
Ask HN: So what if my personal information gets stolen? - 321yawaworht
Are there any real consequences to having your data leaked in a breach? If yes, what?<p>Assuming not passwords. Things like name, address, passport number, etc.
======
auslegung
It depends on what you mean by 'etc'. The problem might not be in a single
leak, but with enough leaks people can get access to all kinds of PII
(personally identifiable information). It's important to me that my physical
address not leak, I don't want people or packages showing up that I didn't ask
to show up.

If your important numbers (in the US that's passport, social security, and
driver license) get leaked, it becomes easier and easier for someone to commit
identity theft and open credit cards in your name which you will have will
have to pay with either money or a lot of time proving it wasn't really you.
Or they can get traffic tickets in your name which will become a warrant for
you.

And if they know enough about you (address, likes and dislikes, etc), it
becomes much easier to socially hack
([https://en.wikipedia.org/wiki/Social_hacking](https://en.wikipedia.org/wiki/Social_hacking))
you. Any security is only as strong as its weakest link, and social hacking
has been used to get access to people's bank account, email address (doesn't
sound scary but if someone has access to your email, they likely have access
to all of your accounts because they can trigger a password reset, intercept
it, set a new password, then lock you out), and a lot of other things.

~~~
imgabe
> It's important to me that my physical address not leak, I don't want people
> or packages showing up that I didn't ask to show up.

What is the likelihood of being a target of this? Are there people out there
that you expect might want to mail you an unexpected package or stalk you at
your home?

I get that there are people who have stalkers and such, but for the average,
random person, what is the likelihood a criminal is going to pick their name
and address out of some leaked information and...what? Mail them a bomb?
Travel from Estonia or wherever the hacker lives to burgle a house in the US?
Why? There's no point to doing that.

~~~
quanticle
>What is the likelihood of being a target of this? Are there people out there
that you expect might want to mail you an unexpected package or stalk you at
your home?

As we see in the instances of so-called "revenge porn", you don't have to be
famous to be the victim of these tactics. It just takes one person who becomes
annoyed enough to use some of these tools and then you're left with an
expensive and time consuming mess.

Did you have a nasty break-up? Fire someone? Do you have a business rival who
would like to see your reputation ruined? Did you leave a comment on a website
that just happened to offend the wrong person [1]? The tools to completely
ruin your life are becoming easier and cheaper to wield, and the costs of
defending against them are only increasing.

Even if the likelihood isn't high, the consequences are severe enough that you
should take the risk seriously. Objectively, the likelihood of you getting
robbed isn't that high either, but you lock your doors and don't leave
valuables sitting out in your car either.

[1]: [https://gizmodo.com/when-a-stranger-decides-to-destroy-
your-...](https://gizmodo.com/when-a-stranger-decides-to-destroy-your-
life-1827546385)

EDIT: note that in the link above, the attacker wasn't even using non-public
data. Imagine how much more damage someone with the ability to gain access to
bank accounts, etc. could have done.

~~~
imgabe
> Did you have a nasty break-up? Fire someone? Do you have a business rival
> who would like to see your reputation ruined?

If you were dating someone, worked at the same company, or even in the same
industry and know the same people, they do not need a data leak from Marriott
to get your address. That has nothing to do with data leaks.

Maybe, _maybe_ , you could conceivably piss off some Mr. Robot Darknet-wizard
on a forum who would then spend hours combing through leaked data to try to
figure out who you are so they could mail you some anthrax, but I'm going to
put that at "get hit by an asteroid" level of things to worry about.

As far as "take the risk seriously", what is there for an individual to do? I
have zero control over the data security practices of Equifax, Marriott, or
any other major corporation. I can just avoid their services, but that would
basically entail living completely off the grid and being a hermit. If it were
something as simple as locking a door, or putting your backpack in the trunk,
yeah, people would do it. But all of this "the sky is falling, freak out now!"
propaganda, comes with absolutely zero actionable items that the average
person can do. I'm not going to waste my life being worried about things I
have no control over.

