I spent the weekend researching data removal methods and decided to start with my credit report. I’m not even going to get into all of the alarming privacy invasions that popped up during this process. But when I got to the experian report, I was met with T&C box that says I have to hand over my phone carrier info and it wouldn’t let me proceed without doing so. The bureaus are legally required to give you one free report a year. It’s bad enough that these companies are even given rights to my data and now they’re using it to request further information.
I’m just so angry, frustrated, and violated.
Try GDPR them. Fuck their form.
I wonder if it affects them if they are collecting purchasing data from US citizens residing in the EU. If nothing else, the US military and diplomats are there. From what I’ve found, it protects anyone in the EU, citizen or not.
I’m not really sure what you expect to be able to do with your credit report, but you should request it through https://www.annualcreditreport.com/. That’s the legit source.
This happened on annualcreditreport.com.
Don’t use credit.
guessing they’re using the carrier’s data for verification. name, address, phone number, socials and at least partials of credit cards, bank accounts. whatever relevant that they have.
this is all data the credit bureau has on you already
I’ve run into issues with SMS-based 2FA (yikes) on some websites because my phone number was a landline number I purchased then later transferred to my wireless carrier.
I bring this up because I’ve noticed some websites have the typical “we’ll confirm your information with your wireless carrier” verbiage, but those generally mention they do so to determine whether the number is a landline or wireless.
I’m super unsure of what’s going on in this case, but when I first saw this screenshot this is what came to mind.
Experian is stuck on an old phone number for 2FA and I can’t remove it because I don’t have a phone number. I really hate how they tie everything to a phone number.
Me too, and it’s worse because it’s not secure.
I keep saying this a lot but I don’t know why recently (the last ~5 years) everyone is jumping on SMS-based 2FA. I remember this was really big around 2010 and as a developer all the tools for SMS-based 2FA are deprecated or unmaintained. It seems like all these websites that jumped on board 10 years late have very poor security practices.
Can confirm, it is information they already have. Below is likely the API the telco exposes to the bureau. Each data point queried returns true, false, or a confidence score.
It is intended as an anti-fraud tool. Not saying I agree with it. Something like PGP is sufficient for building out a web-of-trust without needing to share my personal information.
Please stop with the defiling of the word ‘Fraud’. Fraud does not mean someone who claims ownership of their own identity. A $20 billion dollar association missing a handful of verified data points on someone’s life doesn’t constitute fraud. We’re talking about a corporation whose whole market is based on repurposing the data they collect about us. So if you’re going to make an inference as to their intention, assume it’s the one they have had since 1970. To gather more information about the public for profit and control.
It’s not, or they wouldn’t need to request my explicit permission to obtain it. You don’t need to guess what it’s for because we know that credit “bureaus” exist to profile “consumers” and sell their information, whether aggregate or personal. They’re asking to gain access to my carrier account and my device information. This is about data inventory. The credit bureaus know who has it and want permission to buy it from them.
time to look up some alternatives.
