Comment by jstarfish
3 years ago
> its still going to reduce down to just a handful of cars which can then be cross referenced against place of work, relatives, etc.
You are correct, but I can't imagine why anybody would go to that much trouble for a speculative answer. Your idea requires quite a bit of intelligence collection as well (relatives' addresses, addresses of known hangouts, etc. that you have to vet for accuracy).
If you have a confirmed home or work address, just go to their home or work and take a picture of the target VIN through the windshield.
The scammer in the third world country folks may be at threat of this breach being exploited by does not have that ability.
But they do have the internet, and further no meatspace means scams can be automated/scaled.
Honestly, this seems very bad.
Reidentifyig anonymized location traces has been common for many years in the gray data market world. If you have multi-year traces, it’s not too hard. You just need some sparse location data for the target and then if the sparse data matches the trace at 4-5 times you can be pretty sure it’s the same person.
For example, if you ever use public wifi, and you hit a web page with real-time bid ads on it, your ip address and tracking cookie will be reported. The IP can be geolocated, and presto, you have one time/location datapoint. Credit card transaction data can also be bought, and a cc transaction often gives you a location and a time.
I read an article today about someone who was called by his daughter to transfer money. It turned out to be an AI deepfake.
The criminal networks are pretty sophisticated.
>The criminal networks are pretty sophisticated.
I’ve had to relay this on to people I train: It’s their job. It’s a business and it’s unreasonable for you to be better at aspects of it than they are.
I think the slide is titled “Someone is going to be the goose, hopefully not you”.
2 replies →
I’d imagine the play here would be to search known people of prominence/public figures/clergy/politicians/etc and then review the logs for signs of I’ll doing. Most likely infidelity. Then blackmail ensues.
Going to everyone's house seems multiple orders of magnitude more trouble than looking at where a car is most often parked, and seeing if you have anybody in your database that lives, works, or has relatives (or facebook friends) that live at those addresses. I bet you'd get a unique hit 99.99% of the time if you have 10 years of data.
I think his point is just because the data in isolation isn't identification, we live in a world where multiple public datasets are easily used to make 99.9% correlation, yet laws still act like these associations are "technically challenging" Most of the problems are from actors who are very specifically motivated and we need to start a less isolated view of data breaches .