~~~
quanticle
_Maybe, maybe, you could conceivably piss off some Mr. Robot Darknet-wizard on
a forum who would then spend hours combing through leaked data to try to
figure out who you are so they could mail you some anthrax, but I 'm going to
put that at "get hit by an asteroid" level of things to worry about._

The entire point of that article I linked was that the person doesn't have to
be anywhere near you to cause you real damage. The woman who posted the false
allegations to the homebreaker site was thousands of miles away. Heck, if you
look at instances of "swatting" [1], it's entirely possible to people in
mortal danger from thousands of miles away with little more than a phone. Are
the people who are doing the swatting "Mr. Robot darknet wizards"? No, they're
bored viewers of Twitch streams who think getting someone potentially shot is
a barrel of laughs.

 _I 'm not going to waste my life being worried about things I have no control
over._

And this is why data-breaches will remain depressingly normal for the
foreseeable future. Companies know that there are zero consequences,
specifically because of this attitude. If data breaches were treated like
chemical spills, companies would be much more proactive and careful about what
data they collected, who they shared that data with, and how they secured that
data. But companies know that consumers don't care, because "It's only data,"
and as a result they will continue to underfund data security and make us eat
the externalities in the form of having to spend time and money getting
transactions reversed.

[1]: [https://mashable.com/2017/12/29/swatting-death-andrew-
finch/...](https://mashable.com/2017/12/29/swatting-death-andrew-
finch/#sdDmopInZsqw)

~~~
imgabe
The article doesn't say how the swatter got the victim's address. Where they
somehow able to cross-reference the streamer's twitch ID with their credit
report in the leaked Equifax data? If not, I'm not sure what one has to do
with the other.

> If data breaches were treated like chemical spills, companies would be much
> more proactive and careful about what data they collected, who they shared
> that data with, and how they secured that data.

Actually, on a personal level, I _am_ treating data breaches exactly the same
as chemical spills. I personally have about as much influence on one as the
other, which is to say, none. If a law comes along, I'll support politicians
who vote for it, but that's about it. Again, what precise, actionable steps
are you proposing for the average person to do? I'm looking for something
besides "be scared and angry all the time" because that is as unpleasant as it
is ineffective.

------
docker_up
House stealing:
[https://archives.fbi.gov/archives/news/stories/2008/march/ho...](https://archives.fbi.gov/archives/news/stories/2008/march/housestealing_032508)

Thrown in jail: [https://www.marketwatch.com/story/how-being-an-id-theft-
vict...](https://www.marketwatch.com/story/how-being-an-id-theft-victim-could-
land-you-in-jail-2014-02-19)

~~~
maroonblazer
What's the likelihood of either of these happening? Neither of the links
provide any data on incidence of ID theft leading to house stealing or being
thrown in jail, which leads me to believe it's probably extremely low. Happy
to be shown otherwise though.

~~~
warent
It's non-zero. Does it matter by how much? Why increase your surface area of
attack if it can be prevented?

~~~
Shish2k
> It's non-zero. Does it matter by how much?

Literally everything you do carries a non-zero risk of death, being 100% safe
is impossible. Given that every day is a gamble, knowing your risk and reward
ratios is important for deciding which activities to do and which to stay away
from.

In this specific case, if dedicating your whole life to privacy reduces your
odds of identity theft from 2% to 1%, I think a lot of people would say "I'll
spend my life having fun and accept the higher risk"; if a tiny lifestyle
change could reduce the odds from 20% to 1%, the outcome would probably be
different.

~~~
zAy0LfpBZLC8mAC
Which is kinda besides the point? The question isn't whether you as an
individual should dedicate your life to having privacy for yourself, but
whether we as a society should make privacy a norm.

If everyone shits in the streets, the question isn't whether you should
dedicate your life to avoiding all the shit to reduce your risk of infection,
the question is whether society should stop shitting in the streets, because
that's actually not much effort, while massively improving the health of
everyone.

~~~
Shish2k
I made my statement about an individual because OP seemed to be asking as an
individual, but it still applies perfectly to society; you can pretty much
search and replace on the text:

"In this specific case, if society making privacy a top priority at the
expense of everything else reduces everybody's odds of identity theft from 2%
to 1%, I think a lot of people would say "I'd rather society priorotised
having fun and accept the higher risk to society"; if a tiny lifestyle change
across society could reduce the odds from 20% to 1%, the outcome would
probably be different."

The point remains the same: you can't make sensible decisions without knowing
the odds; avoiding all activities with non-zero risk means avoiding all
activities, and that's why it matters how much.

