I hope the folks at Keybase notice this. It's a perfect use case. He's specifically pointed to his long social media history as a proof that should increase trust. Keybase would let him use their proofs feature to validate that he (well, his account) controls his twitter, that domain and web site, and his HN account. I can't think of a better way to reduce the "you can't really trust that I am who I say I am" problem he's struggling with.
Of course, this could be gamed just like every other method of authenticating identity, but it's a nice additional option.
 I'm not saying he's not or assuming he's malicious; I tend to err on the side of assuming the best in people.
 You can submit proofs for both.
Perhaps it would be possible to permit outgoing requests where the URL is statically embedded in the HTML (such that the URL cannot depend on form data), thus allowing fetching e.g. remote CSS/JS resources.
To implement something like the suggestion would require two phases - one where the page was loading/updating its cache from the remote service, but was unable to look at locally stored data, and another phase, where the user is able to log in and allow access to locally stored data. Once transition has been made to the second phase network access would not be allowed. This sounds pretty involved.
"NO WAIVER OF RIGHTS FOR THIS CYBER SECURITY INCIDENT
Why not offer this as a Chrome extension that detects any arbitration clause in any TOS and gives users options to opt-out, including the ability to mail an opt-out through an API?
probably because thats like a million times more work?
The mailer API would be plausible through a third-party postcard/letter mailer API.
But you still don't know how the opt out has to be worded in a specific case and through which medium to which address it should be sent.
So, yes, you could build a TOS alert system of some kind.
And that might be a nice and popular plug in.
But an automatic opt-out button is very hard.
I assume you're referring to the "detection" part.
Perhaps in the early 2000s this was true, prior to the widespread application of natural language processing; when one had to pre-define the format of most everything. Now all that's required are a few niche terms and a structure to apply them.
It would be critically if you were offering this for "any TOS" though. Depending on success, you may even need to lean on an external printing/mailing service to do the work.
In any case, it would be very very hard to offer a generalized service to do this, for free. Once-offs like this are the only viable way to make it free.
And I'm not even getting into the infra/maintenance work on the extension and API itself.
: This happened to be the first result for a video search: https://www.youtube.com/watch?v=aJjagamqNCY
Ideally a user would pay a monthly fee for the extension and then the mailing costs.
Also in fact congrats on having multiple popular Github repos! I'm jealous. This entire thing is a great idea. Good job.
I also give an option to print and mail the message yourself, in which case the data never leaves your browser.
We could have it include things like where you've lived, whether you've been sued, foreclosed, bankrupted, delinquent on loans, etc.
Hmm, but we wouldn't want that information disclosed. What if instead they gave some sort of a reputational analysis? Maybe put that data through a hash function. But then how would we compare it? Better use an algorithm to digest it to a number.
It would have to be an extremely secure system, of course, you wouldn't want it to lose the data you gave it. Maybe if it was a semi-authoritative company devoted solely to that purpose, we could call it a reputation department, or no, maybe a credit bureau.
(Parenthetically though it really does make me want someone to start one of these that operates in some open, verifiable fashion rather than "trust us lol")
I can vouch for paulgb being one of the most trustworthy people I know. Kudos for doing this Paul!
a) eventually links to someone you personally know and trust
b) has not been compromised, intentionally or carelessly
Within 30 days of signing up for what? Surely no one signs up for Equifax.
You have: 140 million * 10 grams * 10% * 0.01%
Definition: 14 kg
140 million is a lot of SSNs.
It paints a clear picture why this happened.
If you'd clicked the link, you would've seen the following on the home page.
> What's all this about?
> In light of Equifax's recent security breach, they are offering a year of complimentary credit monitoring services. The media have noticed that in their Terms of Service, they include a binding arbitration clause which means you give up your right to sue them in a regular court and must instead go through an arbitration process.
> While the company has since clarified, under pressue, that the security breach is excluded from these terms, binding arbitration clauses are a growing trend that remove legal remedies like class action lawsuits from consumers. It is especially reptillian that they would have consumers give up their legal rights in the aftermath of a breach, for a product we only need because of the breach.
> The arbitration clause has an out, in that you can opt-out within 30 days of signing up. However, opting-out requires sending a statement by mail, which is sure to dissuade a lot of people. In order to make opting-out as simple as opting-in, I created this site.