|
with no oversight and selecting for the lowest priced, most desperate people you're just asking to have them keep it and try to sell it at least if it was done by proper employees you'd have paper trails and a recourse if they leaked it
|
# ? Nov 26, 2017 03:29 |
|
|
# ? May 30, 2024 13:21 |
|
BattleMaster posted:with no oversight and selecting for the lowest priced, most desperate people you're just asking to have them keep it and try to sell it i don't think there's much in the way of proper paper trails at office somewhere in asia #49595 or call center in rusting suburbia #9685. you know, the places that would be used instead of/in addition to mturk like it's an app that's "take pictures of any random receipt you have with your generic consumer cell phone plus send us your credit card info, we'll figure out what your expense report should be". you're guaranteed to have a shitload of low quality barely legible shots and you'd need magical OCR tech that doesn't exist to do it, but they obviously want the cheapest costs for having it read. you're going to have massive amounts of personal info exposed to random underpaid people with very little control on who sees it no matter what.
|
# ? Nov 26, 2017 03:53 |
|
fishmech posted:i don't think
|
# ? Nov 26, 2017 04:14 |
|
sorry you're mad about the fact that a company which says "hey send us all your personal info with an app and we'll have people look at it" well, gets all your personal info and has people look at it?
|
# ? Nov 26, 2017 04:20 |
|
fishmech posted:i don't think
|
# ? Nov 26, 2017 04:23 |
|
fishmech posted:i don't think there's much in the way of proper paper trails at office somewhere in asia #49595 or call center in rusting suburbia #9685. you know, the places that would be used instead of/in addition to mturk it never worked that well for me by ocr standards so I’m a little surprised they were always using people. and yes I have to use it because that’s what my company uses. if there’s another system allowed I probably wouldn’t get reimbursed within 72 hours
|
# ? Nov 26, 2017 04:59 |
|
doesn't read either because the secfuck is clearly this issue https://twitter.com/Rochelle/status/933515448741535744 and not some imagined grievance against ocr
|
# ? Nov 26, 2017 05:03 |
|
anthonypants posted:doesn't read either because the secfuck is clearly this issue https://twitter.com/Rochelle/status/933515448741535744 and not some imagined grievance against ocr uh, lol you're the one who can't read here dude. how the gently caress did you think all of this random data from receipts was going to be entered into their systems, in a way that's least prone to errors. it's by people reading the things and entering them into computers, and also people verifying things already entered digitally eg when pulling directly from emailed receipts, to ensure proper billing is done. but i'll ask you too, why do you think mturk workers are less trustworthy than the barely minimum wage in-country call center type employees or the overseas sweatshop workers who'll go right on to pulling tech support scripts the next day? hobbesmaster posted:it never worked that well for me by ocr standards so Im a little surprised they were always using people. the way these things go is things are run through ocr first and then also shown to a human because especially the user-photographed receipts are likely to be curled or blurry or whatever and its hard for a computer to do that cheaply and quickly. then you also get some human cross-checking on things that are fed into the apps direct from email or whatever, as you never know when an emailed receipt thing might be using a weird format.
|
# ? Nov 26, 2017 05:22 |
|
fishmech posted:uh, lol you're the one who can't read here dude. The secfuck has nothing to do with OCR. The secfuck is they're crowdsourcing handling of customer PII to literally random people.
|
# ? Nov 26, 2017 05:29 |
|
fishmech posted:uh, lol you're the one who can't read here dude.
|
# ? Nov 26, 2017 05:33 |
|
anthonypants posted:you dense child. don't give them the benefit of a reply
|
# ? Nov 26, 2017 05:37 |
|
anthonypants posted:the first sentence in this tweet is "I wonder if Expensify SmartScan users know MTurk workers enter their receipts." it is a question directed at expensify's users, and not the infosec industry or at computer touchers you dense child. Never argue with an idiot. They will only bring you down to their level and beat you with experience.
|
# ? Nov 26, 2017 05:44 |
|
ErIog posted:The secfuck has nothing to do with OCR. The secfuck is they're crowdsourcing handling of customer PII to literally random people. and thats not a secfuck thats literally the only way doing this company could work. why are you people so stuipid that you think i'm talking about ocr when i explicitly say why they can't rely on ocr, and need people? anthonypants posted:the first sentence in this tweet is "I wonder if Expensify SmartScan users know MTurk workers enter their receipts." it is a question directed at expensify's users, and not the infosec industry or at computer touchers you dense child. and your point is?
|
# ? Nov 26, 2017 05:46 |
|
fishmech posted:and thats not a secfuck what product are you referring to? the one I use with Expensify requires a photo of the receipt and details of the expense. there is no requirement that expensify validate that the receipt matches the expense. at the end of a trip if I’ve compiled everything correctly I’ll just select all outstanding receipts, possibly enter some text about it for my supervisor (ie “yes the conference hotel was $500 a night I hate Silicon Valley“) and it’s off to be approved by boss and accounting. at no step in this process is it required for anyone employed or contracted by expensify to actually look at my receipts unless I or my company explicitly asks for it by pushing that smart scan button. I now know to never push that thing
|
# ? Nov 26, 2017 05:59 |
|
I'm the requirement that now consumers are required to implicitly understand how their data is used by every company, no matter the level of their technical knowledge.
|
# ? Nov 26, 2017 06:05 |
|
fishmech posted:and thats not a secfuck showing your receipts to randos on Mechanical Turk is not the only way this company could work the company could show your receipts to their vetted trusted employees, or as they lie in their FAQ, "secure technicians"
|
# ? Nov 26, 2017 06:11 |
|
in general yes, i'd assume that someone who has an actual employment relationship with a business that digitizes receipts is at least very slightly more trustworthy than an anonymous person visiting the mechanical turk website. like, you can accept these tasks and look at people's receipts and stuff without even logging in.
