[HN Gopher] Giant leak exposes data from almost all Brazilians
___________________________________________________________________
Giant leak exposes data from almost all Brazilians
Author : JeanMarcS
Score : 230 points
Date : 2021-01-25 16:01 UTC (6 hours ago)
(HTM) web link (www.somagnews.com)
(TXT) w3m dump (www.somagnews.com)
| Xunjin wrote:
| I'm so proud of my country, we just got the goal, time to double
| it.
|
| And If you ask the politicians to improve security, they will
| probably say "put 2 more security guard outside the building".
| pelasaco wrote:
| I don't see how it can be new. When I lived some years in Brazil
| (around 1999-2001), and you could buy at a specific street in Sao
| Paulo, a CD with all the taxes information from every brazilian
| citizen.
| FalconSensei wrote:
| I remember seeing the news, years ago, that a guy was trying to
| discover were spammers were getting his email. So he created a
| bunch of emails for different things.
|
| Guess which email started receiving spam very quickly? Yeah,
| the one he used for taxes
| Consultant32452 wrote:
| I remember in the 90s when we thought it was funny to sign
| people up for every newsletter we could find. You could
| basically destroy someone's email address making it forever
| unusable by spending an hour signing up for junk.
| dang wrote:
| Url changed from https://www.databreaches.net/giant-leak-exposes-
| data-from-al..., which points to this.
| EGreg wrote:
| We should literally start making a parody of this article, but on
| our blog:
|
| https://en.wikipedia.org/wiki/%27No_Way_To_Prevent_This,%27_...
|
| EDIT: I wrote it
|
| https://qbix.com/blog/2021/01/25/no-way-to-prevent-this-says...
| diego_moita wrote:
| > vulnerable to 220 million people.
|
| In a country with 207 million people. This means that even the
| dead can't rest in peace.
|
| On the bright side, we'll not have any data leaks anymore because
| there will be no more secrets to leak. :)
| Chico75 wrote:
| Probably concerns citizens living abroad as well
| cuca_de_chumbo wrote:
| I was born dual US/Brazil and left Brazil just after turning
| 18 about 36 years ago, wondering wondering whether I'm in the
| leak and whether anyone could use my info to open illicit
| bank accounts, etc. I don't want to be associated with money-
| laundering, and am too far in headspace from financial-
| institutions/credit-bureaus to check it out.
| FalconSensei wrote:
| If you declared permanent out-of-country move, you (or an
| impersonator) shouldn't be able to open accounts/buy things
| - as far as I know.
| kinow wrote:
| I think there are extra fees as a foreigner. You are not
| prohibited of having a bank account, insurance, using
| credit, etc. But most systems will prevent the CPF of
| being used without some sort of special approval.
| [deleted]
| atbpaca wrote:
| Another embarrassment for Bolsonaro and his minions. #impeachment
| andersonvieira wrote:
| I don't see how your comment is anything more than FUD.
|
| The leaked information suggests it may have come from Serasa
| Experian [1], although they deny it, or some third-party that
| provides services to them. I haven't seen any evidence the
| government has anything to do with this.
|
| [1] https://tecnoblog.net/405077/especialistas-alertam-para-
| risc...
| rapfaria wrote:
| How is this directly related to Bolsonaro? Because it happened
| in the country he is president of?
| gcblkjaidfj wrote:
| The original comment is likely a troll, but the current
| goverment did place a bunch of amateur hacks on the highest
| positions of power, which led to things like the minister of
| culture asserting to the public that woman belongs in the
| kitchen, or that the minister of education asserting in
| public that the humanities like sociology and history must
| disappear from the face of earth, and the ministry of
| environment saying in a leaked video of a presidential
| meeting that thanks to covid they now had the distraction
| they needed to kill indians and give the land to soy farmers.
|
| So, even if trollish comment, it is not too removed from
| truth. I can see how incompetence, cost cuts, corruption and
| favoritism (he did place all his sons in a trump-like fashion
| in his cabinet) might have led to this. Not to mention
| relaxing of oversight and the rule of law which allowed for
| even more departments (and the private companies working for
| those) to hold and share this information without concerns.
|
| The previous government (removed illegitimacy in a coup) did
| place emphasis on digital security. Brazil have safe
| electronic voting for decades and Brazilians receive a java
| application by the gov to do their taxes since the 90s. The
| current gov was elected on the basis of "we will undo
| everything the last <<corrupt>> government did"
| Natsu wrote:
| > The previous government (removed illegitimacy in a coup)
|
| Dilma was impeached and removed, Temer finished her term,
| then Bolsonaro won the election after getting stabbed, and
| nearly killed, by opposition supporters. I know he's highly
| controversial, but he did win the election.
