[HN Gopher] Samsung Recent Security Incident
___________________________________________________________________
Samsung Recent Security Incident
Author : rock_artist
Score : 132 points
Date : 2022-09-02 17:05 UTC (5 hours ago)
(HTM) web link (www.samsung.com)
(TXT) w3m dump (www.samsung.com)
| akersten wrote:
| > but in some cases, may have affected information such as name,
| contact and demographic information, date of birth, and
|
| That's all you need to steal someone's identity. Major reason why
| I never give any website my real birthday, and use a password
| manager to remember all the various "birthdays" I've been
| required to provide for no ostensible reason.
|
| If we wanted to hammer out a quick and effective privacy
| legislation, it would be: you need a demonstrable reason to ask
| for someone's birthday (e.g., legal reason to validate you're old
| enough to open a bank account or whatever), not "i want to send a
| happy birthday newsletter every year (and also sell it in a
| package to data brokers)"
| icedchai wrote:
| That info is generally already public and easily accessible.
| Try googling yourself or a relative. You can find their date of
| birth, address, phone numbers, and neighbors in a couple of
| minutes.
| YetAnotherNick wrote:
| > That's all you need to steal someone's identity
|
| I have this information for many billionaires. Now tell me how
| to steal their identity. I would like to live their life.
| capableweb wrote:
| > That's all you need to steal someone's identity
|
| I wish we could stop propagating the idea that it's possible to
| "steal someone's identity". No, you cannot take my identity
| from me, I am who I am, you are who you are.
|
| What you can do however, with those details, is tricking
| companies and committing fraud. But it should not be up to me
| to make sure companies are not being defrauded, the burden is
| on them to prevent that.
|
| Name, contact information and date of birth are so basic level
| of information, that if you can commit fraud with just those
| details, something is seriously wrong as the company you're
| performing the fraud against.
|
| Some countries even have those details publicly for you to find
| via public websites. So again, if that's all it takes, the
| company is doing something seriously wrong.
| cush wrote:
| > I wish we could stop propagating the idea that it's
| possible to "steal someone's identity"
|
| Identity theft is a term that comes from the fact that you
| can use this information to open up a bank account or become
| someone digitally, not because they steal your personality.
|
| It's a great term because exemplifies the gross negligence
| and liability that comes with egregious misuse of personal
| data
| capableweb wrote:
| If a bank allows someone to open up a bank account with
| personal details that don't really belong to them, I'd call
| that fraud and a failure on the banks side. "Stealing
| someone's identity" sounds like I could and should have
| been able to prevent that, rather than putting the blame on
| the bank who accepted false personal details in the first
| place.
|
| As I said, those details, including address and more, are
| public in some countries. Those countries have learned to
| live that just being able to say my name, date of birth,
| address and telephone number is not enough to open a bank
| account, why can other "modern" countries not adjust
| accordingly too?
| largepeepee wrote:
| Rather than just banks, you can say it is also a systemic
| problem if the details like ssn is such an important
| number yet it is so easily obtained.
|
| There is a reason why the majority of these frauds are US
| based
| synu wrote:
| There's a funny Mitchell and Webb sketch about it:
| https://youtu.be/CS9ptA3Ya9E
| nopenopenopeno wrote:
| Wonderful! I will be sharing this one a lot. Thank you.
| dec0dedab0de wrote:
| There was a push a while back to call it bank fraud.
| Because the banks are the victims and should be responsible
| to protect/insure themselves.
|
| By calling it identity theft, we are saying individuals are
| the victims and should protect the banks from someone
| pretending to be them.
|
| Edit: I also believe there was an argument that banks
| reporting to credit agencies based on fraudulent activity
| from a 3rd party should be treated as libel.
| [deleted]
| dt3ft wrote:
| In Sweden, this information is public.
| sigmoid10 wrote:
| I have the feeling this is mostly a US thing, where a
| social security card with almost nil personal data is
| widely used for identification. In Europe you won't get
| very far with a birthday and a name - and you certainly
| won't get a credit card or anything close to it.
