Cyber Saturday—Free Credit Freezes, Google Gmail Scanning, Bot Baddies Help FBI
The day has come—huzzah!
As of Friday, the big three credit bureaus—Experian, TransUnion, and everyone’s favorite, Equifax—began offering free credit freezes, perhaps the best security measures to guard against identity theft. If you’re not in the market for a new line of credit in the near-term, you should seriously consider applying freezes across your accounts. I highly recommend it. (As I have been doing for years!)
Here’s how the system works. Banks and lenders inspect consumer credit reports, the financial health records maintained by credit bureaus, when prospective customers seek to open new lines of credit; for example, when they apply for a new credit card, or look to take out a loan. Financiers use this information to judge a person’s credit-worthiness. But fraudsters can also use stolen personal information in attempts to open new lines of credit in other people’s names. When successful, they drain people’s coffers, ruin reputations, and cause blistering headaches.
Freezes are consumers’ best bet to keep the crooks at bay. While most big credit bureaus offer credit monitoring services and fraud alerts, the security of these supposed defenses pales in comparison to that of freezes. The reason: These services tell you when something has already gone wrong. Freezes, on the other hand, prevent thievery from occurring in the first place.
The reform is long overdue. After last year’s disastrous Equifax hack, which exposed personal information for 148 million Americans, Congress tweaked the Fair Credit Reporting Act, forcing credit bureaus to offer fee-less freezes. Previously, these companies had been charging anywhere from $2 to $10 per freeze. This payment condition, however slight, incensed many lawmakers and consumers (the author included): Why should consumers pay to protect themselves against the fallout from these companies’ own security failures?
They should not have to pay, and now that situation has been set aright.
Some things to keep in mind: To implement a freeze, you will need to secure your account with a PIN. Write these secrets down, perhaps encoded, and keep them in a safe place. Existing relationships with banks remain unaffected, so don’t worry about freezes causing any obstacles there. But if you are planning to apply for a mortgage, open a new bank account, get a new credit card, take out a loan, or some such activity, you’ll need to unfreeze your accounts first. Leave yourself a few days for the thaw. Afterward, you can freeze up your files once more—for free!
Follow these links to credit bureau websites for more information about how to implement freezes: Equifax (phone number: 1-800-685-1111), Experian (1-888-397-3742), TransUnion (1-888-909-8872). If you freeze your files, let me know how your experience goes? I would love to know.
Have a great weekend.
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
Google boondoggle. Remember when Google last year said it would stop scanning customers' Gmail email messages for the purposes of advertising? U.S. lawmakers followed up by asking the company to explain its policy regarding third party services, which it still allows to scan people's emails and share that data with others. In a now-public letter, Google's VP for public policy and government affairs said: “Developers may share data with third parties so long as they are transparent with the users about how they are using the data."
Crypto exchange hack. Hackers stole about $60 million worth of digital coins from Zaif, a Japanese cryptocurrency exchange, the business' parent company, Tech Bureau Corp., disclosed Thursday. About a third of the looted funds belonged to the exchange while the rest were customer money. It's the fifth major cryptocurrency exchange hack this year. Meanwhile, a popular piece of Bitcoin software had a very nasty bug.
The Three Musketeers. The three college-age defendants who pled guilty to creating and using the Mirai botnet, a distributed denial of service-attack tool that caused widespread Internet disruptions in 2016, are hoping to be sentenced to 2,500 hours of community service—by working for the FBI. The trio has apparently already contributed more than 1,000 hours to the Feds' law enforcement and security research endeavors.
Put to the test. NSS Labs, a security product tester, is suing some of the top cybersecurity vendors, such as Symantec, CrowdStrike, ESET, and an industry non-profit group called Anti-Malware Testing Standards Organization (ATMSO), for alleged antitrust violations. The reviewer claims that the companies have "conspired to prevent testing of their products" by withholding permission in licensing agreements.
Badge in, badge out.
Share today's Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
The Russian intervention was essentially a hijacking — of American companies like Facebook and Twitter; of American citizens’ feelings about immigration and race; of American journalists eager for scoops, however modest; of the naïve, or perhaps not so naïve, ambitions of Mr. Trump’s advisers. The Russian trolls, hackers and agents totaled barely 100, and their task was to steer millions of American voters. They knew it would take a village to sabotage an election.
ONE MORE THING
What's the score? Imagine a camera following you around 24/7—not to film you for reality TV, but to scrutinize your every action for the purposes of creating a government-mandated "social credit" ranking. This is the kind of digital dictatorship China's Communist Party aims to build by 2020. Already, you can see how the program will be used as a tool for control, squashing and silencing dissent.