The Royal Grift Rewind: "Sparry's Ameri-CON"

POV's Fanmail Friday: Prince Harry on A1 Visa

Edited to add: The Me Too Sussex Couple:

Allegedly (since #megxit) MEgain's retort even to Queen Elizabeth's FACE was "what about Andrew!!" When the duo publicly changed their minds and DEMANDED prince & princess titles upon the Queen's death, allegedly Meghan complained (what about Andrew) "what about Beatrice & Eugenie who have HRH!!!"

I've always believed The Sussex Duo is legally challenging EVERY attempt the Palace makes to sever ties with the duo.... they've used Andrew's behavior & legal troubles to blackmail the palace.

@and-the-void-looked-back When the Queen gave them 1 year to make a go of it in NORTH AMERICA (canada) she made a deal with the devil. The duo used every excuse: sars-cov-2, mythcarriage, etc to extend their "benefits." K Charles gave the people a creative lie: "escalate family tensions"

Better Up also needs to be investigated ASAP!!

Exactly @trexalicious

so my bf’s mom is like romantically/emotionally stunted and she’s “engaged” to a married man with three kids whose wife doesn’t know.

he was deported to his country and doesn’t have permission to come to the usa which is actually good because he’s a literal evil person, a liar, cheater and scammer schemer extraordinaire. he is also an abuser and has evil beliefs and the power to commit violence upon others in his country (he’s a policeman and has told us horrible things with glee) even tho he obviously doesn’t have any interest in her and only wants her to open up credit cards and suck money and gifts out of her she swallows his obvious lies.

she is in love because in her own words, she hasn’t had sex in many years and has natural needs. she is also has fantastical and unrealistic ideas about love, relationships and marriage that led her to accept a proposal and plastic ring three days after meeting him.

literally everyone in her life has told her this is a bad idea and not even the actual factual truth of him literally being legally married and living and fucking his poor wife won’t stop her from meeting him in other countries, decorating her home according to his style, and paying for his expenses or even marrying him which is crazy because bigamy is illegal but i guess all common sense gets thrown out the window.

the fact that she is still in this “relationship” is damaging my own relationship with her and literally makes me angry to the point of wanting to throw myself in a river.

i cannot handle the fact this woman who i have to share an important person with, who i have to make plans with and have conversations and welcome into my home is knowingly planning a life together with a married man who, by her own admission, is still romantically and sexually involved with his wife who knows no better in an extremely patriarchal society where she has all to lose, and i still have to respect her!

her own son, my boyfriend of six years, is suffering this to the point where after their names are mentioned he checks out of conversations. its very hard for me to act respectful and manage myself nicely around her nasty plans with him, and to keep quiet or act like nothing is wrong when i truly feel nauseous!

at the beginning of this i tried to see her as a victim of this man, but then i realized that she has all the information and conscience to make the correct decision, including the advice of friends and family who have pleaded with her to leave him, but doesn’t based on putting her own “happiness” (if happiness is having a long distance boyfriend who only calls you when his wife is not around to ask for money) over everyone else’s!

and then i am slapped in the face with comments about the fact she is a christian and morally correct person and i am not because i don’t attend church or that i don’t have as much value based on the money i make or how much i help compared to her! but no, i have to be greatly grateful to her because she helps my household with some grocery items (in which her son lives and does not pay rent) or random knickknacks she brings unannounced and it makes me so angry all over again to the point i want to tell her:

lady (if you can even be called that) you are breaking up a marriage and a family knowingly in exchange of pleasure, you have no heart nor brains and you have no space to judge my morality or weight my importance in any context in this universe, i hope you feel as ostracized by your family and society as you will be in the hell your holy book says you will for your nauseating actions!

(via Himansh Verma Fraud: Unveiling the Massive Visa Scam)

nevermind bruh they increased the manga price by $20 overnight :(

OPT VISA Scams - How OPT Students should avoid Scams | SynergisticIT

Discover how OPT students can safeguard themselves against visa scams with our comprehensive guide. Learn the common pitfalls to avoid, crucial tips for identifying legitimate opportunities, and practical strategies for protecting your OPT status. Stay informed, stay secure, and pursue your career goals confidently with Synergistic IT's expert advice.

Blog: https://www.synergisticit.com/opt-visa-scams-how-opt-students-should-avoid-scams/

How I got scammed

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/02/05/cyber-dunning-kruger/#swiss-cheese-security

I wuz robbed.

More specifically, I was tricked by a phone-phisher pretending to be from my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I figured out what happened. And then he tried to do it again, a week later!

Here's what happened. Over the Christmas holiday, I traveled to New Orleans. The day we landed, I hit a Chase ATM in the French Quarter for some cash, but the machine declined the transaction. Later in the day, we passed a little credit-union's ATM and I used that one instead (I bank with a one-branch credit union and generally there's no fee to use another CU's ATM).

A couple days later, I got a call from my credit union. It was a weekend, during the holiday, and the guy who called was obviously working for my little CU's after-hours fraud contractor. I'd dealt with these folks before – they service a ton of little credit unions, and generally the call quality isn't great and the staff will often make mistakes like mispronouncing my credit union's name.

