back to article Bet you can't guess what I'm wearing, or where I'm wearing it

Thrilling news: my Libra account is ready! I can barely restrain my excitement. Nor can I adequately express my bemusement, given that I never signed up to buy into Facebook's craptos in the first place. Indeed, no one can – possibly ever. Yet I received my confirmation this very morning. That is, it arrived a few days ago …

  1. Pascal Monett Silver badge

    So, Adobe publishes your personal details and that is not sensitive data ?

    Why hasn't GDPR been shoved in its face to educate it a bit yet ? There's massive potential for a stonking big fine there, I would think.

    1. Alistair Dabbs

      Re: So, Adobe publishes your personal details and that is not sensitive data ?

      It was a database left unprotected for a time, which Adobe is downplaying as unimportant. There's an Adobe blog post about it in which Adobe bullshits about "transparency" but the post is so well hidden that I can no longer find it.

      1. John G Imrie Silver badge
        Facepalm

        transparancy

        As in all your data is transparent to the Internet.

        1. the Jim bloke Silver badge

          Re: transparancy

          just your privacy protection..

          but its one-way glass, you cant see out.

    2. Danny 2 Silver badge

      Re: So, Adobe publishes your personal details and that is not sensitive data ?

      The German Democratic People's Republic is gone, it's history. I like communism as much as the next man but why keep bringing it up. They had a referendum and built down the wall.

      Dammit.

      Drunk Danny is smarter than me, he's better looking than me, he's a better fighter than me, he's a much better dancer and lover, and I get all that, I've learned to live in his shadow. What annoys me is he is much better at hiding things than I am at finding them. Car keys, telephone, quarter bottle of gin. It's as if he knows how I think.

  2. Chris G Silver badge

    Meta data craptifying app

    You might just have the answer, to create an app that scrambles all of your meta data before posting anything online, just remember to turn it off before communicating with TPTB. Or maybe that's when you should really have it switched on given the appalling treatment that governments give people's personal data.

    1. the Jim bloke Silver badge
      Big Brother

      Re: Meta data craptifying app

      Wouldnt mind something that spoofed the phone location data, just feeds it the coordinates of some huge house in Washington, or an office building in Virginia - or a range of other humourous selections. Would only mildly inconvenience the serious black hats, but would piss off the lazy marketers - like google - so will never make it into the app store.

      1. Anonymous Coward
        Anonymous Coward

        Re: Meta data craptifying app

        I would certainly like to appear to be an imperfectly-hidden security researcher or antivirus company... hopefully keeping many of the smarter attacks at bay.

    2. Roj Blake Silver badge

      Re: Meta data craptifying app

      Just using a VPN with a server in a different country already seems to screw up Twitter's idea of where I am. Their app regularly sends me adverts from third countries.

  3. Khaptain Silver badge

    Photo match

    Alisdair, is it just a coincedence that your El Reg mugshot is strikingly close to the bottom left hand image of the Men At Work vid ?

  4. Rich 11 Silver badge

    And if you're fraudulently claiming invalidity benefits, you'd best not post photos of yourself climbing Kilimanjaro.

    People in wheelchairs have climbed Kilimanjaro, and they're definitely not the fraudulent benefit claimants shown so much love by the Daily Mail.

    1. Danny 2 Silver badge

      "People in wheelchairs have climbed Kilimanjaro"

      Climbed? A woman in the New York Times, she had some horrible illness and to illustrate how fit she used to be she said she had climbed Kilimanjaro twice. I commented, "Did you drop your car keys up there?" and over 200 people liked my comment. My most liked comment of all time.

      My mates sister climbed a Monro 8½ months pregnant, when most women claim they can't get out of a chair. There is a fine line between mountaineering and illegal termination.

  5. Pen-y-gors Silver badge

    Identity theft is a bummer

    Don't know if anyone else follows the amazing @BootstrapCook (Jack Monroe) on Twitter? Writes amazing cookbooks for those who can't afford fresh truffle oil, avocados and pulled jack-fruit, and instead live on tinned stuff. But foodbank users shouldn't have to live on cold baked beans. She knows, she was one at one stage! Hence her book "Tin Can Cook".

