Privacy, the cloud, and taxes(a rant)

[cowman]

As long as I can remember, people I know have been concerned with keeping things secret. I'm not talking about late night adult encounters or embarrassing butt problems. Rather things like how much money they make, their home address, phone number, and god forbid their tax return with all the details of where they make their money and what they deduct. People on various auto enthusiast boards I go to obscure their license plate numbers when they take pictures of their car. Heck when I quote real or imaginary radio communications on this board I never put in my N-number even though I'm thinking it. I've been using "Cowman" as my internet handle for years and I never ever ever put my real name into anything if I can avoid it. Scammers and identity thieves are hiding under every rock after all.

However, I'm also a nerd. Computer wise that is... that's my degree and it was my profession for a while. I follow security news/theory and I have a fair understanding of it. Always been fascinated by how people carry out scams/hacks/etc. So I know how these things work. I know that most of the information I mentioned above is either public or easily attainable. I know there is enough information in stuff I've posted just on POA to get my real name, address, probably phone number too. I know from there for a small fee you can get my entire credit history, every vehicle I own, property I own, probably my net worth, and things I've never even though of. So great now all of you can know everything about me if you really want to. So..... what use is that information?

I suppose you could get my SSN and with enough of this data convince someone over the phone you're me and take out a loan or something in my name. My credit card company actually asked me what make and model airplane I own once to verify my identity.... of course we all know what database they copied that from right?

Of course, my SSN has been in so many databases in so many places that it's pretty much a guarantee that it's been compromised and someone somewhere has it in a list. I mean, we can try to limit the number of lists it's in but... the odds it's not out there someplace are low.

So basically I'm completely exposed. The only thing protecting me is recourse if/when something happens. I can go back to old statements I can say "no, that's not me". My SSN is the key to everything though, a 9 digit number that is difficult to get changed. Awesome.

So then here I am filing my taxes and musing about how I reflexively don't want that data in the cloud. Before we continue let me tell you some simplified tech stuff about the cloud. Almost every cloud storage service uses SSL encryption for their communications- meaning the data between your PC/device and the server is secure(aside from some rare potential/theoretical attacks that won't apply to most people). Then the data is stored on at least one, more likely multiple servers. Now, some of these cloud services do it right... but most don't. Allow me to explain. If I properly encrypt a file on my hard drive using a strong encryption method and password it's secure. You could give this thing to the FBI, they can crank on it for months with all they have and they probably won't be able to open it(this has actually been an issue in some criminal cases btw). It's simple mathematics.... to try enough possible passwords it will take the computer years or even a century to get through it all and that's probably not worth it for anyone. However, most cloud services don't use this kind of strong encryption on their end. Know how I know this? If you lose your password and your cloud service can unlock the data for you, then they're not using strong encryption. If they can give your data to law enforcement, or anyone apon sufficient coercion then it's not secure. I mean someone could have a gun to the head of everyone in the company and the employees physically couldn't unlock it no matter how hard they tried. That's what it takes to meet my standard of secure.... and yes you can technically do that and yes a few services do. Most don't because if you lose your password the data is gone and that's not great for customer support. The downside is the government can subpoena them and get it or more likely some hacker emails the secretary a new emoji pack with a trojan and backdoors his way in without using any passwords.

So where was I? Ah yes, knowing this and not knowing which encryption my tax software uses(almost certainly not the secure kind) I did not want my data in the cloud. But then I started thinking about it... say I published my entire tax return to the internet(I won't) what difference would it make? I mean let's say I crossed out the entire coveted SSN. You'd all know how much money I made last year, something about how I made it, what I invest in, what I deduct, my address, etc. My instincts say this is all coveted data... it MUST be secured and yet... why? What are you going to do with that to harm me? Make fun of my income level? Hit me up for money since I'm wealthier? I play fair and honest with everyone I do business with so there wouldn't be any surprises there. Seems that with my SSN and public data like my airplane's registration you can already steal my identity. The only people I've ever seen use tax return data for verification are the IRS. I guess you could get my refund... if I got one. If you want to contribute to my quarterlies go for it I guess.

