Most people don't know about Innovis, which was mentioned in the article. That said, I've never run into a company where I've needed to lift an Innovis freeze. Anyway, I agree that it's tiring to constantly track which data brokers allow (are required to) adding a security freeze. In my opinion, better legislation is needed to curb this activity and data brokers in general.
I tried to fill out the NCTUE freeze page several times, it keeps claiming there is a reCAPTCHA error despite me clicking it out correctly and getting the green check.
Seems to be intentionally broken to avoid people freezing.
It's all so tiring. It's seriously going to be decades until we get politicians in power that understand the Internet and start holding companies accountable that don't give a shit about security (namely, all of them).
Will it ever happen? When the current generation of children reaches office-holding age, a majority of them may understand internet culture, but I don't think a significant fraction will ever understand the internet in a technical sense.
The current generation of youngsters seem to be really good at tapping things quickly to get what they want on a phone, but if anything they are less technically literate than previous generations.
My niece dropped a programming adjacent class in college because they required them to use real computers "like with keyboards for old people" and she didn't want to learn how to do that.
They're also really good at optimizing for likes on insta, I would argue that is not technical literacy either.
Anecdotal, but I've experienced this with my brother who's 15 years apart. Has a phone and can use it, but even when interested in something like emulators, considers using an SD card and selecting some options too difficult.
This reminds me of the scifi first contact novel "Blindsight", which while not the best writing is chock full of intriguing concepts, one of which is the role of the "synthesist": a career where your job is to act just as a communications bridge between those who are so highly technically specialized (including cybernetic body modifications) that they are effectively incapable of communicating to managers and government officials. Hence the role of the synthesist, just to be a neutral observer who can help decision makers make sense of reality.
What is your reasoning behind that? This is seriously one of the dumbest "kids these days" statements I've ever read. Kids will become technologically sophisticated, many kids already are. Many kids will attain higher technical proficiency than you ever had, for example. Why would it be otherwise?
I think you're misunderstanding what I'm trying to say. It's not statement about "kids these days", it's a statement about all people always. The fraction of the population that actually understands the inner workings of the technology we all use every day is vanishingly small, and what I'm saying is that I don't see that changing, despite the fact that "kids these days" are growing up with computers and smart phones unlike previous generations. Hence, I think the idea that we just have to hold out for the next generation who will come in with their deep understanding of computers and digital security and fix all the laws to reflect the realities of modern computing is sadly flawed.
There are 100 reasons - the innards of technology boxes are less accessible. Programming languages are more abstract, and few dig down to the lower layers (which used to be all there was). Its changing faster and hard to get a mindshare before it all changes again.
I don't think its a 'kids these days' statement at all. More a 'technology these days'
Right. Take 2 10-year-olds. Give one a C=64 and a paper manual, and one an iPad and an internet connection. Which one is more likely to learn to program?
Just because your average, clueless, overweight boomer thinks using the latest social media applications on the newest phones makes someone technically savvy, that doesn't mean they actually are. Also, I'd bet the average teenager would still be as clueless about setting up a home theater (i.e. plugging in the correct cables into the correct sockets) as one was 20 years ago.
You are misreading it as an understanding issue. There are plenty of things politicians don't understand and there are experts for that, or else the country doesn't run. The impetus is never understanding, but power. Until there is political impetus for them to care, they don't.
Also, most issues that become contested in the US at present have some sort of powerful business interest on both sides. There isn't a constituency for credit bureau accountability that has the resources for anyone to care.
I used to laugh at my father-in-law whom I once considered to be a conspiracy theory whackjob with his off-the-grid lifestyle. As more and more of his "crazy" insights turn into New York Times headlines, I'm starting to think he was ahead of the curve.
I guess the idea is that if one were "off the grid" enough not to have a phone, one's details wouldn't be in their DB in the first place. That would make one's identity harder to steal, which would cause the thieves to move on to the next victim.
