I’m getting a bit sick of large corporations a) demanding excess data as a condition of doing business with me, b) allowing it to be stolen, and c) giving zero fucks about it.
What are some things that us netizens can do to make our displeasure known.
Extra points for funny ideas.
Explanation for illiterates?
It’s an SQL injection joke.
Basically, when dealing with databases, you can use SQL to search or modify the data in that database. By default, you can do this by polling the database with an SQL query. But this introduces a vulnerability called SQL injection. Basically, imagine if instead of filling in a name in the “Name” field, you filled in an SQL query. If the database admins haven’t protected themselves against it, then the database will happily run that query; You have just injected an SQL query into their database. Maybe you’re a malicious attacker, looking to get a virus onto the system, or looking to extract the data.
Protecting the database from injection is done with something called sanitizing. Basically, you set up filters to disallow SQL, so it can’t touch your database. In this comic, the database admins didn’t do that, so they were unprotected.
The actual SQL uses the student’s middle name to search for any tables named “Students” and permanently delete it. The joke is that when the school admin staff enters his name into their database, it will delete any tables named “Students” and wreck their database.
More in the spirit of this, prefer and actively seek out alternatives that collect as little or even no data at all and test to make sure they run without internet access. If they give you a hard time or straight up dont work without an internet connection when they ought to be able to, chuck em
Edit: also call them out in reviews. Why you collect data guys, dont you want my money?
This has been the go-to for decades and it’s not working. I feel like we need to be prepared to engage with the system, but make it clear we are not just passive consumers. Something that becomes viral maybe?..
Use EICAR test strings as your password.
If they store your password in plain text the AV will lock the user database.
If your password gets leaked and they are using bad password security, when your password is cracked the AV will isolate the file.
Bold of you to assume a corporation storing passwords in plain text would be using AV
According to EICAR’s specification the antivirus detects the test file only if it starts with the 68-byte test string and is not more than 128 bytes long. As a result, antiviruses are not expected to raise an alarm on some other document containing the test string.
This won’t work, assuming the database file is more than 128 bytes long
deleted by creator
Ah… “advice” consisting of “I’ve heard of a thing”
Being a non-programmer I had to look up what that is
Whoa, I wanna try this now! Thx!
ELI5 please? I’ve read the other replies, but would love to understand a bit more.
EICAR test strings are strings of text that can be used to test an antivirus. Basically, you bury the file somewhere, and see if your AV picks it up. The joke being that if they’re storing your password in plaintext (a big no-no from a security standpoint) then their AV will clamp down on the database once you create your account and the test string is embedded.
It wouldn’t work in this instance, unfortunately; EICAR test strings are only meant to work when embedded in files that are shorter than 128 bytes. And every database is almost certainly larger than that.
Removed by mod
I believe this is illegal in most jurisdictions.
We’ll see once the verdict comes
Not exactly what you’re looking for, but Ad-Nauseum is a nice way to inject a ton of garbage into the data corps collect.
I played around with this some time ago, until I thought more about it: using tools like this makes adtech money.
Adtech doesn’t care if you’re interested in X or Y, just that they can charge the advertiser for it. By injecting fake traffic, they’re getting more data to sell.
If you send back one of those reply mail envelopes it costs them money. Stuff those envelopes with junk and send them back.
I don’t get many of them anymore, but when I do, I mail them back with a little slip of paper inside that says “poop”.
This brings me so much joy.
But not a brick. They are apparently onto that.
First class letter mail is up to 3.5 oz and within a certain l thickness. Every ounce costs extra over the first oz (idk about commercial return mail pricing) just stuff it with flat cardboard from cereal boxes or fill out the information wrong and put in a competitors corporate address.
I tried the brick once long ago. 1) No way to verif it works (not just PO’s the P.O. 2) That kind of shit may be why so many public POBoxes have been removed. 3) The was of paper (up to 3.5 oz?) -seems- to have worked.
Send a copy of the receipt for your donation to the open source project that most closely aims to be their alternative. Explain why you’re angry in 3 sentences and do so like you are condescendingly speaking to a five year old.
Make the letter public, so other people know & get informed.
Make the letter public, so other people know & get informed.
I’m skeptical that anything legal will work for very long because they will quickly work to make said legal action illegal.
But we can have some fun along the way, and it does change behaviour for a bit.
Maybe pirate your media and donate the money to open source alternatives
Use AI to generate false info to feed into their database
If a company is publicly traded, then all leaked individuals are given 50.1% controlling stock in the company, split among the victims with new stocks created for them, with unclaimed stocks held in a trust controlled by anyone that did respond to claim stocks. They can sell the stocks, or drive the company into the ground out of spite. Maybe even both.
Companies not publicly traded have 3 months to make all code used, trademarked material, and patents open source in perpetuity, and 1 year to convert their corporate structure into a non-profit.
Regardless of the size of the company, the CEO, CTO, and board must eat their weight in fried bugs. They get to pick the type of bug from a list of 5 options, and any seasoning they want. Live streams of the bug eating will be monetized and the proceeds given to orphans, under the title of “It’s not a bug, its a feature.”
Use bots to apply for the open positions to waste time. Reject them all for not enough pay.
Post public info of the CEO class
Piracy
Give fake data when using all services.
Start and join boycott groups.
Use their social media against them. Eg post their dirty laundry as a comment on their post.
Stop using as many services as possible. It might not be funny but, I mean, what if you went to a music store and bought used CDs instead of using Spotify? Do all of that you can.
As others have said, the best instances of direct action are illegal.
Don’t use their services.
