back to article Americans cutting back on online activity over security and privacy fears

Nearly half of all Americans have not carried out a normal online task because of security and privacy fears, according to a new survey by the US government. Forty-five per cent of the 41,000 households contacted said they had decided not to do online banking, or buy goods online, or post on social networks because they were …

  1. Andy Non Silver badge

    It's not surprising.

    There are ongoing data-breaches and zero day exploits and dodgy practices by various software vendors, websites, social-networks and (ahem) OS providers all keen to pawn your personal data.

    Personally I have switched back to paper based bank statements and letters, in part due to my bank's website (Halifax) being buggy and frequently hanging, eventually giving error messages about an unresponsive script. I do use Firefox on Linux Mint so I'm guessing the bank has done something stupid with its scripts and made them OS or browser dependent rather than OS and browser agnostic.

    As for Windows 10, I wouldn't touch a sensitive site with a barge-pole using that OS, despite having disabled as much of the visible telemetry as possible. Same goes for Android, there is no telling how up to date the OS is as the manufacturer is tardy with security updates to say the least.

    Online trust is in short supply.

    1. Paul Crawford Silver badge

      Re: It's not surprising.

      Upvote for most points.

      I also use Halifax with Firefox & Linux but only occasionally and had no big problems. But sticking to paper statements...

      1. Anonymous Coward
        Anonymous Coward

        Re: It's not surprising.

        Okay, I'm not an American… but my bank account (through Suncorp) is a passbook account.

        When I wish to withdraw funds or do electronic funds transfer, I do it in-branch. I have no credit card: I do have a debit card, purchased from the post office, and again, to put money on that card, I front up in person to the post office with card and cash in hand.

        Most of the time, that card has less than AU$50… so in the event of a breech, I'm going to lose bugger all.

        I feel I'd be vulnerable to impulse buying if access to money was made too convenient. :-) That, and I studied too much about computer security and software development whilst at uni. I'm painfully aware of how software is often outsourced to the lowest bidder and that computers will do exactly what they are told to do, not what was necessarily intended by the developer.

    2. Anonymous Coward
      Anonymous Coward

      Re: It's not surprising.

      "Personally I have switched back to paper based bank statements and letters,"

      I am seriously considering this as well.

      Two whole months after I informed my credit card issuer of my new mobile phone number, Verified By Visa is sending SMS messages to the old number.

      As it happens I know I destroyed the old SIM card, but what if I'd lost it and it had fallen into mischievous hands?

      This crap never seems to stop.

      1. Anonymous Coward
        Anonymous Coward

        Re: It's not surprising.

        Some banks are no better with postal addresses.

        Many years ago, the neighbours next door moved. They were with the Commonwealth Bank. Years after they had moved, and after many notifications of that fact, we were still hand-delivering letters that had wound up in next door's letterbox.

        1. david bates

          Re: It's not surprising.

          Natwest kept doing this, sending stuff through for the previous owners of the house chasing debts.

          I informed them several times and eventually got them to stop for six months. Then it started again, so I wrote to the data controller, enclosing an invoice for my time.

          They paid, but admonished me for opening other peoples mail (which I did rather than have the bailiffs turn up chasing someone who had moved 5 years previously)

          1. Dr Paul Taylor

            Re: It's not surprising.

            Lloyds keeps sending stuff to (presumably) the lodgers of the previous owners of my house. After I had delivered a letter by hand to the relevant branch, they sent two Visa debit cards. When I made a formal complaint they said they had done nothing wrong and refused to search for my address and remove it from their database. When I made preliminary enquiries to PRAwhistleblowing@bankofengland.co.uk, consumer.queries@fca.org.uk, enquiries.europe@visa.com and casework@ico.org.uk, they all passed the buck.

            Banks could not give a t*ss about their customers' information security.

            As for pursuing every complaint as far as the ECJ, when the banks do this to us every day, how can you possibly have the emotional energy, let alone the money, to do such things?

            1. Anonymous Coward
              Anonymous Coward

              Re: It's not surprising.

              As for pursuing every complaint as far as the ECJ, when the banks do this to us every day, how can you possibly have the emotional energy, let alone the money, to do such things?

              That's actually easier than you think, provided you keep a few things in mind:

              - Exactly because it happens so often, you are not alone. Even if you only find 3 other people to follow the same route you will start drawing attention because you're not only hitting a bank with a quite reasonable demand, you are also opening the door for press asking regulators why they are not acting. Key is remaining reasonable, because the bank in question will do anything to paint you as a loon who couldn't manage his finance if given a manual - nothing pisses off a bank more than someone who cannot be riled and so dismiss themselves in public.