|
| The removal of Dilma is not normally what one would
| describe as a "coup." The military junta from 1969,
| however, is.
| marcodiego wrote:
| Not very important, but Temer himself called it a
| "golpe": https://www.youtube.com/watch?v=eiW84yYAkQ8
| oscargrouch wrote:
| What you are describing is a "hard coup", while in the
| case of Dilma it was what can be described as a "soft
| coup"..
|
| Yes the congress followed all the legal proceedings, but
| in the end they did not proved that the accounting
| maneuver her government did was illegal and therefore
| unfit to what could be called as a legal impeachment
| proceeding.
|
| If you add this to everything that was happening behind
| the curtains, and history will make this even more clear,
| yes it was a coup, just that, this is of a different
| sort. (BTW a lot of important players of the time are
| starting to confess everything they did, and how dirty it
| was)
|
| Imagine that without any legal proof, the legislative
| chamber can throw out any legitimate president basically
| nullifying the people wish and therefore, the democracy.
| Also this will make the legislative power, the most
| powerful one over the two others, going against the three
| power(separation of powers) concept of Montesquieu.
|
| That's why the impeachment proceeding cannot be only
| based in political grounds, but also need a clear legal
| basis on the government doing something wrong based on
| the current legal framework.
|
| In the case of Dilma, only the political axis was at
| play, and a dirty one i must say, where they didn't
| respect the legal grounds and in the end there was no
| proof of her wrongdoing's.
| virgulino wrote:
| > What you are describing is a "hard coup", while in the
| case of Dilma it was what can be described as a "soft
| coup"..
|
| That is inventing new words and definitions for your
| convenience. It cuts both ways, one can say it was a
| "democratic coup", a "constitutional coup", a "popular
| coup" (more than 60% of the population in favour), a
| "coup against tyranny and poverty" (worst reduction in
| GDP in 120 years), etc.
|
| Listen to one of our most respected historians,
| https://pt.wikipedia.org/wiki/Daniel_Aar%C3%A3o_Reis , an
| academic awarded for his work on dictatorship and
| democracy, who also fought against our dictatorship in a
| guerrilla war, founded the PT, Dilma's party, and worked
| in many of the PT governments: it was not a coup.
|
| https://oglobo.globo.com/brasil/artigo-impeachment-golpe-
| dem...
|
| Lula, Dilma and her party tried to impeach Social
| Democrat President Fernando Henrique 45 (forty five!)
| times.
|
| By your own definition, they tried 45 coups, making them
| the biggest coupists in Brasil's history.
| Natsu wrote:
| Even if you say the ouster of Dilma was illegitimate,
| there's the fact that her VP served out the rest of her
| term, then the party lost the next election. There's no
| "coup" because there was no loss of power by anything
| other than the democratic process.
|
| Now of course there have been all sorts of dirty
| political dealings, those just aren't described by the
| word "coup." That said, if some day Bolsonaro or others
| forms a new junta, then I will agree with you at that
| later time. But that day is not today, unless I am slow
| in receiving news of a newly formed junta.
| gcblkjaidfj wrote:
| Does brazil have a 50c army like china now?
|
| > then the party lost the next election.
|
| with the running candidate jailed with obviously
| fabricated evidence and released last year with no
| conviction. All the while with whatsapp campaigns
| promoting pizza-gate like conspiracies.
|
| > her VP served out the rest of her term
|
| that I fully blame on the party picking an extremely
| right wing to be able to get elected. But don't make the
| soft coup less of a coup. The VP was choose to get
| support from the farmers and religious groups that
| control most of the interior of the country, and they
| payed the price for that.
| virgulino wrote:
| > with the running candidate jailed with obviously
| fabricated evidence and released last year with no
| conviction
|
| That is factually false, and very very easy to fact
| check.
| Natsu wrote:
| I guess when they said "Lula e Haddad, Haddad e Lula"
| people took it a bit too literally? :)
| Natsu wrote:
| > Does brazil have a 50c army like china now?
|
| If it does, I didn't get my 50 Mao cents for posting. And
| you'd think China would support the Partido dos
| Trabalhadores (Worker's Party) ideologically, but it's
| their Mao cents, not mine.
|
| Lula was convicted twice, he only got freed from jail
| because of a new legal ruling that said that you can't be
| jailed until all appeals have been heard. That's... not
| the same as "no convictions" even if you want to claim
| the judges were both biased.