That's what happened here – the guy was on a terrible VOIP line and I had to ask him to readjust his mic before I could even understand him. He mispronounced my bank's name and then asked if I'd attempted to spend $1,000 at an Apple Store in NYC that day. No, I said, and groaned inwardly. What a pain in the ass. Obviously, I'd had my ATM card skimmed – either at the Chase ATM (maybe that was why the transaction failed), or at the other credit union's ATM (it had been a very cheap looking system).

I told the guy to block my card and we started going through the tedious business of running through recent transactions, verifying my identity, and so on. It dragged on and on. These were my last hours in New Orleans, and I'd left my family at home and gone out to see some of the pre-Mardi Gras krewe celebrations and get a muffalata, and I could tell that I was going to run out of time before I finished talking to this guy.

"Look," I said, "you've got all my details, you've frozen the card. I gotta go home and meet my family and head to the airport. I'll call you back on the after-hours number once I'm through security, all right?"

He was frustrated, but that was his problem. I hung up, got my sandwich, went to the airport, and we checked in. It was total chaos: an Alaska Air 737 Max had just lost its door-plug in mid-air and every Max in every airline's fleet had been grounded, so the check in was crammed with people trying to rebook. We got through to the gate and I sat down to call the CU's after-hours line. The person on the other end told me that she could only handle lost and stolen cards, not fraud, and given that I'd already frozen the card, I should just drop by the branch on Monday to get a new card.

We flew home, and later the next day, I logged into my account and made a list of all the fraudulent transactions and printed them out, and on Monday morning, I drove to the bank to deal with all the paperwork. The folks at the CU were even more pissed than I was. The fraud that run up to more than $8,000, and if Visa refused to take it out of the merchants where the card had been used, my little credit union would have to eat the loss.

I agreed and commiserated. I also pointed out that their outsource, after-hours fraud center bore some blame here: I'd canceled the card on Saturday but most of the fraud had taken place on Sunday. Something had gone wrong.

One cool thing about banking at a tiny credit-union is that you end up talking to people who have actual authority, responsibility and agency. It turned out the the woman who was processing my fraud paperwork was a VP, and she decided to look into it. A few minutes later she came back and told me that the fraud center had no record of having called me on Saturday.

"That was the fraudster," she said.

Oh, shit. I frantically rewound my conversation, trying to figure out if this could possibly be true. I hadn't given him anything apart from some very anodyne info, like what city I live in (which is in my Wikipedia entry), my date of birth (ditto), and the last four digits of my card.

Wait a sec.

He hadn't asked for the last four digits. He'd asked for the last seven digits. At the time, I'd found that very frustrating, but now – "The first nine digits are the same for every card you issue, right?" I asked the VP.

I'd given him my entire card number.

Goddammit.

The thing is, I know a lot about fraud. I'm writing an entire series of novels about this kind of scam:

https://us.macmillan.com/books/9781250865878/thebezzle

And most summers, I go to Defcon, and I always go to the "social engineering" competitions where an audience listens as a hacker in a soundproof booth cold-calls merchants (with the owner's permission) and tries to con whoever answers the phone into giving up important information.

But I'd been conned.

Now look, I knew I could be conned. I'd been conned before, 13 years ago, by a Twitter worm that successfully phished out of my password via DM:

https://locusmag.com/2010/05/cory-doctorow-persistence-pays-parasites/

That scam had required a miracle of timing. It started the day before, when I'd reset my phone to factory defaults and reinstalled all my apps. That same day, I'd published two big online features that a lot of people were talking about. The next morning, we were late getting out of the house, so by the time my wife and I dropped the kid at daycare and went to the coffee shop, it had a long line. Rather than wait in line with me, my wife sat down to read a newspaper, and so I pulled out my phone and found a Twitter DM from a friend asking "is this you?" with a URL.

Assuming this was something to do with those articles I'd published the day before, I clicked the link and got prompted for my Twitter login again. This had been happening all day because I'd done that mobile reinstall the day before and all my stored passwords had been wiped. I entered it but the page timed out. By that time, the coffees were ready. We sat and chatted for a bit, then went our own ways.

I was on my way to the office when I checked my phone again. I had a whole string of DMs from other friends. Each one read "is this you?" and had a URL.

Oh, shit, I'd been phished.

If I hadn't reinstalled my mobile OS the day before. If I hadn't published a pair of big articles the day before. If we hadn't been late getting out the door. If we had been a little more late getting out the door (so that I'd have seen the multiple DMs, which would have tipped me off).

There's a name for this in security circles: "Swiss-cheese security." Imagine multiple slices of Swiss cheese all stacked up, the holes in one slice blocked by the slice below it. All the slices move around and every now and again, a hole opens up that goes all the way through the stack. Zap!

The fraudster who tricked me out of my credit card number had Swiss cheese security on his side. Yes, he spoofed my bank's caller ID, but that wouldn't have been enough to fool me if I hadn't been on vacation, having just used a pair of dodgy ATMs, in a hurry and distracted. If the 737 Max disaster hadn't happened that day and I'd had more time at the gate, I'd have called my bank back. If my bank didn't use a slightly crappy outsource/out-of-hours fraud center that I'd already had sub-par experiences with. If, if, if.

