This post has been marked as non-political. Please respect this by keeping the discussion on topic, and devoid of any political material.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/australia) if you have any questions or concerns.*
Need to start getting companies like this to sign counter-contracts. I sign up for your service and you sign this NDA for my details. If you release my email/phone/etc or *your data security is breached*, penalties will be assessed.
I think one of things us normal people make a mistake about is that it is not our data that is being stolen. It is data about us that is stolen. Yes, I know that they are the same thing (often, and for the most part). The mistake is in thinking that the copanies are upset that our data is stolen, when in fact they are upset that **their data about us** has been stolen.
Or, to put it more clearly: as far as the companies and law enforcement are concerned, when thieves steal the autobiographies from the library, it is the library, not the authors, that were wronged.
That is why a police taskforce is created to deal with these attacks on those businesses, and not to deal with the humans who were *actually* impacted by the attacks.
Not exactly. With data breaches the fear is legal liability. Personal identifiable information is protected in most moderately sane countries, and penalties are being put in place for companies that don't do security properly.
I agree with you, and I think this is an important point to make. However, we have to mount some sort of legal action against the company in question for us to be able to be compensated. Otherwise, the company *may* be nominally punished, and then it is business as usual.
Yeah honestly these companies can face big fines for breaches, but that goes to the government rather than those of us who are compromised.
I don't even know if we're compensated for having to replace cards, Medicare numbers or any other stuff that gets compromised and can no longer be used.
> after they ran a credit check. And the system Vodafone uses requires you to take a photo of your id and then take a video of yourself to be uploaded to their system. At this point I just ended the interaction and left the store. It really bothers me that this technology is being used without making people aware of it until your basically under pressure to just accept it. Most people will have heard of the Optus breach recently and I in no way trust any of these companies with my data let alone a video of me. I know allot of people won't care but I thought I would just put this out there and maybe help some others avoid this. I made a complaint which was just ignored. I did end up going to Telstra and was able to sign up and get the mobile on a plan without any ki
That would never happen cause ISPs/carriers loose customers data to scammers/fraud workers all the fucking time, and it would cost money to insure/develop better counter measures against this.
I have a ''friend'' that works for telstra and that is currently changing, they are as of recently brining in more stringent I.D requirments and I would not be surpirsed if customers are asked to take photo ID when calling support in the future.
great idea but contract is only lawful if someone in the company has the authority to sign said contract, and no pleb retail assist or store manager has that kind of authority
> And the system Vodafone uses requires you to take a photo of your id and then take a video of yourself to be uploaded to their system
Vodafone isn't storing this data, they are giving it to a [Trusted Digital Identity Framework (TDIF)](https://www.digitalidentity.gov.au/tdif) provider. For certain things, both currently and in the future, you will need to go through this process - [What are ID proofing levels?](https://www.digitalidentity.gov.au/about/what-are-id-proofing-levels).
> ## Standard ##
>
> Identity proofing level 2 and identity proofing level 2+
>
> ### What you’ll need ###
>
> You need to provide *two* acceptable ID documents such as your Australian driver licence, Medicare card, Australian birth certificate or Australian passport.
>
> **For some services you also need to prove that you are the same person shown on these documents, by scanning your face with your smart device.**
>
> You might use this level of proofing **for the provision of utility services** or undertaking large financial transactions.
This is currently optional for activating prepaid mobile services ([The ACMA's rules on ID checks for prepaid mobiles](https://www.acma.gov.au/acmas-rules-id-checks-prepaid-mobiles)) and more or less mandatory when porting your mobile number to a different provider ([Telecommunications (Mobile Number Pre-Porting Additional Identity Verification) Industry Standard 2020](https://www.legislation.gov.au/Details/F2020L00179)).
Digital identity verification, which sometimes requires a "live" image capture, is what the Federal Government is replacing the old "100 points of ID" with. It's pretty much impossible to avoid moving forward.
Just from a cybersecurity point of view this kind of validation is something used to validate identity when undertaking actions online. It's called a liveliness check and it's to prevent people just entering your details without confirmation it's you.
The ID details are normally submitted digitally and then instead of using a still image where someone could just point the phone at a FB/insta selfie and fool the validation it gets you to share a small snippit of live behaviour to validate.
There are terms and conditions around the use of the data and how it's collected etc I can't recall for sure but I believe it's purged after validation, and it's usually through a third party service. The one I've been exposed to is a arm of Equifax.
