[Caligatio]

I really don't know what it is going to take to shift people from thinking "oh no, my private data leaked" to "I really don't have any private data." Honestly, look at the stuff that was leaked:

- Names: this is public information

- Addresses: this is public information

- Bank Account Details: this is on every check you've ever written

- SSN: this is on so many applications for things and compromised so many times it can't be realistically called private

- Account Login Details: not to be pedantic but this is a shared secret and should be treated as such

I know there have been some rumblings about actually trying to change the financial identification system in the US but really this needs to be the focus. We've been pretending that we have any sort of "secure" identification system for too long and now it's finally catching up to us. Solutions exist for a majority of these problems:

- For stolen credit card numbers: Force the issuers to add one-time CC number generation and have that one-time number locked to a merchant. Discover had this years ago and got rid of it; I'm sure others had it as well. This effectively solves the online merchant problem. Things like Visa Checkout and Masterpass also can help here by eliminating the need to give merchants your actual number (as can Android Pay, Apple Pay, Samsung Pay, PayPal, etc)

- For stolen credit cards: Actually change over to chip and pin

- For online financial identification: Issue smart+national ID cards like Estonia that can provide digital authentication. Is it perfect? No. If people don't like the concept of a smart+national ID card, put the risk of doing anything online on them. https://www.login.gov/ is a baby step in this direction.

[coldtea]

>- Names: this is public information - Addresses: this is public information - Bank Account Details: this is on every check you've ever written - SSN: this is on so many applications for things and compromised so many times it can't be realistically called private - Account Login Details: not to be pedantic but this is a shared secret and should be treated as such

Those may not be difficult for an adversary that targets someone personally to get. They'll have some trouble getting a few of them (something being on "every check you've ever written" doesn't mean I can see it easily if I'm not a person making business with you. Besides few write checks anymore anyway), but they will be able to gather most.

That's completely different than anybody who doesn't know you at all having all those details for millions of people in a large data dump - that is, any scammer worldwide.

[sametmax]

That, and linked together, in a nice clean, easily automatically exploitable package.

[sigi45]

So just wait until you get a stalker and that person is able to find that 'public information' with a google search.

There is a difference and it still should be secured.

My address might be public information but because i choose to not because someone else chose this for me.

[Caligatio]

Saying your physical address is private ignores the reality of the situation: it's on your driver's license that you hand over to people that you don't explicitly trust (getting carded at bars, airports, stores, etc), it's sold between companies that you don't give explicit permission, you give it out to receive goods, and there is no law to force people to remove your address (to your point, try to request removal from sites like 411.info). Given all of that, it's unfortunately a fantasy to think that this is somehow private.

Private information isn't private if you have to give it out.

[coldtea]

>Saying your physical address is private ignores the reality of the situation: it's on your driver's license that you hand over to people that you don't explicitly trust (getting carded at bars, airports, stores, etc), it's sold between companies that you don't give explicit permission, you give it out to receive goods

None of those are arguments against making it easier for some 4chan kiddie from Iowa to fine one's details in a Google search.

Many people can't seem to understand that something possible and easy is worse than something possible.

They consider security/privacy etc a strict binary.

[sametmax]

My address is not public information. If i give you my name, you can't google it and find my address. I'm not in the yellow pages.

You can find my address, but it will require efforts.