              - The moment it's more than just you, the bank can no longer play the drawn out game because the regulatory thing also becomes a political playball. You're stirring a cauldron that has political implications - in other words, you start causing pain to people who have the power to act.

              - The press is on your side. As a general rule of media management, the press tends to side with the weaker party, especially in the light of the continuation of massive bonus payments to board members of banks that offer shoddy service - you're providing more argument for the claim that they are unjustified.

              - There is nothing a bank is more afraid of than having especially NON-senior members drawn into court cases, because bank staff is always deemed to talk on behalf of the bank but the lower slobs will have had no training to do so. So, although you're hitting senior levels, the person you try and get to court is the person the bank alleges to be responsible for your account. If you're a normal person, that isn't a bank manager but some person lower down who is basically an administrator in a suit. The bank will NOT want this person in court, ever, because they could be turn out to be too honest.

              You have to decide amongst the people you gather what you want as outcome, though, because the first thing that will happen is that some chap will knock on your door in the evening with an envelope of cash and an agreement containing a gagging clause to make you go away. If that is what you're after, don't start the above because the press will find out and YOU will be vilified instead (two reasons: you cashed in, and -most importantly- you ended a story that could have run and run).

              It's a shame I don't live in the UK. If this had happened to me you would have had a group to join who knows to play that game, and for me it's actually quite fun entertainment, mainly because I have a fairly dark and evil sense of humour.

            2. FrogsAndChips Silver badge

              Re: It's not surprising.

              PRAwhistleblowing@bankofengland.co.uk, consumer.queries@fca.org.uk, enquiries.europe@visa.com and casework@ico.org.uk

              Added to the contacts book, thanks.

          2. Anonymous Coward
            Anonymous Coward

            Re: It's not surprising.

            Re

            They paid, but admonished me for opening other peoples mail.

            Under the Postal Services Act 2000:

            “A person commits an offence if intending to act to a person’s detriment and without reasonable excuse, he opens a postal packet which he knows or reasonably suspects has been incorrectly delivered to him.”

            Perhaps they need a new lawyer?

            1. not.known@this.address
              Facepalm

              Re: It's not surprising.

              Re

              They paid, but admonished me for opening other peoples mail.

              Under the Postal Services Act 2000:

              “A person commits an offence if intending to act to a person’s detriment and without reasonable excuse, he opens a postal packet which he knows or reasonably suspects has been incorrectly delivered to him.”

              Since that bad debt will remain on the person's credit history until paid off (and also probably as a black mark against your address you might want to check...), it is in the addressee's best interest that you DO open it so you can either forward it to them or notify the sender they have moved if you don't have their new address.

              Not that the sender normally takes any notice. I still get mail from about eight companies for someone who moved away over ten years ago.

              But even more annoying are the cretins who keep phoning to speak to "Paul" - I once asked 'Paul who' as I have a brother and a brother-in-law called Paul and there's always the chance of an honest mistake with a phone number. When they said "Paul West" (not the guy's real surname) and I said he doesn't live there they refused to believe me because I asked which specific Paul out of the millions in the Western world they wanted to speak to, and I would only do that if he lived there...

      2. Doctor Syntax Silver badge

        Re: It's not surprising.

        "As it happens I know I destroyed the old SIM card"

        That doesn't help you. The SIM has a unique number but it's not the mobile number. The mobile number is associated with the SIM by the network. Eventually it will be reassigned to another SIM.

        1. Anonymous Coward
          Anonymous Coward

          Re: It's not surprising.

          "That doesn't help you. The SIM has a unique number but it's not the mobile number. The mobile number is associated with the SIM by the network. Eventually it will be reassigned to another SIM."

          Thanks for the tip. I have actually checked the old number and it comes up as unavailable.

          At the moment. But as you say, eventually it might come back.

    3. Anonymous Coward
      Anonymous Coward

      Re: It's not surprising.

      Online trust is in short supply

      The absolute first thing that trust needs is transparency - no amount of marketing can replace clear, independently validated facts. Our job is easy: finally stop accepting excuses and spin, and make it clear to anyone who holds any kind of data on us (and that includes Facebook and Google) that unauthorised disclosure WILL have consequences, if needed I'm happy to give them the full Max Schrems and push it all the way into the ECJ.