|
# ? Nov 26, 2017 06:21 |
|
hobbesmaster posted:what product are you referring to? the one I use with Expensify requires a photo of the receipt and details of the expense. there is no requirement that expensify validate that the receipt matches the expense. at the end of a trip if I’ve compiled everything correctly I’ll just select all outstanding receipts, possibly enter some text about it for my supervisor (ie “yes the conference hotel was $500 a night I hate Silicon Valley“) and it’s off to be approved by boss and accounting. do you not see why a company claiming to simplify expense reports would want to check whether the receipt proof matches to what was entered? that seems bizarre. pseudorandom name posted:showing your receipts to randos on Mechanical Turk is not the only way this company could work again, the onshore temps or offshore employees they'd be hiring instead present exactly as much of a "security risk" as the mturk workers do. in fact, they're often going to be the very same people Jabor posted:in general yes, i'd assume that someone who has an actual employment relationship with a business that digitizes receipts is at least very slightly more trustworthy than an anonymous person visiting the mechanical turk website. then you are a fool.
|
# ? Nov 26, 2017 06:25 |
|
Auditable procedures for how to have employees in centers handling PII exist, while you can't even have that as a possibility for some random on MTurk Come on Fishmech, do you honestly think banks that outsource to the Philippines would just use MTurk too if only they knew it existed?
|
# ? Nov 26, 2017 06:28 |
|
"and what's the big deal with all these companies leaving user data in publicly-accessible s3 buckets? it's not any worse than if the data was only accessible to the outsourcing agency hired to process that data" - fishmech
|
# ? Nov 26, 2017 06:30 |
|
fishmech posted:do you not see why a company claiming to simplify expense reports would want to check whether the receipt proof matches to what was entered? that seems bizarre. that’s not a feature my company uses if it is even offered. what’s a valid expense report is up to my company
|
# ? Nov 26, 2017 06:40 |
|
anthonypants posted:doesn't read either because the secfuck is clearly this issu and not some imagined grievance against ocr gently caress ocr and the harse it rodø in om
|
# ? Nov 26, 2017 07:03 |
|
hobbesmaster posted:that’s not a feature my company uses if it is even offered. what’s a valid expense report is up to my company Then why are they making use of this app for none of the unique features? Volmarias posted:Auditable procedures for how to have employees in centers handling PII exist, while you can't even have that as a possibility for some random on MTurk You can have them on mturk, many only let you work for real after passing various tests and proving identity and stuff. It's only going to be as good as hiring random people off the street as they do though Are you suggesting they don't?
|
# ? Nov 26, 2017 07:35 |
|
fishmech posted:Then why are they making use of this app for none of the unique features? You can't prove that someone didn't write down your credit card number while they work in their bedroom, while you can in a call center.
|
# ? Nov 26, 2017 07:38 |
|
Volmarias posted:You can't prove that someone didn't write down your credit card number while they work in their bedroom, while you can in a call center. Actually in your average call center you can't prove that either.
|
# ? Nov 26, 2017 07:44 |
|
smartest child in america is an expert on call center management practices color me shocked
|
# ? Nov 26, 2017 08:18 |
|
imagine thanksgiving dinner with the fishmech family lol
|
# ? Nov 26, 2017 10:02 |
|
bicycle posted:imagine thanksgiving dinner with the fishmech family lol An endless cacophony of "Well, actually..." like some insidious feed back loop.
|
# ? Nov 26, 2017 11:28 |
|
bicycle posted:imagine thanksgiving dinner with the fishmech family lol edit wars over how to cook the turkey
|
# ? Nov 26, 2017 11:29 |
|
minor secfuck: in order to use any of google's own data migration tools* you have to turn off 2fa and enable "less secure apps" on all accounts involved. evidently their own internal tools don't work with oath2 or 2fa their migration tool in g suite supports oauth2, except not, because it doesn't work and the official guidance from support is to enable less secure apps *e.g. moving data between gmail and g suite or between g suite accounts
|
# ? Nov 26, 2017 11:59 |
|
Stop engaging fishmech.
|
# ? Nov 26, 2017 12:10 |
|
clicked back after the last time i read this thread hoping for more dickrobots, got a savage fishmeching instead not too happy tbh
|
# ? Nov 26, 2017 13:13 |
|
https://twitter.com/adamcaudill/status/934592341624713216 surprisingly uses https to leak all your data though
|
# ? Nov 26, 2017 14:04 |
|
Inexplicable Humblebrag posted:clicked back after the last time i read this thread hoping for more dickrobots, got a savage fishmeching instead my scroll-whell is cooked
|
# ? Nov 26, 2017 14:13 |
|
lmao yall getting fishmeched over something he clearly has no idea about
|
# ? Nov 26, 2017 17:28 |
|
Da Mott Man fucked around with this message at 22:01 on Nov 26, 2017 |
# ? Nov 26, 2017 20:03 |
|
seems to be broken with https, here's an imgur
|
# ? Nov 26, 2017 20:20 |
|
Malcolm XML posted:lmao you're not supposed to use a word in its own definition hth
|
# ? Nov 27, 2017 00:45 |
|
I too am okay with pii not being treated like pii Hey, i need to run a hospital, but the only way I can make it work is to not hire medical professionals.
|
# ? Nov 27, 2017 05:29 |
|
|
# ? May 30, 2024 13:21 |
|
the firmware of apple's secure enclave processor has been decrypted https://hackaday.com/2017/08/18/apples-secure-enclave-processor-sep-firmware-decyrpted/ does this mean people will be able to pull out stored credentials?
|
# ? Nov 27, 2017 06:31 |