this post was submitted on 27 Apr 2024
4 points (100.0% liked)

New Rules (proposals of laws that will fix problems)

7 readers
1 users here now

Inspired by Bill Maher’s “New Rules” segment of his show, but not as satire. Some satire is perhaps welcome but this is like a serious bug tracker for the real world (not bugs in software apps).

founded 6 months ago
MODERATORS
activistPnk
4
Banks outside GDPR regions cannot send you any e-mail without your express consent (self.newrules)
submitted 6 months ago* (last edited 6 months ago) by activistPnk to c/newrules
5 comments fedilink hide all child comments
 

Banks and credit unions spam me with ads of their services, some of which are quite high volume. I never gave my express informed consent. I may have consented to this buried in some fine print, but certainly was not asked for consent in a manner that would make me consciously aware that my inbox will be attacked with ads.

My problem is not really the annoyance. I can probably go through some opt-out hoops. The problem with banks specifically is security. Every time the bank e-mails you for any reason, both the metadata and the payload data are sent in-the-clear, thus enabling all handlers of the email to know where you bank. This info is valuable to both debt collectors and thieves.

So, new rule for non-GDPR regions of the world:

Banks that e-mail customers must very loudly obtain your unquestionably informed consent. The bank must give you a separate doc that says:

“Bank X will certainly send a flood of spam, and that flood of spam will disclose where you bank to all email providers and potentially ISPs and e-mail forwarding providers. All recipients free to sell that data to debt collectors. Show that you wholly agree to this abuse below by hand-writing out ‘please feel free to abuse my e-mail address’ and signing that statement.”

There must be a picture of a big eye or a zorro mask or cyber criminal with a hoodie next to that agreement (inspired by cigarrette box rules).

I believe if that level of transparency were in play, people would not agree and banks would either have to offer an email-free option or they would lose business.

#fuckBanks

you are viewing a single comment's thread
view the rest of the comments
[–] activistPnk 1 points 6 months ago* (last edited 6 months ago)

Those are not end to end protocols. So every email host along the path sees where you bank, and the ISPs of the services of those hosts.

Also if you run your own mail server, any eavesdropper outside those tunnels would learn where you bank without seeing the payload, just seeing traffic go from A to B. That’s less likely though. The main problem is email providers and ISPs being inherently the loop (particularly in the US after Trump reversed Obama’s requirement that ISPs obtain consent to collect and sell customer data, which Biden has not reversed back).