this post was submitted on 02 Apr 2024
363 points (99.5% liked)

Privacy

32492 readers
488 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 
top 50 comments
sorted by: hot top controversial new old
[–] iAmTheTot@kbin.social 80 points 8 months ago* (last edited 8 months ago) (7 children)

Why exactly did a telecom company need SSNs anyway?

Edited to add, this was a rhetorical question and more a comment on the awful series of systems in the USA that leads a SSN to be used by telecom companies.

[–] Melkath@kbin.social 43 points 8 months ago (1 children)

To collaborate more effectively with the NSA and CIA.

load more comments (1 replies)
[–] halcyoncmdr@lemmy.world 26 points 8 months ago

Credit checks.

Nowadays they offer financing for devices. But even in the past it was required. They would determine the maximum number of lines you had available, and if there were any deposits to open new lines of service. Even before phone financing, those phone contracts came with hundreds of dollars of phone discounts at time of purchase and had hundreds of dollars worth of early termination fees and they want to make sure their customers had a good chance of paying if they left.

[–] possiblylinux127@lemmy.zip 7 points 8 months ago
[–] prayer@sh.itjust.works 6 points 8 months ago (4 children)

Most people get suckered into signing a contract and using a "postpaid" plan, where you get the service for a month and then pay for it. That requires a credit check and credit reporting, since you get the service before payment. You don't have to give out your SSN if you sign up for "prepaid" cell phone plans, which offer less discounts and benefits but are generally cheaper for the service they provide. The only catch is you pay for the month before you use it, but this makes canceling as easy as stopping payment.

load more comments (4 replies)
[–] fluckx@lemmy.world 5 points 8 months ago (2 children)

I think it's related maybe to some anti terrorism law? In certain EU countries for example it's impossible to get an anonymous SIM due to some anti terrorism legislation. SSNs are the only legal identification I guess?

This is a random guess off the top of my head. IANAL or know anything specific on US law.

[–] BearOfaTime@lemm.ee 10 points 8 months ago (1 children)

SSN isn't supposed to be used as a form of ID. Even says so on an SS card.

[–] rdyoung@lemmy.world 8 points 8 months ago

Yeah, about that.

[–] BenGFHC@kbin.social 6 points 8 months ago (1 children)

What's IANAL? Is it some new Apple product I don't know about yet?

[–] fluckx@lemmy.world 6 points 8 months ago (1 children)
load more comments (1 replies)
[–] FauxPseudo@lemmy.world 4 points 8 months ago (1 children)

To run credit checks and be in compliance with anti-terrorism regulations.

[–] Specal@lemmy.world 4 points 8 months ago (7 children)

But there's no need to store them in what I assume to be plain text, this is negligence

load more comments (7 replies)
load more comments (1 replies)
[–] Melkath@kbin.social 66 points 8 months ago (1 children)

I have been informed my SSN, DOB, and payment information have been "compromised" at least 50 times in my life.

load more comments (1 replies)
[–] Tire@lemmy.ml 46 points 8 months ago (5 children)

Fight Club had it backwards. Instead of attacking the banks to wipe out people’s credit someone should release everyone’s SSN. The mass fraud will make credit useless.

[–] ryannathans@aussie.zone 14 points 8 months ago (1 children)

Isn't 70 million like 1/4 anyway?

[–] AtmaJnana@lemmy.world 11 points 8 months ago

Between this Anthem, Target, and OPM, it seems likely that most Americans have their SSN out there for criminals to buy.

[–] ArtVandalist@lemmus.org 8 points 8 months ago

Let's evolve, let the chips fall where they may.

[–] wagoner@infosec.pub 7 points 8 months ago

This is brilliant. The government could put out a searchable database.

load more comments (2 replies)
[–] friend_of_satan@lemmy.world 29 points 8 months ago (9 children)

It's almost like the gov should replace the SSN system with something that addresses modern security concerns.

[–] halcyoncmdr@lemmy.world 38 points 8 months ago (1 children)

Social Security Numbers were never meant to be used for anything other than Social Security itself. Credit agencies use the SSN because they view it as an easy identifier and they didn't have to create anything themselves.

[–] scytale@lemm.ee 9 points 8 months ago (1 children)

It's ridiculous how something that is supposed to be very confidential and kept private is asked everywhere you need services.

[–] PM_Your_Nudes_Please@lemmy.world 6 points 8 months ago* (last edited 8 months ago)

It was never supposed to be confidential. That need arose as a direct result of using it as an ID. If the SSA was the only organization using the number, (as originally intended,) then it wouldn’t need to be kept confidential.

But when the SSA gave every single person a unique number, other organizations went “hmm this sure would be convenient for differentiating individuals with similar names and DOBs.” So other organizations started using it for identification, and suddenly you needed to keep the number secret because anyone with your number could ID themselves as you.

The SSA needs to publish a public database of every single name, DOB, and SSN. Force organizations to figure out a new system of identification, instead of relying on an insecure and outdated system.

[–] Sabata11792@kbin.social 17 points 8 months ago

But then I can't google my number when I forget.

load more comments (7 replies)
[–] rdyoung@lemmy.world 28 points 8 months ago (1 children)

Good chance these were already leaked with the equifax debacle.

[–] PM_Your_Nudes_Please@lemmy.world 26 points 8 months ago (3 children)

The SSA should just set a time limit, (let’s say 3 years,) and then publish a database of every single name, DOB, and SSN. Force the banks to figure out a new system of identification, by making the current system useless.