Then there's my other online world... my forum accounts, facespace, unused twitter account, and various other things. I'm pretty sure if this account starts posting a bunch of Klan propaganda all of the sudden the admins would lock it down and realize that's not me. Same with facebook, anyone who knows me is probably going to be aware that's not my gay porn collection(I have much better taste) *ahem* anyway.... the only real embarrassment would be that I let my account get hacked at all. Yet my social media stuff, video game, and other entertainment accounts- stuff that you can't steal any real money from me with seem to have the highest level security. My bank doesn't make me rotate passwords every couple months and use at least sixteen characters including uppercase, lowercase, numbers, symbols and at least 3 emojis plus two-factor authentication to my phone or email every time I use a new device(which I can't turn off without being harassed every hour, thanks Apple). Ok... so you can do bad stuff with my apple account. All my dog's baby pictures are in icloud... I shudder to think the ransom that would demand.

Honestly though I never started doing the cloud thing because of rural broadband. I've alway had a tiny data cap or a slow data rate so it just takes too long to use anything of any size in the cloud. I have a local NAS server with redundant drives on it.... and just in case that fails I back it up every few months to a USB drive and keep that in my fireproof safe.

But then people worry about more... their browsing history, what they bought on the internet, their nudes[serious mode] if you don't want people having your nudes then don't take nudes for god sakes [/serious]. That said, sharing is caring. I mean... do you guys want to know where else I go on the internet? Sites about how to paint a car. Want to know what I bought on amazon last week? Paint stirring sticks, paint mixing cups, and sandpaper. We're having ham for dinner sunday... so obviously I need those things. Amazon knows, so do car sites and they keep trying to sell me ham roasters and piggie napkins.

Dear lord... keep your data private guys. You don't want to end up with tacky napkins. I need a beer.

 

[Sundancer]

I dunno - set the bar higher? You don't need perfect PII protection; just better than most. . .set fraud alerts; use a single dedicated credit card for on-line buying; don't use a debit card for retail buying; if you need browsing security, pay one of the mis-attributable services and connect via VPN. You get a real hack, you can/can change your SSN.

I still see places that ask for the last four of SSN, including a major bank - you got the last four, you pretty much have it all - bank elsewhere, I think.

Do not/not authorize auto pay from your checking account

Yeah, "Cloud" - using a vendor's computing cycles and storage - a new idea from the late 1960's. . .

 

[tawood]

Part of the problem of keeping data secret in today's age is that it can come from so many sources. I do investigations, mainly through the internet. Before I recently retired and switched jobs, I worked for a government entity with governmental computers and internet. Now I just use only the internet (more or less) but I find that is no handicap.
If you know where to look, getting those very personal bits of information on all of us, is easy. Sundancer mentions banking with the last four of your soc, but have you ever noticed how often people want you to write that down...or even your whole soc? An entire soc# goes on loans, college applications, doctor/dentist forms, concealed weapon permits applications, 4473s, etc, the list goes on and on. Now you would think that it wouldn't then be put online, but you would think wrong. Often times your soc is "sorta" hidden, as in it just becomes a part of a larger reference number. If you know how to read the reference number, you can get a person's soc#.
I find other sources that are full of personal data in addition to social numbers. Property and court records are some of my favorite sources. Social media is big too. You might not even be on social media, but if you friends and family are, then guess what? You are too. I've made many cases on social media alone.
How to combat all this? I've heard some say mis-information is helpful, and to some degree it can be, but it really takes a lot of mis-information to combat the reams of stuff already out there. As far as worrying about things like cloud storage? I can see the concern, but since that takes "breaching" that's a level above what I care to obtain, and a whole lot more complicated when most of your info is already out there for the world to see.

 

[citizen5000]

If you are on a machine that is connected in any way to a network everything on that machine is open to the world. The only reason you have not been hacked yet is you are too small and insignificant or you havn't turned up in a bigger company or systems attack yet. You should always assume you will one day you will face identity theft and not put all your eggs in a couple of baskets.

 

[deonb]

If you are on a machine that is connected in any way to a network everything on that machine is open to the world. The only reason you have not been hacked yet is you are too small and insignificant or you havn't turned up in a bigger company or systems attack yet.

It's really not. There's plenty of high value targets out there and they don't get hacked.

e.g. Here is $153 million for you. Anonymous - you can't even be tracked if you steal it. Always connected. All you have to do is guess/find the password:
https://bitinfocharts.com/bitcoin/address/3Nxwenay9Z8Lc9JBiywExpnEFiLp6Afp8v

Things don't get hacked just because they're connected. Hackers aren't all that powerful. Virtually all hacks you read about in the media are crying out loud ridiculous. It would be the equivalent of leaving your front door open, going around the neighborhood putting signs on every lamp post saying "my front door is open", then serving milk and cookies to everybody who enter your front door. Most organizations protect their petty cash drawer better than they do their customer data. They're making a bet that they will never have a disgruntled/drunk/stupid employee.