| omnicognate wrote:
| Several bank loans and store cards were taken out in my
| name using only my name, address and date of birth, in
| the UK. The same cynical business logic applies the world
| over: it's cheaper to clean up after the inevitable fraud
| than to implement proper identity checks. This calculus
| is of course aided by the fact that the detection of the
| fraud and the organising of the cleanup is taken care of
| entirely by the victim. "Victim", not "customer", because
| usually there is no business relationship between the
| company with the shitty identity checks and the person
| that has to live with the consequences.
|
| I recommend contacting the credit rating agencies and
| getting them to place a note on your record with a
| password, eg. [1]. Don't wait until someone "steals your
| identity". It's the only way to get these companies to do
| something resembling an actual identity check. Doing it
| _after_ they 've lent in your name (as the rating
| agencies suggest) rather defeats the object.
|
| [1] https://help.equifax.co.uk/EquifaxOnlineHelp/s/articl
| e/Howdo...
| Nextgrid wrote:
| The fact that the UK has this nasty concept of "credit
| history" helps with this, since now all that's needed to
| take out credit is basic details to lookup the credit
| bureau profile and then they "vouch" for you.
|
| In countries where this doesn't exist, obtaining credit
| requires providing proof of income (payslip, etc) to the
| lender which they verify. A mere name/address/date of
| birth might be enough to open inconsequential accounts
| such as loyalty cards, but will absolutely not get you
| credit - therefore the damage to identity theft victims
| is greatly reduced or even nullified.
|
| Bad payers are still penalised even without a credit
| bureau system by a register the government operates onto
| which a debtor is registered for a certain period after
| legal action by a lender (so this requires significant
| effort from the lender - you don't get on this register
| because of a telecoms billing mishap for example).
|
| With regards to setting a password, I wouldn't trust CRAs
| to enforce this. What you can do however is pay for CIFAS
| protective registration - it's usually for victims or
| those at high risk of identity theft but there's no legal
| requirement so anyone can pay the admin fee and get added
| to the register. Lenders check this during credit
| applications and this puts an instant block on any kind
| of automated approval and requires them to do further
| verification.
| [deleted]
| ajsnigrutin wrote:
| In slovenia, you have your name, surname and date of
| birth, but also unique citizen number (EMSO) and your
| personal tax number.
|
| They tell you not to tell anyone your EMSO... but EMSO is
| generated from your date of birth, gender, former
| yugoslav republic you were born in (slovenia=50) and the
| sequental number of your birth that day (0-499 boys,
| 500-999 girls)... plus a checksum. So if you were born in
| slovenia, are a boy, and were a third boy born on 20th
| december 1970 (970... because why waste numbers?!?!),
| your emso would be 201297050003K (K=checksum, too lazy to
| calculate).
|
| We also have a tax number, that they also tell you not to
| share... but then you open up an independent contractor
| business (technically, it's a not a seprate company, but
| "you" are the company), and your personal tax number is
| published in many many online systems, info pages, you
| have to put it on receipts, ads, you have to tell it when
| you're buying toilet paper for work use, etc.
|
| But yeah... if you want to open a bank account, you need
| a government issued id card (or passport), and they check
| it very very throughly.
| nibbleshifter wrote:
| Which is absolutely demented.
| reaperducer wrote:
| I always find it curious that allegedly Swedish people on
| HN post this sentiment over and over, but then never link
| to their own personal information.
|
| Why not share, if it's so harmless? Isn't that the point
| you're trying to make?
| plugin-baby wrote:
| Maybe they don't want their identity and their opinions
| to be linked.
| capableweb wrote:
| I'm not Swedish, but a friend of mine showed me a website
| for it. Here is a random example of a person who lives in
| Taby, Sweden:
|
| https://www.ratsit.se/19290708-Bertil_Thomas_Andersson_Ta
| by/...