      There IS no excuse. Security isn't a black art, it's an established process with well developed methodologies and it needs adequate resources. Given that security must come from the top I'd say the liability resides there too. If a bank hasn't done enough on security (evidence of which is a mass breach) I'd say as investor that the board as a whole should lose their bonus as that money was clearly taken from the funds required to protect the income of the bank: its victims customers. One year's worth of board level bonuses invested in security should make Forth Knox easier to crack than the bank. Ditto for any other organisation that has a hard on for people's personal details.

      As the political players, we have your measure. Anyone who comes up with more BS about backdooring crypto will automatically lose my vote and it that doesn't help, the party they belong to as well. In addition, any political idiot who invents new excuses not to make the senior level of big companies personally liable for such problems can pack it in as well as far as I'm concerned. The massive salaries these people earn and the cushy contractual parachutes were sold as a risk management measure to the investors, so let them indeed ACCEPT that risk. If they don't want to accept that, fine, off you go.

      It will only take the summary ejection of a few of these for the rest to get the message: no more passing the buck to some poor sod why has been resource starved, it's YOUR neck now so better get it right and stay on top of it.

      Senior level decision, senior level impact, senior level liability. It actually isn't hard - it's just made to look that way.

      1. Doctor Syntax Silver badge

        Re: It's not surprising.

        "Senior level decision, senior level impact, senior level liability. It actually isn't hard - it's just made to look that way."

        Agreed. The only justification for their salaries is the level of responsibility they carry.

    4. Doctor Syntax Silver badge

      Re: It's not surprising.

      Not even paper statements are secure. I've received my own statement along with someone else's.

  2. Stevie

    Bah!

    I shop at Amazon with few qualms but I'd have to be very, very desperate before I'd do any online banking or try and pay a gas or electric bill online.

    The banks have lost my Mortgage related info so many times I wouldn't trust them to secure anything.

    The gas and electric companies want to know all sorts of things about bank accounts before they'll let me do anything online with my company accounts. I have nil confidence that they understand how to keep that information safe and no understanding of why they need it in the first place.

    So I do all emergency gas and electric stuff over the phone, by credit card (which is protected by all sorts of laws).

    1. frank ly

      @Stevie Re: Bah!

      I ask my regular creditors for their bank details and then I call my bank and pay by bank transfer. I've been doing that for about twenty years with no problems.

      1. Stevie

        Re: @Stevie Bah! 4 frank ly

        "I ask my regular creditors for their bank details and then I call my bank and pay by bank transfer. I've been doing that for about twenty years with no problems."

        And Azathoth help you if there is a problem, as you wait for statutory periods measured in x working days for things to "sort themselves out" that don't include Friday afternoons, Monday mornings or weekends.

        Been there, done that. Watched it happen to others right here in the comments of El Reg.

    2. Voland's right hand Silver badge

      Re: Bah!

      I wish I could afford such Luddite approach. Unfortunately I cannot as I have old ongoing "retirement site" projects in another country as well as old relatives to support there. So I have no choice but to pay all bills there electronically as well as regularly pay various people (builders, insurer, security, etc) by bank transfer.

      Similarly and for the same reason I am regularly out of the UK for months at a time - if I rely on getting paper for anything I will not pay stuff on time and/or not be able to pay it from abroad.

      So all I can do is mitigate the risk and do exactly what the survey has observed - limit my activity online to minimize the risk of a data breach:

      1. Bank. I would suggest changing the bank and/or credit card company if they are data/security/online (or all of) clueless. I fired HSBC a few years back for that. In the UK Nationwide are pretty good (so far). Abroad - the situation gets better the higher the security threat. The most clued up banks I have dealt with were in Eastern Europe (they have to be - to survive). The ones in biggest need of a clue bat are in the USA.

      2. Shopping. Use as few online shopping sources as possible. You may loathe Amazon, but it is pretty good at keeping your data safe as well as allowing third parties and merchants only enough data to complete a transaction. Ditto for booking.com - it is universally hated by all hotles, but it mitigates your risk when setting up travel.

      3. A continuation of 2 - never ever shop trawl for a cheaper bargain outside the "well lit" areas. Google can show as many prices as they like when I search. Stuff 'em.