The next Friday night, at 5:30PM, the fraudster called me back, pretending to be the bank's after-hours center. He told me my card had been compromised again. But: I hadn't removed my card from my wallet since I'd had it replaced. Also, it was half an hour after the bank closed for the long weekend, a very fraud-friendly time. And when I told him I'd call him back and asked for the after-hours fraud number, he got very threatening and warned me that because I'd now been notified about the fraud that any losses the bank suffered after I hung up the phone without completing the fraud protocol would be billed to me. I hung up on him. He called me back immediately. I hung up on him again and put my phone into do-not-disturb.

The following Tuesday, I called my bank and spoke to their head of risk-management. I went through everything I'd figured out about the fraudsters, and she told me that credit unions across America were being hit by this scam, by fraudsters who somehow knew CU customers' phone numbers and names, and which CU they banked at. This was key: my phone number is a reasonably well-kept secret. You can get it by spending money with Equifax or another nonconsensual doxing giant, but you can't just google it or get it at any of the free services. The fact that the fraudsters knew where I banked, knew my name, and had my phone number had really caused me to let down my guard.

The risk management person and I talked about how the credit union could mitigate this attack: for example, by better-training the after-hours card-loss staff to be on the alert for calls from people who had been contacted about supposed card fraud. We also went through the confusing phone-menu that had funneled me to the wrong department when I called in, and worked through alternate wording for the menu system that would be clearer (this is the best part about banking with a small CU – you can talk directly to the responsible person and have a productive discussion!). I even convinced her to buy a ticket to next summer's Defcon to attend the social engineering competitions.

There's a leak somewhere in the CU systems' supply chain. Maybe it's Zelle, or the small number of corresponding banks that CUs rely on for SWIFT transaction forwarding. Maybe it's even those after-hours fraud/card-loss centers. But all across the USA, CU customers are getting calls with spoofed caller IDs from fraudsters who know their registered phone numbers and where they bank.

I've been mulling this over for most of a month now, and one thing has really been eating at me: the way that AI is going to make this kind of problem much worse.

Not because AI is going to commit fraud, though.

One of the truest things I know about AI is: "we're nowhere near a place where bots can steal your job, we're certainly at the point where your boss can be suckered into firing you and replacing you with a bot that fails at doing your job":

https://pluralistic.net/2024/01/15/passive-income-brainworms/#four-hour-work-week

I trusted this fraudster specifically because I knew that the outsource, out-of-hours contractors my bank uses have crummy headsets, don't know how to pronounce my bank's name, and have long-ass, tedious, and pointless standardized questionnaires they run through when taking fraud reports. All of this created cover for the fraudster, whose plausibility was enhanced by the rough edges in his pitch - they didn't raise red flags.

As this kind of fraud reporting and fraud contacting is increasingly outsourced to AI, bank customers will be conditioned to dealing with semi-automated systems that make stupid mistakes, force you to repeat yourself, ask you questions they should already know the answers to, and so on. In other words, AI will groom bank customers to be phishing victims.

This is a mistake the finance sector keeps making. 15 years ago, Ben Laurie excoriated the UK banks for their "Verified By Visa" system, which validated credit card transactions by taking users to a third party site and requiring them to re-enter parts of their password there:

https://web.archive.org/web/20090331094020/http://www.links.org/?p=591

This is exactly how a phishing attack works. As Laurie pointed out, this was the banks training their customers to be phished.

I came close to getting phished again today, as it happens. I got back from Berlin on Friday and my suitcase was damaged in transit. I've been dealing with the airline, which means I've really been dealing with their third-party, outsource luggage-damage service. They have a terrible website, their emails are incoherent, and they officiously demand the same information over and over again.

This morning, I got a scam email asking me for more information to complete my damaged luggage claim. It was a terrible email, from a noreply@ email address, and it was vague, officious, and dishearteningly bureaucratic. For just a moment, my finger hovered over the phishing link, and then I looked a little closer.

On any other day, it wouldn't have had a chance. Today – right after I had my luggage wrecked, while I'm still jetlagged, and after days of dealing with my airline's terrible outsource partner – it almost worked.

So much fraud is a Swiss-cheese attack, and while companies can't close all the holes, they can stop creating new ones.

Meanwhile, I'll continue to post about it whenever I get scammed. I find the inner workings of scams to be fascinating, and it's also important to remind people that everyone is vulnerable sometimes, and scammers are willing to try endless variations until an attack lands at just the right place, at just the right time, in just the right way. If you think you can't get scammed, that makes you especially vulnerable:

https://pluralistic.net/2023/02/24/passive-income/#swiss-cheese-security

Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en

Avoid Getting Scammed On Your Travels Abroad Tips By Amit Kakkar Easy Visa

We all knew there was another reason for keeping Sussex & York on the website. We knew The BRF was covering up for them. Royal Grift even made videos.

A-1 Visa (consular officers)

No maximum length of stay

No requirement to maintain a foreign residence

Unlimited travel to & from country

Cannot be tried under US Law for a crime

Where is the press bc we'd all like to see Andrew's passport:

"cannot be TRIED under US law for a crime" 🤦‍♂️

"It was reported that the King decided not to remove Harry and Andrew because he did not want to escalate family tensions and believed it was unlikely either would ever be required to deputise for him. However, last year courtiers were keen to ensure that William returned to Britain from a solo trip to New York before the King and Queen departed for their state visit to France on the same day.  The situation has since become even more urgent because of the King's cancer treatment. Later that year, the King asked parliament to add his sister, Princess Anne, and youngest brother, Prince Edward, to the list."

