Tangentially related to part of the text in the article : A lot of these and other apps ask you to share documents, camera, mic, gps, and other access from your phone . The problem is that several of those wont work if you reject that access. Even worse, Mexican government passed a law that made it compulsory to monitor your GPS position for Banks and other money related companies, so doing relatively common bank transactions require you to lose your privacy.
Given these blatant privacy violations, I wish mobiles had the option to "mock" data for those sensors. Share files? Sure, give access to a jail like bkank file system. Share mic? Sure, give access to a white noise generated stream, same with video/camera. Share gps? Give some mock location, etc.
That's what a privacy enabled device would do.
I wonder why hasn't this even been implemented at the browser level.
Afaik this is what MicroG does, though their aim is different. They mimic Google services responses so that the apps work without G proprietary libraries and services but I don't think privacy is their stated goal (I'd love for someone to correct me if I'm wrong, not using MicroG myself).
GPS position sharing is a little frightening isn’t it? I mean, if some of these apps are cartel or organized crime related, this could become a real physical threat.
It is very frightening... and you would read how it is in good hands of the banks and whatnot. Meanwhile, last week news was the leak a whole 1.2GB CSv file with account info including phone, address , balance act number from a large Mexican bank. And another one of bbva ... banks dont ha6any control.
> I wish mobiles had the option to "mock" data for those sensors
They do. The apps ask the operating system for this data through standard APIs, we just need to override those calls in order to lie to the app.
We need to own our phones instead of allowing Google and Apple to maintain control. Rooted Android can do this but Google is bringing their attestation bullshit to their APIs and soon every app will require it because they have no reason not to.
Do you have an iPhone and if it’s jailbroken; if Yes. Do you want to implement some of these ideas into Apple lockdown mode Api? Let me know if it’s something you are interested in?
These scams are going on in India too. Typically they offer $100-$200 loans, and there is no legal framework. Victims are afraid to go to the police. Even if someone goes to the police, these apps are all running from China, and they can't do much about it. From the BBC article: "The people running the apps gained access to all the contacts on his phone and his pictures, and have threated to send nude pictures of his wife to everyone on his phone."[1] It is a horrible system, and Google doesn't care about poor people getting scammed. Some victims even committed suicide because of the threat of releasing their private data.
Yet another argument for empowering the phone as a user agent. All data should be mocked unbeknownst to the application. Faker should be built in for all of these collection points.
It's surprisingly difficult to fake years worth of conversations with family and friends...
The loanshark can say "show me the conversation with your boss. Show me the conversation with your mom.". They can cross reference things between the person's memory and the conversations. They can download all the conversations and put them in a database so the same conversation set can't be used to take out another loan.
They can also call your contacts to confirm details - ie. 'can you confirm Mary is your daughter? Does she have 2 cats and a dog?'
They would do that if they needed because people were spoofing the system. Or they would do what the traditional banks are doing: avoid lending to people without a proven track multi-year record, physical location to monitor, and assets to hold as collateral for a downpayment.
However, I'm curious about one thing. Everyone who suggest spoofing the system for the sake of privacy, do you believe people who do that... will actually also repay the loan they were given? Or would they just use a fake name & commit fraud?
Easily is relative. Any defense can be beaten. The question is whether or not it's worth beating it. There's no point in spending a million to crack a safe with a thousand in it. Well, unless you just want to $%^& whoever owns the safe.
I wonder how much effort it would be to automate the process of creating real-looking data (via AI or public-domain data) and then watch the money roll in (or at the very least DoS these scams enough that they can no longer tell real loan applications from all the noise).
You can already do this with the existing "loan" apps like Dave or Brigit in the US. They're not legally loans and there's no expectation or requirement to actually pay them back, and they can't pursue you for it or send it to debt collection. Just take out the "loan", call their customer service line and remove your bank account, and that's it. Free money.