|
| > Bertil Thomas Andersson - 1929-07-08 (93 years old) -
| Address: Lyktgrand 2 lgh 1706, 183 36 Taby, phone number
| 070-208 35 86
|
| The website also adds information about income:
|
| > (machine translation) In Taby, Bertil Thomas
| Andersson's home municipality, there are 5218 income
| millionaires. The proportion of people with payment notes
| in his postcode 183 36 is 7.3% and the average income is
| 295 679 SEK ($27,378) per year.
|
| If the person runs any companies, that would be visible
| as well.
|
| All of this is public information, for each individual
| and company in Sweden (except the ones that have
| requested to not be visible, or are protected)
| LtWorf wrote:
| I think it's way more common in USA than in europe because
| here you can't just phone a bank and open an account with
| your tax agency code. Normally the first time you need to go
| and show your id.
| traceroute66 wrote:
| > If we wanted to hammer out a quick and effective privacy
| legislation, it would be: you need a demonstrable reason to ask
| for someone's birthday
|
| Not much help for the American cousins, but this already exists
| throughout Europe and has done for years .... its called GDPR.
|
| TL;DR : If it is or it is tied to PII (personally identifiable
| information) you have to: (a) Justify
| collecting it in the first place (b) Justify storing
| it, and storing it no longer than necessary (c) Obey
| with the "right to be forgotten" and delete it on request
| ItsTooMuch wrote:
| You somehow forgot to mention that most (probably all) EU
| countries have laws that require you to know the birthdays of
| your customers - that of course overrides GDPR, or more
| precisely, the law is the reason to store the information so
| there's no need to find other reasons.
|
| Also, don't forget that these laws also have requirements on
| you keeping logs, most of the time 3, 5 or more years. So
| yeah you have to obey a deletion request when that time is
| up, not "on request" - that would be illegal in most cases.
|
| In many EU countries birthdate (and more) is public
| information, btw - my own birthdate is made public by the
| state itself (on the business registry website), together
| with my name and residence address. Same for any owner of
| real estate - be it land, house or unit - names, residence
| addresses and birthdates are publicly available in the online
| cadastre.
| Nextgrid wrote:
| The GDPR has a massive enforcement problem though, so in
| practice, you have little recourse if a company breaches it
| and misuses your personal information.
| tbihl wrote:
| I don't spend much of my time worrying about this, but if you
| do:
|
| Put credit freezes on yourself and maintain them that way as
| the default. This cuts your attack surface significantly. Plant
| your flag with any large government entities that are used for
| collecting benefits (IRS, your state's stuff, etc.)
|
| Do I love the state of affairs? No, but if it were something I
| worried about, I'd at least make myself a hard target.
| encryptluks2 wrote:
| There needs to be better laws protecting individuals that use
| aliases and what not for registration. Technically, there are
| certain federal laws that can make doing so illegal in certain
| circumstances.. while not enforced at a high rate, I do see
| them occasionally being applied unfairly and don't like knowing
| that by using aliases and what not that I could be opening
| myself to criminal prosecutions.
| Mandatum wrote:
| Having reported a critical bounty, their incident response and
| disclosure process is a complete shitshow. Absolute mess of a
| company.
| hedora wrote:
| I love how they don't say how big the breach was, what systems
| were affected, or how to opt-out of them stealing your personal
| information and storing it on poorly secured servers:
|
| > _Why does Samsung have my data?_
|
| > _We collect information necessary to help deliver the best
| experience possible with our products and services. We know how
| important privacy is to our customers, and we provide information
| about how we 're planning to use customer data, in strict
| compliance with relevant privacy laws. You may visit the U.S.
| Privacy Policy section of our website for more details on how we
| may obtain data and for what purposes:
| https://www.samsung.com/us/account/privacy-policy/._
| autoexec wrote:
| > We collect information necessary to help deliver the best
| experience possible with our products and services.
|
| When I got my first Samsung phone, it came with Samsung's
| keyboard installed. I looked at the privacy policy and saw that
| it was sending every single keypress to some third party whose
| privacy policy said it was used for market research and to
| guess at things like the education level and intelligence of
| the user. Who needs malware when Samsung ships keyloggers. I
| uninstalled it then did the same with every other Samsung app I
| could. They obviously don't care at all about people's privacy.