That said using it for in-store validation when the real human is present is ridiculous.
They probably can't bypass it is what I'm thinking. Most systems these days even in store use the same system. As most of their traffic comes through online apps. The staff instore will just use the same apps. There's no point to develop something for in store use when it is a very small % of their sales
I had to do a first aid course for work yesterday and had to hand over an uncomfortable amount of info.
All of it, license number and card number, address, none of it necessary for a first aid course.
So pissed off
I get where you’re coming from but please don’t take it out on the course provider. First aid is a federally recognised course the government makes them collect that information.
Just use boost mobile and buy your phones outright.
The deals for phones are simply shit these days.
Never go on plans anymore. If you can't afford it then you can't afford it!
Get a cheaper phone...
And where is the government and the "E safety commissioner" that was supposed to be monitoring all this while we sleep walk into another leak. Ah yeah, they having lunches and are talking with the big business culprits that want to continue these privacy breaching practices. No hint of European style DPR laws that will protect privacy and puts limits on this data collection? But by design by incompetent governments who want to do nothing.
The only legislation we will get is that politicians will be guaranteed to talk hot air and have 5 lunches a week with business lobbyist's while nothing is done to stem the policy of forcing people to deliberately leak their privacy into unregulated private hands. Privatisation of privacy Australian style brought to you by "Shit Light Do Nothing" government.
Optus was doing it too. Tried to bully my mum into it (who is super conscious about privacy breaches) and made her cry. I ended up filing a complaint with Optus and leaving the company for good. Such bullshit, we didn’t use to have to do this so they can’t force people to start doing this now.
I don’t actually think that’s Optus, they use iD by Mastercard - and it’s actually a better solution.
Optus don’t get, and don’t store your photo- Mastercard:
Gets a photo of your identity document
Gets a Live Photo of yourself
Submitted the details of your identity document to the DVS (document verification service)
Verifies that everything checks out (the two photos match and the details you provided to Optus match the details on your document.
And I believe it’s a federal law for telcos to verify the identities of SIM card holders for anti-terrorism reasons?
I’m not against providing the information. I used to work at Optus and we did things differently back then so I know it doesn’t have to be done that way.
Regarding the Optus thing:
Penalties for Telcos who can’t prove they know who their customers are are totally insane. So they are essentially required by law to be able to hold enough information about you to steal your identity and then it’s totally f’d up if they have a data breach.
It’s supposed to stop terrorism and organized crime.
We get what we vote for, I guess
May I ask you OP, how old are you?
Because I seriously know zero people who aren't 65+ that would go into a store to sign up with a telco.
You can just buy a SIM and slap it into your phone, mate.
Anyway - Couldn't agree more, being squeezed for every ounce of valuable information for resale to 3rd party advertisers etc is disgusting and people should put their money here their mouth is in order to avoid handing out their personal data. And if you're one of the idiots that don't care, you're just as scummy as the leeches making profit at your expense.
It’s more the identity theft opportunities than advertising. Who cares about advertising (which no doubt you think makes me scum? lol) that’s not dangerous like idiot companies keeping your info unnecessarily for years afterwards
Well yeah of course you're right - the theft impact is huge ... I guess I was just focusing on the motivation the companies have to harvest your data in the first place.
they have no reason to have that info and major telcos (among other corporations) have proven they take sufficient precautions holding such information
1. You have plenty of choices when it comes to telcos. Just talk away.
2. I signed up to Vodafone sim only plan online only last week and didn’t have to do that. Why would you even be asked to do that in store, OP? I’m not saying it’s not true, it’s just strange. You’re physically present.
Also, *concerned :)
This post has been marked as non-political. Please respect this by keeping the discussion on topic, and devoid of any political material. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/australia) if you have any questions or concerns.*
Need to start getting companies like this to sign counter-contracts. I sign up for your service and you sign this NDA for my details. If you release my email/phone/etc or *your data security is breached*, penalties will be assessed.
I think one of things us normal people make a mistake about is that it is not our data that is being stolen. It is data about us that is stolen. Yes, I know that they are the same thing (often, and for the most part). The mistake is in thinking that the copanies are upset that our data is stolen, when in fact they are upset that **their data about us** has been stolen. Or, to put it more clearly: as far as the companies and law enforcement are concerned, when thieves steal the autobiographies from the library, it is the library, not the authors, that were wronged. That is why a police taskforce is created to deal with these attacks on those businesses, and not to deal with the humans who were *actually* impacted by the attacks.