      4. Adblock on all machines, no-script where applicable and a transparent proxy with AV for the whole house.

      5. No financial transactions or banking apps on Android, iPhone, etc. Sorry, their security is nowhere near a well maintained Linux box with Firefox armed to the teeth with no-ad/no-script extensions,

      6. If available in the country (unfortunately I have seen it only in Eastern Europe), payment of utility bills through a 3rd party payment processor/aggregator which uses 2FA. For example - the local equivalent of PayPal in Bulgaria has had a fantastic (and rather bombproof) system to do that for nearly 10 years now.

      1. Stevie

        Re: Bah! 4 Voland

        I don't think you read my post. I don't "loathe Amazon", quite the reverse.

        And when I said "computer" I meant "computers wherever they may hide; phones, ATMs, hearing aids, whatever".

        I do not bank using a computer. My computer may be compromised. The bank's has had an alarming history of being compromised. Hard (not impossible but improbably hard) to hack a random phone conversation and best of all, legal protections on Credit Card that do not exist for any of the other payment models available to me.

    3. find users who cut cat tail

      Re: Bah!

      Could you explain the part about utility companies? In this part of the world I pay electricity, gas, ... everything by telling my bank ‘send this fixed amount to this account every month‘. And that is all. Then there is annual accounting when I (typically) get a small amount back because the monthly payment is (typically) a bit higher than actual average cost.

      1. Voland's right hand Silver badge

        Re: Bah!

        Could you explain the part about utility companies?

        In Bulgaria any attempts of utilities to collect money directly online has failed. They collect money either via the local (and quite successful) PayPal rival epay.bg or its competitor EasyPay set up by the banks.

        Both have realtime data feeds from every utility and most city councils. Both give you detailed electronic monthly bills. Both allow you to both pay for pre-paid services and pay bills. Both have integration to most ATM cash machines for some of the services including initial authorization, etc.

        Epay also serves as a local PayPal equivalent allowing person to person transfers. As they do all the 2FA, insurance, etc a lot of companies do not even bother to do online payment processing - they just integrate with them. For example - even the incumbent airline will not take cards online - it will redirect you to Epay.

        That is somewhat equivalent to what has happened in the UK with worldpay, with the difference that it requires you to have an account and actively uses 2FA to ensure that it is you who is authorizing anything. Worldpay should have done that in the UK, but they never had the guts to try that. Also, AFAIK, Visa/Mastercard and the banks actively prevented them from doing it before RBS bought them. Once they were bought that idea was buried to never rise again.

        As far as I know, Bulgaria is not unique - other ex-soviet block countries have similar systems. They were all marked as high fraud risk in the 90-es and early 2000-es which resulted in difficulties for any local company to set up Visa and MasterCard processing. This allowed rival (and much better) systems to emerge. Compared to them what is used in USA (and to a lesser extent UK) looks like distinctly stone age tech.

      2. Stevie

        Re: Bah! 4 find users who cut cat tail

        But if there's malfeasance in a standing order *I* have to find it and bring it to the bank's attention or I'm quids out whereas *The Credit Card Company* will detect and inform me of misuse.

        Not sure why people want me to do things the vulnerable, expensive and hard way.

  3. Eddy Ito

    The very large pink elephant in the room

    Being online largely doesn't matter. Many of the hacks such as Target and The Home Despot were directed at the POS terminals in the stores so not shopping online doesn't really help. I'd wager that it isn't much safer banking only offline as it wouldn't surprise me if it wasn't the very same system that the teller uses at the window as you use online with perhaps a different UI. In the end it comes down to whether the crackers attack you or the teller.

    P.S. Just for added comfort, you forgot the U.S. Gubbermint's inability to secure data as well. See the OPM breach.

    1. Anonymous Coward
      Anonymous Coward

      Re: The very large pink elephant in the room

      If you don't bank online and just go with paper statements you don't even know your bank account is being milked till the statement arrives or rather it doesn't because the identity thieves have registered a different address so your statements, cheque books and cards go to them.

      Check your account online regularly and contact your bank immediately if you can't access your account or you notice any discrepancies.

      1. Anomalous Croissant

        Re: The very large pink elephant in the room

        If you're with a bank worth their salt, you'll get a phonecall to verify any suspicious looking transactions.

        1. Yet Another Anonymous coward Silver badge

          Re: The very large pink elephant in the room

          "If you're with a bank worth their salt, you'll get a phonecall to verify any suspicious looking transactions."

          There is a distinct NaCl deficiency with banks over here.

          Found a dozen $1000-$2000 flights in europe on my credit card and phoned the bank to alert them.

          So the $10,000 flights to South Africa and Australia weren't yours either?

          What $10K flight ??????