| On the plus side, I found some great apps that way like simple
| gallery pro and markor.
| notsapiensatall wrote:
| From that privacy policy:
|
| > Information we may collect automatically includes information
| about
|
| >* your device, including MAC address, IP address, log
| information, device model, hardware model, IMEI number, serial
| number, subscription information, device settings, connections
| to other devices, mobile network operator, web browser
| characteristics, app usage information, sales code, access
| code, current software version, MNC, subscription information,
| and randomized, non-persistent and resettable device
| identifiers, such as Personalized Service ID (or PSID), and
| advertising IDs, including Google Ad ID;
|
| >* your use of the Services, including clickstream data, your
| interactions with the Services (such as the web pages you
| visit, search terms, and the apps, services and features you
| use, download, or purchase), the pages that lead or refer you
| to the Services, how you use the Services, and dates and times
| of use of the Services; and
|
| >* your use of third-party websites, apps and features that are
| connected to certain Services.
|
| So essentially, they're saying that they can log everything
| that you do on your device.
| dietr1ch wrote:
| I don't even know why I got an email from them to my work
| email. AFAIK I've never used a samsung device at work and I
| have dedicated work devices.
| rvz wrote:
| "We value your privacy" is just a buzzword for these companies.
| TEP_Kim_Il_Sung wrote:
| Translation: "We value your privacy higher than we value you,
| because we get to sell it to anyone for top dollar."
| A4ET8a8uTh0 wrote:
| This ship kinda sailed after Equifax data breach, but I wish we
| could make data a real liability ( as in, if you store it, you
| are on an actual legal hook for it ). 2017 settlement[1] was
| largely a joke if not an insult to all the affected individuals.
| The company still operates, no one went to jail and the company
| got a hard cap on potential claim from affected people.
|
| I don't know what the solution is exactly though ( I mean how to
| effect actual change instead of posting in this forum ).
|
| [1]https://www.ftc.gov/enforcement/refunds/equifax-data-
| breach-...
| bee_rider wrote:
| I guess eventually everybody's data will be leaked (are we
| there yet?) and companies that would like to make loans will
| have to come up with some other way of verifying their
| customers.
|
| The credit system is a scam anyway. Oh wow thanks Equifax, you
| think I should be allowed to go up to my eyeballs in debt. What
| an honor, I'm flattered.
| hijohnnylin wrote:
| Just got the email from Samsung saying I was part of the breach.
| At the end of this (extremely long and excuse-ridden) email they
| inform me that I'm entitled to a free credit check every year
| from credit reporting agencies.
|
| Can't we just fast forward to the part where they send me a $5
| check for the class action settlement? They'd save a ton on legal
| fees.
| WaitWaitWha wrote:
| I got the same.
|
| I find it insulting to offer a credit check. If I wanted, I
| would get 20 credit checks just this year. Credit checks are
| also (mostly) free. Everyone and their mother offers them.
|
| Why would that do me any good for checking? How does it
| remediate or mitigate the loss I have?
| autoexec wrote:
| > Everyone and their mother offers them.
|
| I'm pretty sure the US government offers them for free, and
| anyone else doing it "for free" is only using at a means to
| collect and sell your personal information. Using some random
| site like getmemyfreecreditcheck.com or whatever is pretty
| much asking for your privacy to be violated.
| baldeagle wrote:
| They are offering the free credit check provided by Uncle Sam-
| not even footing the bill for one of their own
| mrtweetyhack wrote:
| [deleted]
| AdmiralAsshat wrote:
| I feel stupid for ever giving Samsung this much info to begin
| with. But oh, they had such compelling _reasons_ to do it. Like
| trading in my old phone to get a deep discount on a new one
| directly from Samsung, and bypassing all the carrier bullshit! Or
| locking down all of my devices, so that someone who steals my
| phone can 't factory reset it without supplying my Samsung
| account credentials!