"...the King decided not to remove Harry and Andrew because he did not want to escalate family tensions..."

Meaning lie to the people while PROTECTING 2 ADULT CHILDREN from ANY & ALL consequences...

No wonder Andrew puffs his chest out at Easter and Christmas, and Sparry behaves as if he can do no wrong.

A-1

The A-1 visa is granted to many people such as ambassadors, ministers, diplomats, consular officers, and their immediate family members.[a][3] While government officials normally do not qualify for an A-1 visa if they are traveling for non-official, non-governmental purposes, heads of state and heads of government always qualify and must apply for an A visa regardless of their purpose of travel.[4] Visitors on an A-1 visa cannot be tried under US law for a crime, and may travel to and from the country an unlimited number of times. There is no maximum length of stay for individuals admitted on an A-1 visa, and there is no requirement to maintain a foreign residence.[3]

Alert against internet UK visa scams

Alert against internet UK visa scams

The post Alert against internet UK visa scams appeared first on TD (Travel Daily Media) Travel Daily. British high commissioner to India Alex Ellis issued an alert for a UK visa scam pointing out that fraudulent visas are on the rise on the internet, which are handed to the applicants using his name. He further advised applicants to remain vigilant in case the deal looks ‘too good to be true.’…

View On WordPress

Things to manifest: luxury edition

💸💵: Being a trust fund/nepotism baby

💸💵: Owning a private plane

💸💵: Having a vacation home all over the world

💸💵: Being a millionaire, billionaire or trillionaire

💸💵: Owning multiple business/shares and being a popular name amongst people

💸💵: Having lots of connections

💸💵: Easily get visas for ur desired countries

💸💵: Go on vacation a lot

💸💵: Any money you spend comes back x 100

💸💵: Immune to getting scammed, robbed, debt, or losing lots of money

💸💵: Having a mansion of ur desired aesthetic

💸💵: Have your desired cars

💸💵: Have your desired jewellery

💸💵: Magnetic and powerful aura that demands attention and respect from everyone

💸💵: Living in a palace with helpers, cleaners, personal chefs, gardeners, etc.

💸💵: Extreme beauty. People cannot believe you are so elegant and otherworldly

💸💵: Always use your money for good and not get blindsided by it

Hi this may divert from my usual content, but as someone with a platform like this I need to speak up about this.

The Philippines-China maritime dispute has been going on for years now, but lately the tensions had been getting more and more worse to the point it’s super concerning now.

Here’s a bit of a history lesson: China claims that the West Philippine Sea is theirs because of the nine-dash line, but the Permanent Court of Arbitration in the Hague ruled in 2016 that that had no basis under international law. Other than that, the UN Convention on the Law of the Sea (UNCLOS) said that China’s historic rights on the territory no longer exists. So basically, the West Philippine Sea belongs to the Philippines.

However, China rejects that decision. They have harassed, intimidated, and even used armed conflict on our vessels. China Coast Guard (CCG) vessels had even used a water cannon against our ships TWICE, in which one incident resulted to getting seven Navy personnel wounded.

Worse, there are also allegations of a spy being planted here. Alice Guo, one of the mayors in Tarlac (a city in the Philippines) had mysteriously risen to power despite having no prior experience or connections whatsoever. Literally no one even knew her in her town. She just claims to live in a simple farm. However, she owns a luxury sports car and a helicopter. And somehow, everything regarding her past is inconsistent; she doesn’t know what her mother’s name was, who she grew up with, no school documents, hell she didn’t even have a birth certificate up until she was 17 years old. This was all brought up because she was involved in the criminal activities (like human trafficking, scams, etc.) of the Philippine Offshore Gaming Operator (POGO) which also has the Chinese involved.

The US has also been taking advantage of the situation by deploying 9 EDCA sites (military bases) for a supposed military pact, but former US Marine Intelligence Officer Scott Ritter has admitted to using the Philippines as a tool to gain leverage over the Chinese.

What has our government done regarding this dispute? They’re too busy infighting to focus on the bigger picture and on how to settle on an agreement with China.

I just want to take the time to speak up and make people more aware about the ongoing dispute. I know that this has been going on for several years now, but my memory and knowledge about the topic may be a bit wonky so I apologize in advance if I had said anything wrong. You can add more information regarding this or correct the information that I've given if I phrased things wrong.

Regardless, I do know one thing: the West Philippine Sea is ours.

Sources:

https://www.reuters.com/world/asia-pacific/south-china-sea-why-are-china-philippines-tensions-heating-up-2024-04-11/

https://www.youtube.com/live/aOrmFJXyAVI?si=P9rPJkJM6BF0NIbW (check 1:57:00)

This is your brain on fraud apologetics

In 1998, two Stanford students published a paper in Computer Networks entitled “The Anatomy of a Large-Scale Hypertextual Web Search Engine,” in which they wrote, “Advertising funded search engines will be inherently biased towards the advertisers and away from the needs of consumers.”

https://research.google/pubs/pub334/

If you’d like an essay-formatted version of this post to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2023/02/24/passive-income/#swiss-cheese-security

The co-authors were Lawrence Page and Sergey Brin, and the “large-scale hypertextual web search-engine” they were describing was their new project, which they called “Google.” They were 100% correct — prescient, even!

