Plaid just settled a $58 million class action lawsuit for a) collecting people’s usernames and passwords then b) scraping their transaction history without their consent and selling it to data brokers.

From the complaint:

4. First, Plaid induces consumers to hand over their private bank login credentials to Plaid by making it appear those credentials are being communicated directly to consumers’ banks. Consumers are informed the connection is “private” and “secure,” and their banking credentials will “never be made accessible” to the app. They are then directed to a login screen that looks like it is coming from their bank, complete with the bank’s logo and branding. In reality, however, though Plaid does not disclose this, the login screen is created by, controlled by, and connected to Plaid. Plaid executives have acknowledged this process was “optimized” to increase “user conversions”—in other words, to provide a false sense of comfort to consumers by concealing Plaid’s role as an unaffiliated third party.

5. Second, Plaid uses consumers’ login credentials to obtain direct and full access to consumers’ personal financial banking information for Plaid’s own commercial purposes wholly unrelated to consumers’ use of the apps. For each consumer, Plaid downloads years’ worth of transaction history for every single account they have connected to that bank (such as checking, savings, credit card, and brokerage accounts), regardless of whether the data in any of the accounts bears any relationship to the app for which the consumer signed up. Thus, a consumer who makes a single mobile payment on an app from a checking account unwittingly gives Plaid years’ worth of private, granular financial information from every account the consumer maintains with the bank, including accounts maintained for others such as relatives and children. To date, Plaid has amassed this trove of data from over 200 million distinct financial accounts.

6. Plaid exploits its ill-gotten information in a variety of ways, including marketing the data to its app customers, analyzing the data to derive insights into consumer behavior, and, most recently, selling its collection of data to Visa as part of a multi-billion dollar acquisition. Plaid has unfairly benefited from the personal information of millions of Americans and wrongfully intruded upon their private financial affairs.

Or even modifying the login page to send and store unencrypted passwords to get passwords from people who already registered long ago

And last time or two I checked like 3 of the top 10 were all from subs that are clones of amitheasshole

They didn’t even do that though. It was an absolutely brand new 1 karma account that somehow mysteriously didn’t get automodded to hell. Account created 09:00:27 UTC, then Ally Bank comment at 09:11:37 UTC

deleted by creator

They mentioned Ally Financial as one of the success cases so I did a quick search for recent posts about Ally and sure enough the very first result from outside their own sub has this user contributing to the conversation:

https://www.reddit.com/user/robbiedavissie

Somebody posts a question about Ally and this 11 minute old account comes along pitching all of Ally Bank’s features. Then a week later they’re making 3 posts in a row advertising some other brand.

Super sketch.

Holy shit if you keep following the link about the GPT influx it just keeps getting worse and worse. First link: nearly 1000 bots. Next link: 2400 bots! An even further link: Over 5000 now!

Back in my day we had to read through a 10-panel rage comic just to get the dumbest take imaginable

Re: the weird behavior of those accounts’ user pages, for what it’s worth, Reddit has always had a way for the admins to create fake skeleton accounts since the very beginning. If you look for it, there’s an interview by Spez (maybe Ohanian?) talking about how the admins had a special post submission page, with an extra field to specify a username, that would create a fake account to go along with the post.

Yeah it’s great how ctrl-r is kinda the default instead of something you have to go out of your way to use. Just start typing a command and the up arrow will only cycle through history that matches what you’ve typed so far.

Yeah it’s great how ctrl-r is kinda the default instead of something you have to go out of your way to use. Just start typing a command and the up arrow will only cycle through history that matches what you’ve typed so far.

Yeah it’s great how ctrl-r is kinda the default instead of something you have to go out of your way to use. Just start typing a command and the up arrow will only cycle through history that matches what you’ve typed so far.

Gotta go to beanhaw.org for em