| NoboruWataya wrote:
| When I saw this thread I went and checked my inbox to see if I
| had received an email telling me I was caught by this breach. I
| haven't, but what I do have are like five emails from my
| carrier in the last two weeks desperately trying to get me to
| upgrade to the latest Samsung phone.
|
| I have a Samsung from three years ago. I don't want to upgrade
| or replace it until it actually breaks, as constantly upgrading
| phones strikes me as wasteful. However, when I see this shit as
| well as all the Samsung apps they don't let you delete or
| disable from your phone, I am very tempted to just splash out
| on a Pixel to install GrapheneOS.
| morsch wrote:
| I would like to delete my Samsung account (which I was forced to
| create to access some feature of my phone). But I can't even
| access my profile because I'd need to accept some new user
| agreement which I won't do. I guess I could try sending them a
| letter.
| aborsy wrote:
| How is it that security is a top priority when the company can't
| correctly implement basic encryption?
|
| Samsung shipped so many millions of phones with insecure
| encryption:
|
| https://eprint.iacr.org/2022/208.pdf
| topicseed wrote:
| > may have affected information such as name, contact and
| demographic information, date of birth, and product registration
| information.
|
| What falls under "product registration information"?
| derwiki wrote:
| California residents can request their data to be deleted here:
|
| https://www.samsung.com/us/privacy/ccpa/
|
| I was surprised I even had a Samsung account so I can't think of
| any reason to keep one after this.
| ev1 wrote:
| I received this email to a CCPA "removed" email address.
| WaitWaitWha wrote:
| I requested to have all my info deleted by them. Let's see how
| long it takes.
|
| The email for my request is towards the bottom of this page:
| https://www.samsung.com/us/support/securityresponsecenter/
|
| I am aware this does not fix the problem of the already stolen
| data, but it might make the data collection cost/benefit analysis
| in favor of discarding collection all-together. Maybe. Let me
| dream, would you?
| shultays wrote:
| Samsung stores demographic information because why not. I wonder
| how much information is that
| artificialLimbs wrote:
| "...and have engaged a leading outside cybersecurity firm and are
| coordinating with law enforcement."
|
| Sounds like "we got ransomeware'd".
| theteapot wrote:
| The whole paragraph suggests it more strongly. Specifically why
| would you say "affected" rather than exposed / accessed?:
|
| > FAQ: Can you tell us more about what specifically happened?
| In late July 2022, an unauthorized third party acquired
| information from some of Samsung's U.S. systems. On or around
| August 4, 2022, we determined through our ongoing investigation
| that personal information of certain customers was affected. We
| have taken action to secure the affected systems, and have
| engaged a leading outside cybersecurity firm and are
| coordinating with law enforcement.
| drcongo wrote:
| Blows my mind that anyone would buy a Samsung product given their
| data collection addiction.
| marcodiego wrote:
| > may have affected information such as name, contact and
| demographic information, date of birth, and product registration
| information.
|
| No. No matter how safe of how carefully you take your security, a
| vendor should NOT keep these pieces of my private information
| with them.
| icedchai wrote:
| Most of that info is already public and easily searchable.
| There are data brokers that gather public records (like real
| estate) and resell them to marketers, sales people, other data
| brokers, etc. It's an enormous business. Privacy is, sadly, an
| illusion.
| ProAm wrote:
| Dont give it to them then,
| marcodiego wrote:
| Yes. But it is becoming increasingly difficult with "smart"
| or "connected" devices. Sometimes you have to fill forms to
| access services or agree with EULA's with abusive terms. If
| you disagree with the terms, you become ostracized because
| everybody else from your circles accepted those terms and
| nobody is using your open-source/decentralized/federated
| network or services.
|
| You can't expect common people to be reasonable and
| spontaneously boycott abusive vendors. Most people are not
| educated enough for that. Among those who are, most don't
| care.
|
| We need laws to prevent this kind of abuse so vendors can't
| take advantage of people who are willing to share such
| information even if they are knowledgeable about its
| implications.
