#PII

"The Social Security Administration’s internal watchdog is investigating a complaint that alleges a former U.S. DOGE Service employee claimed he had access to two highly sensitive agency databases and planned to share the information with his private employer — a claim that, if true, would constitute an unprecedented breach of security protocols at an agency that serves more than 70 million Americans."

https://www.washingtonpost.com/politics/2026/03/10/social-security-data-breach-doge-2/

@divVerent The problem is that @signalapp mandates #PII like #PhoneNumbers, which is critical for said #phishing...

• If they actually did their infrastrutre setup correctly, this would not have been possible in the first place - ffs!
  • That's why I've never even seen nor heard of any #PhishingAttacks on #XMPP+#OMEMO because you don't have to self-d0x to a #centralized, proprietary, #SingleVendor & #SingleProvider messenger which can't even be assed to get their garbage off #aws!

#Signal can spout all their "#Metadata" - #FUD all day but in the end they fall under #CloudAct and will snitch on users because if they didn't it would've been a statistical inevitability that @Mer__edith and #Moxie would've been in jail and Signal shutdown like #EncroChat was.

• Make of that what you will, but demanding a #PhoneNumber [which is either directly ("#KYC!") or indirectly / circumstantially linked to a person should be seen as *THE BIGGEST RED FLAG for any service.
  • It's like asking for an #ID at a store not as means to "verify age" with like a #DOB & Photo on something not trivial to forge but rather demanding someone's address just to buy a beer!

@benroyce @FQQD I know the details:

@signalapp are criminally incompetent like #EncroChat at best if not a #HoneyPot like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield...

#Signal #Govware #incompetence #PII #PhoneNumbers #ToldYaSo

@signalapp THERE IS NO LEGITIMATE REASON FOR #Signal TO DEMAND A #PhoneNumber (= #PII by circumstances if not mandatory doxxing to the governments aka. "#KYC")…

• so yes I do blame Signal because this attack vector is unique to #Signal's shittyness and would not exist with @monocles / #monoclesChat or even cock.li of all places…

@signalapp those attacks.would've not.been successful if you weren't a #proprietary, #centralized, #SingleVendor / #SingleProvider "solution" that doesn't do #SelfCustoy of all the.keys nor allows for #SelfHosting nor demands #PII like #PhoneNumbers that can be leveraged for that.

• You know what I need to use @monocles / #monoclesChat or @gajim / #XMPP+#OMEMO?
  • Internet connection and an account on any server.

Can't #phish if one doesn't have credentials for #phishing attacks ffs!

• Can't get #phished if noone demands, stores, process or even demands such details in the first place!

Also which #Government is that incompetent to not be able to setup their own comms?

A couple days ago I posted a video about the upcoming #identity verification mandates imposed by #BigTech and #governments #worldwide. It is so much worse than many people realize. Masquerading under the euphemistic guise of "age verification," this is not just a "privacy concern" but but full-blown 21st century #technofascist #dystopian #nightmare designed to #identify and track every aspect of #you and your #private #life.

#Apple and #Reddit are rolling out their own versions which require scanning your #government issued ID. Your #PII, #credit info, purchasing history, and other details about you will be stored on corporate servers, including #Palantir.

The things you do in your #private life will be recorded and tracked. Are you #trans, a #SA survivor, or have a #disability, or struggle with #addiction and are a member of related Reddit communities? #News flash: Your #privacy is gone.

https://www.youtube.com/watch?v=DD4GcBgSBVs

Headline: US orders diplomats to fight data sovereignty initiatives

Me: The comments coming from the US State Department and from Marco Rubio (US Secretary of State) are laughable and absurd. I (a US citizen) don't trust US Big Tech companies with my data. No one else should either. Certainly not anyone from Europe.

https://www.reuters.com/sustainability/boards-policy-regulation/us-orders-diplomats-fight-data-sovereignty-initiatives-2026-02-25/

#Privacy
#BigTech
#GDPR
#PII

@kevinrenskers Exporting #PII [incl. #IP-Adresses] without #consent or technical necessity already is.

• And #CloudAct does not allow or enable the granual controls of data that affected users have per #GDPR & #BDSG, including the demand that said data bei expunged from every system unless legally necessary (which only applies to accounting!)...

  • #NotLegalAdvice OFC, but #ClownFlare won't pay for a lawyer that would but their ass on the line to claim it's compliant, when every cheap hoster in #Germany is able to produce #documentation and certify compliance to external auditors.

I am not a lawyer, so please seek legal advice from a licensed professional [i.e. @wbs_legal or the equivalent in your juristiction!]...

