- 4 Posts
- 12 Comments
2Ā·9 months agoIāve been out of the loop on games for a while but ReactOS may be worth a look.
The 1st Ā½ of your comment sounds accurate. Butā¦
And also in Foss there are highly opinionated software where the devs completely ignore users, ban them from GitHub when they post issues,
Right, but to be clear non-free s/w is worse - you canāt even reach the devs, generally, and there is no public bug tracker. FOSS is an improvement in this regard because at least there is a reasonable nuclear option (forking). The nuclear option for non-free software is writing it yourself from scratch.
That all sounds accurate enough to meā¦ but thought I should comment on this:
However - in larger enterprises thereās so much more, you get the whole SDL maturity thing going - money is invested into raising the quality of the whole development lifecycle and you get things like code reviews, architects, product planning, external security testing etc. Things that cost time, money and resources.
It should be mentioned that many see testing as a cost, but in fact testing is a cost savings. In most situations, you only spend some money on testing in order to dodge a bigger cost: customers getting burnt in a costly way that backfires on the supplier. Apart from safety-critical products, this is the only business justification to test. Yet when budgets get tightened, one of the first cuts many companies make is testing ā which is foolish assuming they are doing testing right (in a way that saves money by catching bugs early).
Since the common/general case with FOSS projects is there is no income thatās attached to a quality expectation (thus testing generates no cost savings) - the users are part of the QA process as free labor, in effect :)
1Ā·10 months agoApparently Iām wrong about thisā¦ the preview is said to be created by the server:
https://links.hackliberty.org/comment/1068761
EDIT: well, apparently itās questionable. No one knows with confidence.
1Ā·1 year agoDo you want an answer or just a space to br angry and rant?
Itās all about getting an answer. Any rant that you think you sensed is at most an attempt to motivate a good answer.
I should also stress that I donāt want bad answers. The same broken speculation has been posted multiple times in this thread and in the parent. Thus compelling me to repeat the flaws in that bad answer.
Iām confident at this point that I finally got a viable answer: insurance. But I might be tempted to press for more details because itās still unclear how the GDPR compliance pans out. GDPR violations are rampant these days, so it could lead to an article 77 complaint. I still have to do a bit of analysis on that from the insurance narrative.
Thatās all plausible. But in the end the airline (their insurance) will be the loser, no?
When a traveler has insurance they have some reassurance & comfort that the loss wonāt be theirs as they will file a claim. In my cases of lost luggage, the rules of the travelerās insurance claim required me to still file a claim with the airline. The airline seemed to have the primary liability. Wouldnāt it be bizarre if the airline (who caused the loss) would get off the hook? My insurance just ensured I was compensated one way or another so long as I followed the rules and reported the loss to the airline. From there, wouldnāt my insurance work in their own interest to ensure the airline pays out? Surely my insurance must only be liable for benefits coverage that exceed the airlineās responsibility (depending on how generous my policy is).
Since an insurance company has the resources and legal muscle to ensure the responsible company pays out, I would expect it to /not/ be in the airlineās interest to deal with another insurance company over a loss. Just about every time I had a loss without insurance, the airline was directly liable to me but they told me to pound sand. Every time IIRC. They wouldnāt get away with that against another insurer.
Most of my cards are free with lousy policies that only pay out if I lose a limb or something like that. It was only when I paid for extra insurance that I got coverage that was useful.
In any case, if you are correct, that implies if I get a payment card with zero insurance (a prepaid card?), then the flight details wonāt be shared, correct? Might be interesting to test that, but tricky because prepaid cards often donāt issue a statement.
The travel insurance sounds more plausible than the anti-fraud measure. I had not considered that. Although the question is how is that info sharing is arranged considering airline would not inherently care about my travel insurance or have a duty to inform my insurer.
if you travel to another place and use your card there, then your bank are going to know youāre there.
Thatās not the same bank that I bought my airfare with. The bank I use to buy the airfare with has no reason to know where I am. IIRC thereās a stat that on avg Americans have like ~15 or so different bank/credit cards. What youāre saying makes no sense. The airline takes the liberty of giving a travel notice to just one of your dozens of banks, and what about the rest?
If thereās a transaction showing you bought tickets to that city/country for the same dates that transactions happen within that city/country, thatās evidence to support one decision over the other on the algorithmās part.