    Anyway a couple of weeks ago her Paypal got hacked and she was relieved (temporarily) of £5000. Pah I thought, she should have used 2FA. She HAD! The usual 'send a text to my phone' version, but some toerag had contacted her mobile phone operator, given her date of birth (high security, it's on her Wikipedia page!) and got them to send out a new SIM (or similar) effectively stealing her phone number. So 2FA code goes to the bastards.

    The moral? Don't use SMS for 2FA - use an application. I immediately changed my a/c to use the Google Auth app. Safer, but I'm sure some cunning shit will work out a way through that.

    1. Warm Braw Silver badge

      Re: Identity theft is a bummer

      Don't use SMS for 2FA

      This august redtop reported over 3 years ago that NIST was planning on deprecating the use of SMS for 2FA owing to its risks.

      So, with the revised Payment Services Directive arriving in September 2019, what technology did most of Europe's banks decide to use for 2FA?

      Not only does it offer very little in the way of genuine security, it also means that people can't make online purchases unless they happen to have a mobile phone signal - and if you're in a rural not-spot, going out to the shops is probably not an option either.

      1. EnviableOne Bronze badge

        Re: Identity theft is a bummer

        NIST was going to depreciate it, its in the drafts of the latest versions of SP 800-63, but they pulled it from the final release.

        German Banks have been burned by this already.

        The PSD does not put any requirement s on the security of a second factor, just that there has to be one. Its Specific payment providers that rely on SMS, but not all of them do. Its a matter of voting with your feet and only usiing those that dont.

        if you are unfortunate enough to be like me and live in th 5% of the population without decent signal, SMS is most likley to get through, and push notifications and WiFi become your friend.

        The majority of payments don't require a second factor authentication, if the bank is reliable enough, this can be up to £500, however

        1. Anonymous Coward
          Anonymous Coward

          Re: Identity theft is a bummer

          if you are unfortunate enough to be like me and live in th 5% of the population without decent signal, SMS is most likley to get through, and push notifications and WiFi become your friend.

          Unless you're *also* with AT&T, and those wankers don't let you do WiFi calling (or any sort of usage that might prevent them from reaming you on extra charges). Nope, no SMS at my house until (maybe, if the wind is pushing the tower the right direction) the message decides to show up 4 hours later, or more likely not appearing until you leave the house and drive 1000 yards down the road.

        2. Dan 55 Silver badge

          Re: Identity theft is a bummer

          The majority of payments don't require a second factor authentication

          The can with the bit of PSD2 that says card payments require 2FA was kicked down the road for 18 months. That's going to be more fun when it comes in because card details aren't considered a strong factor, so the fact you've just inputted them into a website will mean nothing, it's going to need something like a card reader + PIN or an SMS code + a password that the customer knows.

          A card reader + PIN validation would be secure, which is why banks will go with SMS + a password.

          1. Tom 38 Silver badge

            Re: Identity theft is a bummer

            SMS 2FA is an abhorrent hole. I have several physical hardware tokens, all of them support NFC, FIDO, U2F...

            Paypal? Nope

            Banks? Nope

            Amazon? Nope

            Google support it... and that's about it

            1. Dan 55 Silver badge

              Re: Identity theft is a bummer

              Amazon does allow TOTP and so does PayPal, finally.

              You can get a list of 2FA websites here.

          2. ibmalone Silver badge
            Facepalm

            Re: Identity theft is a bummer

            I have a card reader + PIN 2FA (and have had for at least a decade), my bank is replacing it with SMS 2FA.

    2. Muscleguy Silver badge

      Re: Identity theft is a bummer

      I buy cheap tinned jackfruit from the local Chinese grocery emporium and turn the contents into a sorbet with some added lime juice. It’s delicious and a cure for the winter blues. I bet Jack would approve.

      I use the entire contents, reserving the drained nicely jackfruit flavoured syrup but boosting it with some more sugar and sorbet improver stuff. Fruit gets blended then passed through a sieve thingy before being recombined with the boosted syrup with lime juice added to taste before being bunged in the sobettier.

