Comment by varenc
3 years ago
Wow placing a freeze requires filling out a PDF form, attaching a scan of your ID, and then sending it in over email, mail, or fax. The PDF lacks built in form fields you can type in. The extra friction is probably a feature: https://assets.equifax.com/wfs/theworknumber/assets/twn_Empl... (the exif data on that PDF shows the name of the employee that created it and that they used Word 2010...)
The Equifax CCPA request process on the other hand is very smooth and automated. Though doesn't seem like it's including Work Number information: https://myprivacy.equifax.com/
Shameless plug [1] that hopefully provides value: simplePDF.eu [2] will allow you to fill it in more easily (the fields are already set)
[1] It's a side-project of mine
[2] https://www.simplepdf.eu/editor?open=https://assets.equifax....
Just making sure, the site will NOT save the data that I entered in the PDF? Thank you for sharing your side-project!
You’re welcome!
Indeed, the website will NOT save the data that you entered in the PDF.
In fact neither the data you enter nor the PDF that gets loaded is ever seen by my server: everything happens locally (including the actual PDF generation) [1]
Privacy is one of the key distinctive feature of simplePDF
—
The only thing that is saved is a fingerprint of the document that allows to match the field types and their respective positions (x,y, type of field, width, height…)
If you want to see it in action:
1. Download the Equifax form on your computer
2. Navigate here https://simplePDF.eu/editor
3. Load the PDF from your computer
4. Because the document fingerprint is “known”, the field types and positions are automatically retrieved from the server
[1] You may notice that after a browser refresh the data you entered is still there: that’s because it’s saved locally in the local storage of your web browser
—
Unrelated: some people have reported that the save button is not displayed in some cases: trying refreshing the page – I’ll work on a fix as soon as possible
This isn't working quite right for me (Firefox on Windows). The SSN field is a single text box and the numbers don't line up with the boxes on the form. I can pad with a single space, but additional spaces don't increase the padding.
https://imgur.com/NXrZGaS
Thumbs up for https://www.simplepdf.eu! Just generated the Equifax form.
Neat! How do I save in the filled out PDF??
There should be an EDIT and SAVE button on the right side if you’re on a computer and at the top if you’re on mobile.
If you can’t see either, this is most definitely a bug!
Could you try refreshing the page to see if it helps?
1 reply →
>The extra friction is probably a feature: https://assets.equifax.com/wfs/theworknumber/assets/twn_Empl... (the exif data on that PDF shows the name of the employee that created it and that they used Word 2010...)
I don't get it. how is "PDF shows the name of the employee that created it and that they used Word 2010" relevant to the claim that "extra friction is probably a feature"?
Just speculating here, but I wonder if their point is that they went out of their way to create a PDF that is as unusable as possible, and that Word 2010 is somehow required to create such a PDF.
A few simpler explanations:
- Equifax IT hasn't rolled out modern O365 apps
- The form was created a long time ago, and has not been updated
Regardless of the exif data, I do believe that friction is absolutely a feature in this process, but I also think the Word 2010 angle is tenuous at best.
I've worked on these kinds of systems, but not this one explicitly. There is always a discussion about how to make it(legally) more difficult for users to do something you don't want them to do. It's not paranoia, it's reality.
No angle or point with that comment. Just interesting! I like looking at exif data. And I think there should be more awareness around what it often leaks.
Probably it's buried in a ticket deep in the feature requests lists and has zero potential revenue impact (or negative) so it isn't prioritized.
And then they have all of that as well ready to be breached!
When I submit the myprivacy.equifax.com validation it hangs at "Processing..." indefinitely. #AbolishCreditAgencies
Credit, bank checking (ChexSystems), and personal information aggregators like Lexis Nexis and Thomson Reuters Clear ought to be abolished or curbed indeed. I hate to bring trans politics into this. I'm sure that's the last thing anybody wants to hear about right now. However we are a class of people whose sexuality can be unfairly identified by these databases.
> I hate to bring trans politics into this. I'm sure that's the last thing anybody wants to hear about right now.
It bothers me sometimes if other people do that, it does not bother me at all if actual trans people want to talk about it. Thank you for sharing, that angle didn't occur to me.
> I hate to bring trans politics into this. I'm sure that's the last thing anybody wants to hear about right now.
I'm glad you did, as I hadn't thought about that since it isn't part of my day-to-day experience.
Hopefully TransUnion is more respectful of your rights.
1 reply →
Is the issue 'just' that they misgender trans people? That alone is already shitty of course. Or is the issue also that it makes later 'verification' by these agencies more difficult if the recorded gender does not match the apparent gender of the person?
9 replies →
If this helps, me and my team use LX and some product from TR and for our purposes sex by itself is not a strong driver for anything. That said, I absolutely agree with your initial statement. There is way too much information available just from those two sources and those should be restricted as much as possible.
As other users noted, I have personally zero issue when it is an individual case ( my personal misgivings start somewhere where it moves to a political wedge issue ).