Coming back to the OP though. I don't think the OP is asking the question "How do I not get hacked?", but more of a: "So what?".

What harm would befell you if your tax return is online for everyone to see? There are cultures that when you meet someone the 3rd or 4th question you'll get asked is: "How much do you make?". We obviously don't do that, but it doesn't seem to harm them either. I think sometimes we're private about things and we don't know why.

 

[RJM62]

My PII has been breached so many times that it was no surprise when I got a letter from IRS this year informing me that a bogus tax return had been filed using my name and SSN. Their system caught it and rejected it. I had to call them to confirm that it wasn't me, which involved answering questions about myself to which I was surprised they even knew the answers. They were very thorough. Once they were satisfied that I was me, they killed the fraudulent return.

It's pretty much just been a pain in the ass so far. I haven't suffered any financial losses other than postage costs; and if I do, I actually have insurance for it with USAA that I didn't know about until I called them (it's part of the policy for the house). I've had to file reports with the IRS, FTC, my County Sheriff, and the NYS DTF; put fraud alerts on my credit reports (and possibly freezes at some point) to prevent people from taking out loans in my name; freeze my information at Chex Systems to reduce the chances of someone opening a deposit account in my name; and assign verbal passwords or PINs to all my credit and debit cards so no one can call up using my SSN and file a change of address or the like. I also had to file a paper tax return this year. For future returns, I'll have to use a special PIN to e-file.

I blame the government for most of this because they allow or sometimes even require so many people to collect our SSNs. Anyone who issues a 1099 on me, for example, must have my SSN to do so. Insurance companies need it for Obamacare reporting. Banks, brokerage houses, and even PayPal need it for 1099s. Doctors need it for electronic record-keeping (or so they say). Employers, of course, need it for W2s -- and all it takes to become an "employer" as far as IRS is concerned is a five-minute phone call. When you're done, presto, you're an instant employer. And of course landlords, lenders, and even the snot-nosed teenager working at the cell phone store can demand it for credit checks.

One thing that I think would help a lot would be allowing individuals to request a proxy number that they could use in place of their SSN for 1099, W2, and other mandatory reporting purposes. It would be in a different format from the SSN and only useful for the purpose of filing reports, not returns. This way your bank, employer, client, customer, or whomever wouldn't have to know your real SSN just to file tax reports on you. That seems like such a simple idea that even the government should be able to pull it off. Or maybe not.

I also think that financial institutions should be forbidden from using the SSN for credit purposes. Give them 18 months to come up with Some Other System for running credit checks. If they don't, they're out of business.

Rich

 

[kayoh190]

^^^ exactly. What bothers me most is that it's even possible to access a line of credit with only my social. There are million different ways to get in touch with me and verify the request is valid.

 

[Sundancer]

Some entrepreneurs, people doing research, LE, etc., would like their web activity kept private - as do some bad guys; that's actually not that hard to do; the time spent on it has a cost, of course. But once set-up, it's not too tough, in terms of time, to maintain.

For regular folks, I guess the notion of where you've been, when, what you were doing, who you know, what your investments are, where you're vulnerabilities may lie, being exposed can give you the creeps. And the hassle factor on identity theft is pretty big. Also, the not-knowing what about you is being collected, sold, bartered, etc. For example, with location services on, and a Starbucks app on your phone, Starbucks knows whenever you come in range of one of their stores. Does that matter to you? It may or may not, or more ominously, it may matter to you after the fact, in a civil or criminal action.

If you see the Facebook or other logo on a site, bam, you've been tracked, unless you've set-up counter-measures. Take a photo of your grandkids with your phone, the metadata likely records the time and lat/long. Again, if you KNOW that's happening, and you don't care, no worries. But it's not hard to imagine situations when you don't want that recorded - and you need the insight into the tech to know when.

If you stayed logged in to Google, and/or use their apps on your phone, you're giving up a lot of personal movement and activity data - if you short-circuit all that, you'll have a different experience on the web, and expose a bit less about yourself to the aggregators, or next hacker.

 

[Norman]

For what it's worth, and exactly what you paid for it, there is no usable personal information kept on my computer or attached hard drives. It's a small step I can take but is one more thing bad guys have to dig through to get to me.

