upvote

points

by Oravys1 days ago |
comments
upvoteby Zetaphor8 hours ago|
next
[-]
> Self-audit your public audio footprint. Search YouTube, podcast directories, and old Zoom recording

This is suggestion #1 on your list of remediation steps for victims, but you didn't provide any information on how anyone would actually do that. How exactly would I search the internet for copies of my voice?

Please don't tell me the solution is giving an embedding of my voice to another third party.

reply
upvoteby Oravys5 hours ago|
parent|
[-]
Great question. There's no "reverse voice search" yet the way there is for images — that's genuinely a tool the world needs. In the meantime, the most useful thing is searching your name across YouTube and podcast platforms to map out what's already public. And for Mercor contractors specifically, the California AG breach notice gives you a solid legal basis to request full deletion. Worth doing today.
reply
upvoteby sillysaurusx4 hours ago|
parent|
next
[-]
Note, this comment and your other one (https://news.ycombinator.com/item?id=47931838) were autokilled by HN, because it (rightly) detected that you're using AI to write your comments. I vouched this one to unkill it before I realized it was AI and supposed to be dead. I unvouched it, but your comment's still alive. So now I'm leaving a note saying mea culpa, and to suggest not using AI in your comments unless you want to be autokilled.
reply
upvoteby whatisthiseven2 hours ago|
parent|
prev|
[-]
Thanks for saving me the tokens.
reply
upvoteby davsti423 hours ago|
prev|
next
[-]
Interesting - thanks for the rabbit hole today. ;)

Mercer hasn't released many public statements over the incident. Social media posts aren't necessarily public; but I did find this breach notification sample filed with CA - https://oag.ca.gov/ecrime/databreach/reports/sb24-621099 . I guess we'll see if our legislators finally take data privacy seriously.

reply
upvoteby caminante21 hours ago|
parent|
[-]
Didn't this happen three weeks ago?

Mercor has definitely released statements with boilerplate "investigations are underway."

reply
upvoteby 18 hours ago|
prev|
next
[-]
deleted
reply
upvoteby noir_lord16 hours ago|
prev|
next
[-]
HSBC offered voice verification years ago and I just laughed and said nope.

I don’t even use biometrics on apple devices, I use a 6 digit pin.

It was always a stupid idea.

The thing about been willing to trade convenience for security is you get called paranoid and then when the other shoe does drop and you are still doing that you still get called paranoid for the current thing you are not doing that “everyone does”.

reply
upvoteby latexr4 hours ago|
parent|
next
[-]
> I don’t even use biometrics on apple devices

Assuming Apple is truthful on this matter (so far it seems so), Apple devices store a mathematical representation of the data, not the data itself (i.e. not a picture of your finger) and keep it only on device on a special hardware section designed for extra security. When apps ask for authentication, they can never inspect the data, they can only ask “does this match?”.

Even if you were somehow able to exfiltrate the data and find some way to transform it for something nefarious, you’d still need to first attack and bypass a specific hardware feature of the target’s device.

So sure, not having any representation of the data anywhere is technically more secure (maybe, as typing your code could be intercepted by a shoulder surfer or a camera), but biometrics on Apple devices are fundamentally not the same as having your raw data available on a random server somewhere.

reply
upvoteby gf0003 hours ago|
parent|
[-]
Also, given how many times you enter a 6-digit number over a day, it's absolutely trivial to steal it. Let alone basic patterns people use, smudges etc.

In the use case of a mobile phone, apple's face id absolutely improves security several-fold.

reply
upvoteby pavelstoev9 hours ago|
parent|
prev|
next
[-]
Paraphrasing Franklin and Churchill, those who trade some security for some convenience may soon find themselves possessed of neither at all.
reply
upvoteby BiteCode_dev5 hours ago|
prev|
[-]
One more data point for why sueing companies should lead to CEO getting prison time as well. And ideally invent some kind a of equivalent of pruson for non human persons like organisations.

Because right now the incentive to do what's right are so low. Taking a risk with other's people lives is becomming the norm for companies.

reply