Personal Security After Data Breaches

Yes, I do this as well. Every login to a site that is related to money has a different random email and, of course, a different random password. For things like shopping, I can group by product line. This would be impossible without a password manager.

2 Likes

I am a happy customer of jmp.chat for several years now. Using conversations app on android, installed from fdroid.
Price is very reasonable, jmp chat code is FOSS and the support team is very responsive (anywhere from minutes to hours almost always within a day).

The above data is unscientific - just based on my regular usage and recollection.

I have no relationship with jmp.chat other than satisfied customer.

2 Likes

1 learning experience:
One time, some years ago now, I was paying my monthly mobile bill and learned that it had already been paid.
I was not thinking of being hacked, yet I still kept drilling in with questions…
Turned out someone hacked my account with the mobile provider, and purchased several ipads and phones from the provider’s retail store using my mobile account somehow - and during the purchase they were required to pay the current amount due - which is what tippped me off.
I was able to notify the provider and block the liability on my account, update password, get new SIM etc the next day.
That nipped it in the bud.

2 Likes

At least one positive development in the U.S.:


4 Likes

Have you (or anyone here) had any problems with receiving SMS verification messages on jmp.chat? I’m considering subscribing, so I can sequester some accounts away from my personal phone number.

Now that my data-removal subscription seems to be effectively getting my address/phone/DOB info off of databroker sites, I’m also considering changing my home and mobile phone numbers and starting over with better compartmentalization and privacy protection.

I welcome any suggestions from the community regarding that.

It works just like a regular phone number for me. Although I admit I haven’t used it in your particular circumstance, I haven’t seen anything to make me believe it wouldn’t work.

1 Like

Just signed up, using Cheogram client from F-Droid. I plan to use this number for less-trustworthy situations, i.e. sharing with businesses other than those where I have financial accounts, and any entity that is likely to abuse my privacy. I can always cancel the number and start afresh if expedient. :slight_smile:

And that was 3 years ago…

1 Like

I really like JMP.chat. I’m glad forum members brought it up.

So as of now I’ve got a new home number (VOIP), a new mobile number, an alternate mobile phone number, and the JMP number (on every device), all compartmentalized for different types of accounts and activities, as well as compartmentalized email addresses.

Also, I’ve ported my old mobile number to my VOIP account where, along with my former home number, I will keep it dormant for a year or so to prevent its being used against me. Soon, I’ll set both it and my former home number to play a “Number Disconnected” error to every caller.

I continue to subscribe to a “delete me from people lookup websites” service.

Hopefully all of this will eventually befuddle the data brokers enough to pollute their data. I also think I might start subscribing to a bunch of catalogs, using fake addresses and personal info that is just slightly off from my actual identifiers. :slight_smile:

If only the state registrar of voters and the Department of Motor Vehicles would stop releasing my personal info to all and sundry!

3 Likes

This looks like fun:
https://www.fakepersongenerator.com/random-address

1 Like

I’m thinking of “moving” to Utqiagvik.

Or maybe McMurdo Station.

2 Likes

Apparently that’s a real place in Alaska. I scored a nice place in an apparently upscale neighbourhood in California, so I think I’ll stick with that. :wink:

Don’t be so quick to write off Outer Mongolia! :thinking:

There really ought to be an International Data Obfuscation Day.

2 Likes

Some U.S. databrokers with easy online opt-outs (some of these may also have operations in other countries):


https://datacloudoptout.oracle.com/


https://www.aristotle.com/

See also: Voter Data Exploitation
2 Likes

Looks like there’s a state-level similar bill recently introduced in the California legislature:

California legislature site: Bill Text - SB-362 Data broker registration: accessible deletion mechanism.

Good news for us Californians, and maybe it will trigger some action on the Federal bill, which has seen no movement in over a year (apparently).

As it’s written, the California bill would call for a single opt-out point applicable to every data broker that operates in the state.

2 Likes

So, how is your personal security now? What has been “patched”, and what still has vulnerabilities?

My personal security practices are more about removing dependencies/trust rather than protecting my data, but they happen to align very well. I have a strong interest on becoming unbanked in the near future, and reducing the amount of ISO/IEC 7810 cards I possess to as close to zero as possible. In practice, that means as low as three cards:

  • Identity card
  • Costco membership
  • Prepaid credit card (for paying Costco membership/groceries, annual phone plan, etc.)