On Wednesday night, a friend came over to watch some TV with us. We ordered out. We got scammed. We searched for a great local Thai place we like called Kiin and clicked a sponsored link for a Wix site called “Kiinthaila.com.” We should have clicked the third link down (kiinthaiburbank.com).

We got scammed. The Wix site was a lookalike for Kiin Thai, which marked up their prices by 15% and relayed the order to our local, mom-and-pop, one-branch restaurant. The restaurant knew it, too — they called us and told us they were canceling the order, and said we could still come get our food, but we’d have to call Amex to reverse the charge.

As it turned out, the scammers double-billed us for our order. I called Amex, who advised us to call back in a couple days when the charge posted to cancel it — in other words, they were treating it as a regular customer dispute, and not a systemic, widespread fraud (there’s no way this scammer is just doing this for one restaurant).

In the grand scheme of things, this is a minor hassle, but boy, it’s haunting to watch the quarter-century old prophecy of Brin and Page coming true. Search Google for carpenters, plumbers, gas-stations, locksmiths, concert tickets, entry visas, jobs at the US Post Office or (not making this up) tech support for Google products, and the top result will be a paid ad for a scam. Sometimes it’s several of the top ads.

This kind of “intermediation” business is actually revered in business-schools. As Douglas Rushkoff has written, the modern business wisdom reveres “going meta” — not doing anything useful, but rather, creating a chokepoint between people who do useful things and people who want to pay for those things, and squatting there, collecting rent:

https://rushkoff.medium.com/going-meta-d42c6a09225e

It’s the ultimate passive income/rise and grind side-hustle: It wouldn’t surprise me in the least to discover a whole festering nest of creeps on Tiktok talking about how they pay Mechanical Turks to produce these lookalike sites at scale.

This mindset is so pervasive that people running companies with billions in revenue and massive hoards of venture capital run exactly the same scam. During lockdown, companies like Doordash, Grubhub and Uber Eats stood up predatory lookalike websites for local restaurants, without their consent, and played monster-in-the-middle, tricking diners into ordering through them:

https://pluralistic.net/2020/09/19/we-are-beautiful/#man-in-the-middle

These delivery app companies were playing a classic enshittification game: first they directed surpluses to customers to lock them in (heavily discounting food), then they directed surplus to restaurants (preferential search results, free delivery, low commissions) — then, having locked in both consumers and producers, they harvested the surplus for themselves.

Today, delivery apps charge massive premiums to both eaters and restaurants, load up every order with junk fees, and clone the most successful restaurants out of ghost kitchens — shipping containers in parking lots crammed with low-waged workers cranking out orders for 15 different fake “virtual restaurants”:

https://pluralistic.net/2020/12/01/autophagic-buckeyes/#subsidized-autophagia

Delivery apps speedran the enshittification cycle, but Google took a slower path to get there. The company has locked in billions of users (e.g. by paying billions to be the default search on Safari and Firefox and using legal bullying to block third party Android device-makers from pre-installing browsers other than Chrome). For years, it’s been leveraging our lock-in to prey on small businesses, getting them to set up Google Business Profiles.

These profiles are supposed to help Google distinguish between real sellers and scammers. But Kiin Thai has a Google Business Profile, and searching for “kiin thai burbank” brings up a “Knowledge Panel” with the correct website address — on a page that is headed with a link to a scam website for the same business. Google, in other words, has everything it needs to flag lookalike sites and confirm them with their registered owners. It would cost Google money to do this — engineer-time to build and maintain the system, content moderator time to manually check flagged listings, and lost ad-revenue from scammers — but letting the scams flourish makes Google money, at the expense of Google users and Google business customers.

Now, Google has an answer for this: they tell merchants who are being impersonated by ad-buying scammers that all they need to do is outbid them for the top ad-spot. This is a common approach — Amazon has a $31b/year “ad business” that’s mostly its own platform sellers bidding against each other to show you fake results for your query. The first five screens of Amazon search results are 50% ads:

https://pluralistic.net/2022/11/28/enshittification/#relentless-payola

This is “going meta,” so naturally, Meta is doing it too: Facebook and Instagram have announced a $12/month “verification” badge that will let you report impersonation and tweak the algorithm to make it more likely that the posts you make are shown to the people who explicitly asked to see them:

https://www.vox.com/recode/2023/2/21/23609375/meta-verified-twitter-blue-checkmark-badge-instagram-facebook

The corollary of this, of course, is that if you don’t pay, they won’t police your impersonators, and they won’t show your posts to the people who asked to see them. This is pure enshittification — the surplus from users and business customers is harvested for the benefit of the platform owners:

https://pluralistic.net/2023/01/21/potemkin-ai/#hey-guys

The idea that merchants should master the platforms as a means of keeping us safe from their impersonators is a hollow joke. For one thing, the rules change all the time, as the platforms endlessly twiddle the knobs that determine what gets shown to whom:

https://doctorow.medium.com/twiddler-1b5c9690cce6

And they refuse to tell anyone what the rules are, because if they told you what the rules were, you’d be able to bypass them. Content moderation is the only infosec domain where “security through obscurity” doesn’t get laughed out of the room:

https://doctorow.medium.com/como-is-infosec-307f87004563

Worse: the one thing the platforms do hunt down and exterminate with extreme prejudice is anything that users or business-customers use to twiddle back — add-ons and plugins and jailbreaks that override their poor choices with better ones:

https://www.theverge.com/2022/9/29/23378541/the-og-app-instagram-clone-pulled-from-app-store

As I was submitting complaints about the fake Kiin scam-site (and Amex’s handling of my fraud call) to the FTC, the California Attorney General, the Consumer Finance Protection Bureau and Wix, I wrote a little Twitter thread about what a gross scam this is:

https://twitter.com/doctorow/status/1628948906657878016

The thread got more than two million reads and got picked up by Hacker News and other sites. While most of the responses evinced solidarity and frustration and recounted similar incidents in other domains, a significant plurality of the replies were scam apologetics — messages from people who wanted to explain why this wasn’t a problem after all.

