Article headline: Samsung Suffers Another Massive Data Breach: Should You Be Worried?
This really needs renamed. Samsung did not 'lose' anything. If I 'rm -rf' data without a backup, that is data loss. This is a breach in which the only loses is 'Samsung loses control of singular ownership of your data putting users at risk'.
Well there is DLP: "Data Loss Prevention is the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data."
You can bet that Samsung doesn't have singular ownership of any customer data in their possession. If Samsung isn't selling it to someone else already the state will be buying or taking it.
Certainly any operations within the US will be subject to data collection by one three letter agency or another. I'm not sure how much South Korea likes to spy on their own companies, but I think it's a safe bet they're collecting data too.
I’m going to guess that “free” is quoted because of an experience similar to my own. I signed up for free credit reporting after a breach years ago. Months later they started to deduct around $12 a month from my account. It was free with a monthly subscription following. If that’s still a thing the credit bureaus are making serious money from these leaks.
Maybe I should get into the credit monitoring business. Seems like the average person will end up with many lifetimes worth of 'free' monitoring from settlments.
"We want to assure our customers that the issue did not impact Social Security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth"
How exactly is this meant to be "assuring"? Who cares in the slightest about credit or debit card numbers? The other stuff matters FAR FAR more.
If you know the person’s exact name and city of residence you can use a supposedly legit service to purchase their SSN for $50. I won’t post it here, but should be trivial to find the name of company.
I used this service several years ago when a contractor tried to give my business an obviously fake SSN as he thought he wouldn’t have to report the income.
Financial info are easy to change. Financial info that is stolen and used won’t hold the victim liable for the damages (in us). SSN is basically universally leaked and also deterministically generated. Again, no harm to victim for any fraudulent uses.
Address isn’t likely to change. Especially not due to a leak. Phone number changing is a PITA even if easier. Date of birth can’t change ever really.
Why should they? Bribery, embezzlement, stock manipulation and accounting fraud is the norm for Samsung's VP, Kee Jae-young, who was just pardoned at home in Korea. Data breaches are 'the cost of doing business' for Samsung. /s
Happy Fairphone user here. Fairphone OS installed by default (pretty minimal without much bloatware).
Haven't tried it myself, but if you want to go further, they have guides for installing /e/OS or other OSes, they support that, and reverting to Fairphone OS if you wish.
No idea, sorry. The phone has NFC but whether your bank has an app you can get without the Google Play Store is dependent on your bank, but often not the case. If these are deal-breakers to you then it's going to hard to recommend all-in with /e/OS at the moment. You could also try it and revert to Fairphone OS, they do support that, but presumably it's a non-trivial and time-consuming thing.
You could try running /e/OS on Anbox to get a feel of it and what can and can't be done? That's probably the simplest way forward.
Probably by not registering a Samsung account and not using their services. While the phone OS will push you for it, it's only used for their bloatous offerings, and is skippable.
If your model isn't boot locked then swap the OS. Otherwise:
(1) Don't make a Samsung account or otherwise lean in to the ecosystem.
(2) Much of that crap can be uninstalled or disabled.
(2a) There's more nonsense than you think. I replaced the camera and all sorts of things that shouldn't have been phoning home or displaying ads.
(2b) You need a mechanism for handling updates, since all that crap will come back and all your privacy settings will be reverted. You could automate the process the first time and just search for any new stragglers, but I just disable them and manually handle it when some sort of critical RCE comes out. You're not supposed to be allowed to disable them without nagware, so see (3).
(3) DNS blocking is a godsend. The crap you're unable to remove can be effectively neutered with a little work on this front.
(4) You might want a little extra userspace modification on top of that like remapping the Bixby button.
Samsung is so bad at what they do. They have demonstrated over and over that they have no regard for security or their users. Their phones are preloaded with so much useless barely functional crap, and they pretty much wrote the book on corruption in Korea.
Like which ones? I'm on my second Samsung after fleeing iOS, and aside from the Google apps mentioned above, I have a neat folder with the Galaxy Store, a recording app, a radio app and a few others which seem quite useful. I also use Samsung Notes often enough.
In India, samsung reinstalls new garbage bloatware with every update. I have to take my mom's phone and uninstall every one of them after every update. Thats the only way they keep prices low I think.
Unfortunately, Samsung is the second Apple, they make it very hard to unblock their phones, known to install tons of spyware (even if you don't use their apps and don't have an account). Carefully investigate if device is rootable (even if you don't plan to) before you buy.
Just got a new Samsung sound bar. Can anyone explain why when I connect via Bluetooth (or maybe it was their smart things app) it wants access to my phone contacts and messages!?
Not sure about messages, but most Bluetooth speakers prompt if I want to give them access to my contacts - I've always assumed it's so they can display/say the caller ID for an incoming call.
Pretty sure it's the app. If the soundbar is a plain Bluetooth audio device it shouldn't even need any other software than what is already contained in the device you want to connect it to. They however could have replicated or moved some of its controls on the app so that you're encouraged (if not forced) to install it and surrender your personal data in the process.
I hate that practice; almost every device or service today wants to install an app because it brings their brand on the phone main screen and gives full access to users private data. Besides privacy concerns, it can't scale: 100 products or services done the traditional way were 100 addresses in a bookmarks file that used a few KBs combined and no CPU power at all except for the browser (that is, just one app), now they are 100 executables that waste orders of magnitude more storage and can slow a device like molasses even when not in use; all this in the name of sticking a logo on the main page of a phone and exfiltrating users personal data.
"Please use the original title, unless it is misleading or linkbait; don't editorialize."
https://news.ycombinator.com/newsguidelines.html