|
| And I'm not aware of anyone accusing Lula of being a
| pedophile, though maybe someone did? Everything I
| remember hearing blamed him for robbing Petrobras. You
| sure you're not getting Lula confused with "Joao de
| Deus"? I thought he was the one who was raping people.
| marcodiego wrote:
| > he only got freed from jail because of a new legal
| ruling that said that you can't be jailed until all
| appeals have been heard
|
| Actually Lula deliberately chose to stay imprisoned:
| https://veja.abril.com.br/politica/lula-nao-quer-cumprir-
| pen...
| eznzt wrote:
| They are not that far off on sociology lol
| afrcnc wrote:
| Another one?
|
| Didn't this also happen last month?
| (https://www.zdnet.com/article/data-of-243-million-brazilians...)
| rafaelturk wrote:
| Brazilian here. Same leak. New info suggest that the files
| contained far more info than previously thought.
| hezag wrote:
| Yep, another one. This time it's from a Credit bureau.
| hi5eyes wrote:
| https://www.somagnews.com/giant-leak-exposes-data-from-almos...
| links to the source of the snippet
|
| > According to the experts, who use artificial intelligence
| techniques to identify malicious links and fake news, the leaked
| data contains detailed information on 104 million vehicles and
| about 40 million companies, potentially vulnerable to 220 million
| people.
| dang wrote:
| Ok, we've changed to that from
| https://www.databreaches.net/giant-leak-exposes-data-from-
| al.... Thanks!
| marcosdumay wrote:
| Thanks, finally somebody telling what data is on the leak.
|
| > Information on the more than 104 million vehicles reveals
| important details, such as chassis number, license plate,
| municipality, color, make, model, year of manufacture, engine
| capacity and even the type of fuel used. In the case of legal
| entities, the following were leaked: CNPJ, corporate name,
| trade name and date of foundation.
|
| Every piece of information on this list is either plainly
| visible (for cars) or published by the government.
|
| The article talks about data of real people (not companies),
| but doesn't say what leaked about them.
| Fabricio20 wrote:
| This link [0] may have the information you are looking for.
|
| The link above seems to be from an unrelated breach, the one
| discussed in the OP affects pretty much everything, not even
| your LinkedIn profile managed to escape.
|
| [0]: https://tecnoblog.net/404838/exclusivo-vazamento-que-
| expos-2...
| marcosdumay wrote:
| Wow, yes, that has the information. That's a really broad
| leak.
| diegoholiveira wrote:
| > The article talks about data of real people (not
| companies), but doesn't say what leaked about them.
|
| Personal data (CPF, Birth day and so on), credit scores,
| social class, acquisitive power, and other informations that
| a company specialised in credit score have. (the leak is
| probably from a credit score company).
| geek_at wrote:
| Has anyone calculated at the current rate of leaks how long would
| it take for every human on earth to be in some of these lists?
| xiphias2 wrote:
| I treat my face, name, birthday and numbers as open data.
|
| Maybe companies should stop using these things for verification
| and start allowing people to use cryptography more efficiently.
| reaperducer wrote:
| _I treat my face, name, birthday and numbers as open data._
|
| So because you don't value privacy and choose not to control
| you personal data, nobody else deserves privacy or to control
| their personal data?
| danilocesar wrote:
| He will change his mind when he realize that the
| information his bank uses to verify his identify is part of
| his open data now...
| dudeman13 wrote:
| I don't think he meant it as nobody deserves privacy and to
| control their personal data.
|
| I took it as a "it's there anyway and there's no point for
| me to pretend that it is not".
| Shivetya wrote:
| Companies? How about your government? I have a coworker who
| had returns filed against them by someone in prison! If that
| does not startle people how about that in some states
| absentee votes are merely verified against a signature on
| file.
|
| What we need is a means that others can be sure it really is
| us and we can sure that actions we have taken are credited to
| us and those we did not are not.
|
| In effect we will need a system by which we have instant
| notification; similar to how some CC providers mail or text
| you each transaction; and historical tracking so that we can
| prove when we did or did not.
|
| However there are not many unique methods to physically
| identify people short of dna transfer. I know that people
| bring up Minority Report whenever facial recognition comes up
| but that wasn't the tech they used, they used iris
| recognition.
|
| So we break down each action and assign a value to how secure
| and verified it must be and work our way up from there.