Dave Terms of use section 9.3:
"However, Dave warrants that it has no legal or contractual claim against you based on a failure to repay an Advance, but Dave will not provide you further Advances while any amount remains unpaid under the Advance Service. With respect to a failure to repay an Advance, Dave warrants it will not engage in any debt collection activities, place the amount owed with or sell to a third party, or report you to a consumer reporting agency. "
Empower Terms of Service dated Dec. 8th 2021 Section "Empower Advance"
"We offer Empower Advances on a nonrecourse basis. This means you have no unconditional obligation to repay any Empower Advance. Consequently, we warrant to you that we have no contractual or legal claim against you for an Empower Advance, and we will not engage in debt collection activities, place the amount advanced with or sell to a third party, or make any reports to credit reporting agencies regarding your Empower Advance. However, we reserve the right to deny you access to Empower Advance if you (i) do not meet the qualification requirements, (ii) request an excessive number of Empower Advances in succession, or (iii) do not repay the full balance of an Empower Advance. "
MoneyLion Instacash Help Center - Instacash - " What happens if I can't make my Instacash repayment?"
" Remember that you have no obligation to repay any Instacash advance you receive but you won’t have access to additional Instacash advances until you have repaid all of your previous advances and related Tips and Turbo Fees. It's important to know that when you miss a payment, we will continue to attempt to repay your Instacash advance and any related Tips and Turbo Fees from your eligible accounts as long as your payment authorizations for those accounts remain active. You can withdraw the payment authorizations on your accounts or debit cards by following the prompts in the MoneyLion App to remove the payment method or by contacting customer service at customercare@moneylion.com, 1-801-252-4427, or at ML Plus LLC, Attn Customer Service, P.O. Box 1547, Sandy, UT 84091-1547. Please note: You must notify us at least three (3) business days (business days are Mondays through Fridays, excluding bank holidays) before your scheduled repayment date to give us and your financial institution sufficient time to process the revocation."
I haven't personally, but know several people that run in some of the same online circles as me that have with zero issues. Most of them even went about 6 months taking out and paying back advances on time just so the apps would start lending them even more, and only once they got it up to like $500 is when they'd take the money and "run".
3. Dave reports your advance settlements to Equifax on
a monthly cycle. It may take up to 2 cycles for this
activity to be reflected in your credit history with
Equifax. Terms apply, see dave.com/extra-cash for more
details.
The Extra Cash Account is a completely different offering from Dave's normal cash advances that I'm referring to, and is specifically designed to build people's credit scores, so of course it would be reported to credit bureaus.
A $100 take-and-keep is what I read. Each loan is worth a lot more to the sharks than what a bank would get back from anything similar, so the poster above would be taking potential a lot more in "opportunity cost" from the scammers unless they give in on collection very quickly.
When the apps in question are being sideloaded, Google shouldn't be doing anything about it. The government should instead, by freezing the accounts that the scammers want the loan repayments to be sent to (or if the accounts are with foreign banks, ban domestic banks and payment processors from sending any money to them).
I came here to mention about situation in India too; so I'll add on to this.
Enforcement Directorate (ED) of India in a span of one week has frozen bank accounts of two crypto companies on the charges that Chinese lending apps were using them to move the money out of India. First WazirX[1] a popular exchange and then Vauld[2].
> These scams are going on in India too. [...] and there is no legal framework.
They said this about Mexico as well, but this doesn't ring true. Even if the microfinance market is unregulated, extortion, death threats and harassment must surely be serious crimes. Perhaps the issue is enforcement? I assume the app operators obfuscate their ownership and ops, but a even a minimally functional major crimes unit must at least be able to catch the worst offenders, no? Or at the very least just have Google/Apple disable the apps.
The servers for these apps are in China, but the owners are in other countries, Mexico, India, China etc. So it is hard for police to get a warrant to shut down servers when crossborder issues are involved. I am not an expert in such crimes, but they make it hard for local police to shut them down.
If the government can ban TikTok and a bunch of other popular apps overnight, surely it’s not hard to get scam apps removed from Google Play if they cared at all?
It references this story which to me is very troubling:
Contreras told the story of one woman who fell victim
to these schemes named Maria. After Maria took a loan,
agents for the app iFectivo sent her 13-year-old daughter,
her cousin, her nieces, and more than a dozen of her other
contacts a picture of a nude woman with her face
photoshopped on. iFectivo told her contacts she had
become a prostitute to pay her debts.