The SSN of someone "off the grid" would actually be perfect for doing what is called synthetic identity fraud. If a given SSN has no credit history, you can make up a fictitious person and apply for a credit card with it. The application is probably declined, but a record of this SSN associated to a completely fictitious identity now exists in the credit reporting agencies databases, which makes it more likely that a future credit application will be approved.
If there is no other identity using this SSN, then the likelihood of the fraudulent activity being dectected is low.
This is why SSNs belonging to elderly people, children/teenagers, and the recently deceased are of relatively higher value for a lot of people out there doing identity fraud.
Stealing someone else's unused SSN is not synthetic identity creation, it's just fraud. There is a living person associated with that SSN, even if they are off the grid.
Synthetic identity fraud involves you making a bunch of inquiries with completely fake SSNs and squatting on them for a few years, maybe bringing them out of cold storage every so often to make a few more inquiries to keep them on the credit-building radar before you ultimately qualify for actual lines of credit and do a bust-out. There is no oblivious meatbag being used as a patsy-- the identities are completely fake, which is what makes them synthetic.
There is more than one way to construct a synthetic identity, but in most cases that I've been aware of, a stolen SSN is used to construct the totally fake identity.
Using a completely fake SSN instead of a stolen SSN is what distinguishes "synthetic identity theft" from "synthetic identity fraud".
The identities in both cases are completely fake, but only in the identity theft case is the synthetic identity backstopped by a legitimate SSN that belongs to a real person somewhere. If that real person is a child or "off the grid", then the CRAs have no idea who the real person is and their SSN is ripe for creating a synthetic identity that will probably go undetected for years.
But I think you need to be 100% off the grid to accomplish that. Which in today's society is practically impossible. If you're on the grid at all, you're open to attack. Since you have to take that hit anyway, might as well also take advantage of the benefits the grid offers.
Well, you can't go fully off-the-grid but it makes things a little easier if you're monitoring:
* Lack of history makes successful applications less likely
* Lack of history makes fraud stand out, any activity is fraud
* Since fraud has been identity theft, meaning I have to bitch-and-moan, lack of utilization of credit lends to a stronger story which can help convince folks whereas a serial debtor makes for a less sympathetic and less convincing victim.
Additionally, you have less risk of compromise:
* That website can't leak my CC details
* That skimmer can't capture my CC details
* That waiter[0] can't clone my card
I went full-cash, even paying for a utilities-included apartment. It also seems to cause me to keep a bit better track of my spending. Easier to overspend when your balance is a number in the cloud somewhere.
[0] - Depends on country, e.g. the US frequently has waitstaff take your card to a terminal
Lack of history kills your credit score and will cost you potentially hundreds of thousands of dollars over your lifetime if you buy a house/car/education/etc
You still have to catch, verify, and dispute those charges... and let's hope you don't have an auto-draft payment setup.
Additionally, it's possible for cards to get locked and that's a PITA to deal with, and god forbid it takes more than a moment to unlock. Hope you have backup cash.
Personally, I'd rather deal with the known hassle (cash) vs. the unknown future hassle (card).
Yes, you are missing the other attack. Someone can take advantage of already existing lines of credit, credits cards, etc. which they presumably will not be able to do if you pay for everything in cash.
Yes, it is obvious, which is why it was strange that you asked if you missed anything. The answer was yes, you missed what you now agree is obvious.
It relates to the article in the following obvious way.
A freeze on running a credit report means that someone cannot run your credit report. Without the ability to run your credit report, someone cannot discover your existing accounts, limits, addresses, and balances by running your credit report.
You also wrote: Equifax et al don't particularly care if you pay cash, they have some form of record on you either way.
This is not correct. Equifax and the other bureaus do not have a record of you on a credit report if you always pay cash and never apply for or run a credit report.