| Similar to how self driving cars are defined, on a level of
| one to five how secure must an action be before its accepted
| xiphias2 wrote:
| I don't see much difference between companies and
| governments, that's why having an authentication standard
| that is accepted by all of them (and users as well) is
| important.
| nkrisc wrote:
| That won't happen until companies are held liable for damages
| caused by inadequate authentication processes.
|
| If a bank gives a credit card to someone who says they're me,
| based on only on my SSN, I don't see why that should be my
| problem. It's between the bank and whomever they gave the
| card to. If they don't know who they actually gave it, well
| then it sounds like they need to improve their process.
|
| But it becomes my problem because it's my credit score that
| gets ruined.
| lotsofpulp wrote:
| Everyone has cameras. How a photo of yourself with thumbs
| up isn't required is beyond me. It's extremely easy, and
| would cut down on a lot of fraud.
| Pxtl wrote:
| Which would mean you're constantly sending a photo of
| yourself with your thumbs up to people, and it becomes
| trivial to fake.
|
| I guess it could be "we need a selfie video of you
| reading this 6 digit number aloud".
| xiphias2 wrote:
| Video verification is completely normal at this point
| fastball wrote:
| Deepfakes.
| xiphias2 wrote:
| Deepfakes are not yet that good for live video, but you
| are right, using an open authentication standard that can
| be transferred between devices would be the only good
| solution at this point.
|
| Companies and governments could verify me live to
| authenticate my public keys.
| randerson wrote:
| I can just imagine the future: Instead of reading stories of
| Identity Theft, we'll read about people getting locked out of
| their identity .. like the folks today who lose their Bitcoin
| keys.
| rudyfink wrote:
| "Of course, you can always pay a recovery company to get
| your identity back. But, that's expensive--more than most
| people have. The company will do it on credit (if they like
| your prospects), but then they have title to your identity
| until you pay them back, which, for many, is a day that
| never comes. The charges, service fees, garnishments, and
| interest on the above just add up and up."
| r00fus wrote:
| Where is this from?
| Lammy wrote:
| I would guess "some time around 2012".
| Yizahi wrote:
| Any day now. I guess we will have a global info system a-la
| Hyperion with zero privacy. It will be suspicious to be absent
| from such a system instead.
| nicoburns wrote:
| It doesn't really work like that. Some humans are likely
| completely off grid and not on record anywhere.
| reaperducer wrote:
| _Some humans are likely completely off grid and not on record
| anywhere._
|
| Quite a few, including a good percentage of my relatives.
|
| One is particularly good at it. Aside from the wages his
| employer reports to the federal government, property
| ownership records, and an SSN, he simply doesn't exist.
|
| His get paid each week in cash. Doesn't have a bank account
| or credit card. Because of his lifestyle and the type of
| vehicle he uses, he doesn't need a driver's license,
| registration, or insurance. His home has solar panels, a
| propane generator, and a well, so no utilities. I don't know
| what he does about trash service, but having seen the town, I
| wouldn't be surprised if it's still legal to burn your
| garbage on your property.
|
| He's happy. Not paranoid that I can tell. He just lives a
| simple life where satisfaction comes from reading books and
| improving his mind, and not from hoarding electronic gadgets
| and social media thumbs to prove his worth.
| fmntf wrote:
| Please, do not misunderstand my question as a judgment or
| whatever. May I ask the (approximate, country/continent)
| location where your relative lives?
| kroltan wrote:
| A "SSN" was mentioned, so likely U.S.
| danilocesar wrote:
| Even tough it's sound pretty bad and big (and it is), this is not
| new to brazilians. It's a known thing that you can buy DVDs (yes,
| DVDs) with personal data from millions of Brazilians customers on
| the streets of Sao Paulo. Daylight market (called Camelo's).
|
| There was some news articles about it a few years ago. Even the
| former president data was there. Social Security Number (not as
| secret as it is in the US and Canada), address, name, phone
| number. Even some family relations. It was pretty cheap.
| doubleclutch wrote:
| So, CPF is not really a big deal, but I think here you can map
| cars based on license plates to persons and companies. Think
| about it.
| jbotz wrote:
| The Brazilian blog "Tecnoblog" has the full details here[1], with
| a list of all the information allegedly included in this data. If
| they are correct that's pretty much everything about everybody...
| I mean personal info (like addresses and phones, family,
| education, employer), financial info (like bank accounts, salary,
| credit score, creditors, bounced checks, whether receiving
| government assistance), other background info... for some entries
| (over a million) there even mugshots!