Cloud? I wont go there. I have storage aplenty at home and it's off line.

 

[RJM62]

For what it's worth, and exactly what you paid for it, there is no usable personal information kept on my computer or attached hard drives. It's a small step I can take but is one more thing bad guys have to dig through to get to me.

Cloud? I wont go there. I have storage aplenty at home and it's off line.

The problem is that you can't control how well other entities safeguard your PII, a problem that's compounded by the fact that in many cases, you have no choice about whether or not to provide it.

I've already told several doctors that I'm not providing my SSN, and to hell with how that affects their electronic record keeping. That's their problem, not mine. But I can't refuse to provide it to entities who are mandated by law to collect it because they have to file tax forms on me; and until the government is forced by the people to do something about that, nothing will be done.

Rich

 

[Clip4]

I think all federal and state income tax returns should be public. You work as a barber and only claim you make $15K, all your customers could reasonable determine if you were cheating the rest of us tax payers and turn you in.

 

[Sundancer]

Banks do a decent job of protecting PII, as do most investment firms. The Feds are, in general, indifferent - they pretty much don't care. OPM, VA, etc., with multiple breaches over multiple years, simply failing to take the most rudimentary of precautions. Retail chains are probably a bit worse. Medical providers are all over the place. Local government is astoundingly inept. . .especially ones that take credit cards for things like permits, recreation classes, pools, golf, etc. Hand them cash

It's a hassle, but if identity theft is a worry for you, you have to monitor - anything Lifelock can do, you can do, if you're willing to spend the time. Put up your fraud alerts on all three credit bureaus, do the monitoring thing, consolidate on just a couple credit cards, don't use your debit card on retail purchases.

And yeah, I don't provide SSN to doctors - perfect protection it is not, but it is one less exposure. You can't go pure stealth, but you can reduce your "radar" cross section. .

 

[Sundancer]

I think all federal and state income tax returns should be public. You work as a barber and only claim you make $15K, all your customers could reasonable determine if you were cheating the rest of us tax payers and turn you in.

Federal and State salaries are generally public record - but the details of the employee's financials are not - you might be entitled to know the total compensation package, but not how the recipient distributes it to savings plans, health plans, HCFSA, or if they have a tax or child support liens. The forms in tax filings are too revealing of personal information to be public - you aren't entitled to know your barber had large medical deductions, or doing pre-tax contributions for a HCFSA, etc. Or his SSN, address, DOB, and everything else that will make someone a target for thieves.

 

[JOhnH]

The problem is that you can't control how well other entities safeguard your PII, a problem that's compounded by the fact that in many cases, you have no choice about whether or not to provide it.

I've already told several doctors that I'm not providing my SSN, and to hell with how that affects their electronic record keeping. That's their problem, not mine. But I can't refuse to provide it to entities who are mandated by law to collect it because they have to file tax forms on me; and until the government is forced by the people to do something about that, nothing will be done.

Rich

Back when I owned the veterinary hospital, we always asked new clients for their SS# because you never know who may stiff you for few thousand bucks sometime in the future and need to be tracked down. If they didn't want to provide it, that was ok, but then we might not extend them credit or delayed payments later. Expensive procedures would need payment in advance. That may sound harsh, but it probably saved me over $50k in the last 10 years.

 

[Clip4]

Federal and State salaries are generally public record - but the details of the employee's financials are not - you might be entitled to know the total compensation package, but not how the recipient distributes it to savings plans, health plans, HCFSA, or if they have a tax or child support liens. The forms in tax filings are too revealing of personal information to be public - you aren't entitled to know your barber had large medical deductions, or doing pre-tax contributions for a HCFSA, etc. Or his SSN, address, DOB, and everything else that will make someone a target for thieves.

I agree with the SSN and DOB, but everything else should be public. No one complains about their home value or the amount of property tax they pay being public, income is no different. And yes,if you claim deductions, those should be public as well as income.

 

[Clip4]

Federal and State salaries are generally public record - but the details of the employee's financials are not - you might be entitled to know the total compensation package, but not how the recipient distributes it to savings plans, health plans, HCFSA, or if they have a tax or child support liens. The forms in tax filings are too revealing of personal information to be public - you aren't entitled to know your barber had large medical deductions, or doing pre-tax contributions for a HCFSA, etc. Or his SSN, address, DOB, and everything else that will make someone a target for thieves.