          Oh sorry, we spotted those as fraudulent and removed them.

          So you cancelled a bunch of $5k and $10k fraudulent transactions, but decided that all the ones for $1K and $2k at the same time were legitimate?

          Yes, because they were under the fraud limit.

          What's the fraud limit amount - just out of interest?

          Oh, we ca't tel you that - for security !

    2. Anonymous Coward
      Anonymous Coward

      POS system breaches don't matter if you use EMV

      If you pay by inserting the card, or via Apple Pay/Android Pay, they don't have your real credit card number so a POS breach doesn't matter. The most they'll get is your name, if you give them other information like your phone number or email address that's your own fault.

    3. Ole Juul

      Re: The very large pink elephant in the room

      "I'd wager that it isn't much safer banking only offline as it wouldn't surprise me if it wasn't the very same system that the teller uses at the window as you use online with perhaps a different UI. In the end it comes down to whether the crackers attack you or the teller."

      I bet you're right. I haven't seen the teller's UI, but when we talk it sounds like the same stuff I work with, only having some deeper admin controls. I've been banking on-line for a long time and can't see it being less safe than going to the bank. It's the same account, after all. Actually, I wouldn't be surprised if in-person banking exposes you to a larger attack surface.

    4. Anonymous Coward
      Anonymous Coward

      Re: The very large pink elephant in the room

      Being online largely doesn't matter. Many of the hacks such as Target and The Home Despot were directed at the POS terminals in the stores so not shopping online doesn't really help

      Yep, and malware on the POS terminal takes physical notes and coins out of your wallet how?

      1. John Bailey

        Re: The very large pink elephant in the room

        "Yep, and malware on the POS terminal takes physical notes and coins out of your wallet how?"

        By exploiting the digital gap between your pocket and your bank account..

        And probably drones with AI.

        1. Anonymous Coward
          Anonymous Coward

          Re: The very large pink elephant in the room

          By exploiting the digital gap between your pocket and your bank account..

          I find it incredible that malware on a POS terminal could achieve this, as the POS terminal at a shop is not involved in that transaction.

          And probably drones with AI.

          This seems a little incredible just at the moment too.

      2. Eddy Ito
        Go

        Re: The very large pink elephant in the room

        Yep, and malware on the POS terminal takes physical notes and coins out of your wallet how?

        Well, I suppose if you cashed the check in person at the bank it was drawn upon you could get the full amount without having any deposited or even an account so that would cover you for any malware at the bank and paying cash for everything would protect you at the POS terminals. All you need do is avoid the shifty looking fellow with the alley apple who has undoubtedly noticed that your pockets are brimming with untraceable bank notes.

    5. Anonymous Coward
      Anonymous Coward

      Re: The very large pink elephant in the room

      The online website is often many times of magnitude more secure than the tills.

  4. Florida1920

    Maybe they could sic the MPAA on it

    Assuming NSA is busy elsewhere.

  5. Anonymous Coward
    Anonymous Coward

    For weeks now the Barclays Bank web site has had an interesting glitch on FireFox - no matter how up-to-date it is. Just one page does not render properly - giving plain text as if its CSS is missing.

    Unfortunately that page is the one that allows you to look at your transactions and make online payments. Amongst the many text links on that page there is not one that says "report page problem". You can't even logout, navigate, or do a "back" to the previous page. It is hoped that the resulting unwanted disconnection does the logout cleanly.

    1. ecofeco Silver badge

      Websites with viable contact information and problem reporting? Oh how... plebeian. Who do you think you are? A valued customer or something? /s

      No joke. In the U.S. it is the law that when your money is in the bank (or similar) it is now the property of the bank. If your account isn't sporting large sums, they WILL find ways to fuck you over. (manufactured overdraft fees being now the largest revenue source for banks) In fact, it's the banks I trust the least.

      Yeah, don't get me started.

  6. Anonymous Coward
    Facepalm

    Legislation

    Until companies are legally liable in a way that they cannot afford to be, then data loss is cheaper than data security.

    1. fidodogbreath

      Re: Legislation

      "Until companies are legally liable in a way that they cannot afford to be, then data loss is cheaper than data security."

      Sad, but true....

    2. ecofeco Silver badge

      Re: Legislation

      But that would be government interference in the free market! /s

  7. Anonymous Coward
    Anonymous Coward

    Declining internet use for business transactions...it has a name, The TalkTalk effect

  8. Captain Badmouth
    FAIL

    Re: It's not surprising.