|
| [1] https://tecnoblog.net/404838/exclusivo-vazamento-que-
| expos-2...
| malandrew wrote:
| Is there a way for someone to look up what leaked about them so
| they can determine how problematic this could be?
| slig wrote:
| Yes. The hacker has a contact email where you can send
| queries using the CPF (unique for each Brazilian) of whoever
| you want. He'll then send you a bitcoin address for payment
| and send you back the info.
| ObscureScience wrote:
| It would be pretty short-sighted to reward such an
| individual.
| aww_dang wrote:
| Articles about breaches rarely if ever contain a link to the
| actual data. I'm left trusting the journalist, who may or may not
| be tech literate. Even a random sampling of the records would be
| more illustrative than anything these bloggers post about.
| doubleclutch wrote:
| CPF is not a big deal, but if I read it correctly, you can
| basically search people/companies based on license plates, which
| is a big deal.
| iandanforth wrote:
| Man, why can't we get some useful data leaks? Like all the
| records from companies incorporated in DE, or all the tax records
| from companies and rich people or another one from offshore
| account havens.
| rightbyte wrote:
| Ever heard of the Panama Papers?
| dyingkneepad wrote:
| > "No, we have bigger problems than that to worry about."
|
| Pretty much that. In the "Maslow's pyramid of government-related
| needs", the doxxing is near the top. People are much more worried
| with stuff like not dying to covid, not being kidnapped, not
| dying in traffic, paying the dreaded Boletos (bills), etc.
| Internet doxxing is dwarfed by the more urgent needs. Brazilians
| are also sure that exactly zero things are going to be done about
| these leaks. Some government representative is going to say
| "we're going to investigate" and that's as much as we're going to
| get.
|
| I would love to be wrong here, by the way.
| Kaze404 wrote:
| We must live in very different parts of Brazil because around
| these parts no one seems to care about Covid, which doesn't
| surprise me considering the message we get from the federal
| government.
| lukasdanin wrote:
| Unfortunately, you're not wrong.
| kurthr wrote:
| Oh, no. It seems much more useful than that. By knowing credit,
| salary, age, and address... it's much easier to target high
| "value" targets for for on-line, or more likely in Brazil in
| person burglary or home invasion. This also gives cover to
| individuals banks and other organizations to drain large
| accounts by "guessing" passwords, since now it could be
| "anyone".
|
| Like Covid, this is likely to be another generational wealth
| transfer event. It will be interesting to see how much stays in
| the country, but I expect most of it will.
| Natsu wrote:
| This says that it leaked Brazilians' name & CPF numbers.
|
| CPF being the number that people give to _every random
| shopkeeper_ to enter that tax lottery. So, it 's... not exactly
| a big secret. To do most official-type things you have to go
| down to the cartorio with your actual ID, not just enter the
| number.
|
| Heck, I've been to places where you had to use one to use the
| free wifi. Granted, in that particular case, it didn't care if
| you used someone else's. I wouldn't be surprised if that was
| also true, elsewhere, honestly.
|
| I'm sure someone will find ways to misuse this but Brazil has
| bigger problems. Also, this doesn't seem to be a leak of
| government data, it looks like it came from Serasa Experian or
| one of its contractors.
|
| So yeah, I tend to agree with you. If the government does
| something, it will probably be like that law posted on every
| elevator warning you to check that there's an actual elevator
| there, instead of just walking into the empty shaft. For those
| curious, that'd be lei estadual n^o 9.502 de 11/03/1997 -
| https://www.al.sp.gov.br/norma/?id=9419
| ascorbic wrote:
| The CPF is quite annoying as a tourist. Mostly there are
| workarounds, but it is ridiculous how many things assume you
| have one. Yes, fake ones usually work. It was a few years
| back when I visited, but the hoops I had to jump through to
| buy an internal flight was unbelievable. I mean, the idea
| that a non-resident might want to travel within the country
| on a budget airline right??
| Natsu wrote:
| Yeah, I hear you. Technically, anyone can get one, though I
| believe it comes with some annoying tax obligations, so
| it's not really something one would do as a tourist.
| brwolfgang wrote:
| Not just CPF and names were leaked, lots of correlated
| information was leaked too, such as credit scores, civil
| status (married, single, etc), gender, birth date, e-mail,
| phone number, home and work addresses, education level, job,
| salary, net income, tons of data about bank accounts, even
| face pictures!
|
| All that data, just available for anyone to dig in and do
| their worst.
|
| Source (pt-br) https://tecnoblog.net/404838/exclusivo-
| vazamento-que-expos-2...