The most common of these was victim-blaming: “you should have used an adblocker” or “never click the sponsored link.” Of course, I do use an ad-blocker — but this order was placed with a mobile browser, after an absentminded query into the Google search-box permanently placed on the home screen, which opens results in Chrome (where I don’t have an ad-blocker, so I can see material behind an ad-blocker-blocker), not Firefox (which does have an ad-blocker).

Now, I also have a PiHole on my home LAN, which blocks most ads even in a default browser — but earlier this day, I’d been on a public wifi network that was erroneously blocking a website (the always excellent superpunch.net) so I’d turned my wifi off, which meant the connection came over my phone’s 5G connection, bypassing the PiHole:

https://pluralistic.net/2022/04/28/shut-yer-pi-hole/

“Don’t click a sponsored link” — well, the irony here is that if you habitually use a browser with an ad-blocker, and you backstop it with a PiHole, you never see sponsored links, so it’s easy to miss the tiny “Sponsored” notification beside the search result. That goes double if you’re relaxing with a dinner guest on the sofa and ordering dinner while chatting.

There’s a name for this kind of security failure: the Swiss Cheese Model. We all have multiple defenses (in my case: foreknowledge of Google’s ad-scam problem, an ad-blocker in my browser, LAN-wide ad sinkholing). We also have multiple vulnerabilities (in my case: forgetting I was on 5G, being distracted by conversation, using a mobile device with a permanent insecure search bar on the homescreen, and being so accustomed to ad-blocked results that I got out of the habit of checking whether a result was an ad).

If you think you aren’t vulnerable to scams, you’re wrong — and your confidence in your invulnerability actually increases your risk. This isn’t the first time I’ve been scammed, and it won’t be the last — and every time, it’s been a Swiss Cheese failure, where all the holes in all my defenses lined up for a brief instant and left me vulnerable:

https://locusmag.com/2010/05/cory-doctorow-persistence-pays-parasites/

Other apologetics: “just call the restaurant rather than using its website.” Look, I know the people who say this don’t think I have a time-machine I can use to travel back to the 1980s and retrieve a Yellow Pages, but it’s hard not to snark at them, just the same. Scammers don’t just set up fake websites for your local businesses — they staff them with fake call-centers, too. The same search that takes you to a fake website will also take you to a fake phone number.

Finally, there’s “What do you expect Google to do? They can’t possibly detect this kind of scam.” But they can. Indeed, they are better situated to discover these scams than anyone else, because they have their business profiles, with verified contact information for the merchants being impersonated. When they get an ad that seems to be for the same business but to a different website, they could interrupt the ad process to confirm it with their verified contact info.

Instead, they choose to avoid the expense, and pocket the ad revenue. If a company promises to “to organize the world’s information and make it universally accessible and useful,” I think we have the right to demand these kinds of basic countermeasures:

https://www.google.com/search/howsearchworks/our-approach/

The same goes for Amex: when a merchant is scamming customers, they shouldn’t treat complaints as “chargebacks” — they should treat them as reports of a crime in progress. Amex has the bird’s eye view of their transaction flow and when a customer reports a scam, they can backtrack it to see if the same scammer is doing this with other merchants — but the credit card companies make money by not chasing down fraud:

https://www.buzzfeednews.com/article/rosalindadams/mastercard-visa-fraud

Wix also has platform-scale analytics that they could use to detect and interdict this kind of fraud — when a scammer creates a hundred lookalike websites for restaurants and uses Wix’s merchant services to process payments for them, that could trigger human review — but it didn’t.

Where do all of these apologetics come from? Why are people so eager to leap to the defense of scammers and their adtech and fintech enablers? Why is there such an impulse to victim-blame?

I think it’s fear: in their hearts, people — especially techies — know that they, too, are vulnerable to these ripoffs, but they don’t want to admit it. They want to convince themselves that the person who got scammed made an easily avoidable mistake, and that they themselves will never make a similar mistake.

This is doubly true for readerships on tech-heavy forums like Twitter or (especially) Hacker News. These readers know just how many vulnerabilities there are — how many holes are in their Swiss cheese — and they are also overexposed to rise-and-grind/passive income rhetoric.

This produces a powerful cognitive dissonance: “If all the ‘entrepreneurs’ I worship are just laying traps for the unwary, and if I am sometimes unwary, then I’m cheering on the authors of my future enduring misery.” The only way to resolve this dissonance — short of re-evaluating your view of platform capitalism or questioning your own immunity to scams — is to blame the victim.