------
indigochill
I suspect blackmail is going to see a rise as more information like this gets
leaked. It goes like this:

"Hi, <insert name here>. I know all about you. For instance, <insert the piece
of personal information you have>. Wire me <insert large sum here> or I'll
publish your browser history (or credit card statements, or anything else that
sounds sufficiently compromising among some segment of the population)."

Against any particular target, this may not be effective if they don't care
about the leverage you claim to have or call your bluff. However, since you
have a data dump you can send this to every single affected individual and
you'll get at least some bites.

~~~
stevewillows
>"Hi, <insert name here>. I know all about you.

Did you receive that in an email recently? I've already deleted it, but I got
almost that exact email in my spam on my junk mail account the other day. They
were clearly working off of the Adobe password leak.

They quoted my old password in the email and gave the same ol', 'I will email
a list of your perverted pornographic interests to your family and employer'

Like you said, they cast a wide net in hopes of catching a few fish. That
being said, asking for BTC seems to really narrow the pool to folks who, I
assume, would be less likely to fall for this scam.

~~~
oth001
I know someone who got an email just like that as well.

------
tejtm
Some criminal could commit fraud if they can find a mark stupid enough to fall
for their tricks.

If said stupid mark is lawered up enough, they will try to fob their failure
to do their due diligence off on anyone they can including you with the
imaginary crime of "having your identity stolen" as if such a thing was even
possible.

Which is more plausible?

a) I am not me anymore because my identity is stolen. b) Criminals stole from
someone else. (likely leveraging their expectation of profit using the
information available on absolutely everyone either from 'legitimate' brokers
or shady darkweb stuff; not that I can't tell the difference)

------
capitol_
There is also a herd immunity effect, if it's easy to compile a large database
with everyone's personal data and political beliefs, then it's also easy to
launch micro-targeting campaigns where you give political ads with messages
that are tailored to the narrow segment of the population that the person
viewing the ad is in.

------
publicarray
Possible target for spear phishing (easier to social engineer when more
information about a target is public).

Account take-over if the password was used elsewhere (credential stuffing).

Become a target for Extortion or Blackmail: [https://www.troyhunt.com/the-
opportunistic-and-empty-threat-...](https://www.troyhunt.com/the-
opportunistic-and-empty-threat-that/)

Edit: Some companies still use birth dates, security questions or social
security numbers for identification. If the information is public, any one can
identify as that person via a phone call.
[https://krebsonsecurity.com/?s=SMS&x=10&y=14](https://krebsonsecurity.com/?s=SMS&x=10&y=14)
[https://krebsonsecurity.com/2018/10/voice-phishing-scams-
are...](https://krebsonsecurity.com/2018/10/voice-phishing-scams-are-getting-
more-clever/) [https://krebsonsecurity.com/2018/08/hanging-up-on-mobile-
in-...](https://krebsonsecurity.com/2018/08/hanging-up-on-mobile-in-the-name-
of-security/)

------
the8472
It does not even take a breach. All it takes is the database to exist and a
change in administration. And the database does not even have to be in the
government's hands for them to use it.

[https://www.abc.net.au/radionational/programs/rearvision/the...](https://www.abc.net.au/radionational/programs/rearvision/the-
dark-side-of-census-collections/7860908)

------
Spooky23
It all depends who gets the information and if they go after you.

My parents had a criminal gang compromise their information and open up a
savings account in their name. They then initiated ACH transfers from their
legit accounts and filed a fraudulent income tax return in their name, to the
tune of $50k refund.

The only reason they did not get away with it is that the online bank sent a
gift to the house and my parents knew people from their careers that could get
the attention of law enforcement quickly.

Their bank suggested that a relative probably stole their bank credentials and
that it was “nothing to worry about”.

------
anewguy9000
I'm astonished to see things like blackmail and fear of a break-in near the
top of the list.. really? the most likely and damaging outcome is identity
theft -- the consequence of which is damaged credit which is difficult to fix

------
coldtea
What about your tax returns?

Your browser history?

Mails to your boyfriend/girlfriend?

Those agree comments in about your brother or boss sent to someone else?

The source code to your side project?

Your half-finished novel?

Work-related files?

Your IM chats?

Your full contact list and their numbers?

Your purchase history?

