Most active commenters
  • stavros(3)
  • DoctorOetker(3)

←back to thread

1957 points apokryptein | 36 comments | | HN request time: 0.858s | source | bottom
Show context
qingcharles ◴[] No.42911578[source]
One big privacy issue is that there is no sane way to protect your contact details from being sold, regardless of what you do.

As soon as your cousin clicks "Yes, I would like to share the entire contents of my contacts with you" when they launch TikTok your name, phone number, email etc are all in the crowd.

And I buy this stuff. Every time I need customer service and I'm getting stonewalled I just go onto a marketplace, find an exec and buy their details for pennies and call them up on their cellphone. (this is usually successful, but can backfire badly -- CashApp terminated my account for this shenanigans)

replies(33): >>42911665 #>>42911679 #>>42911714 #>>42911768 #>>42911810 #>>42911853 #>>42911874 #>>42912408 #>>42912465 #>>42912852 #>>42912979 #>>42913150 #>>42913418 #>>42913708 #>>42913974 #>>42914004 #>>42914803 #>>42914807 #>>42915963 #>>42916052 #>>42916619 #>>42916711 #>>42916764 #>>42917374 #>>42918405 #>>42918914 #>>42918920 #>>42920277 #>>42920369 #>>42920873 #>>42920949 #>>42940036 #>>42967302 #
1. A4ET8a8uTh0_v2 ◴[] No.42911853[source]
<< find an exec and buy their details for pennies and call them up on their cellphone. (this is usually successful, but can backfire badly -- CashApp terminated my account for this shenanigans)

Honestly, kudos. The rules should apply to the ones foisting this system upon us as well. This is probably the only way to make anyone in power reconsider current setup.

<< As soon as your cousin clicks "Yes, I would like to share the entire contents of my contacts with you" when they launch TikTok your name, phone number, email etc are all in the crowd.

And people laughed at Red Reddington when he said he had no email.

replies(5): >>42912686 #>>42912897 #>>42913432 #>>42914558 #>>42915754 #
2. jeanlucas ◴[] No.42912686[source]
Exactly this was tried by the likes of James Oliver and journalists/comedians of that caliber running ads and gathering data from politicians in Washington.

It was some years ago and resulted in nothing

replies(2): >>42912840 #>>42921112 #
3. lostlogin ◴[] No.42912840[source]
Do you mean John Oliver?
replies(1): >>42916749 #
4. IgorPartola ◴[] No.42912897[source]
There was a post from someone a long time ago who has an email address and name similar to Make Cuban but not quite. He got quite a few cold call emails meant for Cuban. A lot of them were quite sad (people asking for money for medical procedures and such).
5. Aurornis ◴[] No.42913432[source]
> The rules should apply to the ones foisting this system upon us as well. This is probably the only way to make anyone in power reconsider current setup.

Unless your problem is with the company doing the privacy violations, this doesn’t make any sense.

replies(1): >>42916954 #
6. ajcp ◴[] No.42914558[source]
It's odd that of the two replies referencing people, both got their names obviously wrong. Is that a new phishing tactic?
replies(3): >>42915181 #>>42915320 #>>42920240 #
7. otteromkram ◴[] No.42915181[source]
New AI tactic.
replies(1): >>42915406 #
8. notduncansmith ◴[] No.42915320[source]
Russian bot tactic? Guessing it’s an easy way to farm interaction as people comment back to correct the mistake.
replies(2): >>42917299 #>>42920658 #
9. 0_____0 ◴[] No.42915406{3}[source]
salting the fields are we? total informational warfare, the digital equivalent of Sherburne's March to the sea during the American Civil War.
10. stavros ◴[] No.42915754[source]
Where do you buy their details from?
replies(1): >>42916408 #
11. qingcharles ◴[] No.42916408[source]
Right now, my goto is signalhire
replies(2): >>42916713 #>>42923738 #
12. stavros ◴[] No.42916713{3}[source]
Thank you, though I have a feeling that they get their data from their own sign up form.
replies(1): >>42918712 #
13. jagermo ◴[] No.42916749{3}[source]
or Jamie Olive Oil?
14. swiftcoder ◴[] No.42916954[source]
Pretty much all companies are doing the privacy violations. You think your doctors office doesn't sell their contact list?
replies(3): >>42917112 #>>42917377 #>>42918839 #
15. jlokier ◴[] No.42917112{3}[source]
Where I live, which is not in the USA, I'm confident my doctor's office doesn't sell their contact list - or at least, not without statistical anonymisation and aggregation for research purposes.