      Technical relevance, the top removable stirrer motor tips forward these days cutting its power so I used epoxy to glue metal washers into the cover to keep it upright. It needs one more washer and it should be perfect again. Beats balancing tinned goods on the arse end of the motor.

      1. Anomalous Custard

        Re: Identity theft is a bummer

        I briefly thought I'd wandered BTL on The Graun for a moment...

        What does jackfruit taste like? I've never quite managed to feel brave enough to try!

        1. A.P. Veening Silver badge

          Re: Identity theft is a bummer

          What does jackfruit taste like?

          Like jackfruit, it has its own taste, but it is good. A complete fresh jackfruit (about 2 KG) has a tendency to disappear within hours here (two adults, two young sons).

        2. John Gamble

          Re: Identity theft is a bummer

          I've only ever had the canned variety, but it was quite good in the drink that was made in the Vietnamese restaurant I went to (non-alcoholic, although I'm sure someone can come up with a spiked version). It was jackfruit, sweetened condensed milk, and ice, all put into a blender.

          Hmm. I need to get to the store.

    3. Anonymous Coward
      Anonymous Coward

      Re: Identity theft is a bummer

      It is, ever since it happened to me I'm now known as Brenda.

    4. Danny 2 Silver badge

      Re: Identity theft is a bummer

      It was my birthday recently, and both my first love and my ex-fiancee sent me congratulations three days later. I'd been sad for three days, then confused until I remembered I always used to lie about my birthday. To avoid dumps. And my first pet was my mums maiden name. And I don't have a bank account. I'm a honeypot trap for scammers.

      [Edit: Oh Muscleguy, I bought frozen Durian fruit from the Leith Walk Chinese supermarket and left it in the High Riggs Job Centre. It doesn't smell when it is frozen, just when it thaws. Trust me, they deserved it]

  6. David Roberts
    Holmes

    Moving house

    If you move in the same area you can keep your landline phone number (still useful at times).

    It was years after we moved before we stopped getting unsolicited calls quoting our old address.

    Come to think of it, we haven't had any calls quoting our new address.

    That might narrow down the source a bit.

    1. Captain Hogwash Silver badge

      Re: same area you can keep your landline phone number

      You can get virtual (SIP) numbers with geographic STD codes which you can keep even if you move out of the area. I use one of these for friends & family who want to call a landline (cheaper than mobile from landline or if on PAYG mobile.) The actual landline number is given to business & officialdom then shunted directly to voicemail without causing my phone to ring. This avoids being bothered by spammers, scammers and any business who hasn't taken their responsibilities toward TPS registered numbers seriously. It also makes the "landline" usable from any location via a smartphone app. Oh, and the audio quality knocks real landline into a cocked hat. But you could do all of this with two virtual numbers and just ignore the actual landline.

      1. Doctor Syntax Silver badge

        Re: same area you can keep your landline phone number

        "The actual landline number is given to business & officialdom then shunted directly to voicemail without causing my phone to ring."

        Just wait until you need hospital appointments. Or even better, have a hospital appointment that's cancelled on the day because of an emergency.

        1. My other car WAS an IAV Stryker

          Re: same area you can keep your landline phone number

          I have a VOIP (Vonage) line for the house set on "do not disturb". Too many scam/spam calls to keep live, so it's shunted straight to voicemail.

          But being Vonage, I get a push notification on my phone (usually) plus email and SMS copies of the voicemail transcript (email also has an MP3 attached). If they care about us enough to leave a message, we'll know.

          Also, the really important numbers (kids' school, main doctors) have our cell phones as alternate contacts and WILL try those after leaving VM on the house (Vonage) line.

        2. Captain Hogwash Silver badge

          Re: Just wait until you need hospital appointments

          The voicemails are automatically emailed. If it's somebody who actually needs to speak to ME, rather than an unsolicited sales call or scam, then they will leave a message. The bad guys don't tend to bother. If I ever do need to be in frequent contact with an organisation there is the possibility of providing them with a dedicated number.

        3. Anomalous Custard

          Re: Just wait until you need hospital appointments

          My local hospital and my GP use my mobile number. Although for a while the local pharmacy used to text the landline to let us know a prescription was ready.

