• 0 Posts
  • 29 Comments
Joined 1 year ago
cake
Cake day: June 10th, 2023

help-circle
  • Been the victim of fraud. Unfortunately - yes.
    When I was younger and Chip ‘n’ PIN was becoming popular, many smaller shops had a Paypoint machine that would print the entire card number and CCV on the receipt. I was so paranoid about fraud, especially given that there was sufficient information printed on the receipt that anyone could do an Amazon order with those details. I used to get a black permanent marker and scribble the details out before putting the receipt in the bin.

    Imagine my horror when a decade later, I learn that I have been the victim of fraud, and a type of fraud it was entirely impossible for me to prevent. In the UK fraudsters watch for new companies popping up on Companies House and then use the details to go on a shopping spree. The way it works is like this:

    They see my name, address and date of birth on the website. They are looking for a name that matches their surname and first initial. So for me that could be Alexander Jones for example. They go to a retail park and pop into Argos. They order several thousand pounds of stuff. When they go to pay, the person at the counter helpfully asks “Do you have an Argos credit card? If you apply for one today, we’ll transfer the balance of today’s purchases to the card” and armed with my address, date of birth and name, and a card that already has the same surname and first initial as me - they are accepted for an Argos credit card. Post nothing for the goods they just bought and leave the store. They go next door to JJB sports, and then whole process repeats. “Do you have a JJB sports card? If you get one today…”

    They visited 6 stores in an hour and repeated this process at all of them. And a week later I start receiving credit cards…

    It’s a surprisingly common scam (or it was), brought on entirely by the shops bring pushed to get people to sign up for credit cards…

    I had to be on a register for several years, so if anyone tried to open an account or take out credit in my name, I would get a phone call to check if it was actually me.




  • OK lets start with the phone, what app is responsible for the suspicious activity message? Because I’m not aware that is part of Android. The closest symptom is that Android will disconnect from networks that it claims do not have internet connectivity. Which would fit more closely with your intermittent connection issues. We could really also do with knowing what router you are using for the actual internet. It sounds like you are using mesh system for the wireless side of things. Can we also know are you using the ISP DNS server, or have you pointed the router to more reliable DNS servers? You should probably never use the ISP DNS servers - aside from any other reason, because it makes it much easier for the ISP to record what sites you are visiting.








  • I feel like outside the federated system, meta would rely on geographic metadata (eg IP address) to identify if a user was within the scope of the GDPR or not. But they aren’t going to have access to any of this information, when they receive the data from another server in the fediverse. There will be zero way for them to identify if a user from any server in the fediverse would be applicable to the GDPR or not, because any user from any country can basically sign up anywhere. It will be difficult for them to argue against that - since it’s highly publicised that when Mastodon was struggling under the strain of the massive influx of new users - that people were being advised to find an instance that aligned to their interests rather than just their geographical location. Indeed I am on a Scottish server - where I arrived in 2019, but I have recently started another account on a US server ( allthingstech.social) so I would indeed be a user protected by GDPR on a US server. Because Meta have no way of knowing where a user comes from, the only thing they can definitely legally do - is process data from their own known users - but they are crossing into dangerous territory the second they start trying to process data from users outside their own instance. In my opinion anyway.

    And no I don’t mind debating at all. There needs to be a lot more debate, and a lot less death threats and screaming matches online - in order for us to start resolving anything.

    Edit:
    The GDPR applies to data on people. So in your example - it doesn’t matter how Meta got the data, the point is that they have data on citizens that are protected by the GDPR, the fact that the data arrived indirectly via a US server, doesn’t remove the protection afforded to the EU citizen


  • Meta can have the data, that part yes you consent to by using ActivityPub software, though there is a whole other argument to get into later about whether “normal” users really understand that. But no Meta absolutely cannot process that data, for creating shadow profiles or anything like that - unless the user explicitly opts in. GDPR is quite clear that you cannot infer that a user agree based on some other influence (in this case the user using ActivityPub) - the user MUST have been presented with a dialog explaining what Meta would do with the data and giving the user the option to say they agree or disagree with it.


  • You bring up an interesting point, because of how the fediverse works, every server (that has an active subscription) essentially has a mirror of the original data. So if Facebook have data from people who never consented to that, then they would surely be breaking GDPR rules? GDPR rules say that they can only PROCESS the data (or mine it - if you want to use a more realistic term) if a user has explicitly agreed to that, implicit agreement doesn’t count. So this is going to interesting to see how they manage this - providing that they don’t process the data and simply present it, as is - they don’t break GDPR, but the second that they start processing it, they breach GDPR. Now - they can process data that belongs to their users, but they would have to write code that ensures they don’t ingest posts from any user that is not a meta user - for the purposes of harvesting it.