> if you use cash exclusively, then you have no credit to exploit
If you have income and have and pay any recurring bills (even utilities, etc.) you have credit to exploit; it may be a fairly weak credit history, but if you have no substantive debt, you probably also then have a good listed debt-to-income and debt-to-asset ratio, which can (potentially more than) offset that sparse history when opening a new line of credit.
To be not exploitable you either need to be completely invisible to the system or appear so uncreditworthy that no one relying on the system would loan you money at all.
(Of course, personal data leaks from credit tracking DBs can be used for identity fraud for things unrelated to securing credit, too, and being visible but not creditworthy doesn't protect you from that at all.)
>If you have income and have and pay any recurring bills (even utilities, etc.) you have credit to exploit;
I was always told this was true, but I waited for years to finally get a credit card or try to apply for a loan. Everyone informed me I had ZERO credit history, despite paying apartment and utility bills for years. I don't have any explanation for why this is true, except that I started my credit from scratch in my late-20s.
> If you have income and have and pay any recurring bills (even utilities, etc.) you have credit to exploit;
None of the three major bureaus track any of this information, so in practical terms they do not factor into a credit history. Income is not collected by itself and placed on a credit report. It's not a weak credit history but non-existent.
I never pay for anything on the Web. Anything on the net that requires payment, I don't do. (I made an exception for the fees for the stallman.org domain, since that is connected with me anyway.) I also avoid paying with credit cards . For freedom's sake, insist on paying cash. When a business pressures you to pay in an identified way, that means your help as a citizen is needed: say, "If you won't take my cash, no sale!"
Good luck buying a house or a car with cash. I know he's specifically referring to things on the internet, but, I'm sure, Stallman being Stallman, he would say you should follow this rule offline as well.
Taking out a loan to buy a car can be worth it, if you get an extremely low interest rate. However, for that to happen, you need to be buying a new car with a top credit score. In that case, you're probably still better off paying cash, but taking a loan can smooth out cash flow a bit. But, if that's the reason you're taking the loan, you should already be able to buy the car in cash.
That's in a perfect world. In the real world, where people aren't perfectly rational agents, people take out car loans all the time. One can argue that the major US automakers are essentially finance companies these days.
If you have the cash and can invest it better (net taxes and fees) than what the cost of the loan is, why not? If you are fortunate enough to qualify for a very low interest loan (usually on a new car), even a very reasonable growth rate on your investments can be sufficient to effectively pay for a couple car payments on the loan each year.
Lets say you own a car 100%. Would you say it is wise to take out a loan on that car to play the stock market? That's the same thing as what your are saying. What if the market goes south? What if your lose your job?
Debt represents risk that makes all of these other setbacks worse. It's better to get that off your back, then invest. If you have car debt, you should first pay that off, then play the stock market with your surplus money.
Honestly, that depends on the interest rate spread. If I could get the same terms as a new car (let's say 1.9% on 60 months) during a boom economy/post-crash correction, I just might.
Of course, you're never going to see that rate offered on a re-fi for a used car so this is purely hypothetical but as the saying goes, fortune favors the bold.
Most people I know need a car to get to their job. I stopped using a car to do so 20 years ago, but I had to leave Silicon Valley to do so.
My friends who stayed -- car payment and all -- now have far more money than I do. But I was much happier than I would have been, stuck in traffic. It's not for everyone.
Both a car and a house has a registered owner, so Stallman would most likely have no issue paying for both without insisting on cash.
The issue, as he explains, is one of tying the purchase to your identity. If it can be avoided, you should use cash. If you have to otherwise identify yourself for other reasons (like when buying an airline ticket, or when buying something which inherently identifies you, like paying for the stallman.org domain), there is no question of avoiding identification, and insisting on cash would be pointless.
Not an issue for Stallman with his grant from the MacArthur foundation. But much of his advice comes from generalisation of his near-unique circumstances.
Well, I think paying with a credit card is pretty good, because I get more protections than if I had paid with cash. If it weren't for the pell-mell system of credit and particularly identity verification I think otherwise it would be a pretty good system.