    2. Amentheist
      Devil

      Re: Moving house

      Re: narrowing the source down whenever I supply a gmail address I put dots in different places

  7. Doctor Syntax Silver badge

    "So it got me thinking it ought to be possible to upload harmless but misleading photos to social media and let the hackers and spammers get on with it."

    I doubt they check much - just fire off emails. All of which reminds me I must change my very obviously eBay-specific email address and set the old one to bounce. After all, the real eBay aren't going to email me to click on some link to fill in a customer survey and offer to reward me with an Amazon voucher.

  8. Anonymous Coward
    Anonymous Coward

    “No one wants to hire a tit.”

    I regularly hire them. Sometimes they even work.

    1. Anonymous Coward
      Anonymous Coward

      Re: “No one wants to hire a tit.”

      I can, but I have to hire them in pairs.

      1. tim 13

        Re: “No one wants to hire a tit.”

        Three's a crowd

  9. Warm Braw Silver badge

    No one wants to hire a tit

    And yet they do, in large numbers. Perhaps you just need to add a few zeroes to your salary expectations. You'd probably hate all the jobs you're offered, though.

    1. Alister Silver badge

      Re: No one wants to hire a tit

      And yet they do, in large numbers.

      But usually only if they come as a pair...

  10. Andy Non Silver badge
    Flame

    No matter how careful you are...

    some organisations make it easy for ID theft. I only discovered a couple of years ago that Companies House have made available online (free of charge and to anyone anywhere in the world) scans of documents giving my full name, address, date of birth and images of my signature and similar for my wife. I queried this with the data protection registrar and apparently Companies House are currently legally required to publish all this information. Terrific!

    1. H in The Hague Silver badge

      Re: No matter how careful you are...

      "... Companies House have made available online (free of charge and to anyone anywhere in the world) scans of documents giving my full name, address, date of birth and images of my signature ..."

      Their Dutch colleagues used to do something similar which was greatly appreciated by fraudsters. Now they black out some of the information (esp. the signature). If you want to check that you have to turn up in person at a "Kamer van Koophandel" office to see the unredacted form of the company registration documents.

    2. Franco Silver badge

      Re: No matter how careful you are...

      It truly scares me just HOW MUCH junk mail I started to receive when I registered my limited company. You'd like to think that Companies House were more selective about who can get access to your address, but they seem happy to give it to any old clown who thinks that someone in IT will purchase their services via an unsolicited flyer.

    3. Ken Hagan Gold badge

      Re: No matter how careful you are...

      Is there a lawyer in the house?

      If I changed my signature to the word "none", neatly printed, could I insist that people accept it as my signature and could I then simply deny that my signature on a document was proof of anything?

      I ask, because if forging a signature really does just become a matter of cut and paste, like typing my name, then it *is* worthless as an authenticator and so there is surely some incentive for people to try to make it *obviously* worthless and for the law to accept that it is worthless.

      1. Andy Non Silver badge

        Re: No matter how careful you are...

        I significantly changed my signature since the discovery, so at the very least I can point to the fact my "old" signature has been put into the public domain and is effectively worthless as an authenticator. I can claim that any documents since "signed" with that signature are fake. Whether that would stand up legally I don't know. The tricky bit is remembering to sign documents with the new signature after using the old one for fifty years!

      2. swm Silver badge

        Re: No matter how careful you are...

        There was a case where an American embassy clerk in Poland would sign documents with just a line in the signature space. Another worker was forging this signature for visas etc. When caught, the forger claimed that drawing a line was not forgery. I don't know how the case was decided.

      3. Aussie Doc
        Coat

        Re: No matter how careful you are...

        I use 'None' to sign just about anything.

        Oft times folks seem to just be happy to see something 'there' because their rules say the space cannot be left empty.

        Such a waste when you're told to use your finger to electronically sign for some parcel or other.

        Real fountain pen's in the other pocket leaking ink.

    4. Anonymous Coward
      Anonymous Coward

      Re: No matter how careful you are...

