• coffeeClean@infosec.pubOP
    link
    fedilink
    arrow-up
    15
    ·
    edit-2
    8 months ago

    I must say Paypal shares customer data with over 600 corporations among other scummy things, so I boycott them. I also boycott eBay because the javascript required to use their website port sniffs your LAN and feeds that back to them, apart from other evils.

    But most importantly, I’m not necessarily worried that I would personally get burnt by this. But just like my unwillingness to buy an Intel CPU with a management engine (or AMD’s flavor of this), I am unwilling to buy a product that was designed to work against me. I do not want to finance anti-consumer suppliers. ATM I don’t know how to check whether my version of AOS has this “feature”.

    (BTW, I’m not the OP; I just linked their post here)

    • Blaster M@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      ·
      edit-2
      8 months ago

      Sniffs your local pc to look for remote desktop and vnc ports on it. I can see this being useful in finding RAT risks, but the portscan thing is something the browser should be blocking or sandboxing.

      As for PayPal, well, your cc / bank also shares lots of data.

      If your threat modelling is that severe, your best bet is Tor Craigslist, a couple blokes packing heat and a briefcase of money in a place with no parking lot surveillance.

      But then at that point security and safety is on you and your mates to implement.

      • coffeeClean@infosec.pubOP
        link
        fedilink
        arrow-up
        5
        ·
        edit-2
        8 months ago

        As for PayPal, well, your cc / bank also shares lots of data.

        Paypal is not a bank. Paypal is an additional MitM. Using Paypal adds another surveillance capitalist to the chain along with your bank and credit network. But indeed, the banks and credit cards are shit so I am fighting the war on cash quite hard. I’ve already been dragged into court for insisting on paying a creditor in cash. I won that case and will continue insisting on cash payments.

        If your threat modelling is that severe

        My threat model simply includes mass surveillance. Which is in the threat model of everyone who understands and embraces privacy. It’s worth noting that it’s not purely and infosec stance. I also object to feeding a supplier who is acting against me. The moment I detect that a supplier is working against me, I walk on ethical grounds. They have failed to earn my business. The snooping just happens to be the manner in which they are working against me.

        your best bet is Tor Craigslist,

        I was doing that at one time but something pushed me off. I don’t recall what… whether it was SMS verify or CAPTCHAs or phone numbers or fussy email address verifiers… something drove me off.

        • Blaster M@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          8 months ago

          Can’t help you there. Buying stuff isn’t anonymous, even brick and mortar stores have cloud surveillance cams now.

          • coffeeClean@infosec.pubOP
            link
            fedilink
            arrow-up
            1
            ·
            8 months ago

            Most of my shopping is done at street markets. When a big parking is filled with vans and portable tables on a weekly basis, there is no surveillance. But if I need something very particular then the cash option gets threatened. E.g. I would like to have a Flipper Zero but these are never at street markets and not even on any shelves anywhere.

            • Synnr@sopuli.xyz
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              8 months ago

              I have a Flipper Zero (and case and the extra components) that I’ll 99.99% likely never use. I’d love to get cash for it but I’d be asking twice what it’s worth because I like having it on ‘what if’ grounds.

              But I feel you, it’s unfortunate about the state of things. The EU just banned privacy coins. US is soon coming I’m sure. They won’t allow people to legally use them after the release of a central bank coin.

    • deur@feddit.nl
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      So you just don’t buy anything? Get over yourself and your unhealthy obsessions.

      • coffeeClean@infosec.pubOP
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        8 months ago

        Ethical consumers patronize the lesser of evils, and go without if it’s feasible given only quite shitty options. Affluenza-driven OCD consumption is the unhealthy obsession that ethical consumers manage to avoid.