Stuff like this is what disabused me long ago of extreme forms of libertarianism. Most libertarians and also some defund the police types on the left are just woefully naive about what monsters people can be. Turns out we need a very active police force and regulatory state or people will almost literally eat the vulnerable.
What calls my attention of this story is that employees of that app would go through the trouble of creating a credible shopped image of her and sending it to all of her contacts. Do they have almost no clients, was the loan particularly big, do they have loads of employees just to do this...?
These scams are run as boiler rooms, where everyone is working on commission. Actually my understanding is it's a bit more of a pyramid scheme, where the senior folks get a cut of everything, closers get a cut from openers, etc.
But anyhow, point is these scammers are often motivated to go to considerable effort, because the ultimate prize is a pretty big cut of someone's life savings. But of course only a few ever achieve that. The rest will just try for a while then churn out, while the ultimate owners count their money.
I wonder if there is a personal aspect to this, not just being scammers but also kinda creepy people / maybe already familiar with harassing people/ know people who will do it for them.
It.wouldn't be hard. A dozen different body types, and skin color. You quickly recognize body C, darkness 5, remove background, snap a line for the neck. Send is of course automated. I think after some practice you could do several per minute, and with potential payouts of $100 each that is pretty good.
1. The loan interest rate is set relative to a base default rate of a population sample of lenders. Therefore very easy to predict capital return, but means interest rates are usually high to cover high rate of defaults.
2. Defaulting loans are sold to local debt collectors for collection, who presumably are quite ruthless.
3. There are a few companies which white label the software needed to run this sort of scheme, so presumably the operator only has to drop in capital.
If you have further information on how these businesses work, please respond!
I built the system of reputale a Mexican startup that did online lending, so I have some insight:
1. This is a real problem in Mexico: people complain about high interest rates. However, for these kind of bullet loans , you see 30% of default in the FIRST loan. And back when we were starting on 2013-14 we had up to 70% of default due to fraud.
So, with around 30% 1st default and about 15% 2nd default, we created revenue models that considered that, CAC, cost of funds and opex to define the interest rate... that very high APR really was not making people rich overnight.
See, one problem in Mexico is that defaulting in a loan is not a crime, so theres legally NOTHING a lender can do to make you pay if you decide not to. The only repercussion is that you Credit Buro gets tainted, for 6 years. I've read of people that get a $100,000MXN loan and then just change phones, move apartments and wait for 6 years to clean their credit buro.
2. Default loans deffinitely are sold, for cents to the peso. But usually only the ones that are very old. Now, there are different types of collection agencies. Where I worked, we tried to he very reputable so we only chose the least shady ones. But in reality the only thing they could do is call you. Even calling your provided references is illegal. We actually stopped asking for references IIRC.
3. I dont know but dont doubt it. BUT, have a look at Fineract/MifosX: an open source loan management system. Its relatively easy to setup a lending operation using that. It's pretty comprehensive.
All in all, there are very shady app/online lending services in Mexico. But it is nothing exclusive of the internet. Way before this, you heard of lenders that would do "collections" by getting some tough guys from prison (yup, in some prisons they can get out for the day like nothing, for some cash) and knocking at the debtor's door with baseball bats, wrenches or any other hard weapon . If you didn't pay they broke your legs or worse.
That now it happens online is only the natural evolution of the shithole that is my country, unfortunately.
> See, one problem in Mexico is that defaulting in a loan is not a crime
Nor should it be. Lenders like to conveniently forget: the risk of default is the reason they charge interest. If there was no risk of default, you couldn't really justify charging much interest, could you?
Issuing a loan is a business arrangement, and default is one of several clearly defined ways of exiting that arrangement. Lenders have been very successful in their attempt to smear default as some sort of moral failure. Like you're some kind of bad person for making a sensible business decision!
Is the US any different? I'm pretty sure it's almost impossible to get a criminal conviction for bad debt these days. Maybe in a really extreme case like a deliberate fraud scheme that used defaulting as a key part of the process, but not a normal person just normally not repaying a loan.
The US requires you pay back loans and has a scheme of forcing that including confiscation of income from your emoloyer. You can declare bankruptcy to get around that, but it isn't automatic, and the courts can tell you no you have to pay your debt (though in practice anyone going this far is bad enough off that they get out of debt maybe owing pennies)
Sometimes it should be. If you have the money to pay back a loan but just choose not to, that should be a crime. Similarly, if you somehow know that you won't be able to pay back a loan before you take it out, but you take it out anyway, that should be a crime too.