Photos?

------
rjkennedy98
The biggest hacks have been by governments. They aren't looking to steal your
credit card, they are interested in espionage on a large scale. OPM and
Equifax were likelt state-sponsored hacks. My guess is they are looking for
government and corporate individuals to target.

You probably don't need to worry about the hack affecting you directly, but it
is affecting you in ways you probably can't imagine.

------
badestrand
It is quite interesting that everyone is so alert about privacy now and hates
Facebook and Google and just ten years ago people willingly published their
address and phone number in a phone book for everyone to see. Also in Germany
the cities sell every citizens' personal data and nobody cares. It is quite
hipocritical.

~~~
mch82
Most people didn’t understand why privacy mattered. People are slowly learning
the value of privacy through personal experience and the stories of others.

------
miguelrochefort
As long as people will think that privacy is a normal thing to seek, we'll
keep using personal information and secrets as authentication methods, and
those whose data leaks will suffer the consequences.

What we should do is think about the post-privacy world, where all data is
available to everyone. We won't be able to keep secrets and passwords anymore,
but we won't have to secure them either, as we will have better authentication
methods. No more paranoia, encryption, or fear of data leaks.

It blows my mind how few people are willing to concede the benefits of
transparency, even if they're not willing to fully endorse it.

~~~
dahart
> What we should do is think about the post-privacy world, where all data is
> available to everyone.

Either I don't fully understand what you're suggesting, or you don't fully
understand what you're suggesting. ;)

Right to privacy is part of the Universal Declaration of Human Rights for good
reasons. Violations and abuses of privacy have done a lot of damage to a lot
of people throughout history.

So what does authentication even mean to you if all data is available to
everyone? Why would you still need to authenticate?

Do you think it's a good idea for me & everyone else to see your bank balance?
Personal emails? Personnel reviews at work? Letters to your girlfriend? Late
night browsing habits? Purchase history? All your photos along with the video
feed from your phone?

I don't see privacy ever not being a normal and reasonable thing to seek, not
to mention rather important for developing democracies and as some protection
against government abuses.

[https://en.m.wikipedia.org/wiki/Right_to_privacy](https://en.m.wikipedia.org/wiki/Right_to_privacy)

[https://en.m.wikipedia.org/wiki/Nothing_to_hide_argument](https://en.m.wikipedia.org/wiki/Nothing_to_hide_argument)

~~~
miguelrochefort
I suggest that a right to privacy is a mistake. It shouldn't exist.

Unsustainability: It will only become more difficult to keep secrets as
technology improves. Imagine cameras that can see through walls and drones the
size of a fly.

Unenforceability: How do you make people forget information on demand? How do
you delete data from the internet?

Inefficiency: We waste a lot of resources securing data. We waste a lot of
resources requesting data. Allowing data to flow naturally would be more
efficient.

I think it's a good idea to let "everyone else see [my] bank balance[.]
Personal emails[.] Personnel reviews at work[.] Letters to [my] girlfriend[.]
Late night browsing habits[.] Purchase history[.] All [my] photos along with
the video feed from [my] phone[.]" However, I think it would be unfair to make
the life of one person transparent in a society where the social and technical
expectation is to keep secrets, although I think it would be better to make
everyone's lives transparent in a society where transparency is supported.

I think the transition to a transparent society is inevitable. I also think
that the later we prepare for the transition the more people will suffer. This
is why I bring up the subject and encourage people to think about it.

David Brin explains it much better in his book:

[https://en.wikipedia.org/wiki/The_Transparent_Society](https://en.wikipedia.org/wiki/The_Transparent_Society)

~~~
dahart
> I suggest that a right to privacy is a mistake. It shouldn't exist.

You need to think more carefully about your position. Your statement makes it
seem like you are ignorant of history. People have been imprisoned and killed
for their correspondence. It is still happening in the world today.

> David Brin explains it

"Brin spends an entire chapter exploring how important some degree of privacy
is for most human beings, allowing them moments of intimacy, to exchange
confidences, and to prepare - in some security - for the competitive world."

Brin doesn't agree that it's a good idea for everyone to see your letters,
bank balance, and other personal secrets. It seems like you got the wrong idea
about his book.

> I think the transition to a transparent society is inevitable.

You haven't explained or justified this idea at all.

