this post was submitted on 05 Jan 2025
226 points (99.1% liked)

Privacy

32642 readers
840 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod
Yayannick@lemmy.ml
ranok@sopuli.xyz
226
Experian requiring access to my phone carrier account in order to provide my annual free credit report (lemmy.world)
submitted 3 days ago by Aslanta@lemmy.world to c/privacy@lemmy.ml
39 comments fedilink hide all child comments
 

I spent the weekend researching data removal methods and decided to start with my credit report. I’m not even going to get into all of the alarming privacy invasions that popped up during this process. But when I got to the experian report, I was met with T&C box that says I have to hand over my phone carrier info and it wouldn’t let me proceed without doing so. The bureaus are legally required to give you one free report a year. It’s bad enough that these companies are even given rights to my data and now they’re using it to request further information.

I’m just so angry, frustrated, and violated.

all 41 comments
sorted by: hot top controversial new old
[–] tomatolung@sopuli.xyz 52 points 3 days ago (4 children)

Been a while, but in several US states where the free report was mandated, they also allowed a request to be mailed in, of even faxed. Old school, but I would be surprised if they don't still have some of those methods, and probably don't require web form consents to privacy invading terms.

[–] Aslanta@lemmy.world 1 points 16 hours ago

There is no accessible option to request by mail. There is a tiny link (Contact us) that leads to a handful of FAQs. This isn’t a post in the Credit Report community. I’m not asking for advice on cred it report printing. I’m pointing out the blatant attempt by a $6b company to usurp even more rights to individuals’ lives than they already have.

[–] sic_semper_tyrannis@lemmy.today 8 points 3 days ago (1 children)

I tried the mail in form and it was ignored

[–] Aslanta@lemmy.world 1 points 15 hours ago* (last edited 15 hours ago)

Thank you for pointing this out. We all know the facade of end-user control (data opt-outs, deletion requests, report downloads., etc) leads nowhere. But I appreciate the someone who does go down that rabbit hole just to document the law-breaking at the end of the tunnel.

[–] tyler@programming.dev 9 points 3 days ago (2 children)

I’m pretty sure that federally it’s mandated that you have to be able to mail it in.

[–] Aslanta@lemmy.world 1 points 15 hours ago* (last edited 15 hours ago)

Credit reporting agencies are legally required to provide you a copy for free. However, like all billionaire corporations, they have become so confident in their ability to manipulate both the government and the public’s ability to make informed decisions, that they know longer care to hide the fact that they are committing a crime.

[–] Farvana@lemmygrad.ml 2 points 3 days ago

If you don't pay a bunch extra for some sort of certified mail, you don't have proof of mailing and they can ignore you.

Not legally, but also yes legally.

[–] adarza@lemmy.ca 41 points 3 days ago (4 children)

guessing they're using the carrier's data for verification. name, address, phone number, socials and at least partials of credit cards, bank accounts. whatever relevant that they have.

this is all data the credit bureau has on you already

[–] Aslanta@lemmy.world 1 points 16 hours ago

It’s not, or they wouldn’t need to request my explicit permission to obtain it. You don’t need to guess what it’s for because we know that credit “bureaus” exist to profile “consumers” and sell their information, whether aggregate or personal. They’re asking to gain access to my carrier account and my device information. This is about data inventory. The credit bureaus know who has it and want permission to buy it from them.

[–] sloppy_diffuser@sh.itjust.works 10 points 3 days ago (1 children)

Can confirm, it is information they already have. Below is likely the API the telco exposes to the bureau. Each data point queried returns true, false, or a confidence score.

It is intended as an anti-fraud tool. Not saying I agree with it. Something like PGP is sufficient for building out a web-of-trust without needing to share my personal information.

https://redocly.github.io/redoc/?url=https%3A%2F%2Fraw.githubusercontent.com%2Fcamaraproject%2FKnowYourCustomer%2Fr1.4%2Fcode%2FAPI_definitions%2Fkyc-match.yaml&nocors=#tag/Match/operation/KYC_Match

[–] Aslanta@lemmy.world 1 points 16 hours ago* (last edited 16 hours ago)

Please stop with the defiling of the word ‘Fraud’. Fraud does not mean someone who claims ownership of their own identity. A $20 billion dollar association (CDIA) missing a handful of verified data points on someone’s life doesn’t constitute fraud. We’re talking about a corporation whose whole market is based on repurposing the data they collect about us. So if you’re going to make an inference as to their intention, assume it’s the one they have had since 1970. To gather more information about the public for profit and control.