Privacy Aspects of the Cashless and Checkless Society. Testimony before the Senate Subcommitee on Administrative Practice and Procedure. Paul Armer 1968
You still need to get a credit card at some point, preferably early on, or else you may have to go through what I did: where annualcreditreport.com etc will swear up and down that you have a 740+ score but no one wants to touch you [1] because you have no history and appear as subprime.
[1] even apartments. And utilities will require an additional deposit.
Especially since its not chip and pin in the US, its really easy for the CC number to be skimmed and stolen. Also, any place like food trucks or restaurants where they take your card, it seems much more likely to have the CC number stolen. We've had way less problems since going to cash for those kinds of things.
A much more effective strategy than paying cash is to run your own email server (making sure that it is secure, of course). Email is one of the most common attack vectors, but most scammers are going to target the big providers. Attacking an individual server is not going to be worth the bother.
I am tired of people calling me a "victim" of identity theft. I'm not the victim. The companies and government agencies that allowed themselves to be defrauded by someone posing as me are the victims. If you didn't do your due diligence in properly verifying the identity of the person you handed out cash, goods or services too it's on you.
That being said, the entire system is broken. I've had 5 cellphones taken out in my name, I've had multiple credit cards opened using my social security number. I've been interviewed by a special agent with the State Department because someone tried to get a passport using my data. I'm sick of dealing with other peoples fraud problems. Fix it already!
> I am tired of people calling me a "victim" of identity theft. I'm not the victim.
Usually, the person whose identity is stolen is the victin.
> The companies and government agencies that allowed themselves to be defrauded by someone posing as me are the victims.
They are also victims, but until you—often at considerable personal effort—have gotten all the debts and other bad marks by the fraudster dissociated from your identity, you are disadvantaged by it, and if you are disadvantaged or have had to pay a cost to escape that disadvantage, you are a victim, too.
> They are also victims, but until you—often at considerable personal effort—have gotten all the debts and other bad marks by the fraudster dissociated from your identity, you are disadvantaged by it, and if you are disadvantaged or have had to pay a cost to escape that disadvantage, you are a victim, too.
You seem to be misunderstanding the point badly--the situation you have described is nonsense.
Firstly, what do we mean by "having your identity stolen"? I submit that this is not an attack on me as a person, it is an attack on a fictional representation of me held by a conglomerate of corporations.
This is the point of OP: I am not involved in these transactions! I haven't committed a crime, purchased anything, or interacted with either the party who has defrauded this conglomerate nor this conglomerate. In fact, due to the way this information is collected and stored, I may not have ever had any direct relationship to either party.
So what's happened here is that a conglomerate of companies have been defrauded and now insist that I am to make amends for it. It's nonsensical, and no amount of repeating the facts of the current situation will make it anything but ridiculous.
Good to know. Concurrent crises also F everything on paper without fam wealth, up but are less common and probably not considered. 800 credit until that, as we start talking about block chain of course. May we always be unchained in these matters, or use a chain model that rolls off old data and keeps an initial value aggregate of old data on the effective block0/genesis or so.
I would rather anyone opening a line of credit be required to obtain proof of acceptance by the person named on the account and until doing so they are 100% liable for all debts incurred. How this is defined will require regulation. The burden is increased at any time a request is made outside of the state and city of residence
This is already the law. You are not responsible to pay debts incurred by another person. The problem is when the bank or company that gave credit to someone else that used your identity information is allowed to lie to a credit bureau about the fact that it was you who defaulted on the debt. Otherwise you could just tell the bank, "Pound sand stranger, I never borrowed any money from you. Stop bugging me or I'll get a restraining order.", and never have worry about how someone has pretended to be you to a bank.
Large fines for banks and companies that libel people by telling information brokers lies is the way to stop this problem. The idea that when this happens it is "identity theft" and the person whose identity was stolen is responsible for the problem is ridiculous. This problem should be called libel and the perpetrators (the entity reporting false info that hurts you) punished.