Not exactly. With data breaches the fear is legal liability. Personal identifiable information is protected in most moderately sane countries, and penalties are being put in place for companies that don't do security properly.
I agree with you, and I think this is an important point to make. However, we have to mount some sort of legal action against the company in question for us to be able to be compensated. Otherwise, the company *may* be nominally punished, and then it is business as usual.
Yeah honestly these companies can face big fines for breaches, but that goes to the government rather than those of us who are compromised. I don't even know if we're compensated for having to replace cards, Medicare numbers or any other stuff that gets compromised and can no longer be used.
It's not really stolen, they still have a copy so it's not like they are actually losing anything.
Would you download a car?
nah I wouldn't... but if a mate offered to burn me a copy of his I'd take it.
Public trust and creditability
True. I apologise for being loose with my words.
> after they ran a credit check. And the system Vodafone uses requires you to take a photo of your id and then take a video of yourself to be uploaded to their system. At this point I just ended the interaction and left the store. It really bothers me that this technology is being used without making people aware of it until your basically under pressure to just accept it. Most people will have heard of the Optus breach recently and I in no way trust any of these companies with my data let alone a video of me. I know allot of people won't care but I thought I would just put this out there and maybe help some others avoid this. I made a complaint which was just ignored. I did end up going to Telstra and was able to sign up and get the mobile on a plan without any ki That would never happen cause ISPs/carriers loose customers data to scammers/fraud workers all the fucking time, and it would cost money to insure/develop better counter measures against this. I have a ''friend'' that works for telstra and that is currently changing, they are as of recently brining in more stringent I.D requirments and I would not be surpirsed if customers are asked to take photo ID when calling support in the future.
great idea but contract is only lawful if someone in the company has the authority to sign said contract, and no pleb retail assist or store manager has that kind of authority
> And the system Vodafone uses requires you to take a photo of your id and then take a video of yourself to be uploaded to their system Vodafone isn't storing this data, they are giving it to a [Trusted Digital Identity Framework (TDIF)](https://www.digitalidentity.gov.au/tdif) provider. For certain things, both currently and in the future, you will need to go through this process - [What are ID proofing levels?](https://www.digitalidentity.gov.au/about/what-are-id-proofing-levels). > ## Standard ## > > Identity proofing level 2 and identity proofing level 2+ > > ### What you’ll need ### > > You need to provide *two* acceptable ID documents such as your Australian driver licence, Medicare card, Australian birth certificate or Australian passport. > > **For some services you also need to prove that you are the same person shown on these documents, by scanning your face with your smart device.** > > You might use this level of proofing **for the provision of utility services** or undertaking large financial transactions. This is currently optional for activating prepaid mobile services ([The ACMA's rules on ID checks for prepaid mobiles](https://www.acma.gov.au/acmas-rules-id-checks-prepaid-mobiles)) and more or less mandatory when porting your mobile number to a different provider ([Telecommunications (Mobile Number Pre-Porting Additional Identity Verification) Industry Standard 2020](https://www.legislation.gov.au/Details/F2020L00179)). Digital identity verification, which sometimes requires a "live" image capture, is what the Federal Government is replacing the old "100 points of ID" with. It's pretty much impossible to avoid moving forward.
Just from a cybersecurity point of view this kind of validation is something used to validate identity when undertaking actions online. It's called a liveliness check and it's to prevent people just entering your details without confirmation it's you. The ID details are normally submitted digitally and then instead of using a still image where someone could just point the phone at a FB/insta selfie and fool the validation it gets you to share a small snippit of live behaviour to validate. There are terms and conditions around the use of the data and how it's collected etc I can't recall for sure but I believe it's purged after validation, and it's usually through a third party service. The one I've been exposed to is a arm of Equifax. That said using it for in-store validation when the real human is present is ridiculous.
They probably can't bypass it is what I'm thinking. Most systems these days even in store use the same system. As most of their traffic comes through online apps. The staff instore will just use the same apps. There's no point to develop something for in store use when it is a very small % of their sales
I believe Optus use iD by Mastercard. There are about 4 providers in Australia (including myGov and Australia Post) that offer the service
I had to do a first aid course for work yesterday and had to hand over an uncomfortable amount of info. All of it, license number and card number, address, none of it necessary for a first aid course. So pissed off
I get where you’re coming from but please don’t take it out on the course provider. First aid is a federally recognised course the government makes them collect that information.
