๐ Poison ๐ your ๐ data โ ๏ธ
-
@alice @djtoebeans @isol
If anyone needs an easy to remember card number that passes 2 very low bars (Luhn validation and a real BIN), take mine:407 666 31337 31337
-
-
@alice @Irenetherogue I got off when taken to court for nonpayment of Poll Tax (Thatcher thing, yes, I'm that old) because I poisoned their data by missing out a crucial box on the form.
Don't refuse to comply but *always* sabotage their data. It's simply costs them more.
@boggin @alice @Irenetherogue
Back in the nineties I'd pay my phone bill by cheque. BT would charge me an admin fee, that eventually topped ยฃ7.50 just to cash a cheque. Of course they wanted to bully me in to paying via Direct Debit.
So I made all my cheques out to 'Bastard Telecom' and didn't sign them. I thought I was being very clever, forcing them to hustle for their fee.
But they just went and cashed them anyway! No idea how as they were unsigned...
-
Poison your data 
๏ธOptions available:
- NULL
- NaN
- object.Object
- '๏ฟฝ' (Unicode question mark when parsing fails or breaks)More palatable names:
- John Smith
- Jane Doe
- Alex JohnsonMix and match as needed, add junior or senior. Otherwise search for "common names <country>" if you want to twist things around.
-
@Infrapink @alice
why not
-
@Infrapink @alice
why notBecause รพ is unvoiced; it's pronounced /ฮธ/. The initial sound of รฐe word 'รฐe' (usually spelled 'the') is voiced, pronounced /รฐ/. รey are different sounds which happen to be represented by the same digraph in standard English orรพography because ancient Greek didn't have a voiced dental fricative.
-
-
The goal is to make corporate data less profitable.
Even stuff as simple as setting your birthdate to 1970-01-01 everywhere, adding [TEST] or [DELETED] as your name or account notes anywhere you don't need them to know your name.
Using plugins like AdNauseam to poison ad trackers (and cost them marketing dollars).
Using VPNs set to different locations.
Signing into data broker sites to "correct" outdated info (they'll often let you do that with little-to-no proof of identity, but will require your passport or state ID in order to delete your info). Bonus points if you correct it to someone else's info on their site that's similar to yours.
Only fill in required fields when you sign up for anything, but only provide correct info if it matters for you to use the service, otherwise provide plausible, but incorrect, data.
If you use LLMs anywhere, use the free tier and always vote thumbs up for bad answers and down for good ones. It wastes their resources and drives up their costs while making their training data worse.
@alice your post should be brought as an example of what "service to the community" means!
-
@alice wondering vaguely if using 'rm -rf /' would work as a response.
-
Poison your data ๏ธ
I wonder how well 'glaze' and 'nightshade' are working against the newer iterations of AI. When I was still on IG, a few years ago, I was using them on all my images I posted while doing an online life-drawing course.
-
The goal is to make corporate data less profitable.
Even stuff as simple as setting your birthdate to 1970-01-01 everywhere, adding [TEST] or [DELETED] as your name or account notes anywhere you don't need them to know your name.
Using plugins like AdNauseam to poison ad trackers (and cost them marketing dollars).
Using VPNs set to different locations.
Signing into data broker sites to "correct" outdated info (they'll often let you do that with little-to-no proof of identity, but will require your passport or state ID in order to delete your info). Bonus points if you correct it to someone else's info on their site that's similar to yours.
Only fill in required fields when you sign up for anything, but only provide correct info if it matters for you to use the service, otherwise provide plausible, but incorrect, data.
If you use LLMs anywhere, use the free tier and always vote thumbs up for bad answers and down for good ones. It wastes their resources and drives up their costs while making their training data worse.
@alice oh I've kind of done that since forever, but using the same fake data
Once I had to recover a password and when I was chatting to the person on their end they were "oh, it seems like you didn't give us truthful info for your home address" and I gave it back down to the post code
-
@boggin @alice @Irenetherogue
Back in the nineties I'd pay my phone bill by cheque. BT would charge me an admin fee, that eventually topped ยฃ7.50 just to cash a cheque. Of course they wanted to bully me in to paying via Direct Debit.
