[kadoban]

The basic stuff helps a decent amount. Assume your name, phone, email, address are all public. Don't reuse passwords, ever (use a password manager), use 2fa wherever possible, ideally not the SMS kind. Use a password manager that has a tie-in with haveibeenpwned or whatever so you know asap to change your creds.

Some extras: use unique email addresses per site if you can. Some setups allow infinite aliases. Then you can blackhole one that gets leaked, and you can know where it got leaked from.

If you can, have a separate setup (completely separate email account(s), not just aliases, and even separate hardware to access them if you can) for very important accounts, the ones that would ~ruin your life for a good bit if they got taken over (bank, retirement, etc.)

There's also credit monitoring type stuff, which I've never been clear how useful it is, but might be worthwhile. You also may get it free if some company you use has a leak and they try to PR it away that way.

I think there's some way to basically lock your credit against new accounts, I need to look into that someday, don't know the details or if it even exists.

[reaperducer]

Assume your name, phone, email, address are all public.

Someone on HN will invariably point out that this is how it was for the last hundred years, and it was only when we made computers powerful enough to abuse the information that this level of privacy became a concern.

I remember the days when your name, address, and phone number were public information. I paid something like $15/month to keep it out of the phone book.

What I recently learned, browsing through old books that a local library was throwing away, is that sometimes those phone book listings would also include things like a woman's maiden name, and the name of her husband, and/or marital status. Something like:

  Smith, Margaret C (nee Jones, widow of George): 202-555-1212

That part was new to me.

[Kiro]

In Sweden almost everything about you is public information. Your address, social security number, tax records, criminal record etc.

[kadoban]

To be honest, that's close to how it should be in an ideal world. But US companies went down the obviously-moronic path of treating social security numbers as passwords and now we're stuck.

Eventually the bulk of the world will probably end up with some sort of government-managed crypto-ID, but it's sure going to take the US a long time to get there.

[BrandoElFollito]

Out of curiosity: does this lead to more identity theft (or misuse)?

[LadyCailin]

I live in Norway, which has a similar system, so I can’t answer for op, but the answer here is, no. Your “social security number” is not ever used as a password or other form of presumably secret key. While you probably don’t go blabbing it everywhere, there’s not much you can do if you know mine. You would also have to physically steal my phone and also learn my secret pin, or break into my fire safe in order to successfully use my personal number for anything. Address and phone number are the same thing, that’s just where you mail things to, it’s not used as a secret key.

[BrandoElFollito]

I live in France and while we do not have public records (or just a very few), we do not have identifiers that can be easily used to do something nefarious. Our social security number, or the tax one is not used anywhere as a secure identifier (as opposed to, say, US with their SS# that is tragically comical).

We do like secrecy, though, and opening up the tax reports and addresses would be a 12 on the Richter scale of earthquakes. I do not know whether that would be good or bad but it would lead to all sorts of social unrest.

[MertsA]

No, instead they use this radical method called actually identifying the person they're about to give a bunch of cash to instead of trying to pretend a username is a password.

[BrandoElFollito]

Sorry, I did not understand your comment (English is not my first language)

[kadoban]

Gp is saying that no, it doesn't increase identity theft. Other (better) methods of verification are used instead.

[MattDemers]

>Some extras: use unique email addresses per site if you can. Some setups allow infinite aliases. Then you can blackhole one that gets leaked, and you can know where it got leaked from.

If you pay for ProtonMail, you get a SimpleLogin Premium for free, which makes the creation of dummy/alias emails a lot easier. They're owned by the same company.

[screamingninja]

> If you pay for ProtonMail

These are free for all-

https://relay.firefox.com/

https://duckduckgo.com/email/

[grammers]

I've been using alias addresses since forever, though with Tutanota, not Proton (due to cost & nice app). It's great when you can simply deactivate an address and the spam stops coming.

[kadoban]

That sounds nice. I use bitwarden's "plus addressed email" generator I think it's called, the downside being that I need to specifically blackhole anything that bypasses the plus-addressing, or it'd be easy for anyone that actually looks to bypass.

There still is the chance that some spammer will figure out that "blah+any-random-string" works for my email, but I'll deal with that if someone bothers someday. I'd just need to add an allow-list or something probably.

[MattDemers]

Yeah definitely; the "+" alias is built in to most emails (like, it works on Google/Proton at least). I'm more just saying that if you pay for ProtonMail (and therefore care about privacy more than the average person) you get another service for free that doesn't expose your "real" email if someone cared to look.

Someone can look at joe+spam@joeschmo.com and figure out Joe's "real" email address. Something like SimpleLogin (sorry, not a shill for them, I swear) gives you a completely new email/domain (and lets you set up your OWN domains), which then forwards to your proper inbox.

[kadoban]

Yeah it's definitely a better pattern, I hope more companies create something like it. I think I heard Apple is doing something similar maybe? I seem to recall Fastmail has one too, pretty sure I saw it in the bitwarden settings last I went in there.

[MattDemers]

Apple does this with email forwarding aliases on your phone; I can sign up using a generated Apple relay, which then pushes to your main email. I don't like it that much, mostly because you're still kind of locking into the Apple ecosystem, though.

[idiocrat]

>Don't reuse passwords, ever

Note to myself: change the combination on my luggage.

https://www.youtube.com/watch?v=LcHnf7VQuhc