"Apple brings age verification to UK users in iOS 26.4 betaUsers who don’t verify their age may not be able to download or purchase apps"

This is all getting rather stupid now. Of course it's not the UK - Australia and Singapore are getting screwed as well. It makes me wonder what personal computing will look like in the 2030s... in the meantime I have all the Apple apps I need thank you, and I'll not be giving Apple my PII.

https://www.theverge.com/tech/884306/apple-age-verification-uk-users-ios-26-4-beta

#Apple #tahoe26 #pii

@byte and that's why I refuse to hand over any #PII ever!

To me these complex dialogs where you have to figure out the minimum extraction of your #PII screams #SurveillanceCapitalism while I am only out to admire the creative work of a fine artist that drew my attention via the fediverse.

@mina

#Privatsphäre

(1/2)

Das ist richtig. Jedoch: nur, weil wir die "Macht" haben, etwas zu tun, heißt noch lange nicht, dass wir auch das Recht dazu haben.

Im Übrigen geht es bei privatgenutzten Bildrechten nicht um die private (<> öffentliche! und auch <> gewerbliche!) Nutzung von Bildern. - In dem Moment, wo ich ein Bild entweder a) nicht vom "normal" öffentlich zugänglichen Grund mache (z. B. indem ich auf die Mauer klettere) und/oder b) das Bild zu #pii

A Vast Trove of Exposed #SocialSecurity Numbers May Put Millions at Risk of #Identity Theft

A database left accessible to anyone online contained billions of records, including sensitive personal data that criminals appear to have not yet exploited.
#privacy #security #pii #identitytheft #ssn

https://www.wired.com/story/a-mega-trove-of-exposed-social-security-numbers-underscores-critical-identity-theft-risks/

@res260 no, and no again!

• The Problem is not #technical, but #social, and demanding any kind if #ID'ing under any pretense is wrong.
  • "#AgeVerification" is just another #FalsePretense for this!

Not to mention any "Age Verification" REQUIRES breaking anonymity if it wants to be at least more effective than a Paywall…

• It's like #ElectronicVoting:
  • You don't do it, and in fact, #Germany banned #VotingMachines!
• And the amassing of #PII is not a coincidence but desired effect!
  • Espechally the #abuse of it!

FFS #micosoft we can't #trust your services and certainly not your tell-all #PII #AI #copilot

soooo IS license plate data #PII or not, or does this vary by jurisdiction?

police chief says no, NIST doesn't list license plates in standards but the definition of PII "information such as a name, social security number, and biometric records usable in distinguishing or tracing individual Identity" would indicate yes bc plates are so traceable. Law firms on the internet say yes, so it would seem there's precedent?

Anyone know more about this hot topic?

Google's Personal Data Removal Tool Now Covers Government IDs

#Google on Tuesday expanded its "Results about you" tool to let users request the removal of Search results containing government-issued ID numbers -- including driver's licenses, #passports and #SocialSecurity numbers -- adding to the tool's existing ability to flag results that surface phone numbers, email addresses, and home addresses
#privacy #security #ssn #identity #pii

https://tech.slashdot.org/story/26/02/10/1828251/googles-personal-data-removal-tool-now-covers-government-ids?utm_source=rss1.0mainlinkanon&utm_medium=feed

Hey #discord . Why the hell would we give you our ID when you've already exposed the ID of the folks who have already given you their ID?

"We're now using a different vendor who haven't yet leaked everyone's IDs and we keep your data for the smallest possible period of time!"

Every organization will have a data breach eventually. The question is when affected users will find out and what data you had in the first place.

The fact that your new vendor has not yet had a known breach doesn't mean that they're safe. It doesn't even mean they haven't had a breach yet! It just means any breaches are, as yet, unknown.

A fundamental principle of PII is that you should not gather data unless you have a sufficient justification for doing so that cannot be handled without having that data.

Your justification is nonexistent for you ever having this information. Therefore ever having it is not justifiable. If our legal systems allowed the full consequences of that inappropriate data collection to fall on your shoulders where it belongs, no insurance company would ever agree to insure you while you are gathering this data. No matter how little a period of time you purport to have it.

#RiskManagement #PII #PI2 #Technology

📢 Flickr alerte ses utilisateurs après l’exposition de données via un prestataire email tiers
📝 Selon BleepingComputer, la plateforme de partage de photos Flickr a commencé à no...
📖 cyberveille : https://cyberveille.ch/posts/2026-02-06-flickr-alerte-ses-utilisateurs-apres-lexposition-de-donnees-via-un-prestataire-email-tiers/
🌐 source : https://www.bleepingcomputer.com/news/security/flickr-discloses-potential-data-breach-exposing-users-names-emails/
#Flickr #PII #Cyberveille