I’m getting a bit sick of large corporations a) demanding excess data as a condition of doing business with me, b) allowing it to be stolen, and c) giving zero fucks about it.

What are some things that us netizens can do to make our displeasure known.

Extra points for funny ideas.

  • slazer2au@lemmy.world
    link
    fedilink
    English
    arrow-up
    97
    arrow-down
    5
    ·
    4 days ago

    Use EICAR test strings as your password.

    If they store your password in plain text the AV will lock the user database.

    If your password gets leaked and they are using bad password security, when your password is cracked the AV will isolate the file.

    • shrodes@lemmy.world
      link
      fedilink
      English
      arrow-up
      75
      arrow-down
      1
      ·
      4 days ago

      Bold of you to assume a corporation storing passwords in plain text would be using AV

    • qaz@lemmy.world
      link
      fedilink
      English
      arrow-up
      40
      ·
      4 days ago

      According to EICAR’s specification the antivirus detects the test file only if it starts with the 68-byte test string and is not more than 128 bytes long. As a result, antiviruses are not expected to raise an alarm on some other document containing the test string.

      This won’t work, assuming the database file is more than 128 bytes long

      • Talaraine@fedia.io
        link
        fedilink
        arrow-up
        10
        ·
        4 days ago

        I think the important distinction would be ‘file’ or ‘record’. Passwords aren’t really a file in a database iirc and records in a database have a storage limit

      • PM_Your_Nudes_Please@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        3 days ago

        EICAR test strings are strings of text that can be used to test an antivirus. Basically, you bury the file somewhere, and see if your AV picks it up. The joke being that if they’re storing your password in plaintext (a big no-no from a security standpoint) then their AV will clamp down on the database once you create your account and the test string is embedded.

        It wouldn’t work in this instance, unfortunately; EICAR test strings are only meant to work when embedded in files that are shorter than 128 bytes. And every database is almost certainly larger than that.