That's the point - if you can't count on legal system to prevent loan abuse/fraud then everyone pays higher interest or people start doing illegal things to collect
Because insurance companies want to be middle men that do nothing and just collect a monthly premium. It's best if the thing you're insuring against never happens.
Risk is one reason, another is that banks are businesses and charge a fee, another is that people prefer to keep their money immediately available for themsels rather than giving up liquidity. Money gives us the power to decide at the drop of a hat, lent out money requires cooperation or patience.
The article also states that the apps deliberately obfuscate the costs (50% fee deducted from the loan amount) and terms (due in 7 days with 300% interest) of the loan.
Similar situation on YouTube. Posting historical footage of the Apollo program nets you Copyright strikes while actual criminals can livestream crypto scams with utter impunity.
This is nonsense though. Criminals livestreaming crypto scams go through hundreds of hacked accounts every day, their stuff is constantly getting taken down.
It's just their incentive structure which is different than that of the Apollo program footage uploader.
> go through hundreds of hacked accounts every day, their stuff is constantly getting taken down.
YouTube has very advanced image & voice recognition technology that is very efficient at flagging (and demonetizing) certain content merely based on trigger words (terrible for science channels that show fire/explosions/etc even though there is no violence involved).
If crypto is such a popular target, maybe introduce an extra verification step (that requires uploading ID/etc) to whitelist channels for crypto-related content, and any other channels that have not done the verification (because they don't plan to upload crypto content) can't upload anything that matches those words? This would at least prevent non-crypto-related channels from being hacked and suddenly starting a crypto scam livestream.
The reason it's not done of course is because Google bears no liability (despite promoting these scams in the "recommended" section) and the scammers & victims still generate "engagement" and watch ads.
>YouTube has very advanced image & voice recognition technology that is very efficient at flagging (and demonetizing) certain content merely based on trigger words (terrible for science channels that show fire/explosions/etc even though there is no violence involved).
Or perhaps the technology isn't that advanced, and cryptocurrency scammers have stronger incentives to work around it than legitimate channels?
I remember during the PS5 reveal stream, Youtube was recommending me crypto scam live streams promising free PS5 and Youtube was taking down none of them. Youtube was actively recommending me scams, I don't care how flawed their recommendation algorithm is, it was unacceptable.
It's strange and crazy: back in 2014 I worked building what we thought was a reputable online lending platform in Mexico. We were the first online lender. And we were at least trying to do things right.
Nevertheless, Google banned us from AdWords/Adsense: we could not advertise our services even if people searched for the company name. The list of banned businesses was: porn, drug,guns and us... that's how "low" was the stance of the business we were doing.
Ff to this day it seems The Goog has seen good money in this vertical , so that it turns a blind eye to fraud.
They shouldn't blanket ban all loan apps, but they should ban ones that steal all of your data when you open them, that lie about their terms, or that consider extortion or defamation to be acceptable debt collection methods.
>Last year, a Reuters investigation by Rina Chandran found dozens of lending apps in India that appeared to violate Google’s policies against short-term loans
just FYI - this is contrary to the product and the law of India. Google is not the regulator.
For example Manndeshi foundation runs 24 hour loans for women vegetable sellers - who take a loan in the morning and pay back at night.
Google Play "ethics" is US-centric. It does not take into account the realities of the local demographics. for example sub 90 day loans are illegal on Play - a lot of microfinance in India/Bangladesh is sub 90 days.
What ends up happening is demonisation of everyone not playing by Google Play's rules and gets termed as "predatory".
While there is plenty of room for doubt about micro-lending (see [1] which I hosted, by Hugh Sinclair, a guy who's actually been there in the field), I don't think it's fair to call these scams "micro-lending." Maybe they're taking advantage of the favorite PR that micro-loans get.
In the micro-lending plans that Oxfam and other legit charities back, borrowers meet in person with the lenders, and no hounding takes place. Most of them pay their loans back promptly.