They probably outsource processing the data and storing it to other entities, but that will be under contracts which govern how the data may be used and handled. I assume that's not what "sell the data" means in this conversation.

It would be such an egregious violation of local data protection law to sell patient personal details for unrestricted commercial use, including their contact info, and it would make the political news where I live if they were found out.

replies(2): >>42917926 #>>43072284 #
16. ◴[] No.42917299{3}[source]
17. dbspin ◴[] No.42917377{3}[source]
In my country (and I suspect most Western Countries) my doctor would lose his medical licence for selling my contact information.
replies(1): >>42918388 #
18. nottorp ◴[] No.42917926{4}[source]
Also "not in the USA" i actually work on a medical ish application these days (not the in production version, mind but a fork with new features that's entirely separate at the moment).

I have access to ... zero patient data. Our entire test database is synthetic records.

19. brookst ◴[] No.42918388{4}[source]
Your poor oppressed doctor! And I’ll bet they rarely even get to treat bullet wounds. It’s different here in the Land of the Free ™.
replies(1): >>42919373 #
20. mathgeek ◴[] No.42918712{4}[source]
This is to be expected as a source of their data, no?
replies(1): >>42918757 #
21. stavros ◴[] No.42918757{5}[source]
Yeah, it would be, it's just a bit ironic.
22. mapt ◴[] No.42918839{3}[source]
HIPAA is pretty much the only halfway effective privacy regulation the US has. It imposes strong regulatory, licensure, and even criminal censure for violations.

It's formulated so that they can give those contacts away rather than sell them, but only to the rest of the medical goods & services supplychain that are involved in your care, who are also bound by HIPAA.

The worst dark pattern this has generated so far seems to be pharmaceutical company drug reps bribing your doctor to change what they would prescribe you.

The worst that's likely to happen without regulation, as far as I can tell, involves an associated provider just leaking UnitedHealthcare's full database of every patient and every condition.

23. jajko ◴[] No.42919373{5}[source]
Nah its called normal society, ie Switzerland here is the same the benefits of doing so would be absolutely minimal, punishments severe.

Plus its highly amoral and doctors here are still coming from idealistic breed that wanted to help people, those 2 are practically exclusive.

replies(1): >>42921786 #
24. cutemonster ◴[] No.42920240[source]
Which are those comments? Aha, "Make Cuban" is one such comment and Mr Oliver someone
25. pphysch ◴[] No.42920658{3}[source]
An innocent coincidence, by two established users that link their contact info in their profile. It must be the Russians!

It's genuinely sad that this level of Cold War paranoia has been normalized again.

26. Frederation ◴[] No.42921112[source]
27. megous ◴[] No.42921786{6}[source]
This normal in your society?

Interesting thought policing you have in there.

replies(1): >>42925121 #
28. DoctorOetker ◴[] No.42923738{3}[source]
As we all know some of the "consent" pop-ups have a first page of general settings, and then a "vendors" page to further deselect all the "legitimate interests".

I recently noticed that a fraction of the "vendors" allow deselecting the "legitimate interest" but have the "consent" tick box marked and unmodifiable.

Consider the following page:

The following vendors have un-deselectable "consent" tickboxes:

