I’m getting a bit sick of large corporations a) demanding excess data as a condition of doing business with me, b) allowing it to be stolen, and c) giving zero fucks about it.

What are some things that us netizens can do to make our displeasure known.

Extra points for funny ideas.

  • JoeKrogan@lemmy.world
    link
    fedilink
    arrow-up
    23
    ·
    2 days ago

    Use bots to apply for the open positions to waste time. Reject them all for not enough pay.

    Post public info of the CEO class

    Piracy

    Give fake data when using all services.

    Start and join boycott groups.

    Use their social media against them. Eg post their dirty laundry as a comment on their post.

  • Captain Aggravated@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    21
    ·
    2 days ago

    Stop using as many services as possible. It might not be funny but, I mean, what if you went to a music store and bought used CDs instead of using Spotify? Do all of that you can.

        • mnemonicmonkeys@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          19
          ·
          3 days ago

          Still, any programmer worth their salt should filter their inputs. One group at work refuses to do it and they always get away with it and it’s infuriating

          • PM_Your_Nudes_Please@lemmy.world
            link
            fedilink
            arrow-up
            4
            ·
            2 days ago

            One group at work refuses to do it

            Sounds like a huge liability to the company.

            and they always get away with it

            Until they don’t. All it would take is one malicious actor (competing company, spurned employee, data thief, etc) wrecking/stealing their entire database with an injection attack.

            • mnemonicmonkeys@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              1
              ·
              2 days ago

              Their exact position would make it significantly less likely, since they aren’t working with databases, but software for individual products. That being said, it’s still shitty practice

      • PM_Your_Nudes_Please@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        2 days ago

        It’s an SQL injection joke.

        Basically, when dealing with databases, you can use SQL to search or modify the data in that database. By default, you can do this by polling the database with an SQL query. But this introduces a vulnerability called SQL injection. Basically, imagine if instead of filling in a name in the “Name” field, you filled in an SQL query. If the database admins haven’t protected themselves against it, then the database will happily run that query; You have just injected an SQL query into their database. Maybe you’re a malicious attacker, looking to get a virus onto the system, or looking to extract the data.

        Protecting the database from injection is done with something called sanitizing. Basically, you set up filters to disallow SQL, so it can’t touch your database. In this comic, the database admins didn’t do that, so they were unprotected.

        The actual SQL uses the student’s middle name to search for any tables named “Students” and permanently delete it. The joke is that when the school admin staff enters his name into their database, it will delete any tables named “Students” and wreck their database.

  • slazer2au@lemmy.world
    link
    fedilink
    English
    arrow-up
    96
    arrow-down
    5
    ·
    3 days ago

    Use EICAR test strings as your password.

    If they store your password in plain text the AV will lock the user database.

    If your password gets leaked and they are using bad password security, when your password is cracked the AV will isolate the file.

    • shrodes@lemmy.world
      link
      fedilink
      English
      arrow-up
      71
      arrow-down
      1
      ·
      3 days ago

      Bold of you to assume a corporation storing passwords in plain text would be using AV

    • qaz@lemmy.world
      link
      fedilink
      English
      arrow-up
      40
      ·
      3 days ago

      According to EICAR’s specification the antivirus detects the test file only if it starts with the 68-byte test string and is not more than 128 bytes long. As a result, antiviruses are not expected to raise an alarm on some other document containing the test string.

      This won’t work, assuming the database file is more than 128 bytes long

      • Talaraine@fedia.io
        link
        fedilink
        arrow-up
        9
        ·
        3 days ago

        I think the important distinction would be ‘file’ or ‘record’. Passwords aren’t really a file in a database iirc and records in a database have a storage limit

      • PM_Your_Nudes_Please@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        2 days ago

        EICAR test strings are strings of text that can be used to test an antivirus. Basically, you bury the file somewhere, and see if your AV picks it up. The joke being that if they’re storing your password in plaintext (a big no-no from a security standpoint) then their AV will clamp down on the database once you create your account and the test string is embedded.

        It wouldn’t work in this instance, unfortunately; EICAR test strings are only meant to work when embedded in files that are shorter than 128 bytes. And every database is almost certainly larger than that.

  • MojoMcJojo@lemmy.world
    link
    fedilink
    arrow-up
    9
    ·
    2 days ago

    Do not use actual names, birthdays, phone numbers, addresses, email addresses, etc. There’s no reason they need to know that info and I love/hate seeing physical mail and email show up with my made up info. Doesn’t work when paying for stuff though.

    • Brewchin@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 hours ago

      I played around with this some time ago, until I thought more about it: using tools like this makes adtech money.

      Adtech doesn’t care if you’re interested in X or Y, just that they can charge the advertiser for it. By injecting fake traffic, they’re getting more data to sell.

  • cheese_greater@lemmy.world
    link
    fedilink
    arrow-up
    87
    arrow-down
    1
    ·
    edit-2
    3 days ago

    More in the spirit of this, prefer and actively seek out alternatives that collect as little or even no data at all and test to make sure they run without internet access. If they give you a hard time or straight up dont work without an internet connection when they ought to be able to, chuck em

    Edit: also call them out in reviews. Why you collect data guys, dont you want my money?

    • Bluetreefrog@lemmy.worldOPM
      link
      fedilink
      English
      arrow-up
      18
      ·
      3 days ago

      This has been the go-to for decades and it’s not working. I feel like we need to be prepared to engage with the system, but make it clear we are not just passive consumers. Something that becomes viral maybe?..