| abawany wrote:
| I wonder if the GP is saying that you don't necessarily
| have to provide your real dob etc. to vendors that coerce
| you in this manner. I mean, don't you want to imagine a
| world in which you were born on Feb-29 of some suitable
| leap year?
| ProAm wrote:
| We don't need laws just dont buy their products. You're
| asking a business to change it's business practices because
| you don't like them. Free market.
| notsapiensatall wrote:
| My favorite suggestion for a nationwide privacy law is
| simple:
|
| Clarify that all EULAs are null and void unless they have
| been reviewed with counsel, signed, and notarized to ensure
| the user understands what they are agreeing to.
|
| If the companies want to treat them like contracts, so
| should the other party. Otherwise, it all stinks of duress.
| ncphil wrote:
| Amateurs. Samsung's identity system was f*ed even before this.
| Only Lenovo/Motorola were worse. _Of course_ they got hacked:
| they were a big fat (in a purely metaphorical sense), stupid,
| target. The entire executive suite and board should be swept out
| and replaced. But that won't happen because those few have a lock
| on the majority of shares by either owning them outright or being
| golf partners with the like-minded idiot rest. Their main focus
| now, as always, is to deflect blame and preserve their positions.
| Does not inspire confidence in the future of anything. No wonder
| they can't get the simple things right, like providing clean
| water to Flint or Jackson. The clowns have taken over the bus and
| are driving it right over a cliff.
| jiggawatts wrote:
| Just here to remind everyone that Samsung televisions take
| screenshots at regular intervals of what you watch and sends this
| to be stored with the same level of "security".
| autoexec wrote:
| Roku does this too.
|
| > "Roughly twice per second, a Roku TV captures video
| "snapshots" in 4K resolution. These snapshots are scanned
| through a database of content and ads, which allows the
| exposure to be matched to what is airing. For example, if a
| streamer is watching an NFL football game and sees an ad for a
| hard seltzer, Roku's ACR will know that the ad has appeared on
| the TV being watched at that time. In this way, the content on
| screen is automatically recognized, as the technology's name
| indicates. The data then is paired with user profile data to
| link the account watching with the content they're watching."
| (https://advertising.roku.com/resources/blog/insights-
| analysi...!)
| wqeraz wrote:
| Was this related to the Lapsus$ incident, or something else?
| xeromal wrote:
| Just got this email. I love how they don't even try to pay you
| off. They just show you where to get your free credit report
| where if you've already accessed it, you're screwed.
| ternaryoperator wrote:
| Came here to say this. The least they could have done is
| provide you with a free credit report, regardless of whether
| you previously used your freebie.
| smm11 wrote:
| I was just considering using an old iPhone instead of an S21.
| Decision made.
| parasti wrote:
| Oh, Samsung. I just went through the most insane account recovery
| process I've ever seen. Tried to register a Samsung account, but
| my email was already taken. Guess I must have had an account at
| some point. If you forget your password, you have to provide your
| name and date of birth to reset it. If you fail to enter the
| correct details many times, which I somehow did, eventually they
| will send you the recovery email anyway. When I received it, it
| was in a language I'd never seen. Then I discovered that it was
| actually somebody else's account from Indonesia that was using my
| email address without me ever knowing. So I now have a Samsung
| account that was someone else's but it was using my email so it
| was really mine?
| ethbr0 wrote:
| I've got a fairly common Gmail address as my primary.
|
| I get all kinds of account sign-ups, and also home purchase
| paperwork and sheriff's office employment offers, from multiple
| states.
|
| I used to feel bad, and spent a couple years trying to get in
| contact and correct whoever used my email.
|
| Now? Fuck em. If you use my email, it's my account. I just
| deleted "my" Roku account and unsubscribed to the services
| attached to it (required to delete an account).
|
| Me deleting "your" account is the least-abusive thing I could
| do if you sign up with my email address.
| aliqot wrote:
| >Now? Fuck em. If you use my email, it's my account. I just
| deleted "my" Roku account and unsubscribed to the services
| attached to it (required to delete an account).