These proposed "large fines" would still require regular people to deal with putative creditors and occasionally to defend themselves in court. Structural changes are required to make the system as it actually functions more equitable to humans. What are structural changes? For instance, prior to enforcing a debt the law could require the production of an authenticated video recording of the debtor clearly stating, "I am John Doe and I agree that I owe EvilCo $1,000 on May 9, 2018." This requirement would make it more difficult to lend money, so it would be opposed by some very deep pockets. I suspect that any actual solution to the inequity in this area would make it more difficult to lend money, so progress is likely to be slow.
I agree. First, it could be made a criminal offense for a company or bank to lie to credit agencies and then public prosecutors could pursue these companies for big PR wins.
Second, making giving and getting credit harder to do is probably a good thing for society. Do people really need to take out a half million dollar home loan from their phone a la Rocket Mortgage? Many cultures had/have very strict rules about charging interest on loans. Debt jubilees were common in past civilizations and seem necessary to prevent the masses from creating their own via revolution. Making personal loans illegal and bringing back the loan shark is not the way to go, but making going into debt to buy consumptive goods much harder would be big positive for most people in the US.
Like you said, there is a huge amount of money and power behind easy lending, so change seems unlikely. On the other hand, change seems to be in the air these days, so maybe one can afford a bit of hope.
> These proposed "large fines" would still require regular people to deal with putative creditors and occasionally to defend themselves in court.
Wouldn't it be the opposite? It would be the creditors which would have to defend themselves in court. In my country, moral damages are nearly guaranteed in these cases, and the burden of proof is on the creditors to prove the debt is valid.
I wish this framing would gain more currency, since it seems to me to accurately capture the problem: Creditors are (presumably unknowingly, but also largely uncaringly) lying when they report defaults against the wrong debtors.
When Equifax repeats those lies to other potential creditors, they're also failing, but at root the misinformation originates with the creditor who failed to properly authenticate their customer.
There are laws against such "lying" but the burden of proof is on the victim as a practical matter [+], so of course creditors don't care when they make mistakes.
[+] Technically the burden of proof is on the creditor but victim has to continue to reach out to insist on such proof. If they do not expend extraordinary efforts to do so the record is against them.
I believe the "lying" in this case is civil not criminal matter. As much as I dislike making civil matters criminal (like in copyright cases), I would support that here.
I'd be happy with making small-claims-court cases against banks that let someone borrow money in your name. Because of their negligence you've had to spend time and money clearing things up with credit bureaus etc.
Yeah if you want to name a dog park after your brother-in-law who died in Iraq, that's how legislation is enacted. A giant change in how commerce is conducted, directly counter to the interests of major political donors? You can't be serious...
In case it wasn't clear, I certainly support Shivetya's excellent suggestion to improve society for humans who live in it. I'm just not as optimistic about personal lobbying as you are.
Collective action and watchdogs are certainly more effective but even with personal lobbying, people tend to misunderstand the point of it: it isn't to affect change for that one person, whether immediately or ever, but to accumulate the political capital requisite to compete adequately with other political powers in an adversarial interests system. Not doing something is basically forfeiting the game.
I absolutely hate our entire credit system, the lazy way it handles our sensitive info, and the eagerness to extend credit to anyone without scrutiny of their identity.
Big incoherent rant incoming:
In 2016 someone stole my identity and in about a 1 month period took out tens of credit cards and new bank accounts and phone account which they immediately over drafted. They somehow managed to change the address in my credit file, and so I wasn't getting any failure to pay notices. At the same time it was quite soon I found out because at least one creditor managed to find my real address asking about a 18,000 loan approval for furniture from The Brick. The police were easy enough to deal with and took a report and I had to use this to prove to creditors it was fraud.
