Heck, my own mail server is configured to reject all email from suspect TLDs in appropriate circumstances (since those domains are the source of so much spam - however in my case .one is accepted just fine i.e. not regarded as a suspect TLD, nor a source of spam). In my case it is neither database nor hard-coded; it is config.
However, just so we are all on the same page, we were talking (digressing! ) about postal address / street address i.e. physical, real-world address, rather than email address.
In contrast, I do not consider any of those listed values as private from my perspective, as they deal with the public in some way or another. At least with anything relating to credit, you can forge a pathway to becoming unbanked.
Yes, but just having one or two of them can enable criminals to take over my accounts and/or apply for credit in my name, then default on the payment, or they could conceivably gain access to my bank or investment accounts and drain them. Especially with phone numbers plus a couple bits of additional info.
Yep. I have changed and compartmentalized phone numbers and (lots of new) email addresses, and my physical address, fortunately. Maybe I should finally just change my name: “Amarok Smith” has a nice ring to it…
If you are serious about it, then I highly suggest that you do so when you have ample time, as renewing every identification document and public credentials is time-consuming. It is also a great opportunity to reflect upon these dependencies and whether or not they should continue to exist after your name transition.
Maybe, but I already have “off-grid” practices and objectives in my life, so I do not need to create a thread for it. If the thread is created by someone else, I will contribute practical suggestions no differently than this one.
FWIW, I’m working (albeit slowly) on a data retention policy for Purism and will consider publishing it once it is more mature (and I verify legal data retention requirements). In general, the current operating policy is that customer data is retained for the shortest amount of time possible that still allows for product warranties (i.e. if we don’t store your info, we don’t have a method to know who you are or RMA your equipment) and follows legal requirements (i.e. tax returns, etc etc). As Purism ships products globally, legal requirements get a bit messy since different countries have different legal requirements regarding data retention, invoice information accountability, and taxes.
I’ve never accepted any of these offers for credit monitoring after all the data breaches I’ve been caught up in, because I felt that it was kind of unhelpful, especially after data theft by foreign state actors (as opposed to run-of-the-mill criminals), and that the cure might be worse than the disease (propagating my private information here, there, and everywhere in order to “protect” it).
And, too, I get real-time credit alerts from my credit card issuers anyway.
Now, though, with data theft occurring ever more frequently, everywhere, I think I might as well start accepting every offer of monitoring that comes along, and have active “protection” in perpetuity. At the very least, it racks up costs for the entities that failed to provide adequate safeguards for my data.
The government here is certainly doing nothing meaningful for consumer protection, as far as fines and penalties.
Your personal security is your responsibility, not the government or other third-party entities. It is up to you to assess whether or not trusting you or them will solve your own issues; I am firmly of the former stance.
I recommend The Ransomware Hunting Team by Renee Dudley and Daniel Golden to learn of the codependency of data breachers, insurance companies, and commercial ransomware mitigation “services” and how some government agencies in some countries ignored the problem when it was still small enough to do something about precisely because it was “too small”. (And the story of a small international band of ransomware crackers and police in a smallish European country successfully partially mitigated attacks.) The Ransomware Hunting Team - Wikipedia
spoiler
The companies sometimes used info actually from the amateurs to break the encryption of ransomware victims but mostly acted as “negotiators” fir “reduced” ransoms. Usually the negotiated ransom was less than the cost of recovering from backup so insurance companies would pay up.
Source code hosted on GitHub; buildable yourself, if desired.
Works internationally.
Completely automated.
Sends formulaic deletion request to brokers, with your name and address (only), plus your provided email address (for direct responses from the data brokers).
Repeatable every 45 days.
Only your email address is stored at Visible once it has been hashed (SHA256), and is deleted after 45 days; name & address is only used to generate the one-time deletion request emails.
I’m testing it.
EDIT: Already getting confirmations of data deletions or “data not found” replies from the brokers.
) about postal address / street address i.e. physical, real-world address, rather than email address.
