I’m getting a bit sick of large corporations a) demanding excess data as a condition of doing business with me, b) allowing it to be stolen, and c) giving zero fucks about it.
What are some things that us netizens can do to make our displeasure known.
Extra points for funny ideas.
- Get into politics
- Get elected
- Rip them a new one
*might take some time
Start Self hosting. Keeping my data at home is how I’m sticking it to the man these days.
Sign someone up for Scientology
What we’re talking about can easily be devalued, among other things.
Use AI to generate false info to feed into their database
I love putting wrong AI slop in every optional field or space I can get away with for profiles and accounts that don’t really matter.
If an extension exists for this I’ll use it
I think the most effective method is to do some sort of organized boycott. We all know well enough how sheisty these companies are. Time to start encouraging each other to quit them en masse.
To bad that most participants give in and return shortly after leaving.
me explaining how evil Nestle is every time a family member buys a product, them agreeing that’s the most evil thing they’ve ever heard, and then doing it all over again next week …
Welcome to political organizing.
The fake name generator might be useful. There are also temporary email services for when a site account requires a confirmed email.
Sounds like it does the opposite of what OP wants:
I stopped counting after 2000+ vendors
Well, crap. So goes enshittification.
Nice
he doesn’t rename low res episodes of the golden girls to “tax return[year].docx” and hide them in plain sight.
Explanation for illiterates?
It’s an SQL injection joke.
Basically, when dealing with databases, you can use SQL to search or modify the data in that database. By default, you can do this by polling the database with an SQL query. But this introduces a vulnerability called SQL injection. Basically, imagine if instead of filling in a name in the “Name” field, you filled in an SQL query. If the database admins haven’t protected themselves against it, then the database will happily run that query; You have just injected an SQL query into their database. Maybe you’re a malicious attacker, looking to get a virus onto the system, or looking to extract the data.
Protecting the database from injection is done with something called sanitizing. Basically, you set up filters to disallow SQL, so it can’t touch your database. In this comic, the database admins didn’t do that, so they were unprotected.
The actual SQL uses the student’s middle name to search for any tables named “Students” and permanently delete it. The joke is that when the school admin staff enters his name into their database, it will delete any tables named “Students” and wreck their database.
https://www.explainxkcd.com/wiki/index.php/327:_Exploits_of_a_Mom
SQL sanitization joke. Won’t affect most databases today.
Still, any programmer worth their salt should filter their inputs. One group at work refuses to do it and they always get away with it and it’s infuriating
One group at work refuses to do it
Sounds like a huge liability to the company.
and they always get away with it
Until they don’t. All it would take is one malicious actor (competing company, spurned employee, data thief, etc) wrecking/stealing their entire database with an injection attack.
Their exact position would make it significantly less likely, since they aren’t working with databases, but software for individual products. That being said, it’s still shitty practice
As a security consultant who tests web applications on the regular: LOL
Use EICAR test strings as your password.
If they store your password in plain text the AV will lock the user database.
If your password gets leaked and they are using bad password security, when your password is cracked the AV will isolate the file.
Bold of you to assume a corporation storing passwords in plain text would be using AV
Being a non-programmer I had to look up what that is
This is diabolical. I approve.
Whoa, I wanna try this now! Thx!
According to EICAR’s specification the antivirus detects the test file only if it starts with the 68-byte test string and is not more than 128 bytes long. As a result, antiviruses are not expected to raise an alarm on some other document containing the test string.
This won’t work, assuming the database file is more than 128 bytes long
I think the important distinction would be ‘file’ or ‘record’. Passwords aren’t really a file in a database iirc and records in a database have a storage limit
deleted by creator
Ah… “advice” consisting of “I’ve heard of a thing”
ELI5 please? I’ve read the other replies, but would love to understand a bit more.
EICAR test strings are strings of text that can be used to test an antivirus. Basically, you bury the file somewhere, and see if your AV picks it up. The joke being that if they’re storing your password in plaintext (a big no-no from a security standpoint) then their AV will clamp down on the database once you create your account and the test string is embedded.
It wouldn’t work in this instance, unfortunately; EICAR test strings are only meant to work when embedded in files that are shorter than 128 bytes. And every database is almost certainly larger than that.
Stop using as many services as possible. It might not be funny but, I mean, what if you went to a music store and bought used CDs instead of using Spotify? Do all of that you can.
Edit: whoops, I missed the “il” part in “not illegal”. Anyway you should definitely not do the following. Allegedly doing the following would be arson, and society frowns upon such things.
Easy:
- Identify company
- Wait until it’s a weekend night. We’re not after the wage slaves after all.
- Mix polystyrene and gasoline. Remember that gasoline can melt some plastics, so if using a plastic container for mixing do a test first. You do not want napalm all over the place.
- Fill the gooey substance in glass bottles.
- Cap the bottles. (see #7)
- Drive to the company.
- Open bottles and put wicks in them. (important not to do this earlier. Driving with open gasoline containers in your car will make you drowsy and is a fire hazard)
- If you haven’t already got gloves on, put them on and wipe down the bottles - you may have to leave some at some point.
- Have accomplices trigger fire alarms all over the local fire department’s district. Either automatic fire alarms will be discarded for a bit or the marshall will be tied up investigating.
- Light a wick, throw the bottle at the company, try to get it to break a window.
- If you’re out of bottles or you see blue lights cheese it. Otherwise go back a step and repeat it.
I heard you should mix the gasoline with diesel for more mileage.
Soap shavings
Not exactly what you’re looking for, but Ad-Nauseum is a nice way to inject a ton of garbage into the data corps collect.
I played around with this some time ago, until I thought more about it: using tools like this makes adtech money.
Adtech doesn’t care if you’re interested in X or Y, just that they can charge the advertiser for it. By injecting fake traffic, they’re getting more data to sell.
Do not use actual names, birthdays, phone numbers, addresses, email addresses, etc. There’s no reason they need to know that info and I love/hate seeing physical mail and email show up with my made up info. Doesn’t work when paying for stuff though.
Use bots to apply for the open positions to waste time. Reject them all for not enough pay.
Post public info of the CEO class
Piracy
Give fake data when using all services.
Start and join boycott groups.
Use their social media against them. Eg post their dirty laundry as a comment on their post.