    As regards the Halifax log-in page, what the hell are they doing with scripts from doubleclick.net, webtrendslive.com and tiqcdn.com as well as their own? Temporarily enabling all 3 with noscript results in the tiqcdn script vanishing to be replaced with a download of this script :

    https://marketing.halifax-online.co.uk//halifaximages11/%3Chtml%3E etc.

    I can't show the whole script as I run into a captcha in order to post (and so it doesn't).

    And, as you say, the page hangs and reloads intermittently.

    WTF are they playing at? The same thing happens on the Lloyds bank website, part of the same group? Here is the js function property, active x :

    javascript__(function(){function i(){if(typeof

    XMLHttpRequest!='undefined'){return new XMLHttpRequest()}try{return new

    ActiveXObject(_Msxml2.XMLHTTP_)}catch(e){try{return new

    ActiveXObjec.join(_&_)}function k(a){var b={},d=(a

    1. Captain Badmouth

      Re: It's not surprising.

      Of course LLoyds and Halifax are part of the same group. Doh.

    2. Andy Non Silver badge
      FAIL

      Re: It's not surprising.

      @Captain Badmouth, its reassuring that more than me are experiencing bugs with the Halifax bank website. One would have thought they'd properly tested it before unleashing buggy site code. This problem has been going on for many months now. They don't provide any way of reporting it to someone relevant either, so the site developers likely don't even know their site is faulty. Its a case of put up with their site hanging or switch to another bank or simply minimize the frequency of visits, as I've now done by switching back to paper based statements and letters. Pretty crap really.

    3. Steve Knox
      Boffin

      Re: It's not surprising.

      Well, the reason for this part's pretty obvious:

      javascript__(function(){function i(){if(typeof

      XMLHttpRequest!='undefined'){return new XMLHttpRequest()}try{return new

      ActiveXObject(_Msxml2.XMLHTTP_)}catch(e){try{return new

      ActiveXObjec.join(_&_)}function k(a){var b={},d=(a

      They've got to maintain IE4 compatibility, of course.

      1. Captain Badmouth
        Pint

        Re: It's not surprising.

        @Steve Knox

        Thanks for the explanation. I knew someone with js know-how would show up. :)

        Have a Saturday evening pint.

      2. ecofeco Silver badge

        Re: It's not surprising.

        Steve Knox. Dear god! That's insane!! WTFF?

    4. Anonymous Coward
      Anonymous Coward

      Re: It's not surprising.

      Nationwide titletattle to omniture, part of Adobe.

    5. Anonymous Coward
      Facepalm

      Re: It's not surprising.

      @Captain Badmouth: "What the hell are they doing with scripts"

      Scripts wouldn't be a problem if they only worked within the sandbox of the browser.

      1. Anonymous Coward
        Anonymous Coward

        Re: It's not surprising.

        Scripts wouldn't be a problem if they only worked within the sandbox of the browser.

        And only communicated with the fi, then if the data is sent to a third party, the fi is liable.

        The fi's always try to push the blame on the customer, suggest you go here for some interesting insights

        https://www.lightbluetouchpaper.org/category/banking-security/

  9. Palpy

    And I thought I was an anomalous holdout --

    -- until I read what you other commentards were doing.

    I went to paper checks a few months ago, and paper statements long before that; I have purposely never set up an online account with my credit union. There should be zero logons on my account.

    I do use plastic cards, though no longer for bill paying. Perhaps I should split my banking between two credit unions -- one serving as a capital repository, with no card or checking activity; and a second for day-to-day transactions, obviously holding only a limited amount of money. Dunno.

    As far as security concerns hampering the free exchange of ideas online -- I'm dubious. The numbers say more people are concerned about identity and financial theft than are concerned about exchange of ideas.

    Research papers seem to be more and more available online, not less. (And "hampering" there appears to be due to squabbles about information ownership, not security -- see Sci-Hub versus Elsevier on El Reg. I can see that "controversial opinions" expressing the desire to blow up government buildings, assassinate heads of state, or hunt down and slaughter all members of XYZ minority group might be chilled by security concerns, yes. Is that really a big negative? But hampering of free exchange of interesting and enlightening ideas? What ideas are you talking about, exactly, Mr. Goldberg? Be precise. For bonus points, list specific examples.

    Of course the banking industry can be expected to wail about a retreat from online account management -- use of paper checks and paper statements means processing costs for them. I can see that as a behind-scenes factor in a US Dept. of Commerce opinion piece.