[–] undefined@lemmy.hogru.ch 6 points 3 days ago (1 children)

I’ve run into issues with SMS-based 2FA (yikes) on some websites because my phone number was a landline number I purchased then later transferred to my wireless carrier.

I bring this up because I’ve noticed some websites have the typical “we’ll confirm your information with your wireless carrier” verbiage, but those generally mention they do so to determine whether the number is a landline or wireless.

I’m super unsure of what’s going on in this case, but when I first saw this screenshot this is what came to mind.

[–] evilcultist@sh.itjust.works 11 points 3 days ago (2 children)

Experian is stuck on an old phone number for 2FA and I can’t remove it because I don’t have a phone number. I really hate how they tie everything to a phone number.

[–] undefined@lemmy.hogru.ch 4 points 3 days ago* (last edited 3 days ago)

Me too, and it’s worse because it’s not secure.

I keep saying this a lot but I don’t know why recently (the last ~5 years) everyone is jumping on SMS-based 2FA. I remember this was really big around 2010 and as a developer all the tools for SMS-based 2FA are deprecated or unmaintained (at least in my programming language). It seems like all these websites that jumped on board 10 years late have very poor security practices.

[–] sunzu2@thebrainbin.org 6 points 3 days ago

I really hate how they tie everything to a phone number.

The online social security

[–] Kongar@lemmy.dbzer0.com 18 points 3 days ago

Credit cards and these damn credit agencies are a cancer on society. I don’t know anyone at this point who hasn’t been a victim of identity theft because of these aholes and their shenanigans.

[–] autonomoususer@lemmy.world 35 points 3 days ago* (last edited 3 days ago)

Write them a physical letter. Tell them phones are against your religion. You are amish now.

[–] gravitywell@lemmy.ml 14 points 3 days ago* (last edited 3 days ago) (1 children)

There is a way to request it by mail, the phone thing is just a quicker way for them to verify you are who you say you are because they ALREADY know all the information, they just want to make sure YOU know the right phone number. If you use the wrong number they might give you an alternative option, or it will eventually tell you the only option is by US mail.

Pretty much anyone who has your phone number can use that information to look you up in a database, experian just spells it out because they get hacked so often its a liability for them to store any information at all, In a normal functioning society such a company would fail and never be taken seriously, but in capitalist america they get to decide if you're worth lending money to, WHAT A COUNTRY!!!

[–] Aslanta@lemmy.world 1 points 15 hours ago* (last edited 14 hours ago)

This is not a verification request. If you look at the screenshot, they are explicitly asking to have access to the intimate data that my cellular carrier is willing to transfer to them, given my perpetual release of it. Probably because of an existing bargain between the two parties on how much each will bid if one takes on the other’s liability (phone company advertises they won’t release all your data forever > but phone company promotes credit company > credit company boldly requests usage data > credit company pays phone company and both win).

These are corporations who make their money by selling peoples’ data. Offering a free copy of the report is and always was just a pacifier for the privacy advocates who wanted legislation. They don’t actually have any interest in providing credit reports to the “consumer” securely or within the legally required timeframe. Their interest is in obtaining more data and in the security/validity of their own harvested datum, which are assets to them.

[–] atrielienz@lemmy.world 7 points 3 days ago (1 children)

They won't automatically use your phone bill to bolster your credit but they will use it as a form of authentication. That's the infuriating part to me. Miss a payment? Your credit score can drop. Make every payment on time? Nothing.

[–] Aslanta@lemmy.world 10 points 2 days ago

It’s not authentication. They are specifically requesting access to cellular information that my service provider can’t sell to them unless I give them authorization. Authorization to obtain my most intimate data (communication usage) in order to complete their data profile on me is not the same thing as authentication.

[–] catloaf@lemm.ee 13 points 3 days ago (1 children)

I'm not really sure what you expect to be able to do with your credit report, but you should request it through https://www.annualcreditreport.com/. That's the legit source.

[–] Aslanta@lemmy.world 16 points 3 days ago

This happened on annualcreditreport.com.

[–] Xirup@lemmy.dbzer0.com 5 points 3 days ago (2 children)

What's experian?

[–] gravitywell@lemmy.ml 23 points 3 days ago

Its one of 3 companies in the USA that gather tons of information about everyone so they can come up with a magic number that landlords and banks can use to decide if a person is worth giving money to or not, and also to sell you a service that will notify you when they inevitably get hacked again and someone tries to "steal" your "identity"

[–] sp3tr4l@lemmy.zip 9 points 3 days ago

Its one of the US's three main ~~social~~ credit score companies, that determines your ability to rent or buy a home or car or get a job by selling your credit data to companies that perform background checks on you, background credit checks which you pay for.