Regardless of who handles the underlying payment rails (FIS, Fiserve, GS) it is the agreement that the payment processor has with the issuing bank that determines the ability to re-sell tx data to 3rd parties.
Apple and Credit Unions have specifically put in place guardrails to protect their customer’s data. All other CC issuers optimize for the extra revenue at the expense of their user’s privacy.
From time to time, we may update this Privacy Notice. You agree that we may notify you about material changes in the way we treat Personal Information by placing a notice on the Website. You should check the Website frequently for updates.
Many examples, e.g. https://www.theverge.com/2017/7/31/16072786/amazon-blu-suspe.... “In November 2016, security firm Kryptowire detected pre-loaded remote surveillance software on BLU phones sold online through Amazon and Best Buy. In August 2017, Amazon pulled BLU Products from its website over security vulnerabilities that resulted in BLU consumer user data being covertly sent to China.”
This.. doesn’t answer my question still. Even if data goes to China, how that data is used, what it is, and by what mechanism is what determines whether it’s a threat or not. Why do we continue to use boogiemen when it comes to explaining threats? Why don’t we apply this kind of scaremongering to any data exfiltration to every shady company ever?
Also in your specific reference:
> “Now almost a year later, the devices are still behaving in the same exact way, with standard and basic data collection that pose no security or privacy risk. There has been absolutely no new behavior or change in any of our devices to trigger any concern. We expect Amazon to understand this, and quickly reinstate our devices for sale.”
So, clearly I’m not the only one who wants clear, explanatory, descriptive answers to these threat models.
I find it interesting how democrats fell into a pit that I used to think was something only Trump and his ilk followed.
The two parties really are the same at the core. One may pretend to be conservative and the other screech in woke language but they always converge on the parts that actually matter like geopolitics.
When Trump duked it out against China, democrats pretended to be offended. Now, democrats are in power, and they're pushing even harder to ban China.
The US is such a sham democracy.
You will not hear anything from the brainwashed apart from "things coming from China are bad because it's China !111!" when in reality those bans exist because American companies simply are not competitive and are looking for America to become a captive market for American corpos. Can't have people selling phones almost-as-good-as-iPhones for less than iPhones.
There is no trying out on Outline. You must buy is ($40). Outline is relatively new, editing was recently added. As such, it is limited, and somehow buggy.
Hopefully the release of OneNote free of charge will not stop Outline on its tracks.
There still are a lot of bumps. Their billing systems remain a mess, especially trying to use it on an iPad (if I don't disable wi-fi, it asks me for the iPad's phone number). I really wanted to use T-Mobile to support their free 200mb offer, but it's a mess to sign-up for extra data.
My final reason for leaving -- even though they suffered many high profile password hacks in the past, they still store them as clear-text and email it to you when doing a password reset.
It's likely much more than two databases. Most MSOs outsource billing and customer service to companies like Convergent. It's a mess of legacy regions and products with different vendors involved. Try troubleshooting phone number porting -- that goes through Accenture.
You can take one of my bills -- I receive two Ecobills and a paper bill!
That was my first impression. I could rip the site, post it to my own domain, and start sending out emails saying "you've got cash, give me your credit card number so we can credit it" in about 10 minutes. Great concept, and I plan to use the service, but as it gains momentum and acceptance, it's going to be a great attack vector for the Nigerians.
No, they just got an email from someone that happened to have my address in the `From` field.
Since we're in the realm of phishing already, let's not forget that people still commonly enter their email address and email password into sites claiming to "Find your friends who are using this service".
The problem with social attacks is that they spread socially, and it's not enough for just "some", or even "most" people to be educated for it to be stopped.
I don't think Square are ignorant about this, but I'd like to see some confirmation that some measures are in place to counter threats like these.
What also doesn't help is that sites like Facebook leak personal information like sieves. I've been receiving the spam e-mails claiming to be from various of my Facebook friends for some time.
In the happy case, yes. But, that doesn't consider how phishing works.
So, Square trains people that these e-mails are OK. In the happy case, you get the email from a friend, followed by a link/invitation from Square. Everything is fine.
After doing this several times, one day you just get the email that appears to be from Square, informing you that you have money. This is a phishing email and there is no email from a friend, which should raise a red flag, but for many it won't. Or they may just think Square changed the process. Putting the onus on the user to discern this is not a good plan.
Training users to click a link from an email that resulted from a process they didn't initiate, then enter personal/financial information or credentials is not a good idea.
So is PayPal and just about every other financial institution. Square has some nice safeguards in place here and considering they are going to be the ones paying for fraud abuse, you can be sure they'll be doing everything possible to prevent it.