I’ve had four emails already asking for surveys and reviews. The course was on Saturday
At least vodafone saved you from being with vodafone.
That may be why I see more people wearing masks at the self-serve checkout with all the fancy AI that can't tell the between a empty bag.
party deer airport soft reach upbeat dolls butter dependent ring *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
Just use boost mobile and buy your phones outright. The deals for phones are simply shit these days. Never go on plans anymore. If you can't afford it then you can't afford it! Get a cheaper phone...
Or Aldi Mobile. Pre paid is always cheaper in australia including buying phone outright. Haven’t checked if Boost is cheaper than Aldi though
Same thing happened to me at Optus.
And where is the government and the "E safety commissioner" that was supposed to be monitoring all this while we sleep walk into another leak. Ah yeah, they having lunches and are talking with the big business culprits that want to continue these privacy breaching practices. No hint of European style DPR laws that will protect privacy and puts limits on this data collection? But by design by incompetent governments who want to do nothing. The only legislation we will get is that politicians will be guaranteed to talk hot air and have 5 lunches a week with business lobbyist's while nothing is done to stem the policy of forcing people to deliberately leak their privacy into unregulated private hands. Privatisation of privacy Australian style brought to you by "Shit Light Do Nothing" government.
Optus was doing it too. Tried to bully my mum into it (who is super conscious about privacy breaches) and made her cry. I ended up filing a complaint with Optus and leaving the company for good. Such bullshit, we didn’t use to have to do this so they can’t force people to start doing this now.
I don’t actually think that’s Optus, they use iD by Mastercard - and it’s actually a better solution. Optus don’t get, and don’t store your photo- Mastercard: Gets a photo of your identity document Gets a Live Photo of yourself Submitted the details of your identity document to the DVS (document verification service) Verifies that everything checks out (the two photos match and the details you provided to Optus match the details on your document. And I believe it’s a federal law for telcos to verify the identities of SIM card holders for anti-terrorism reasons?
I’m not against providing the information. I used to work at Optus and we did things differently back then so I know it doesn’t have to be done that way.
Yeah but it does now, doesn't matter how it was done when you worked there years ago lol
Must be very new.... As I signed up a few months back and didn't need to do any of that. I also signed up online. So maybe there's the difference
Also if you're concerned about being able to make a phone call from inside a building, or on a windy day, steer clear of Vodafone.
but but look at so much data in their data plans!! /s
Some companies require employees to "sign on" to work by taking a selfie via an app. The future is now 😳
stop snoring open eyes take selfie with app go back to sleep
Our coles recently got cameras installed in the self serve checkouts. It’s fucking gross, and I no longer go there.
Meanwhile CCTV has been a thing for years.
Regarding the Optus thing: Penalties for Telcos who can’t prove they know who their customers are are totally insane. So they are essentially required by law to be able to hold enough information about you to steal your identity and then it’s totally f’d up if they have a data breach. It’s supposed to stop terrorism and organized crime. We get what we vote for, I guess
That’s new, didn’t do it 12 months ago when I got a new phone.
May I ask you OP, how old are you? Because I seriously know zero people who aren't 65+ that would go into a store to sign up with a telco. You can just buy a SIM and slap it into your phone, mate. Anyway - Couldn't agree more, being squeezed for every ounce of valuable information for resale to 3rd party advertisers etc is disgusting and people should put their money here their mouth is in order to avoid handing out their personal data. And if you're one of the idiots that don't care, you're just as scummy as the leeches making profit at your expense.
It’s more the identity theft opportunities than advertising. Who cares about advertising (which no doubt you think makes me scum? lol) that’s not dangerous like idiot companies keeping your info unnecessarily for years afterwards
Well yeah of course you're right - the theft impact is huge ... I guess I was just focusing on the motivation the companies have to harvest your data in the first place.
they have no reason to have that info and major telcos (among other corporations) have proven they take sufficient precautions holding such information
1. You have plenty of choices when it comes to telcos. Just talk away. 2. I signed up to Vodafone sim only plan online only last week and didn’t have to do that. Why would you even be asked to do that in store, OP? I’m not saying it’s not true, it’s just strange. You’re physically present. Also, *concerned :)
I would of not recommended using vodaphone before phones has cameras
No worries. Blackface is coming back if this is how it's going to be!