| rodolphoarruda wrote:
| Yes, plenty of data for anyone wanting to impersonate you
| and do social engineering virtually everwhere in the
| Brazilian territory.
| Swizec wrote:
| Reminds me of the American SSN.
|
| _"This number is super secret and you must guard it with
| your life and never share! Oh also write it down on every
| semi-official form, send by paper mail, and enter into all
| sorts of webapps"_
| crazygringo wrote:
| But the American SSN, while abused, is still _supposed_ to
| be a secret.
|
| I don't believe the Brazilian CPN is meant to be a secret
| at all. It's used for literally everything.
|
| In America, you don't give your SSN to your utility company
| or when signing up for an online subscription. But in
| Brazil, you use your CPF to do that.
| throwawayboise wrote:
| > In America, you don't give your SSN to your utility
| company
|
| You do where I am, because they run a credit check to
| determine whether you need to pay a deposit.
|
| Legally is not supposed to be used for identity at all,
| except for Social Security (and IRS) purposes. But in
| practice that doesn't happen and it's not particularly
| secret. Used to be pretty common for people to include it
| on their pre-printed checks. When I was in college it was
| used as the student ID number. This was all before
| "identity theft" was really a thing people worried about.
| vmception wrote:
| I dont bother being secretive about SSN, its security
| theatre. The person in earshot has a lower likelihood of
| bothering with it when every service provider that also has
| it will get mass hacked and are the primary targets.
|
| I use a separate TIN or EIN (Tax/Employer Identification
| Number) where I can. All my businesses have one, even a
| sole proprietorship that exists purely in your head can
| obtain one, and this can go on many forms.
| mixmastamyk wrote:
| Interesting, if you get paid on another TIN does it
| effectively become your main SSN? What about at
| retirement time? Would like to hear more about this.
| vmception wrote:
| "Effectively become your main SSN" no but loaded
| question. less places would have your ssn or tin. the
| only difference it really makes is peace of mind and
| relying on the current reality that hackers aren't
| targeting you or anyone specifically and you will have an
| additional way to verify yourself if someone did try to
| do identity theft or whatever you're worried about.
| Online People databases will still be reporting pieces of
| your older SSN while you have been primarily giving
| services a different number.
|
| retirement time isnt a problem. if your business is
| getting paid and the person that pays needs your tin/ein
| then thats what they get instead of your ssn. You are
| still paying self employment taxes contributing to
| retirement.
| jccooper wrote:
| EINs don't accumulate Social Security, but when you file
| taxes you'll pay "self-employment tax" on earnings from
| that "business" and those go to your personal SS account.
|
| When you use an EIN you're basically claiming to act as a
| business. For some cases, you can do that just fine. But
| a lot of SSN requests for identification or credit checks
| it won't work. And anyone who cares that it's a SSN vs a
| TIN can figure that out easily.
| Tagbert wrote:
| But SSN should not really intended to be secret. It is not
| designed to be a proof of identity, but so many companies
| have treated it that way that it gives more access than it
| should. If we could prevent companies from using it like a
| password, it would no longer be a major risk to have it
| exposed.
| Wowfunhappy wrote:
| SSN's aren't really secret--you can find someone's pretty
| easily by going to a data broker.
| ledialated wrote:
| I love being asked to verify my SSN just to access my own
| information through an unknown entity that will not
| disclose who they are.
| Natsu wrote:
| Sure, the SSN is used a lot but it's normally more for
| things on the level of bank accounts or signing up with a
| new employer, where there's some serious investment and
| need to validate your identity. When you enter it into a
| website, it'd better be for an important reason.
|
| The CPF is something you might use at the grocery store
| when buying a piece of fruit in the hopes of winning 1000
| BRL from the government for helping the store prove that
| it's paying its taxes. Go to SP and _every shop_ will ask
| "CPF na nota?" True, you can just answer "nao
| obrigado/obrigada" but from what I saw, most people give it
| out.
|
| You just don't see that same level of usage in the USA.
| You're not going to wander into some store and have the
| shopkeeper ask for your SSN as soon as you get to the
| counter.
| EGreg wrote:
| Another month another set of news that can be solved by NOT
| storing all the data in one place by one company. But for that we
| need better software. This article is literally like The Onion
| article about guns. Maybe we should put it with names changed
| every few months:
|
| https://qbix.com/blog
| geoffbp wrote:
| Sheesh!
___________________________________________________________________
(page generated 2021-01-25 23:00 UTC)