However, the stories about "poor woman buys a sewing machine; lifts her family out of poverty" are mostly just feel-good PR to milk the donors. More often, they buy a stall in the market to sell produce, and there's only so many stalls the market can support.
The real scandal of micro-lending, as Hugh explains, is that the interest rates are scandalously high, and the lenders are mostly using it as a way to buy SUVs and milk the First World donors who want to feel good.
Yeah, the difference is that "microfinance" manages to give itself a high-minded image and attract big bucks from Western donors, and go on 60 Minutes.
While these payday lenders are universally regarded as scum.
But they're not really all that different, as you point out.
Apple does allow personal loan apps, but sets limits on interest rates and repayment deadlines (≤36% APR, ≥60 days) which effectively ban the type of app at issue here. Requesting permissions to all of the user's contacts and photos in a loan app wouldn't pass review, either, and the fact that Apple doesn't permit sideloading is an effective block against the "subway flyer" tactic.
If you are getting a quick, small loan in Mexico, you probably don't have an iPhone because they cost multiple times as much as an Android one. So, it's not worth it to make these apps for iPhone users because that demographic is totally the opposite of what you want.
I dont know why you are being downvoted. I know what You wrote is fact. I worked building the systems of such an online lending company in Mexico, and I had to fire my only iOS developer because we saw we dint have enough demand in those devices.
Shootout to Jesus, the iOS developer & DJ. He was such a great guy to work for, and really killed me to let him go. He is a great guy :)
More important, Apple reviews all new apps going into the App Store. One of the rules is that you're not allowed to request more permissions that what the app actually needs. A loan app requesting all this info would never fly because it won't pass the human review. Also, it would be incredibly hard, if not impossible, to reupload an app that was banned under a different name - they have automated checks for this
It's a shame because I think there is a legitment use-case for micro-lending but there needs to be regulation and enforcement. Also asking for those kind of wide permissions should trigger some kind of additional review - a scam-filled untrusted ecosystem hurts all app developers.
I wonder if this has to happen in US so that people start treating privacy as a real issue and not tinfoil hat rant type complaint. Whenever I try to engage in this conversation, 'I have nothing to hide' is a very common refrain. At that point I typically ask for their phone to rummage through. Oddly, that is the moment they hesitate. It is not ok for me to have this information, but a faceless entity connected only by an app? No problem. I fear for the human race.
This kind of scam was so rampant in Indonesia until the government took strong stance, effectively sweeping the practice across the country.
It's like Google doesn't even care about this things, in contrary they're so fast blocking and suspending app submissions that against their bottom line, like digital goods and payments methods.
Here's a question, are these shady apps necessarily worse than the village loan shark which is where the desperate turn to money otherwise? To some extent, the market for no-questions-asked risky loans is similar to gambling, drugs and prostitution, it's a perennial vice that's impossible to stamp out. Is formalizing it better than not formalizing it?
The whole microloan program has been hyped for over a decade now, but as this story shows, the outcome more often than not has been more like mafia loansharking than actual economic development under the entrepreneurial free-market model. This can be explained via the notion that "enterpreneurs without lawyers end up getting screwed over more often than not" and the people who get these microloans just can't afford to hire lawyers to protect themselves.
While it's a right-wing trope, the microloan program has been heavily promoted by the likes of the Soros-Omidyar crowd, with the typical humanitarian patina covering what's really just predatory capitalism:
"We have seen what microloans can do at the individual level and are excited about bringing that same opportunity to small and medium businesses," said Jim Bunch, Director of Investments at Omidyar Network.
Here's another expository write-up of the phenomenon, in Cambodia. Looks very similar to India, Mexico, etc.
[edit] for more on background on this global trend and its origins (2007)
> "Microcredit is the newest silver bullet for alleviating poverty. Wealthy philanthropists such as financier George Soros and eBay co-founder Pierre Omidyar are pledging hundreds of millions of dollars to the microcredit movement. Global commercial banks, such as Citigroup Inc. and Deutsche Bank AG, are establishing microfinance funds. Even people with just a few dollars to spare are going to microcredit Web sites and, with a click of the mouse, lending money to rice farmers in Ecuador and auto mechanics in Togo... Wealthy philanthropists, banks, and online donors aren’t the only ones fascinated with microcredit. The United Nations designated 2005 as the International Year of Microcredit..."