I agree with the SSN and DOB, but everything else should be public. No one complains about their home value or the amount of property tax they pay being public, income is no different. And yes,if you claim deductions, those should be public as well as income. Sunshine would help sanitize our dirty tax and welfare system.

 

[RJM62]

Back when I owned the veterinary hospital, we always asked new clients for their SS# because you never know who may stiff you for few thousand bucks sometime in the future and need to be tracked down. If they didn't want to provide it, that was ok, but then we might not extend them credit or delayed payments later. Expensive procedures would need payment in advance. That may sound harsh, but it probably saved me over $50k in the last 10 years.

The vet I use also asked for one. I refused, and she told me pretty much the same thing as you said. I told her I'd pay with her choice of cash, check, plastic, barter, or advertising; but that I would not under any circumstances provide my SSN.

Not surprisingly, she chose cash. Personally, I think she made a mistake. The advertising would have been a better value for her struggling little clinic in the Middle of Nowhere. Decent herp vets aren't easy to find in the boonies.

Rich

 

[abqtj]

What this P2 or PII some if you are referring to?


Sent from my iPad using Tapatalk

 

[455 Bravo Uniform]

My PII has been breached so many times that it was no surprise when I got a letter from IRS this year informing me that a bogus tax return had been filed using my name and SSN. Their system caught it and rejected it. I had to call them to confirm that it wasn't me, which involved answering questions about myself to which I was surprised they even knew the answers. They were very thorough. Once they were satisfied that I was me, they killed the fraudulent return.

It's pretty much just been a pain in the ass so far. I haven't suffered any financial losses other than postage costs; and if I do, I actually have insurance for it with USAA that I didn't know about until I called them (it's part of the policy for the house). I've had to file reports with the IRS, FTC, my County Sheriff, and the NYS DTF; put fraud alerts on my credit reports (and possibly freezes at some point) to prevent people from taking out loans in my name; freeze my information at Chex Systems to reduce the chances of someone opening a deposit account in my name; and assign verbal passwords or PINs to all my credit and debit cards so no one can call up using my SSN and file a change of address or the like. I also had to file a paper tax return this year. For future returns, I'll have to use a special PIN to e-file.

I blame the government for most of this because they allow or sometimes even require so many people to collect our SSNs. Anyone who issues a 1099 on me, for example, must have my SSN to do so. Insurance companies need it for Obamacare reporting. Banks, brokerage houses, and even PayPal need it for 1099s. Doctors need it for electronic record-keeping (or so they say). Employers, of course, need it for W2s -- and all it takes to become an "employer" as far as IRS is concerned is a five-minute phone call. When you're done, presto, you're an instant employer. And of course landlords, lenders, and even the snot-nosed teenager working at the cell phone store can demand it for credit checks.

One thing that I think would help a lot would be allowing individuals to request a proxy number that they could use in place of their SSN for 1099, W2, and other mandatory reporting purposes. It would be in a different format from the SSN and only useful for the purpose of filing reports, not returns. This way your bank, employer, client, customer, or whomever wouldn't have to know your real SSN just to file tax reports on you. That seems like such a simple idea that even the government should be able to pull it off. Or maybe not.

I also think that financial institutions should be forbidden from using the SSN for credit purposes. Give them 18 months to come up with Some Other System for running credit checks. If they don't, they're out of business.

Rich

I blame your turtle video feed as the cause of your hack!

 

[GlennAB1]

After all that, piggies napkins... what a letdown

 

[UngaWunga]

Working in IT, we just assume all web servers or services facing the internet will get hacked. Anything facing the outside gets firewalled from everything inside. Those servers can be easily stood up since they're all virtual servers. They get hacked because people are looking for a way in. Not always looking for something specific, but because its a way to get in an poke around, to see what they can find of value.

When my college gave me my picture ID, the ID# they gave me was my SSN backwards. Yeah, no. Give me a different number, please. But did it really matter? Just look at all the people in that office that had access to ALL the student data at that time. Guess we got lucky that none of them got greedy.

 

[SoonerAviator]

What this P2 or PII some if you are referring to?


Sent from my iPad using Tapatalk

Personal Identifying Information = SSN, etc


Sent from my iPhone using Tapatalk

 

[JOhnH]

The vet I use also asked for one. I refused, and she told me pretty much the same thing as you said. I told her I'd pay with her choice of cash, check, plastic, barter, or advertising; but that I would not under any circumstances provide my SSN.