      Companies House data is "public", but that doesn't mean it is no longer "personal", especially if you're there as a sole trader. You can still take action against anyone storing and processing that data illegally, for example without your consent... The ICO is inundated with complaints about it, but if you get bored you can always just take them to court for damages (after checking their entry in Companies House to find the boss).

      I am also having an ongoing discussion with CH regarding what they're doing to stop spidering of their site, which is relatively easy to detect by them. They have a public obligation to publish, but they need to do it in a way which doesn't unreasonably endanger our privacy.

      There's a story in this - incompetent CH site design leads to massive breech of privacy of anyone who's ever been a director.

  11. Andytug

    Problem is it's only a matter of time before someone makes giving false metadata an offence...

    As you must have something to hide, right? Think of the children you must be a terrist, etc, etc.

    You WILL be monetized like it or not, which is the real reason. Corporation governments don't like people they can't steal money from...

    1. Anonymous Coward
      Anonymous Coward

      Re: Problem is it's only a matter of time before someone makes giving false metadata an offence...

      I keep nine current alternative email addresses, five alternative physical addresses, and four alternative phone numbers. The email addresses will eventually get read, but they have no relationship to anything valid.

      In spite of all I do, I've been peppered with the most common robo-calls on my business phone. Despite the laws making such activity illegal, I still get them. I guess the police are useless now.

      It will be techno "toadies" like us who will begin to zap call centers with our lasers from space. I don't expect that to create any police interest, either.

  12. jelabarre59 Silver badge

    An eye-full

    I figure the next thing is to start posting pistures with fake elements and reflections pasted in. Maybe a reflection of the Eiffel Tower (get it, eye-full?) in your eyeball. Or go for the Twin Peaks reference and use a Harley-Davidson headlight.

    1. A.P. Veening Silver badge

      Re: An eye-full

      Just paste that Eiffel Tower in one eye, the Taj Mahal in the other and the Sydney Opera House in that mirror, while the exif puts you in Santiago (no further specification whether it is Santiago de Chili, Santiago de Compostella or one of twenty odd other ones), while posting from some other, undisclosed location.

      1. Aussie Doc
        Big Brother

        Re: An eye-full

        Damn, my secrets are out.

        As an aside, didn't The Reg have a story recently about a singer or something who was stalked/assaulted by said stalker who tracked her from her persistent selfies that had 'useful' reflections in her eyeballs or something?

        Was able to narrow down which apartment she lived in and all.

        1. A.P. Veening Silver badge

          Re: An eye-full

          That is referred to here in the comments.

  13. holmegm Bronze badge

    "before social media was discovered by ultra-right-wing snowflakes whose fragile masculinity is threatened by 15-year-old schoolgirls."

    I personally don't find that using a 15 year old girl as a human shield for one's politics speaks much of masculinity either, but hey, to each their own.

    1. Anonymous Coward
      Anonymous Coward

      "before social media was discovered by ultra-right-wing snowflakes whose fragile masculinity is threatened by 15-year-old schoolgirls."

      ...and if your 'fragile masculinity is emboldened by '15-year-old schoolgirls' you still won't look good in the eyes of your peergroup.

      Leans out of the banged up old Rolls Royce with a bottle in your hand and yell 'scholars'

      - Withnail & I reference

  14. Venerable and Fragrant Wind of Change

    Oldfashioned spam ain't targeted

    I make no efforts to leave a false trail, nor to hide where I live. A Reg reader who could be arsed will find sufficient information to figure out who I am and where I live, and a fair amount about my interests and activities. Hiding that seems futile: if the Assassins Guild were to get a commission on me, they could already track me down by more traditional means.

    I still get spam in a range of languages, some of which I can't even read. In fact I think most of it is foreign and firmly aimed at inhabitants of other countries (indeed, often continents), possibly because my spam filter speaks better English than Russian, Korean, Arabic, or .... dammit, even Spanish. So no surprise when my prize is denominated in OZ$, or any other currency I may or may not have heard of.

    1. Anonymous South African Coward Silver badge

      Re: Oldfashioned spam ain't targeted

      Also can't be arsed to clean up breadcrumbs scattered all over the place.

      The Assassins Guild have very competent employees, yet I'm not dead. Yet.