The micro loan system works fine in USA & countries that actually enforce laws against extortion. I’ve gotten close to 0% interest rate instant loans for $100- $200 with Dave, Earnin, and MoneyLion. Been in the red for many months and never received even 1 threatening phone call, text, or letter. These apps saved me in a pinch and had seemingly no downside.
Every time I hear these notions of well-meaning billionaire philanthropists set on making the world a better place, I'm unavoidably reminded of this short passage in Conrad's Heart of Darkness:
> "It appeared, however, I was also one of the Workers, with a capital—you know. Something like an emissary of light, something like a lower sort of apostle. There had been a lot of such rot let loose in print and talk just about that time, and the excellent woman, living right in the rush of all that humbug, got carried off her feet. She talked about ‘weaning those ignorant millions from their horrid ways,’ till, upon my word, she made me quite uncomfortable. I ventured to hint that the Company was run for profit."
If it was real philanthropy, the model would be one of no-strings-attached grants, delivered via a competitive process open to people in disadvantaged communities - not a model based on loans which must be repayed with interest, with collection agencies lurking in the background to go after defaulters in this manner.
This is why people are better off cutting deals with the hard-nosed businesspeople who spell out risks and conditions upfront, rather than the liberal do-gooder snake-oil merchants with their ulterior motives.
I'm reminded of Mrs. Jellyby in Bleak House, myself, but yeah.
The original idea of Grameen Bank was a circle of poor people (all women, usually) who jointly promise to each other to repay the loans. The fact that it's a loan, your friends are monitoring you, and you have to pay it back means that you have to take it seriously. It was hard to argue with that, 20 years ago.
Over time, though, it's morphed into "Big Western philanthropic institution sweeps in, spends 24 hours, leaves, and writes a check. Then the locals hire more staff and buy another SUV."
One of these vulnerabilities is living in Mexico. From TFA:
"He starts getting this very, very graphic images of dismembered bodies. You know, real images probably taken from those websites that have pictures from drug dealers and the terrible things they do here in Mexico.
So he’s being sent this true, these real pictures. And of course any Mexican will immediately get very scared, very intimidating, thinking that organized crime is behind something. You don’t want to be their target. You start fearing for your life. They have your address. They have information on your children, your wife, he’s very scared."
> there has to be something about your life, true or false
There are plenty of false things that anyone can say about literally anyone, including you. If the lie is well-crafted enough, good luck defending against it.
Everything I can think of is either easily demonstrably false, or I just wouldn't care, because my friends and family either wouldn't believe the attacker over my word, or because it just isn't something that matters to me.
I remember a quote that goes along the lines of "the amount of effort to refute bullshit is orders of magnitude higher than what is needed to produce it".
They can essentially DoS you by spreading libellous statements which will take lots of effort to refute and encourage people to distance themselves from you as to not become collateral damage themselves.
Kiddie porn/rape comes to mind, if someone fabricates enough plausible examples you can get your house raided or you could be arrested
Can you plead innocent, and will you ultimately prevail? Sure. But will you be able to take back the newspaper articles or news reports about you and these horrible accusations? The chattering on local comment boards? Rumors that might circulate around Twitter or Facebook? Will everyone be able to see that you prevailed and roll back any changes in feelings they had?
News to me! I guess it's so secret I've forgotten it!
---
I guess that falls in the category of 'rumours of the existence of a thing that doesn't exist and is embarrassing'. Obviously it's very hard to disprove such a rumour, but it is quite easy to just say "I don't care, and you shouldn't either" as a response.
> And another method of intimidation is they start Photoshopping the picture he sent with his ID. They start Photoshopping his picture into posters saying. like. “he’s a pedophile. He raped a minor. He’s wanted by the police.”
Who would be okay with that being said about them?
Given these blatant privacy violations, I wish mobiles had the option to "mock" data for those sensors. Share files? Sure, give access to a jail like bkank file system. Share mic? Sure, give access to a white noise generated stream, same with video/camera. Share gps? Give some mock location, etc.
That's what a privacy enabled device would do.
I wonder why hasn't this even been implemented at the browser level.