Due to this, I do not care about credit bureaus or credit ratings. My endgame is cash, Monero, and the prepaid credit card mentioned above for compatibility reasons (subject to change).

I have two password databases: public and private. One of them is on my Librem 5 USA, and the other is on the Librem 14 in a “Vault” AppVM, so I always know what role each device and database is intended for.

I have one email address, but use tons of ephemeral email address services for most purposes. Otherwise, I carefully provide my email address for services requiring “reputation”.

For online accounts, I went through a very intense purge over the last few years and requested deletion of them. If the service did not comply, I randomized as many values as I could so that even if the account was breached, the information would be garbage to anyone accessing it.

I do not subscribe to services that remove my information, as that is pointless for my public identity, and useless for my private identity. I also do not use Android. I did change telecommunication carriers within the last few years and received a new phone number, but that was more about completing my public identity and saving costs ($100 CAD a year).

I’ve closed a lot of the gaps in both security and privacy protection, I think - as listed above, and in other threads. Of course, it’s necessary to stay vigilant. Whenever I’m faced with a new potential point-of-failure, I assess all the options for mitigation before committing to any new account, app, service, etc., and if I do commit, I make sure all the “sharing” of my data is turned off.

1 Like

The US postal service appears to have created a new database that is going in to common use by most businesses. All valid addresses in the US are catalogued there. And there appear to be at least two levels of addresses found there.

I’ll explain. I get all of my mail from a private mail box service. All mail sent to my home gets “Return to Sender”. That’s how I set things up. When I make purchases online, I can enter the address of the mail box service company as my shipping and billing address. That general address to the mail box store has a suite number in it as a part of the general business address of the mail box service company. Therefore, I have to use a personal mail box (PMB number) in the second address line as a means to identify which box my mail should be delivered to. Increasingly, I am getting error messages with suggestions of valid addresses that I can pick from when I enter my mailing address online. None of those suggestions allow anything extra like my PMB number, in any part of the address. Typically, my added PMB number turns red with a warning that it is not valid. So clearly, some database is in use that lists, all addresses everywhere that are considered to be valid and that doesn’t allow for anything that is not already in that database. Over time, in many cases (more often over time) I can’t put the PMB number in to address input fields. So I have to rely on the people who sort the mail, to remember my name and which box my mail goes in.

Also, occasionally I do business with the Federal Government. They have told me that my private mail box address is not a valid address for their purposes and that they need a “real” business address. I have made the arguement that my private mail box address is a valid business address. They have told me outright that private mail box addresses are not considered to be valid for their purposes and that they require a “real” business address (frusterating that they get to decide what the definition of “real” is when it comes to my business).

So first, someone has catalogued every address everywhere and have decided that any address that is not in their database exactly as they show it, is not valid. In addition, this database tracks which addresses are at private mail box services, so that for certain purposes, other businesses and the government can chose to not do business with those private mail box addresses.

Also, I hate the political junk mail. Since I don’t use my home address to receive any mail what-so-ever, the only way to get my voting ballots is to regester my voting address at my private mail box. So technically, the state can toss out my ballot after it is cast, because they do not allow private mail box addresses. And, the state only allows people to vote if and only if you subject yourself to relentless political junk mail as the voting season approaches. If they can’t send you junk mail, then you don’t get a ballot. There is no way to opt-out of the political junk mail while keeping your ability to vote. You are forced to give your mailing address to every political candidate as a valid address through which they can harass you. The state gives them your address whether or not you want them to. The only way to opt out is to not register to vote. I will never look at a political postcard and decide from the information on that card, to change my vote.

So clearly, business and government is cataloging every corner of the world in which you might possibly choose to be anonymous, or to establish a wall behind which you might choose to hide your identity as they routinely assault your right to not share your private information or to simply avoid being harassed by people you don’t want to hear from.

2 Likes

I use a standard P.O. box for my wargaming newsletter so gamers who subscribe and DON’T use paypal can at least write me a check.

But I use it also in a pique of privacy. It also prevents the very same subscribers from knocking on my door on a weekend road trip.