The problem with your concept of absolute zero privacy is competition. As long
as privacy can be exploited, as long as a lack of privacy can be used against
you in any way, the need for privacy will exist.

The idea you have that privacy could go away can only happen if all humans are
cooperative, and economic systems based on competition are eliminated. We
can't have absolute transparency and Capitalism at the same time. We can't
have politics or business either. Absolute transparency works for fictional
races like the Borg on Star Trek. What you're talking about seems like a
theoretical concept that is divorced from reality.

Current trends are in the opposite direction, so what makes you think we're on
the way? Business is getting more competetive, not less. Societies are getting
more political, not less. In some countries, government and human rights
abuses have been regressing. The need for privacy is going up, not down.

> I think it's a good idea to let everyone else see my bank balance ...

You didn't explain why. Why is it a good idea? Do you want to post all that
information here and now? Why aren't you publishing it already if it's a good
idea?

Your purchase history is just one of many examples of something that is being
used against you. There are insurance companies buying personal data like
purchase history in order to gather evidence for denials on claims.

~~~
miguelrochefort
What do you think about things we can't easily keep secret (skin color,
gender, religious garment), and failure to keep secrets (leaks)?

Do these people deserve to be the focus of all discrimination? It seems to me
that privacy is necessarily misleading and unfair.

How do you suggest we fix that?

~~~
dahart
You didn’t answer any of my questions or respond to a single point I made. Do
you understand why the right to privacy currently exists? How about I make
some suggestions when you justify losing privacy?

The fact that there are problems with privacy doesn’t mean it makes any sense
whatsoever to just get rid of privacy. Should we get rid of water because some
people have drowned? Should we eliminate math because it’s hard and people
sometimes make mistakes?

When privacy leaks and abuses cause people suffering or damage, the answer
isn’t less privacy, it’s more. Plug the leak, don’t open the floodgate.

~~~
miguelrochefort
> You need to think more carefully about your position. Your statement makes
> it seem like you are ignorant of history. People have been imprisoned and
> killed for their correspondence. It is still happening in the world today.

I am aware that people have been imprisoned and killed for their
correspondence. I think we should blame the perpetrators, not the free flow of
information.

> Brin doesn't agree that it's a good idea for everyone to see your letters,
> bank balance, and other personal secrets. It seems like you got the wrong
> idea about his book.

That's possible. I didn't read the book.

> The problem with your concept of absolute zero privacy is competition. As
> long as privacy can be exploited, as long as a lack of privacy can be used
> against you in any way, the need for privacy will exist.

All knowledge can be exploited. All knowledge can be used against people. I
don't think that's a problem, and I don't think that can be changed.

> The idea you have that privacy could go away can only happen if all humans
> are cooperative, and economic systems based on competition are eliminated.
> We can't have absolute transparency and Capitalism at the same time. We
> can't have politics or business either. Absolute transparency works for
> fictional races like the Borg on Star Trek. What you're talking about seems
> like a theoretical concept that is divorced from reality.

I don't claim that we could switch to full transparency tomorrow. I suggest
that we accept the limitations of privacy, and work toward a society that's
compatible with more transparency. I think less competition and politics would
be welcome.

> Current trends are in the opposite direction, so what makes you think we're
> on the way? Business is getting more competetive, not less. Societies are
> getting more political, not less. In some countries, government and human
> rights abuses have been regressing. The need for privacy is going up, not
> down.

The world is getting worse in some ways, and I think that privacy enables
that. Privacy is a self fulfilling need. The more we expect and rely on it,
the more dangerous it becomes, the more we need. That's not good.

> You didn't explain why. Why is it a good idea? Do you want to post all that
> information here and now? Why aren't you publishing it already if it's a
> good idea?

Again, society is not ready yet. It won't be ready until we all put a lot of
work into changing things. The first step is to convince idealists that total
transparency is more desirable than total privacy.

> Your purchase history is just one of many examples of something that is
> being used against you. There are insurance companies buying personal data
> like purchase history in order to gather evidence for denials on claims.

If your purchase history is evidence that you violated the terms of the
contract, I think it's fair. Likewise, if it makes it possible to give
discounts to people who take care of whatever is insured, that's great.

> Do you understand why the right to privacy currently exists?

Yes, I understand why it exists.

> The fact that there are problems with privacy doesn’t mean it makes any
> sense whatsoever to just get rid of privacy. Should we get rid of water
> because some people have drowned? Should we eliminate math because it’s hard
> and people sometimes make mistakes?

"The fact that there are problems with [transparency] doesn’t mean it makes
any sense whatsoever to just get rid of [transparency]."

> When privacy leaks and abuses cause people suffering or damage, the answer
> isn’t less privacy, it’s more. Plug the leak, don’t open the floodgate.

It's like increasing the dosage of medication as your body gets used to it.
I'd rather not have to take medication if possible.

I want people to change their diet to prevent or reverse diabetes. You want to
create more artificial insulin. I don't think artificial insulin is bad, as it
clearly helps a lot of people today (and more people every year), but I don't
think the discussion should only be about creating more artificial insulin and
making sure everyone can have some. We should think about fixing the root
cause, and lessen our reliance on artificial insulin.

I totally get your point. Do you get mine?