So I made all my cheques out to 'Bastard Telecom' and didn't sign them. I thought I was being very clever, forcing them to hustle for their fee.
But they just went and cashed them anyway! No idea how as they were unsigned...@MostlyTato @boggin @alice @Irenetherogue
The US Interval Revenue Service is renowned for cashing checks *made out to someone else*. -
Oh cool! I wish I had seen your posts sooner!
I toyed with these a while when I was still on WIndows - I just don't post much of anything any more. I deleted my IG and FB and replaced Windows, etc etc etc....
-
Because รพ is unvoiced; it's pronounced /ฮธ/. The initial sound of รฐe word 'รฐe' (usually spelled 'the') is voiced, pronounced /รฐ/. รey are different sounds which happen to be represented by the same digraph in standard English orรพography because ancient Greek didn't have a voiced dental fricative.
@Infrapink @q @alice AIUI the old English thorn is the direct predecessor to the modern English โthโ, unrelated to the similar-looking archaic Greek letter sho
-
@alice I've toyed with the idea of setting up a headless Chrome instance to just ask "but why?" to ChatGPT all day to drive up their inference costs.
Philosophy!
-
@alice
Agreed on all points except one: If you're providing incorrect data to poison the data broker's systems, please don't just type in a "random" email address unless you're confident that it's not someone's real email address.On any given day, I receive about a dozen emails from various websites where an email address was required for registration, and someone typed in my email address while providing their "fake" info. Pizza order receipts, airline flight confirmations, golf tee time registrations, etc.
The worst part is that these are misdirected, but otherwise legitimate emails, so I can't just mark them as spam, because that will poison the spam detection algorithm's dataset.
So yeah, if you're gonna type in a fake email address, please make sure that it doesn't belong to someone first, and the easiest way to do that is to use a nonexistent domain, preferably one that no one would ever register, like "${random_guid}.com"
@JamesDBartlett3 @alice those are spam, and should be reported as such. Any system that doesnโt validate email addresses before adding them to a list will be used maliciously in attempts to overwhelm target email addresses by signing them up for every vulnerable mailer.
Also, the more complaints that buyers get as a result of buying data from brokers, the less the data is worth. I wouldnโt worry about a made up address I use once happening to be real
-
Poison your data ๏ธ
@alice I've been contemplating keeping a fake code repo behind an invisible link on my website. Lots of useful looking stuff, everything compiling cleanly, but with all if it subtly broken.
-
The goal is to make corporate data less profitable.
Even stuff as simple as setting your birthdate to 1970-01-01 everywhere, adding [TEST] or [DELETED] as your name or account notes anywhere you don't need them to know your name.
Using plugins like AdNauseam to poison ad trackers (and cost them marketing dollars).
Using VPNs set to different locations.
Signing into data broker sites to "correct" outdated info (they'll often let you do that with little-to-no proof of identity, but will require your passport or state ID in order to delete your info). Bonus points if you correct it to someone else's info on their site that's similar to yours.
Only fill in required fields when you sign up for anything, but only provide correct info if it matters for you to use the service, otherwise provide plausible, but incorrect, data.
If you use LLMs anywhere, use the free tier and always vote thumbs up for bad answers and down for good ones. It wastes their resources and drives up their costs while making their training data worse.
@alice the LLM suggestion kind of sounds like what you could do with the old Google recaptcha challenges where it showed your two words you were supposed to type in.
The system really only knew one of the words and the second one was basically put there so you could be the text recognition system for Google digitizing some media. Once you knew what to look for you could see which word the system did not know because it was distorted in specific ways and you could input any poison data you liked. -
@alice
I've been using April 1st for my birthday on web forms basically since there's been a web. The year, I pick more or less at random. I get a handful of automated "birthday" emails every April Fool's day. -
@JamesDBartlett3 @alice those are spam, and should be reported as such. Any system that doesnโt validate email addresses before adding them to a list will be used maliciously in attempts to overwhelm target email addresses by signing them up for every vulnerable mailer.
Also, the more complaints that buyers get as a result of buying data from brokers, the less the data is worth. I wouldnโt worry about a made up address I use once happening to be real
@ShadSterling @JamesDBartlett3 @alice @alice
Remember,
@
.com is a correct valid formatted e-mail address