    As far as fewer people shopping online, that would seem to mean more economic activity for local storefronts -- ameliorating a trend much bemoaned by traditional businesses. Cui bono?

    1. Steve Davies 3 Silver badge

      Re: And I thought I was an anomalous holdout --

      Good luck trying to use Cheques on this side of the Pond (in the UK). Most retailers don't accept them anymore.

      I find it quaint when I see them being used so widely in the USA. Cheque books are very easy to steal and it is childs play to produce a fake driving license to match the name on the cheques.

      Perhaps, one day the banking system in USA might move into to 20th Century let alone the 21st. Out of state cheques and credit cards are still a problem in some places. Doh!

      1. ecofeco Silver badge

        Re: And I thought I was an anomalous holdout --

        Perhaps, one day the banking system in USA might move into to 20th Century let alone the 21st.

        Why would they when they can fail and still be rewarded? You simply will not ever beat that kind of corruption.

  10. bombastic bob Silver badge

    credit vs debit card

    Related to this is how the American banking laws protect credit cards BETTER than debit cards.

    As it turns out, if you use a CREDIT card to pay for something online (from an American bank), you can reverse that charge pretty much 'for no reason' within ~30 days of getting your statement, and the money won't go to the vendor [or scammer]. As I understand it, the USA is the only country that does this. And, for this reason, I do *NOT* use debit cards for online purchases. That way if I'm ripped off I can reverse the charge. Also card holders are only responsible for $50 on scams.

    but it's a LOT harder to get your money back for debit cards, or from a fraudulent e-check, or any kind of direct access to your bank account. not sure what happens in those cases.

    I got new debit cards right away after both the Target and Home Depot breaches. The bank gladly handed them out when I went there in person to get them re-issued, barely any waiting, like they were waiting for me.

    1. Captain Badmouth

      Re: credit vs debit card

      Credit cards better protected in the uk as well.

  11. John Brown (no body) Silver badge

    It's all about the profits

    One thing needs to be done.

    1) Retailers etc need to increase security *before* they get hacked instead of saying they are increasing security *after* a breach

    2) Advertiser networks need to take security and malware seriously.

    Sorry, I meant TWO things need to be done.

    1) Retailers etc need to increase security *before* they get hacked instead of saying they are increasing security *after* a breach

    2) Advertiser networks need to take security and malware seriously.

    3) Flash need to killed deader than a dead thing.

    Sorry, I meant THREE things need to be done.

    1) Retailers etc need to increase security *before* they get hacked instead of saying they are increasing security *after* a breach

    2) Advertiser networks need to take security and malware seriously.

    3) Flash need to killed deader than a dead thing.

    4) The judicary need to hand down prison sentences to ad clingers and site operators who don't take security seriously.

    Sorry, I meant FOUR things need to be done.

    Bollocks, someone else take over...

  12. Grunchy Silver badge

    I said NO to Facebook

    Facebook is infamous for not deleting anything about anybody, no matter what you say to them.

    Other than that I surf online without any fear.

    I try to keep my postings "anonymous" or "aliased" so that nobody finds out what my true opinion really is, mwa ha ha!

  13. This post has been deleted by its author

  14. Winkypop Silver badge
    Alert

    Be safe online AND on the phone

    I no longer accept unsolicited phone calls.

    None, nada, zip.

    I don't care who they claim to be.

    1. ecofeco Silver badge

      Re: Be safe online AND on the phone

      This should be taught to children. I have to tell my aging parents this all the time. No caller ID? No answer.

      1. Intractable Potsherd

        Re: Be safe online AND on the phone

        "I have to tell my aging parents this all the time. No caller ID? No answer."

        My ageing mum won't pay for caller ID. I regularly get her telling me how often she has answered the phone to some marketer - grrrrrr!

      2. Anonymous Coward
        Anonymous Coward

        Re: Be safe online AND on the phone

        "No caller ID? No answer."

        My doctors' surgery and the local council both use "withheld". I suspect that the former may be for patient confidentiality - by not leaving a trail for other household members.

    2. Anonymous Coward
      Anonymous Coward

      Re: Be safe online AND on the phone

      My bank if they call me, have to provide a pass phrase I have set up for them.

      If they don't, then I terminate the call.

      Whats good for the goose is good for the gander (no thats not the pass phrase!!!)

  15. This post has been deleted by its author

  16. Anonymous Coward
    Anonymous Coward

    Yes, to all the above, and "we accept / make no commitments by e-mail ..."