~~~
dahart
> I totally get your point. Do you get mine?

I think I do, yes. I think it’s a lovely theoretical idea that simply isn’t
realistic or possible or ever will be.

We can lose privacy the day there’s no exploitation, no profit motive, and no
war.

FWIW, I’m not hearing any evidence that it’s a good idea, just statements of
opinion.

~~~
miguelrochefort
I will admit that I'm more idealist than pragmatic. Understanding that I'm
painting a long-term vision, rather than prescribing a short-term solution,
should reduce confusion.

I believe I provided 3 compelling arguments against our reliance on privacy in
my first post.

It's also possible that we use different moral frameworks. I'm not a
consequentialist, and I oppose to most restrictions on freedom (drug control,
gun control, copyrights, patents, privacy, GDPR, net neutrality).

~~~
dahart
> I believe I provided 3 compelling arguments against our reliance on privacy
> in my first post.

I see your 3 keywords argument above. Is that what you're referring to?
("Unsustainability", "Unenforceability", and "Inefficiency".)

I didn't see any evidence, these appear to be claims predicting the future
with no support to back them up, in other words, pure opinion. In my opinion
they are not compelling.

Unsustainability: Yes you can imagine small drones with cameras, but where's
the actual evidence that secrets are becoming unsustainable? You can imagine
all kinds of things that may or may not happen. I disagree with you. I claim
that our ability to keep secrets is getting more sustainable over time, not
less. Encryption and security are getting better, not worse.

Unenforceability: This is irrelevant. Yes, you can't take back secrets once
leaked. That has always been true, and has nothing to do with technology or
the internet. This does not amount to a reason to never try. What percent of
all secrets have ever leaked? Unenforceability is only a reason to not try if
all secrets inevitably leak, and only if they all leak immediately, otherwise
this is a reason to try harder to keep secrets. I know for a fact that many
secrets are never leaked, and many secrets that are leaked are only leaked
after it no longer matters, many secrets only need to be secret temporarily,
so this unenforceability point tends to undermine your argument.

Inefficiency: This argument doesn't make any sense to me. Every single thing
we do would be "more efficient" if we didn't do it. It would be more efficient
to not travel. It would be more efficient to not work. It would be more
efficient to not eat. Efficiency is a metric that you use to measure two ways
to achieve the same outcome, not something you can compare to nothing. You're
completely ignoring the costs of compromised secrets in your "efficiency"
calculation. When people's compromised secrets cause them to lose money or
possessions or their lives, that cost is many orders of magnitude higher than
the cost of keeping a secret. You're also not accounting for the efficiency of
passing around public information compared to keeping information private.
It's entirely possible that not keeping secrets - the costs of hosting &
publishing all the previously secret information - would waste a lot more
resources than the world with privacy, so it seems to me like you're just
making stuff up.

So to answer your earlier question about discrimination:

1- Many people do try to keep their gender / race / religious preferences
secret when online in public forums, and initially when applying to jobs.

2- Discrimination is largely a separate topic. It's a cultural problem, not a
privacy issue, that people are trying to fix in various ways including
affirmative action and education. Nobody is suggesting that eliminating
privacy will help with discrimination, because it won't.

The existence of social prejudices does not in any way imply that my private
financial situation or private correspondence or private photos should all be
publicly available.