I often buy a one-way ticket with one card and a one-way return with another. So not even one bank has the full picture. I typically leave those cards at home as well because they have poor forex rates. Yet this doesnāt trip fraud sensors on the cards I carry to the destination. The fraud sensors are tripped when I forget my ATM limit or incorrectly adjust that limit for the foreign currency.
One bank that requires a travel notice doesnāt even accept that a trip would last more than 2 weeks. I call and say I will be gone 3 weeks, or 4 weeks, and they cannot handle it. They say āthe travel notice will expire in 2 weeks so you have to call again when that time comes to renew your travel noticeā. What I tell them directly carries more weight than whatever shows up on the transactions because they have no way of knowing what other travel arrangements I have. Yet what I tell them is not fully utilized.
The other problem with your theory is travel notices are a recent development of the past ~10ā20 years, whereas itineraries have been shared with banks for as long as I can recall (~25+ years). Anyway, speculation isnāt cutting it. Solid info needed on why this is happening.
If your bank knows youāre meant to be in a specific place, theyāll know transactions happening there arenāt because someoneās stolen your card.
Every bankās AI-driven fraud detection system is different and non-transparent. Whenever my account gets frozen for āfraudā and I removedĀ¹ at the bank over it, I ask WHY my account was frozen. The CSR guesses what happened (because apparently itās such a secret the bankās own staff is kept in the dark). This can be deceiving because bankers seem to be trained to propose their guesswork with confidence to thwart questions. I ask āwhere in my terms of service agreement does it say I shouldnāt do [whatever the CSR thinks triggered the fraud sensors] & how can I prevent this false positive in the future?ā They can never answer that.
Some banks donāt require travel notices and some do. The banks that donāt: how are they finding out my travel plans when I buy the ticket using a different bank? Most likely their fraud algo is (or tries to be) smart enough to not need to track you.
It would probably be a valid exception to GDPR on those grounds.
How is sharing purchase info with banks within the bounds of the airlineās operational needs? The bankās problem is not the airlineās problem.
(edit)
1: woah, slur filter did a silent hit-and-run on my post. The word āremovedā should be some form of ācomplainā using a synonym that begins with a ābā.
Thatās been suggested in the parent thread and another crosspost. Itās the most popular answer but I donāt buy it.
Why would the airline risk the liability of excessive oversharing of personal data for no benefit in return? Is the bank giving them a reduced transaction fee for sharing that data?
I cannot imagine a hairless RMS. He should have insured his beard and hair, just like Tom Jonesā insured his chest hair for $6.8 million.
Actually the large corps are more likely to hold the data in-house. Small companies cling to outsourcing. E.g. credit unions are the worstā¦ outsource every service they offer to the same giant suppliers. Everyone thinks only a small company has the data (and consequently that the small dataset does not appeal to cyber criminals) but itās actually worse because they outsource jobs even as small as printing bank statements to the same few giants most other credit unions use. Then they do the same for bill pay with another company. Itās getting hard to find a credit union that does not put Cloudflare in the loop. So in the end a dozen or so big corps have your data and itās not even disclosed in the privacy statement.
Of course it depends on the nature of the business. A large grocery chain is more likely to make sure your offline store purchase history reaches Amazon and Google than a mom & pop grocer who doesnāt even have a loyalty program.
I have never seen a privacy policy that lists partners and recipients apart from Paypal, who lists the 600+ corps they share data with for some reason. Apart from bizarre exceptions privacy policies are always too vague to be useful. Even in the GDPR region. If you read them you can often find text that does not even make sense for their business because they just copied someone elseās sufficiently vague policy to use as a template.
The breach happened in a country where companies are not required to respond to audits. No company wants any avg joeās business badly enough to answer questions about data practices. In the EU, sure, data controllers are obligated to disclose the list of parties they share with (on request, not automatically). And even then, some still refuse. Then you file an article 77 complaint with the DPA where it just sits for years with no enforcement action.
My approach is a combination of avoiding business entirely, or supplying fake info, or less sensitive info (mailing address instead of residential, mission-specific email, phone number that just goes to a v/m or fax). This is where the battle needs to be fought ā at data collection time. Countless banks needlessly demand residential address. That should be rejected by consumers. Data minimization is key.
In the case at hand, Iām leaning toward opting out of the class action lawsuit and suing them directly in small claims court. I can usually get better compensation that way.