- cross-posted to:
- [email protected]
- At most employers, this is grounds for immediate termination, and rightfully so. Rarely are the credentials to view paystubs entirely separate from the rest. - You’ve now given your potential landlord access to a much wider system. In many places, the potential landlords are then criminally guilty of unauthorized access to a computer system, AKA “hacking”. The potential tenant typically does not have the authority to grant the authorization. - Yeah this is a massive security risk. Even if the landlord doesn’t intend anything malicious, I seriously doubt they’re putting much effort into protecting that information. Juicy target for a ransomware gang. - Even if the landlord doesn’t intend anything malicious - Except, you know, determining that you’re “eligible” and can “afford” for an 80% rent hike 
- Especially since this has been an identity theft scam for decades. People post fake, too good to be true, rental listings on Craigslist and the application asks for SSN and a “family reference” (asking for mother’s maiden name) and a weirdly small deposit paid by check. Now you’ve got all the info you need to steal someone’s identity. And I assume this kind of thing has gotten more sophisticated in the digital realm since I was last renting. 
 
 
- My landlord tried using some app that wanted my fucking bank credentials. I told her I could t use the app she was asking me to use because it would violate my banks policy and I would then not have a valid way to pay rent. - It’s fucking insane what tech illiterate tech businesses are asking if the customers. - Probably Plaid. They ask for online banking credentials instead of doing the “traditional” collect ACH, do two sub-dollar transactions, confirm amounts. - They settled a lawsuit that claimed they were scraping private transactions and selling them. They didn’t admit fault, but I still refuse to hand them my credentials. - Despite that, they remain popular, since MOST users willingly provide those credentials and get a faster account linking experience, which makes them much more likely to stick around and transfer money into the service recommending Plaid as the linking method. - I’ve also heard there as some services that refuse to use the “traditional” ACH method of account linking, only allowing Plaid. - I like the method where I send in a payment. - Bingo. We don’t allow autopay since once they have it they can pull what they want, be it by accident, or just because we owe them. Hell with that. Still pay our mortgage, car loans, etc. manually each month. 
 
- All these hacks to get around ACH because it’s slow as fuck. If the government could actually fix ACH we wouldn’t need to use these third-party creeps’ apps to do basic money transfers. - But then how would those third parties make money? Think of the poor corporations! 
- I don’t trust the current administration to do it without building in grift and corruption. Bernie at least wanted to make it somewhat easier to bank with post office banking and free-of-cost savings accounts. - ACH has problems, but not enough to justify giving online banking credentials to a third-party. - Right, I don’t trust the current administration either but generally speaking we wouldn’t need to have all these corrupt third parties handling our bank accounts if ACH were faster. 
 
 
- Laughs in PIX - Yeah. It would be nice for the U.S. banking system to get updated to have the same capabilities the populace in other nations have. I don’t trust the current administration to do it without baking in massive grift and corruption. But, I don’t see the banks doing it themselves, individually or in blocks. - We have dumb things like Zelle, Venmo, and CashApp that are entirely unnecessary in proper countries but banks are invested in and profit from them. Also, this way they can tie customers down with a TOS that would clearly be against banking regulations if any of these service was “a bank”. 
 
 
 
- Should be rated and punished as cybercrime. 
- Why do we even have laws if they’re not going to protect people from abuse? Shit like this is why people cheer for Luigi. People are just trying to get the basics - health care, shelter, food - and the rich are taking too much. - Laws are to protect the elite, not the common people. 
 
- This likely violates the employer’s policies too. At my employer, it’s all single sign on. 
- Oh you want my password? Okay, ready? - F … U … - No that’s it. - My other half worked for a large retail chain in the UK. One of her colleagues (let’s call him Bevin Koyle for no reason whatsoever) was a particularly tiresome dude - not a bad guy by any means, but just super fucking irritating. Very self-centred, happy to dodge responsibility and let a colleague take a fall, and a bit of a gobby twat. - Back when she worked the quieter hours and mobile data plans were quite anaemic, she would put her mobile phone hotspot on for her colleagues to listen to music or whatever. - This one shift, Bevin had run out of data, and already forseeing this situation happening, she had already set the password accordingly. “I can see your WiFi”, says Bevin, “but what’s the password?” - “BevinKoyleIsACunt”, she loudly announces. - “No seriously,” says Bevin, “what’s the password?” - “BevinKoyleIsACunt” she once again says loudly. - Bevin is getting a bit fucked off now, and is like “stop being nasty, give me the WiFi code” - Not grasping the rudeness of his own demands, she says “I tell everyone the same thing, BevinKoyleIsACunt” - He stormed off oblivious to how helpful she had been each time. I still raise a wry smile whenever I remember how supremely helpful she had been. 
- The problem is “Opt-out means no housing”. - And if enough ‘opt out’ it also means no renters. Solidarity. - It doesn’t feel like there’s any class solidarity in the US except between the very rich. - I hear ya. And that’s the message that the ultrarich would prefer you to hold in mind. 
 
 
 
 
- This is very cool and very legal, but only in the USA. 
 Or is it hacking by the landlord? A crime almost worse than terrorism, that can put you 20 years in jail!- Landlords are using a service that logs into a potential renter’s employer systems and scrapes their paystubs and other information en masse, potentially in violation of U.S. hacking laws, - Oh boy, those idiots don’t know what they are risking! - They’ll be fine. They only use that law against people they want to persecute. They never go after their own class - Yes of course, as long as it’s used to oppress the poor it’s OK. 
 
 
- Providing that level of access would violate my employment agreement. - Legally, they can ask for a paystub or other proof of income, they can’t demand access to employer networks. 
- I don’t want to live on this planet anymore 
- What a shithole country. 
- The article didn’t seem to have a lot of details like which state this took place in. Re-reading it just feels like fear propaganda showing how easy it would be to extort data from renters. - From TFA - The renter 404 Media spoke to said the same “credential-harvesting model now dominates Georgia rentals.” They pointed to other companies such as PayScore, Nova Credit (whose leadership includes an Argyle co-founder), and Snappt which also uses Argyle - Sounds like Georgia is at least one. You need the attention span to read through an otherwise terrible article to get to that point though. - You also have to subscribe to get that far, without it all you get are the first 3 paragraphs. - While I know not everyone can afford it, 404 media is a news source without corporate bias, so you might want to toss them a coin. 
- I’m not subscribed, the link to archive.ph I posted elsewhere on this thread provides it all. 
 
 
- Atlanta (so, Georgia) is mentioned, though I don’t think it’s any particular state as the focus is on two screening services landlords may use. (similar to how Sterling works for background checks, but more invasive) 
 
- The renter 404 Media spoke to said the same “credential-harvesting model now dominates Georgia rentals.” They pointed to other companies such as PayScore, Nova Credit (whose leadership includes an Argyle co-founder), and Snappt which also uses Argyle. - https://tracxn.com/d/companies/argyle/__jLSw-NS4D1Jy__cirwoXjwI_xhB1ADcBewGZRpNl6ds 
- If done before starting a business relationship, at least it telegraphs the petty tyrant for who he is. If it’s a bait-and-switch, with all the inertia of moving your stuff and updating your address… ick… 
- If this is the shit my kid is being asked to do, no wonder he came back to live at home. - I agreed to turn off the camera in his bathroom, but I said I had to leave the camera in his bedroom on because there’s a window, and it’s a security risk. He agreed because it was better than where he was living before. - (I’m totally kidding.) 
- Yeah, this needs to get regulated away right quick. But it won’t. - Remember when “reaping the rewards” required “taking the risk”? 