The median Hacker News reader has to somehow resolve the tension between “just install an adblocker” and “Chrome’s extension sandbox is a dumpster fire and it’s basically impossible to know whether any add-on you install can steal every keystroke and all your other data”:

https://mattfrisbie.substack.com/p/spy-chrome-extension

In my Twitter thread, I called this “the worst of all possible timelines.” Everything we do is mediated by gigantic, surveillant monopolists that spy on us comprehensively from asshole to appetite — but none of them, not a 20th century payment giant nor a 21st century search giant — can bestir itself to use that data to keep us safe from scams.

Next Thu (Mar 2) I'll be in Brussels for Antitrust, Regulation and the Political Economy, along with a who's-who of European and US trustbusters. It's livestreamed, and both in-person and virtual attendance are free:

https://www.brusselsconference.com/registration

On Fri (Mar 3), I'll be in Graz for the Elevate Festival:

https://elevate.at/diskurs/programm/event/e23doctorow/

[Image ID: A modified version of Hieronymus Bosch's painting 'The Conjurer,' which depicts a scam artist playing a shell-game for a group of gawking rubes. The image has been modified so that the scam artist's table has a Google logo and the pea he is triumphantly holding aloft bears the 'Sponsored' wordmark that appears alongside Google search results.]

Safely navigating DIY T – acquisition and health

A lot of the safety tips in terms of navigating online will come from this video, which is actually about safely navigating reproductive procedures post the overturning of Roe v Wade, but the safety advice works especially well here. If any questions are not answered here please feel free to shoot me an ask. Google Doc for easier navigation, says all the same stuff as here.

First off if you haven't already, check the transmasc guide on the DIY HRT Wiki, this post is made with the assumption you have already read that. -      General internet safety

When searching for and purchasing DIY T (especially injections), use the TOR browser with a VPN. This will keep your internet privacy as secure as possible, and the VPN will change your IP enough to make it look like it was accessed from a different location.

I personally use Proton, it’s a free VPN with an optional paid upgrade. The free version will connect you to either the US, Netherlands, or Japan.

Proton also has its own email service. Some of the sources where you can receive DIY T from may require you to make an account. I recommend using an email through Proton for this because it is end-to-end encrypted. If the site asks for a phone number just put in a repeating order of 0 to 9. 

-      Safety when purchasing T

Some sites where you can get DIY T will only allow the purchase through use of bitcoin or other forms of cryptocurrency. I know and understand we all have our thoughts on crypto and it’s use in the modern day, but unfortunately this is just how things are when navigating this.

The least scam-possible way I have seen when purchasing bitcoin, is to go through CashApp. They have an option to purchase and sell bitcoin in the app. I personally used this when buying DIY T to stock up in the case shit hits the fan. It’s pretty direct in purchasing and selling, sending is where it may get a bit tricky.

The source for DIY T listed on the DIY HRT Wiki will send you an email once you confirm your order, and you will be prompted to send the bitcoin through either a QR code or directly to a bitcoin address. I had a bit of trouble with the QR code, so what I had to do was type in the direct address. This will not bring up the company’s name, it will just allow the option when the address is fully typed.

If you are able to use a credit/debit card, what I recommend is using cash to purchase a prepaid visa and using that to order your T or otherwise online. This will make sure the transaction is not attached to your bank account.

-      Receiving T safely

I highly recommend getting your DIY T sent to a PO Box, and not your home address. The United States Postal Service is in personal experience – really secure and discrete. And even if your package does not fit in your box, you will be given a slip to take to the counter, and they will give you your package there.

When ordering, try to order from a warehouse based in your country. This is to avoid the hassle of it going through customs. But if you must order abroad, it is still very unlikely that your order will be stopped in customs. They do not open packages to check them, instead they use an x-ray machine. If your order does get stuck in customs, it’s likely because there’s an issue with paperwork, and not the order itself.

-      Administering T safely

When performing a T injection, make sure your supplies are sterile. Not just clean, sterile. Inspect the packaging of your syringes, needles, etc. If there is a tear or hole, do not use it.

For your T vials, yes, it is okay to draw from them multiple times. You can sterilize the vial by using isopropyl alcohol (rubbing alcohol) or an alcohol swab. You’re likely to not use the entire vial in one injection, so just keep it in a safe place, many even recommend keeping it refrigerated between doses.

Most if not all T vials will say to administer only via intramuscular, but you can still administer this subcutaneously. Even the vials I get through my doctor say For IM Use Only. It’s okay to administer it SubQ.

If you have trouble administering injections like I did for a while, I recommend this auto injector. You load the syringe into the device and press a button. The needle will go in and you just push the plunger down. This device is technically intended for insulin injections, but it works just fine for other injections.

My recommendation is to use an 18g needle to draw, and a 1/2in 25g needle to inject. This has left me with the least discomfort and uneasiness with injecting.

-      Blood work

If you’re on T, it’s recommended you get your labwork done at least every 3 months.

As someone who’s been given the run around in the medical field for reasons unrelated to my transition, I forever recommend ordering labs from Request a Test. This is something that is very common to do, I even ordered my own ANA test when I had to get other labs done for my work. Request a Test does not take insurance unless it’s through an HSA card. When ordering from RaQ, you will be prompted to select which LabCorp or QuestDirect facility you want the order sent to. I personally recommend LabCorp, especially considering the QuestDirect Testosterone test is only available for males. 