The current system is already insecure; SSNs were never intended to be secure. So why has the SSA tolerated this for so long? Just make the “in three years we’ll publish this live database for anyone to search” announcement, so banks are forced to develop a better system. It gives them the time to work on a new system, eliminates the need to keep SSNs secret, and the SSA can keep operating as normal.

load more comments (2 replies)
[–] penquin@lemm.ee 26 points 8 months ago (1 children)

Tried to delete my shit from their website, but they make it impossible to do so. I tried for about 20 minutes then eventually the site straight up refused to let me continue. I don't even have AT&T anymore, I had their cellular back in 2013 and left them then, but the fuckers kept my info in their system this whole fucking time. No accountability for big corporations when they fuck up big like this. If it were one of us peasants, we would have been in prison for life.

[–] possiblylinux127@lemmy.zip 17 points 8 months ago (1 children)

I think the problem is there isn't any law protecting your data

[–] penquin@lemm.ee 11 points 8 months ago (2 children)

And that's a huge problem. Only form of protection I have is freezing my credit with the three credit reporting assholes. I know it's not much, but at least no one can apply for shit with my social.

load more comments (2 replies)
[–] drwho@beehaw.org 20 points 8 months ago

I have so much "free credit monitoring" from data breaches, I could leave it to my grandkids and they'd be set for life.

[–] onlinepersona@programming.dev 11 points 8 months ago (3 children)

I keep reading "social security number", but still don't understand why it's possible to steal a person's identity with their SSN. Is that all that's required for identification? Some number?

[–] miracleorange@beehaw.org 7 points 8 months ago

Basically. It wasn't meant to act as an identification, but people kept using it that way (probably because every citizen gets one at birth, so it's the easiest proof of citizenship).

[–] FenrirIII@lemmy.world 6 points 8 months ago (1 children)

It's a key component. You need other information, but the SSN is supposed to be secret.

[–] Syn_Attck@lemmy.today 14 points 8 months ago (1 children)

State-assigned unchangeable passwords that you hand out to 20-100 companies throughout your life (every job, every loan, every credit card, every financial account, every background check, every...)

This was 70 million people in 1 breach.

Keep in mind there are only 340 million people in the US, many of which are under 18.

We need a better system.

https://en.m.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach

The Office of Personnel Management data breach was a 2015 data breach targeting Standard Form 86 (SF-86) U.S. government security clearance records retained by the United States Office of Personnel Management (OPM). One of the largest breaches of government data in U.S. history, the attack was carried out by an advanced persistent threat based in China, widely believed to be the Jiangsu State Security Department, a subsidiary of the Government of China's Ministry of State Security spy agency.

In June 2015, OPM announced that it had been the target of a data breach targeting personnel records.[1] Approximately 22.1 million records were affected, including records related to government employees, other people who had undergone background checks, and their friends and family.[2][3] One of the largest breaches of government data in U.S. history,[1] information that was obtained and exfiltrated in the breach[4] included personally identifiable information such as Social Security numbers,[5] as well as names, dates and places of birth, and addresses.[6] State-sponsored hackers working on behalf of the Chinese government carried out the attack.[4][7]

The data breach consisted of two separate, but linked, attacks.[8] It is unclear when the first attack occurred but the second attack happened on May 7, 2014, when attackers posed as an employee of KeyPoint Government Solutions, a subcontracting company. The first attack was discovered March 20, 2014, but the second attack was not discovered until April 15, 2015.[8] In the aftermath of the event, Katherine Archuleta, the director of OPM, and the CIO, Donna Seymour, resigned.[9]

load more comments (1 replies)
[–] Aquila@sh.itjust.works 4 points 8 months ago (1 children)

Getting names, emails, addresses, etc is pretty available. If you can link those up + an SSN you can open accounts pretty easily

load more comments (1 replies)
[–] xilliah@beehaw.org 10 points 8 months ago

Compensations should be paid out, watch how security grows

[–] skeezix@lemmy.world 10 points 8 months ago (6 children)

Mine is 075-21-9556 in case anyone wants it.

[–] Vladkar@lemmy.world 12 points 8 months ago (2 children)
[–] 0oWow@lemmy.world 4 points 8 months ago (1 children)

Interesting, your SSN matches my phone number.

load more comments (1 replies)
[–] MonsiuerPatEBrown@reddthat.com 5 points 8 months ago* (last edited 8 months ago)

Hey, wait a minute! That one's mine, too!

[–] possiblylinux127@lemmy.zip 4 points 8 months ago

I have your IP and your SSN

Hands up

load more comments (3 replies)
[–] ares35@kbin.social 8 points 8 months ago

and this is why i refused to give you my social back when i lived in your service area and had a land line installed.

[–] franklin@lemmy.world 8 points 8 months ago (5 children)

Is there any way we could do some sort of certificate based authentication? Instead of a social security number. I know people get really dodgy whenever you talk about ways to identify them but there has to be a better way than this.

Identity fraud can ruin your life permanently and at this point I'm pretty sure more people have been compromised than haven't.

[–] JCreazy@midwest.social 7 points 8 months ago* (last edited 8 months ago)

Bill Gates has been trying for awhile.

load more comments (4 replies)
[–] sexy_peach@feddit.de 6 points 8 months ago (1 children)

Will there be consequences??

[–] whotookkarl@lemmy.world 5 points 8 months ago

SSNs are not secure and were never intended to be used that way. Just because companies misuse it for security to cut costs and apply credit ratings we never voted for doesn't mean we should necessarily punish someone for leaking that data that is already like 99% public data because of all the previous leaks. It would be better if everyone treated it as public data and not some secret identity key. They should be punished for poor security and fix their shit, but SSNs are not private, not intended to be used for identity, and not secure.

[–] umbrella@lemmy.ml 5 points 8 months ago* (last edited 8 months ago)

whoopsie doopsie!

ssns are probably useless by this point. cant wait for these people to leak our biometric data next, so we cant even change our 'passwords' anymore.

load more comments
view more: next ›