|
| >Me deleting "your" account is the least-abusive thing I
| could do if you sign up with my email address.
|
| This is illegal, CFAA of 1996.
|
| Them signing up with your email is a mistake, you
| deliberately modifying data that isn't your own because of
| that is illegal.
| randerson wrote:
| What is the _correct_ course of action one should take,
| e.g. if OP now wants to sign up for a Roku account with
| their own address and now can 't?
| 8note wrote:
| Make a different address?
|
| Mind you, if Roku doesn't want to do business with you,
| there's no correct way to trick them into it
| [deleted]
| galangalalgol wrote:
| Signing up for services using other people's email? Or
| canceling services attached to your iwn email?
| derwiki wrote:
| It wouldn't also fall under CFAA to fraudulently sign up
| with the wrong email?
| tester756 wrote:
| >At Samsung, security is a top priority.
|
| Every company, always.
| zac23or wrote:
| > At Firefighters, firefighting is our top priority. We
| recently discovered that our base of operations caught fire
| and, as the fire hydrants and fire extinguishers did not work,
| it was incinerated.
|
| An absurd, insane message.
| fsociety wrote:
| The iconic "yes we do have a security department" doublespeak.
| cProdigy wrote:
| hmmm
| dreamcompiler wrote:
| At Samsung, like at every other company, perception management
| is a top priority. And we will never understand why managing
| perceptions while ignoring reality always fails.
| lizardactivist wrote:
| Other companies keep the lid on when it happens to them. Samsung
| has the decency to inform you quickly and clearly, gotta give
| them that.
| fartcannon wrote:
| No, I won't give them anything. They don't need to take this
| information. They shouldn't have it. I think they and everyone
| else collecting data should be held far more accountable than
| they are for the damage they do when that data leaks.
| vardump wrote:
| Luckily I gave all fake information to Samsung. Because I
| expected this to happen.
| hayst4ck wrote:
| From a post above:
|
| > your device, including MAC address, IP address, log
| information, device model, hardware model, IMEI number, serial
| number, subscription information, device settings, connections
| to other devices, mobile network operator, web browser
| characteristics, app usage information, sales code, access
| code, current software version, MNC, subscription information,
| and randomized, non-persistent and resettable device
| identifiers, such as Personalized Service ID (or PSID), and
| advertising IDs, including Google Ad ID;
|
| Regardless of how fake you think the information you gave them
| is, if you use your phone, there is more than enough
| information to attain a real identity and connect that to other
| identities.
|
| IMEI alone will uniquely identify your device, and therefore
| you, and it will be connected to a phone company that is
| probably willing to sell your data.
|
| https://arstechnica.com/tech-policy/2021/03/t-mobile-will-te...
| vardump wrote:
| I wonder what kind of information they got out of my TV.
| Well, obviously at least IP address.
|
| Maybe some viewing habits data. In which case they'll
| probably conclude I mostly like cartoons about ponies and
| talking, people rescuing dogs...
| hayst4ck wrote:
| TV's can probably scan your local network which means at
| the very minimum getting MAC addresses which can tell you
| the manufacturer and maybe more, of various devices on your
| network.
| vardump wrote:
| It can do that all it wants, won't be able to see any
| other devices on my network.
|
| Although it could scan for nearby wifi access points.
| Maybe also for bluetooth devices. It also got a
| microphone...
|
| Business idea: A service to strip microphones and
| antennas out of brand new TVs?
| hayst4ck wrote:
| There is no winning via tech, only regulation.
|
| Supposedly amazon set up an AWS service to leverage 5G
| (https://aws.amazon.com/private5g/) allowing
| significantly more devices. The idea being that our
| fridges, TVs and other household devices could talk
| directly to a private service without having to be
| subject to your in home firewalls/DNS blocking/etc.
| SoftTalker wrote:
| Coincidentally (?) I got an unsolicited text message yesterday
| with my "Samsung account verification code."
___________________________________________________________________
(page generated 2022-09-02 23:00 UTC)