You will want to order at a minimum, a T level total test or a T level free test, and a CBC and CMP. The CBC is to help check for polycythemia, and CMP is to help check your liver function.

If you are worried about you ordering your T levels and that being found out, you can also order an at home testosterone test kit. The blood samples are collected through lancets similar to what is used by diabetic patients.

-      Acquiring T gel

Unfortunately there are not a whole lot of sources to get T gel from. But that does not mean they do not exist.

I personally have been using this brand called Androgenesis in between my injections, and it has been working really well. I take 50mg of T every two weeks, and when I got my bloodwork done recently my levels were >400, even when it’s really close to my next shot day.

You can order Androgenesis either directly from their site, or you can order it off of amazon. NOTE, that the standard formula on amazon can not be sent to a PO Box or amazon locker, because the site classifies it as a “potentially dangerous substance”. However the enhanced formula can be sent to a PO box or amazon locker and it works the exact same way.

Another site is Predator Nutrition (odd name but bear with me).

I am still waiting for my order, but I’d recommend either their EpiAndrogel or their Alpha Gel depending on which one is in stock at time of purchasing.

I also recommend keeping an eye out on Need2BuildMuscle. Their gel is currently out of stock, but from what I’ve seen it works quite similarly to AndroGel.

As of 08/02/2024 (Aug. 2nd), I did find sources for packets of 1% Androgel, which you can find here and here

Please note the brand name Androgel sources are ones I unfortunately have not been able to verify personally so please proceed at your own discretion, but the sources *are* listed on hrtcafe.net.

-      Who to tell?

No one *. If you doctor doesn’t know you’re on DIY T, do not bring it up. Don’t go talking about it all willy-nilly in the grocery store or whatnot.

*The exception is paramedics. If you are having a medical emergency, it’s probably a good idea to tell any emergency medical provider that you’re on testosterone so they can treat you properly. Remember, tell the cops nothing, tell the ambulance everything. The people on the ambulance are there to save your life, and I can guarantee they’ve dealt with circumstances far more severe than someone self-administering a specific hormonal medication. I say this as someone who’s on first aid at their place of work – and had to patch someone's hand after they were injured when I worked retail. 

tagging @mythical-moonlight

wow i just got a scam caller that actually spoofed the service number and caller ID of my bank? which is why i actually answered it, but i hesitated to identify myself and when they identified themselves as representing "visa mastercard" and then asked "you know what experian is, right?" i just hung up.

but, uh. ballsy?? i understand why seniors and easily-trusting or anxious people fall for this constantly.

men feel more sorry for western men being „scammed“ by global south women than the fact most impoverished women with no access to education/viable income in tourist destinations are raised to believe the best thing that can happen to them is a western man falling in love with them and taking them with him. and then they complain that some white guy‘s abroad „girlfriend“ who he sends a monthly allowance to after meeting her on vacation (surely not with the expectation of sex whenever he visits or for her to become his dependent live-in maid and sex doll if he decides to marry her so she gets a visa) has other boyfriends who send her allowances like she isnt just playing the game she was forced into. people describing sex tourism and sex tourist relationships as „mutually beneficial arrangement“ fuck you it could not be more unequal. im actually so embarrassed for white people who go on vacation in countries that are not white dominant and feel flattered by the attention. youre not special people just hope for a better life and know that white tourists tend to have money and/or if youre a white woman they consider you more „valuable“ because they devalue their own women and fetishise whiteness 🙏 trust me that 20 years younger underprivileged person is not in love with you and im sure deep down you know that but carry on because you like that you hold all the power in the relationship. but yeah aww those poor people just looking for love lmao

Don't buy gift cards from grocery stores. I bought a brand new SEALED VISA gift card for my Mom for Mother's Day last week from Vons Grocery store. I gave the card to Mom and when she opened the card a few of the numbers seemed scratched off. We couldn't figure out why a brand new card would be defaced. It wasn't an issue of the packaging or how we opened it. So she tried to use it another way since she couldn't just input the numbers only to be told the card was empty. EMPTY. A $100 card was empty.

She called the number on the back of the card and spoke to someone in India who could only help her if she sent him personal information via email which sounded like a total scam. She went back to Vons and the manger said "You're the 9th person this month alone. We don't know how they are doing it. You buy the card. We activate the card and it doesn't work. Don't buy gift cards from us." Very apologetic. Not willing to give us any refund or store credit.

What. The. Fuck.

I am letting everyone know. Vons and other stores have gift card displays everywhere. DON'T BUY GIFT CARDS. As the website says "Scammers drain a gift card by obtaining the bar code, CVV number, PIN number or activation code from beneath the slim cardboard packaging. They reseal the card, wait for a consumer to buy it and load it with money, and then spend the balance before the consumer can." So I prebought the card, paid for it and someone else used all the money. My Mom's gift is just fucking gone. I feel awful. It is some sort of fucking scam and the stores don't care. They got their money. They don't care that they sold us shoddy goods. They don't care they sold us tampered merchandise. It is enough to make me sick. My Mom's gift is gone and $100 may not seem like a lot to some people but it is to me and it certainly is to Mom.

Don't buy physical gift cards from stores. They will siphon off the money and the stores don't care one bit.

Happy Mother's Day from your Vons grocery store.