> However we are a class of people whose sexuality can be unfairly identified by these databases.
What do you mean, that you go through life as a woman but that the DB says you were born as a man (for example) ?
Out of curiosity, what happens if you use a free credit card e.g Barclays? Does living in the EU zone protect you? Do they have access to your bank account information?
4 replies →
> However we are a class of people whose sexuality can be unfairly identified by these databases.
Good perspective and thanks for sharing it. I am curious about your choice of words though. You said "sexuality" and not "gender identity". Is there some reason why? I've always thought of the term sexuality to be how you feel about others. Or is that what you meant here?
2 replies →
I used to work at Lexis Nexis and I agree since I could see first hand how much personal data and information they have on individuals.
They also used theworknumber funny enough for any "employment verification" etc, pretty sure they have a partnership.
Trans politics are you politics. Share you politics - they’re important and interesting. :)
2 replies →
>I hate to bring trans politics into this. I'm sure that's the last thing anybody wants to hear about right now.
You're right. Too bad it didn't stop you from doing it anyway.
3 replies →
The current oligopoly of the big three credit bureaus is a travesty and needs substantial reform.
That being said, abolishing the concept of a consumer credit report entirely is a terrible idea. It is a fact that different people simply present different risks to a lender in their likelihood of default. Having actual data about a person's previous repayment history is extremely predictive of their future default probability (with proper ML applied).
If you remove the ability to use data about that actual person's previous behavior then instead lenders will simply not provide credit or financial services to large proportions of the population whom might be credit worthy as they would be unable to determine if they are creditworthy.
Again, I'm not arguing for the status quo. A lot of reform is needed. But to ignore the reality of how credit underwriting works is foolish. One of the reasons that many developing countries don't have financial services for their populations to access debt is because they don't have sufficient data to do credit underwriting.
And debt is a critical tool to enable investment in the present. Used wisely, debt enables a person to borrow from the future to invest in the present, e.g. buying a car so they can commute to a nearby city and earn a higher salary.
>That being said, abolishing the concept of a consumer credit report entirely is a terrible idea. It is a fact that different people simply present different risks to a lender in their likelihood of default.
And any bank will ascertain this from their forms when applying for a loan well before they do any kind of credit check on you.
Also, YOU should control your credit history. You can give it to a lender if you wish to prove your credit worthiness. They shouldn't be allowed to give it to anyone else. Organizations should not be allowed to track it unsolicited.
The U.S. financial system worked just fine before credit scores became a thing in 1989.
11 replies →
> Used wisely
When does that ever happen? Lending and borrowing are always at the root of every economic crisis. National debt of countries are already astronomically large and will only keep growing.
Just abolish credit as well. If it means the economy will grow slower, so be it.
21 replies →
#AbolishCreditAgencies
Things were bad, or worse, before they existed. Every little town had one (I remember walking past Palo Alto’s downtown; it was just a storefront with a bunch of file cabinets). Getting credit was slow and complicated and really a pain when you moved.
And before that, even into the mid 20th century, getting credit was all about your network. And remember how much people complain about VCs relying on intros rather than cold calls…well that’s how the entire financial system used to work.
Yes the credit agencies are abusive and lazy and need serious reform and legal management, but they also provide valuable services. I believe it is possible to have the latter and fix the former.
Check if an ad blocker might be interfering? I finished my CCPA request in ~2 minutes and it only required that I do SMS verification. Presumably because the name, phone, address, and email all matched records they had on file for me...
There’s a special caliber of crappy site that only functions when ad-blocking is enabled.
My working theory is that the sites are so bad, they rely on the ads to provide their dependencies as global. Block the ads and you’ve blocked the ancient version jquery the main site needs loaded of function.
1 reply →
You can just send them an email as defined in the CCPA. Why even give them your cell or SSN.
At least they let you mail or email.
I faxed them 4 times in 6 months to verify my identity because they have me confused with someone else and eventually just gave up.
They said any other alternative was not supported.
You can contact a consumer law attorney to get this fixed. There is an attorney's fees provision in the FCRA which will make it economical to pursue the remedy.
With GDPR you could just send them a formless deletion request.
There are good parts in GDPR for sure.
With GDPR there is no way this could be allowed.
Unfortunately they'd certainly be registered in Ireland and Irish Privacy agency doesn't hand out notable fines ...
GDPR is an EU law and does not have legal legs in the US.
Depends. Do they have EU citizens in their database? GDPR is an EU law that applies to EU citizens around the world, including the US. If you are a non-EU citizen, you can't claim GDPR of course. If you are an EU citizen, you can claim GDPR regardless of the residence of the company AFAIK.
Enforcement of GDPR is a different matter. I am not sure whom I'd complain to, other than my representative in the European parliament. I could probably sue them though, if I found my data there and they refused to comply with my GDPR request.
2 replies →
well there's no law that forces them to make it easy.
There’s also no law that requires it be true or accurate. What a great system! :-/
Yeah, capitalism is a nightmare.
25 replies →