Not surprisingly, she chose cash. Personally, I think she made a mistake. The advertising would have been a better value for her struggling little clinic in the Middle of Nowhere. Decent herp vets aren't easy to find in the boonies.

Rich

I don't know her circumstances, but you are probably right about her choice. Vet schools generally have one, one-hour elective course in "business". And for some reason, most veterinarians I knew had zero business sense. But once they become practice owners, they learn the basics by learning from their mistakes. At least some of them do.

 

[Everskyward]

Up until about 10 years ago my pilot's license number was my SSN, I never bothered to change it until I got my wallet stolen. Barn door... horse...

But whoever stole it never figured it out. I'm sure they were only interested in the cash. I don't even think they tried the credit cards, although I was pretty quick at canceling them.

Also, since I am a CFI, I signed that number in many logbooks, mostly way in the past.

 

[Sundancer]

I agree with the SSN and DOB, but everything else should be public. No one complains about their home value or the amount of property tax they pay being public, income is no different. And yes,if you claim deductions, those should be public as well as income.

Ahhh..nope.

 

[deonb]

Ahhh..nope.

But why? What difference does it make?

 

[Clip4]

But why? What difference does it make?

Because some people don't want you to know they pay no taxes because they work under the table to qualify for food stamps or write off their plane as a business expense and never fly it for business.

 

[RJM62]

Because some people don't want you to know they pay no taxes because they work under the table to qualify for food stamps or write off their plane as a business expense and never fly it for business.

Sooo... You're advocating vigilante tax enforcement?

Not that it really matters. All of that information most likely will be hacked at some point anyway.

Rich

 

[cowman]

I had always generally thought the reason most people kept their income secret was modesty... or the opposite. Either way just to spare people embarrassment. Maybe I'm an outlyer but I just do not care. I know people significantly poorer than I am and I've parked next to multi-million dollar aircraft on the ramp. No doubt if I released my taxes to the world many would be amazed I have so much and others would be yawning. How many people are really going to care? Who is really impressed by someone just because they make a huge amount of money anymore... or really looks down on someone because they don't. Or am I just that out of touch with society?

Or is there some completely different reason we keep this stuff secret that I don't know?

We all know about identity theft being an issue. Obviously the SSN is an issue but most of the other kinds of verification questions I've been asked for things are searchable through any of those sites where you pay to get details on anyone.

So I guess two thoughts here...
1. There really is no such thing as safe from ID theft, only mitigation... and weak mitigation at that.
2. Aside from identity theft, why exactly should I care if my tax return, things I buy, what I like to do, etc are private? Google/amazon know what I've been searching for and advertise things that the algorithm says I'd be interested in based on that. So.... is that it? Why should I be bothered by this.

Obviously we should worry about some dystopian future where you can be profiled as a criminal or political wrongthinker... or where a health insurance company might ding you for eating at mc donalds or something but that seems like more of an issue of legislating what the government is allowed to do and what consumer protections are in place. Given the way technology works it's not like we can expect privacy as we knew it decades in the past to come back.

 

[ColoPilot]

As long as I can remember, people I know have been concerned with keeping things secret. I'm not talking about late night adult encounters or embarrassing butt problems. Rather things like how much money they make, their home address, phone number, and god forbid their tax return with all the details of where they make their money and what they deduct. People on various auto enthusiast boards I go to obscure their license plate numbers when they take pictures of their car. Heck when I quote real or imaginary radio communications on this board I never put in my N-number even though I'm thinking it. I've been using "Cowman" as my internet handle for years and I never ever ever put my real name into anything if I can avoid it. Scammers and identity thieves are hiding under every rock after all.

However, I'm also a nerd. Computer wise that is... that's my degree and it was my profession for a while. I follow security news/theory and I have a fair understanding of it. Always been fascinated by how people carry out scams/hacks/etc. So I know how these things work. I know that most of the information I mentioned above is either public or easily attainable. I know there is enough information in stuff I've posted just on POA to get my real name, address, probably phone number too. I know from there for a small fee you can get my entire credit history, every vehicle I own, property I own, probably my net worth, and things I've never even though of. So great now all of you can know everything about me if you really want to. So..... what use is that information?

I suppose you could get my SSN and with enough of this data convince someone over the phone you're me and take out a loan or something in my name. My credit card company actually asked me what make and model airplane I own once to verify my identity.... of course we all know what database they copied that from right?

