their beta PGP encryption software met the same export standards as those listed above.

It all comes full circle, doesn’t it?

Originally published at deirdre.net. You can comment here or there.

Tags:

Profile

deirdre: (Default)
deirdre

February 2017

S M T W T F S
   1234
56789 1011
12131415161718
19202122232425
262728    

Syndicate

RSS Atom

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Mar. 19th, 2026 03:37 pm
Powered by Dreamwidth Studios