I had Equifax do their own investigation, and they agreed it was fraud, but they only removed the creditors who happened to appear on file during their investigation.
A year past, and I check my credit and it was 799, all clear. Then last fall I get a call from a creditor saying I owe them money, they required I go to their bank to fill out the paperwork. One more cleared. Then in February I'm hearing from yet another bank about an overdraft account. Once again I proved to them it was fraud by providing the police report number. "Ok, well it will take us 30-45 days to remove this from your credit file". Its coming up to 45 days and its still there. I called them to clarify about when it will be removed, and get the same bs. I do not believe their word so I have also sent another dispute to equifax. MY MORTGAGE RENEWAL IS DUE JUNE 1 AND THIS SHIT HAS STOPPED ME FROM MOVING MORTGAGE PROVIDERS TO GET A BETTER RATE.
Now during this latest fiasco, I do another credit check and discover ANOTHER phone company on there says I have a bad debt with them and a note that a collections agency is after me. I succeed in having this removed from my credit file after dealing with Equifax, but for reasons beyond me they did not remove the one from the bank I am disputing in the previous paragraph, so I have to hope it will clear when they way it will (30-45 days from early April), or hope my second dispute works. Note that these latest bad debts are still originating from 2016, its just taken the banks that long to pin the blame on me and attack my credit file.
So this has been a lot of stress on me, I have failed to secure a new mortgage lender which will cost me in interest over the next 3 years on mortgage payments. In addition, I just discovered my TransUnion file is still a giant mess with shit from last fall on it. Apparently Trans Union and Equifax don't synchronize.
Long story short, there isn't shit you can do to speed up anyone helping you. The police are competent and will have your back but they can't stop creditors from attacking your file. Equifax is slow and not thorough in their investigations and make themselves hard to reach. The banks can pin a bad debt on anyone they chose, never mind that the onus should be on them to prove I took out the loans they claim. Like, show me a signature, show me the ID used to get the loan... Oh its fake? Then fuck off. Nope, they will make you jump hoops to prove it isn't you, and then the cherry on top is they will be very very slow to do anything to remove it off your credit file once you have in fact proven its not you.
Good luck to all of you, you are all vulnerable to this shit.
The answer is registered mail, return receipt requested, and a complaint with the CFPB, although how on-the-ball that agency will be since the new administrator was appointed is YMMV.
I'd be more inclined to write a pro forma letter, then sue for statutory damages for technical violations under the FCRA and/or FDCPA the instant the established deadlines pass. It puts the burden of proving the validity of the debts on them, and if they ignore you or drag their heels, you win by default.
AFAIK, they just aggregate whatever is reported to them. Without any sort of editorial discretion, it doesn't seem likely you could go after them for any damages.
You'd have to in good faith submit disputes. If they fix it then it's all good. If they don't fix or, it comes back again later, then they just violated your rights under the FCRA (https://en.wikipedia.org/wiki/Fair_Credit_Reporting_Act)
The Fair Credit Reporting Act, 15 U.S.C. § 1681 (“FCRA”) is U.S. Federal Government legislation enacted to promote the accuracy, fairness, and privacy of consumer information contained in the files of consumer reporting agencies. It was intended to protect consumers from the willful and/or negligent inclusion of inaccurate information in their credit reports
Of course, Trump and his appointees wants to dismantle CFPB which helps protect consumers on these kind of things.
https://www.nctue.com/consumers
Here are the pages for adding security freezes to the other big four agencies:
https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo...
https://freeze.transunion.com/sf/securityFreeze/landingPage....
https://www.experian.com/freeze/center.html
https://www.innovis.com/securityFreeze/index
Most people don't know about Innovis, which was mentioned in the article. That said, I've never run into a company where I've needed to lift an Innovis freeze. Anyway, I agree that it's tiring to constantly track which data brokers allow (are required to) adding a security freeze. In my opinion, better legislation is needed to curb this activity and data brokers in general.