      Because if they want to track you, they'll devise ways and means to do so, and then it'll be extra arse work ensuring you sanitize your history properly.

      Naaaa.

      If I google myself, I can still find old and odd stuff I've posted all over the Net, and to clean that up, nah. Got better things to do with my time than stressing over such things.

  15. James Dore
    Happy

    <misty eyed>

    Aaaaahh. NTK, of Blessed memory. Marvellous, and no frigging graphics to clog up your browser.

    1. Uncle Slacky Silver badge
      Thumb Up

      Re: <misty eyed>

      "Sufficiently Advanced Technology: The Gathering" needs to be revived somewhere...

    2. David Given
      Thumb Up

      Re: <misty eyed>

      I went to one of their conferences! Can't remember which one, though, the brain cells have decayed over the years, but it was great. We need more of that kind of thing.

      I just keep telling myself that just because they haven't posted an update for almost 13 years doesn't mean they're _completely_ dead. Please?

    3. CowardlyLion

      Re: <misty eyed>

      Seconded. Still the proud owner of an NTK tee shirt.The "Elite" one.

  16. Anonymous Coward
    Anonymous Coward

    The worst case of "spamming" I ever experienced came almost 30 years ago - well before myspacebook and big data base leaks, et al. Apparently hell hath no fury like a company scorned, because a person with my name decided to run up amazing bills at places from retail to school loan companies, and for years I would get called by collection agencies trying to get me to pay for "my" defaults. Took a lawyer to stop that one; it was and apparently still is totally legal for companies to share any information they have on anyone with the same name in their records as the person who came, got credit, and left. I wonder how many companies are still trying to call my long disconnected land line......

    1. Andy Non Silver badge

      Something similar happened to me. I started getting phone calls and letters from a company about overdue invoices regarding a company with a very similar company name to mine and they were also only based a few miles away. Sounded like a fly by night company that appeared, bought a load of computer equipment then closed down and disappeared just as quick. Luckily the company defrauded quickly figured out that they'd screwed up and my company wasn't the one they'd been conned by; so no lawyer necessary.

  17. Mad Chaz

    When I got my new cellphone number, I kept getting treatening calls for the previous owner of the number. Things along the line of 'pay up or we'll see you in court!'

    That I told them said name didn't exist at this number wasn't working. So I basically told them to 'put up or shut up and I'd be happy to have my day in court'.

    Somehow, that stopped them dead after the first try.

    1. Anonymous South African Coward Silver badge

      Recycling numbers can be a real PITA. I got a SIM with a recycled number, and got allsorts of spam SMSes. I just reported that as spam via official channels (they never added an opt-out link to those SMSes) so it is their problem now.

    2. BeerTokens

      I've always wondered if anyone has had a call from a dead friend/relative because of recycled numbers.

      1. Martin-73 Silver badge

        There have been several stories recently about people who continue to text dead relatives (it's comforting on an emotional level) and getting really nice responses from the person who got the recycled number.

        having a person with your own dead relative's recycled number call YOU, would be many many times less likely

  18. Anonymous Coward
    Anonymous Coward

    Wild metadata...

    Just post some pics of weird things, and use location data for REALLY interesting places (center of the Pentagon, or area 51) and see what "happens". Posting pictures of places that don't like pictures would be VERY interesting.

    Sorry, I haven't done this, but it would be a tempting thing.

    Given where I work, I must be anon. Give my regards to Ft. Mead!

    1. A.P. Veening Silver badge

      Re: Wild metadata...

      The center of the Pentagon is not nearly as interesting as the E-ring, 200 feet down.

  19. Fruit and Nutcase Silver badge
    Joke

    No more Bond

    Getting recognised everywhere he goes, Alistair has given up his tuxedo and can be found most afternoons at a cafe somewhere in France, disguised as an Onion Seller.

  20. Spamfast Bronze badge
    Coffee/keyboard

    ultra-right-wing snowflakes whose fragile masculinity is threatened by 15-year-old schoolgirls

    Thanks again for tea through nostrils, Mr. Dabbs.

    The downside is that we're still paying these twats (or dicks if you prefer male organ based perjoratives) far too much salary and far, far too much for expenses.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019