Of course, my SSN has been in so many databases in so many places that it's pretty much a guarantee that it's been compromised and someone somewhere has it in a list. I mean, we can try to limit the number of lists it's in but... the odds it's not out there someplace are low.

So basically I'm completely exposed. The only thing protecting me is recourse if/when something happens. I can go back to old statements I can say "no, that's not me". My SSN is the key to everything though, a 9 digit number that is difficult to get changed. Awesome.

So then here I am filing my taxes and musing about how I reflexively don't want that data in the cloud. Before we continue let me tell you some simplified tech stuff about the cloud. Almost every cloud storage service uses SSL encryption for their communications- meaning the data between your PC/device and the server is secure(aside from some rare potential/theoretical attacks that won't apply to most people). Then the data is stored on at least one, more likely multiple servers. Now, some of these cloud services do it right... but most don't. Allow me to explain. If I properly encrypt a file on my hard drive using a strong encryption method and password it's secure. You could give this thing to the FBI, they can crank on it for months with all they have and they probably won't be able to open it(this has actually been an issue in some criminal cases btw). It's simple mathematics.... to try enough possible passwords it will take the computer years or even a century to get through it all and that's probably not worth it for anyone. However, most cloud services don't use this kind of strong encryption on their end. Know how I know this? If you lose your password and your cloud service can unlock the data for you, then they're not using strong encryption. If they can give your data to law enforcement, or anyone apon sufficient coercion then it's not secure. I mean someone could have a gun to the head of everyone in the company and the employees physically couldn't unlock it no matter how hard they tried. That's what it takes to meet my standard of secure.... and yes you can technically do that and yes a few services do. Most don't because if you lose your password the data is gone and that's not great for customer support. The downside is the government can subpoena them and get it or more likely some hacker emails the secretary a new emoji pack with a trojan and backdoors his way in without using any passwords.

So where was I? Ah yes, knowing this and not knowing which encryption my tax software uses(almost certainly not the secure kind) I did not want my data in the cloud. But then I started thinking about it... say I published my entire tax return to the internet(I won't) what difference would it make? I mean let's say I crossed out the entire coveted SSN. You'd all know how much money I made last year, something about how I made it, what I invest in, what I deduct, my address, etc. My instincts say this is all coveted data... it MUST be secured and yet... why? What are you going to do with that to harm me? Make fun of my income level? Hit me up for money since I'm wealthier? I play fair and honest with everyone I do business with so there wouldn't be any surprises there. Seems that with my SSN and public data like my airplane's registration you can already steal my identity. The only people I've ever seen use tax return data for verification are the IRS. I guess you could get my refund... if I got one. If you want to contribute to my quarterlies go for it I guess.

Then there's my other online world... my forum accounts, facespace, unused twitter account, and various other things. I'm pretty sure if this account starts posting a bunch of Klan propaganda all of the sudden the admins would lock it down and realize that's not me. Same with facebook, anyone who knows me is probably going to be aware that's not my gay porn collection(I have much better taste) *ahem* anyway.... the only real embarrassment would be that I let my account get hacked at all. Yet my social media stuff, video game, and other entertainment accounts- stuff that you can't steal any real money from me with seem to have the highest level security. My bank doesn't make me rotate passwords every couple months and use at least sixteen characters including uppercase, lowercase, numbers, symbols and at least 3 emojis plus two-factor authentication to my phone or email every time I use a new device(which I can't turn off without being harassed every hour, thanks Apple). Ok... so you can do bad stuff with my apple account. All my dog's baby pictures are in icloud... I shudder to think the ransom that would demand.

Honestly though I never started doing the cloud thing because of rural broadband. I've alway had a tiny data cap or a slow data rate so it just takes too long to use anything of any size in the cloud. I have a local NAS server with redundant drives on it.... and just in case that fails I back it up every few months to a USB drive and keep that in my fireproof safe.

But then people worry about more... their browsing history, what they bought on the internet, their nudes[serious mode] if you don't want people having your nudes then don't take nudes for god sakes [/serious]. That said, sharing is caring. I mean... do you guys want to know where else I go on the internet? Sites about how to paint a car. Want to know what I bought on amazon last week? Paint stirring sticks, paint mixing cups, and sandpaper. We're having ham for dinner sunday... so obviously I need those things. Amazon knows, so do car sites and they keep trying to sell me ham roasters and piggie napkins.

Dear lord... keep your data private guys. You don't want to end up with tacky napkins. I need a beer.