   Skimbit Ltd 
   Confiant Inc. 
   Lumen Research Limited 
   Visarity Technologies GmbH
   DoubleVerify Inc.  
   Revcontent, LLC 
   Adssets AB 
   Integral Ad Science (incorporating ADmantX) 
   Mirando GmbH &amp; Co KG 
   Polar Mobile Group Inc. 
   Rockabox Media Ltd 
   Telecoming S.A. 
   Seenthis AB 
   Papirfly AS 
   One Tech Group GmbH 
   illuma technology limited 
   Adjust Digital A/S
   VRTCAL Markets Inc 
   Cavai AS 
   Kiosked Ltd 
   Protected Media LTD 
   Oracle Data Cloud - Moat 
   Bannernow, Inc. 
   Jetpack Digital LLC 
   IVO Media Ltd 
   Online Media Solutions LTD 
   Mobkoi Ltd 
   Redbranch, Inc dba Fraudlogix
   Alphalyr SAS 
   Silverbullet Data Services Group 
   Stream Eye OOD 
   adbalancer Werbeagentur GmbH 
   Somplo Ltd 
   Velocity Made Good LLC 
   Vyde Ltd. 
   Adelaide Metrics Inc 
   Sqreem Technologies Private Limited 
   TMT Digital Inc 
   dpa-infocom GmbH 
   Brandhouse/Subsero A/S 
   streaMonkey GmbH 
   Zeit Agency ApS 
   Sitewit, Corp 
   AccountInsight Ltd 
   Aderize, Inc. 
   fraud0 GmbH 
   Channel99, Inc. 
   Videobot Ltd 
   Appstock LTD. 
   Dando online LTD 
   EMBRACE Systems GmbH 
   Hiili SL 
   Volentio JSD Limited 
   Public Good Software Inc. 
   Kidoz Inc. 
   DataDome SA 
   Sarigato Sp. z o.o. 
   Gesher Software LTD dba bridgeupp 
   Playdigo Inc 
   Sipo Inc 
   SpinX Pte Ltd 
   Creatopy INC 
   Codevelop Technologies GmbH 
   Adgrid Media, LLC 
   ProgrammaticX LTD 
   Nitrouppi LTD 
   9 Dots Media Ltd 
   Vudoo Pty Ltd 
   Mobavenue Media Pvt Ltd 
   Carbonatix LTD
1) What is up with these?

2) Are these even legal under GDPR rules?

3) Does this not nullify arguments by certain 3 letter agencies that users "consent" to their tracking?

4) Who is behind these companies? Any idea on how to approach this from an investigative journalism angle? Can we figure out the headquarters, employee counts, CEO's of these companies?

5) If "undeselectable consent tickboxes" qualify as legally valid consent, doesn't this set a precedent to foist off miryads of types of lack of consent as "consent"? Will this enable legalizing rape? Where does this Pandora's box end? How is this any different from:

6) As far as I understand, an illegal contract is void. If the forms submitted by users contained undeselectable "consent tickboxes"; then the forms no longer constitute legal contracts. Observe that this is regardless of the preferences of all the other tickboxes: even if users were to lazy to deselect all the deselectable tickboxes, the mere presence of deselectable tickboxes voids these forms as contracts. This means that all the other vendors didn't receive any consent, since their specific submitted form-as-a-contract is void, even if the majority of the vendors had consent tickboxes that could be deselected. It would seem prudent for such companies to insist that the forms don't contain undeselectable tickboxes for any companies since it would nullify the consent they hope to receive.

replies(3): >>42930393 #>>42933767 #>>42936439 #
29. Vilian ◴[] No.42925121{7}[source]
Want me to link the latest mass deportation that USA is doing and compare with one person?
replies(1): >>42935522 #
30. tpxl ◴[] No.42930393{4}[source]
2) Are these even legal under GDPR rules?

No. And nobody cares.

31. ParetoOptimal ◴[] No.42933767{4}[source]
Maybe you should look up their CEOs info on SignalHire and ask them?
replies(1): >>42934343 #
32. DoctorOetker ◴[] No.42934343{5}[source]
I refuse to reward their behavior, one doesn't fight fire with fire.
33. megous ◴[] No.42935522{8}[source]
I'm not arguing that what USA is doing is normal, either.
34. lsharkey602 ◴[] No.42936439{4}[source]
As a European resident, I have put in a complaint to the company for you. Should it be dismissed out-of-hand, I will forward a complaint to my national Information Commissioner's office. I will post any results.
replies(1): >>42957767 #
35. DoctorOetker ◴[] No.42957767{5}[source]
out of curiosity: which company did you put in a complaint to?

about posting any results: I assume you are aware that after some time it is no longer possible to add comments to a HN discussion, I assume you will post any progress as a HN submission?

36. WhyNotHugo ◴[] No.43072284{4}[source]
Here in NL my local doctors office just delegates their IT to some US-based company. I doubt they take privacy seriously. Their whole security is a joke. but they make a theatre out of it to give an impression otherwise.

EU law means little in this respect, since it's not enforced and most people don't understand enough on the subject to even evaluate what's going on with their data (or their clients data).