      • derek@infosec.pub
        link
        fedilink
        arrow-up
        2
        ·
        2 days ago

        The only effective answer to organized greed is organized labor.

        Unionizing every industry so there is nowhere for the owning class to practice naked greed sans consequence or feel any pressure to do otherwise is our only answer. It’s not one which matches the aesthetic or level of ease most are looking for. So that’s the current goal. Shift public perception of unions and collective bargaining from “talking about that will get me fired” to “unionization is essential for any working class person”. Shift the current climate from “violence is inevitable” to “striking is necessary”.

        Our owners cannot steal our wages if we refuse to produce goods and services for them. Yes this means workers will experience pain. Not being able to pay bills, buy groceries, etc. This is the intention of the current economic reality we find ourselves locked in mortal combat with. Keeping us too scared to bite the hand that feeds for us to realize we can starve out our oppressors by doing nothing and being loud about it. Picketing is a siege on the fortress of oligarchy.

        They concentrate wealth like dragons protecting a hoard not for the love of money. It’s not about the money. It’s about insulating themselves so securely from such a siege that we starve before they do. History tells us that’s a winning strategy. It’s how the aristocracy survived and evolved into the modern era. Knowing this we can reason about what is necessary to avoid repeating the past.

        One may argue for governing reforms, better voting systems, government-backed protections for workers, more public sector jobs/industries, kai ta hetera, et cetera, and so on… And these things may help voters weed out elitists/sympathizers or insulate an industry for a few decades. They are placations though. Not solutions. These capitulations leave workers in stasis and package today’s injustice up as an inheritance for those next in the human assembly line. That sounds like deja vu to me.

        Similarly goes violent direct action. Yes, the civil rights movement was lifted by the pressure or the threat of violence from aligned and allied movements and, yes, such methods may yield short term results in any righteous struggle. No, workers do not require the same assistance for success. Labor is not fighting against any government. Governance is the medium through which the owning class wishes to arbitrate. Refuse this entrapment. No one is coming to save us.

        Organize, vocalize, and strike, or lose.

    • Noxy@pawb.social
      link
      fedilink
      English
      arrow-up
      17
      ·
      3 days ago

      that only works when there are alternatives that work offline. which is not guaranteed.

  • hansolo@lemm.ee
    link
    fedilink
    English
    arrow-up
    23
    ·
    3 days ago

    If a company is publicly traded, then all leaked individuals are given 50.1% controlling stock in the company, split among the victims with new stocks created for them, with unclaimed stocks held in a trust controlled by anyone that did respond to claim stocks. They can sell the stocks, or drive the company into the ground out of spite. Maybe even both.

    Companies not publicly traded have 3 months to make all code used, trademarked material, and patents open source in perpetuity, and 1 year to convert their corporate structure into a non-profit.

    Regardless of the size of the company, the CEO, CTO, and board must eat their weight in fried bugs. They get to pick the type of bug from a list of 5 options, and any seasoning they want. Live streams of the bug eating will be monetized and the proceeds given to orphans, under the title of “It’s not a bug, its a feature.”

  • OsrsNeedsF2P@lemmy.ml
    link
    fedilink
    arrow-up
    7
    ·
    2 days ago

    Report bugs that don’t actually exist. Keep reporting the same bug from different emails. Works especially well for apps.

    • 11111one11111@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      4 hours ago

      Oh fuck you, buddy. Lol I find it infuriating the amout of product and software bugs that get ignored and passed to every sequential generation that follows and you wanna pile on fake bugs. You’re not my buddy, pal.

    • FlashMobOfOne@lemmy.world
      link
      fedilink
      arrow-up
      18
      arrow-down
      1
      ·
      3 days ago

      I don’t get many of them anymore, but when I do, I mail them back with a little slip of paper inside that says “poop”.

      • GrumpyDuckling@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        9
        ·
        3 days ago

        First class letter mail is up to 3.5 oz and within a certain l thickness. Every ounce costs extra over the first oz (idk about commercial return mail pricing) just stuff it with flat cardboard from cereal boxes or fill out the information wrong and put in a competitors corporate address.

      • kalkulat@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        3 days ago

        I tried the brick once long ago. 1) No way to verif it works (not just PO’s the P.O. 2) That kind of shit may be why so many public POBoxes have been removed. 3) The was of paper (up to 3.5 oz?) -seems- to have worked.

  • granolabar@kbin.melroy.org
    link
    fedilink
    arrow-up
    48
    arrow-down
    1
    ·
    3 days ago

    Deny engagement and profit. It a takes a mind set change but a lot of shit can go avoided.

    Streamimg can be replaced with Yarr

    Use products you have longer until they break or not longer don’t fit use case

    Start your shopping on the second market.

    Generally Corpo’s and government are centralized and get benefits of that system, working class is decentralized naturally so we need to lean into that.

    • Norin@lemmy.world
      link
      fedilink
      arrow-up
      14
      ·
      3 days ago

      Absolutely.

      Buy things used, repair and jailbreak what you can, and learn to make things for yourself.

      We can’t, at least as individuals, divest from every exploitative system. But, we can remove ourselves from more than we think.

      Often enough, you get a better experience out of the homemade and secondary market than whatever the new thing you’re being pushed can give.