This was such a long post, I think Cowman is actually DenverPilot.

 

[ColoPilot]

For me, I'm more worried about my personal data on the IRS computers than on TurboTax's servers. If TurboTax had a data breach it's going to destroy their business and leave them open to lawsuits. If the IRS loses our data, they shrug their shoulders, claim government immunity and you'll still have to file taxes next year.

 

[cowman]

I'd just finished my taxes, I'm always in an odd state after I've been dealing with taxes for a few days.

 

[Clip4]

Sooo... You're advocating vigilante tax enforcement?

Not that it really matters. All of that information most likely will be hacked at some point anyway.

Rich

No, not vigilante because the ony action would be to advise the authorities of illegal acts.

 

[RJM62]

For me, I'm more worried about my personal data on the IRS computers than on TurboTax's servers. If TurboTax had a data breach it's going to destroy their business and leave them open to lawsuits. If the IRS loses our data, they shrug their shoulders, claim government immunity and you'll still have to file taxes next year.

That's one of the reasons I pay through a third party like Official Payments. They have more incentive to safeguard my information. If they're breached, their business is history.

I've also had times when IRS or NYS DTF sent me threatening letters because of taxes that I'd already paid, but that they'd misapplied or misplaced. IRS has always managed to straighten it out in one phone call. DTF, not so much. Dealing with DTF is the little-known Tenth Circle of Hell -- the one even Dante couldn't bring himself to write about. So I like to have a third party involved in the transaction. Then I can just tell DTF to call their payment processor and sort it out with them.

Rich

 

[Sundancer]

But why? What difference does it make?

Off the top of my head. . .impact on negotitating a salary; impact on employment oppurtunities (big medical deuctions? bad health? or, perhaps a lot of time off for a family member with an issue?); revealing income sources and financial position for the self employed (again, affects negotiating posture); revealing investments that aren't politically correct; one stop shop for finding the best targets for fraud & identity theft; did you pay a hunk for an early 401 withdrawal? How come? Hmmmm. . .let's not do a deal with this guy. . .just in case.

Probably better ones that didn't come to mind yet. But for me, it's just no one else's business; the force of law compels me to pay - if I don't, people with guns will eventually show up at my house. So I pay, but my definition of privacy doesn't have to match yours, and neither do my values. I'd find it intrusive, and that's really all the reason I need. . .or to influence my vote.

 

[SoonerAviator]

Off the top of my head. . .impact on negotitating a salary; impact on employment oppurtunities (big medical deuctions? bad health? or, perhaps a lot of time off for a family member with an issue?); revealing income sources and financial position for the self employed (again, affects negotiating posture); revealing investments that aren't politically correct; one stop shop for finding the best targets for fraud & identity theft; did you pay a hunk for an early 401 withdrawal? How come? Hmmmm. . .let's not do a deal with this guy. . .just in case.

Probably better ones that didn't come to mind yet. But for me, it's just no one else's business; the force of law compels me to pay - if I don't, people with guns will eventually show up at my house. So I pay, but my definition of privacy doesn't have to match yours, and neither do my values. I'd find it intrusive, and that's really all the reason I need. . .or to influence my vote.

Exactly. What I make, how I make it, and what items I choose to purchase/invest in are no one's business but mine. It's not about rich vs poor, it's about it not being anyone's business. I can divulge that information as I see fit, I don't need the government doing it for me.

 

[paflyer]

For what it's worth, and exactly what you paid for it, there is no usable personal information kept on my computer or attached hard drives. It's a small step I can take but is one more thing bad guys have to dig through to get to me.

Cloud? I wont go there. I have storage aplenty at home and it's off line.

Massive local memory is cheap. Nothing good can come of storing everything on someone else's server farm.

 

[paflyer]

I think all federal and state income tax returns should be public. You work as a barber and only claim you make $15K, all your customers could reasonable determine if you were cheating the rest of us tax payers and turn you in.

You're free to post yours here.

 

[paflyer]

Back when I owned the veterinary hospital, we always asked new clients for their SS# because you never know who may stiff you for few thousand bucks sometime in the future and need to be tracked down. If they didn't want to provide it, that was ok, but then we might not extend them credit or delayed payments later. Expensive procedures would need payment in advance. That may sound harsh, but it probably saved me over $50k in the last 10 years.

$5000 a year to alienate a bunch of customers?

 

[paflyer]

But why? What difference does it make?

How much to you make?