How can humanity plausibly, realistically reach a place where it's not
possible to exploit any information for private gain? Because we are
individuals and not a collective consciousness, I don't see how that is
possible.

------
Kiro
In many countries name, address, social security number etc are all public
information so really depends on where you live.

~~~
bookofjoe
"Would you be happy to have your tax return displayed for everyone to see? In
Norway, no one can disguise their earnings, as every citizen's is made
available for everyone else in the country to inspect. Workers can see what
their colleagues earn and neighbours can snoop on how much the people next
door make — all legally and online.

On a date every year in October, just after midnight, Norwegian citizens'
annual tax returns are posted online — and the country's Norwegian newspapers
leap to produce top ten lists of the country's highest earners, the incomes
and taxes paid by the political and cultural elites, celebrities and
sportspeople. [https://www.theguardian.com/money/blog/2016/apr/11/when-
it-c...](https://www.theguardian.com/money/blog/2016/apr/11/when-it-comes-to-
tax-transparency-norway-leads-the-field)

------
nvusuvu
Identity theft.

~~~
321yawaworht
How prevalent is it? Any examples when a breach has had a real, significantly
damaging impact on an average person?

~~~
scarface74
I’ve known someone who actually went to jail after her identity was stolen and
someone was writing bad checks in her name. She was already going through all
of the legal process to get everything cleared up but she had warrants against
her that she didn’t know about.

Now she doesn’t leave home without police reports and documentation that she
has been the victim of identity theft.

------
xupybd
I get scam calls a couple times a month. They know my name number and
profession. It’s really annoying.

------
throwaway209381
Yes, criminals do not have your best interest in mind.

------
hahabrew
when and where the info comes from is important. someone could, over time
assemble a dynamic probability schedule of your physical location, this is not
good if you are physically meek, extremely rich or integral to government or
industry, AKA kidknapping or worse

~~~
imgabe
Unless you are in the 0.1% it is very unlikely that the effort required to do
that and kidnap you is going to be worthwhile.

~~~
hahabrew
oh im sorry what i was suggesting is hard to do? how about pervs and thier
motivations.

~~~
imgabe
It's not only hard, it's completely unnecessary. Most people are assaulted by
someone they know in real life. You don't need gigabytes of data and a
"dynamic probability schedule" to figure out that someone is at work during
the day and at home in the evening, and they probably take one of 2 or 3
convenient routes to move between the two. If they actually know their target,
they might even know something more like "they have a yoga class on Wednesday
evening".

For a second, pretend you're one of these "pervs" you're worried about. Are
you going to randomly pick a name out of a data dump from Marriott's database,
and try to correlate that with other leaked data to figure out the likelihood
of this person you've never seen standing on a particular corner at 5:37pm on
November 3rd?

Or are you going to say "Sharon from accounting smells nice, I'm going to
follow her home after work"?

I think the latter is something more reasonable to worry about.

~~~
hahabrew
cyber stalking is very real, very prevalent, and made even easier than it
intrinsically is, by irresponsible PII use and meta analysis, stalkers did
this in thier head, or spent time pouring over phonebooks and dumpster
documents. just ask any women that care to be here about thier experiences and
a different world will be known to you

~~~
hahabrew
...go ahead keep voting me down, im immortal

------
aaron695
I've never heard of identity theft. If anyone wants to claim this I'd want
evidence, not hand waving.

But -

Like Ashley Madison? Medical records? Tax records. These have all had real
life consequences for people. North Korean defectors had their details stolen
the other day.

Like a email address to a site you comment on, so now it publically ties your
comments to the real you?

Go on?

If your question is around identity theft which I think it really is, then I'd
need to see proof, else the fear the NPCs have is actually what does the
damage. (Also never heard of a domestic incident from a mass breach of
addresses, I'd need proof to believe it, but it is enough to legitimately have
to move house, so consequences)

(Passwords / unsalted/salted password hashes is of course the real killer,
this has screwed a lot of people, but you've excluded this.)

------
loteck
If you're that curious, go ahead and post all of your PII in this thread and
find out what happens.

Something tells me you won't. The reason you won't, is the answer to your
question.

~~~
alanbernstein
Not a very useful answer; presumably OP doesn't know the reason.

~~~
nokya
Well, there is only one way to know if he/she will guess the reason :)