    ... bleats every .signature file from every bank / financial advisor / solicitor (lawyer) "... because e-mail, by its very nature is insecure and can be modified / hacked / interfered with in transit ..." [only true if you've never heard of PGP / GPG, fsck]

    Sounds like their IT departments / consultants are not even worth the weight of their salary slips / invoices ...

    Yes, I know the Register published an article recently~ish which made the old argument that PGP is too complex for ordinary users to set up (http://cups.cs.cmu.edu/courses/ups-sp06/notes/060202.pdf), though I couldn't find it just now, but setting it up is exactly the job for IT departments / consultants, isn't it ??

    1. ecofeco Silver badge

      Re: Yes, to all the above, and "we accept / make no commitments by e-mail ..."

      Most contracted IT is won by who is known and how undetectable you can make the kickback much discount and how cheap you can get the actual employees who will do the actual work.

      Merit and competency hardly come into play.

  17. Bob Rocket

    won't someone think of the children

    '...beyond the fact that something clearly needs to be done...'

    '...that unless something is done...'

    Here's something.

    Stop collecting the data.

    If there's nothing to steal there's nothing to lose.

    1. ecofeco Silver badge

      Re: won't someone think of the children

      Privatize the profit, socialize the costs.

      What are you, some kinda damn commie-nist! /s

  18. ecofeco Silver badge

    How... predictable

    In the early days of on-line transactions, the sticking point was security and rightfully so. It WAS a problem. Then it was solved. Now it's a problem again. Only now it's everywhere, not just on-line.

    Who can blame the customers? They are not tech people and should not have to be especially considering the level of knowledge required these days to stay safe. It is utterly ridiculous and NOT the users fault in the first place.

    So the natural response is "fuck this shit." Pretty much the same as even the more experienced and tech savvy poster here. Who can blame them?

  19. nautica Silver badge
    Holmes

    What about the real culprits most people consider innocuous; "safe"...?

    No culpability for Facebook, Google, or "send-all-your-private-information-all-the-time-back-to-Microsoft" Windows10, huh?

  20. nautica Silver badge
    Holmes

    What about the REAL culprits which most non-thinking people consider innocuous; "safe"...?

    1) FACEBOOK;

    2) Google;

    3) Always-send-your-PRIVATE-INFORMATION,-ALL-THE-TIME-to-Microsoft Windows10.

    Forget the NSA and the GCHQ; they're bumbling idiots compared to the dangers listed above.

  21. G R Goslin

    Forgive me...

    Forgive me for stating the bleeding obvious. Anyone with more than one device is going to, proportionately, more problems. It applies to anything. If the family have two cars, they'll have twice as many breakdowns, punctures, . . As someone pointed out once, four engine aircraft have four times as many engine failures as single engines. It simply matters less. Get real, people. The only instance where this fails, AFAIK, is if you have more than one wife, where it tends to be logarithmic.

    1. Anonymous Coward
      Anonymous Coward

      Re: Forgive me...

      Alas this is true. Also having a clean secure PC that you only use for transactions is a good thing. The more software installed on a box the vulnerabilities it has ( especially Windows)/ the more patching it needs. Only shop on sites you have a accounts with, no email link clicking, no social networking rubbish or unsecured flash plug-ins.

  22. Anonymous Coward
    Big Brother

    Americans security and privacy fears

    If the NSA hadn't expended such effort in installing back-doors on your infrastructure, then online transactions wouldn't be such a hazard.

  23. Manni

    Long time ago I blocked internet access to my banking accounts in Germany/France. Also reduced the overdraft allowance, generally quite high, to zero. Social groups like Facebook, never. Windows 10 never. Rarely buy something with credit card on the internet, now with the so called Verify process I'll probably stop altogether - they ask for so much personal information - in my view that increases the risk by 100%, should this be hacked/breached which seems very likely. When going to shops, I reverted to cash-payments - no more use of the credit card. Any site requiring registration before allowing access to information or prices, I leave immediately. e-mails I only use for non-sensitive data.

    Many administrative agencies offer their services by internet now, like invoices electricity, tax declaration etc. I accept none of these. I stick to regular mail and paper. I have one computer, no mobile or any other gadget connected to the internet, No wireless either.

    Basically I use the internet exclusively for information research, nothing else. E-mails I largely replace with letters by post, specially if they contain personal data.

    I consider this as absolutely necessary to protect myself.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like