Feed aggregator

Suni Williams and Butch Wilmore have been on the International Space Station for 20 weeks. They were only supposed to be there for eight days.

Proton VPN is fast, excellent for streaming and prioritizes privacy, all while offering the best (and only) free plan we recommend.

Reduce your burden and get prescription medications delivered with the best prescription delivery services.

The Consumer Finance Protection Bureau (CFPB) has just finalized a rule that makes it easy and safe for you to figure out which bank will give you the best deal and switch to that bank, with just a couple of clicks. 

We love this kind of thing: the coolest thing about a digital world is how easy it is to switch from product or service to another - in theory. Digital tools are so flexible, anyone who wants your business can write a program to import your data into a new service and forward any messages or interactions that show up at the old service.

That's the theory. But in practice, companies have figured out how to use law - IP law, cybersecurity law, contract law, trade secrecy law - to literally criminalize this kind of marvelous digital flexibility, so that it can end up being even harder to switch away from a digital service than it is to hop around among traditional, analog ones.

Companies love lock-in. The harder it is to quit a product or service, the worse a company can treat you without risking your business. Economists call the difficulties you face in leaving one service for another the "switching costs" and businesses go to great lengths to raise the switching costs they can impose on you if you have the temerity to be a disloyal customer. 

So long as it's easier to coerce your loyalty than it is to earn it, companies win and their customers lose. That's where the new CFPB rule comes in.

Under this rule, you can authorize a third party - another bank, a comparison shopping site, a broker, or just your bookkeeping software - to request your account data from your bank. The bank has to give the third party all the data you've authorized. This data can include your transaction history and all the data needed to set up your payees and recurring transactions somewhere else.

That means that - for example - you can authorize a comparison shopping site to access some of your bank details, like how much you pay in overdraft fees and service charges, how much you earn in interest, and what your loans and credit cards are costing you. The service can use this data to figure out which bank will cost you the least and pay you the most. 

Then, once you've opened an account with your new best bank, you can direct it to request all your data from your old bank, and with a few clicks, get fully set up in your new financial home. All your payees transfer over, all your regular payments, all the transaction history you'll rely on at tax-time. "Painless" is an admittedly weird adjective to apply to household finances, but this comes pretty darned close.

Americans lose a lot of money to banking fees and low interest rates. How much? Well, CFPB economists, using a very conservative methodology, estimate that this rule will make the American public at least $677 million better off, every year.

Now, that $677 million has to come from somewhere, and it does: it comes from the banks that  are currently charging sky-high fees and paying rock-bottom interest. The largest of these banks are suing the CFPB in bid to block the rule from taking effect.

These banks claim that they are doing this to protect us, their depositors, from a torrent of fraud that would be unleashed if we were allowed to give third parties access to our own financial data. Clearly, this is the only reason a giant bank would want to make it harder for us to change to a competitor (it can't possibly have anything to do with the $677 million we stand to save by switching).

We've heard arguments like these before. While EFF takes a back seat to no one when it comes to defending user security (we practically invented this), we reject the idea that user security is improved when corporations lock us in (and leading security experts agree with us).

This is not to say that a bad data-sharing interoperability rule wouldn't be, you know, bad. A rule that lacked the proper safeguards could indeed enable a wave of fraud and identity theft the likes of which we've never seen.

Thankfully, this is a good interoperability rule! We liked it when it was first proposed, and it got even better through the rulemaking process.

First, the CFPB had the wisdom to know that a federal finance agency probably wasn't the best - or only - group of people to design a data-interchange standard. Rather than telling the banks exactly how they should transmit data when requested by their customers, the CFPB instead said, "These are the data you need to share and these are the characteristics of a good standards body. So long as you use a standard from a good standards body that shares this data, you're in compliance with the rule." This is an approach we've advocated for years, and it's the first time we've seen it in the wild.

The CFPB also instructs the banks to fail safe: any time a bank gets a request to share your data that it thinks might be fraudulent, they have the right to block the process until they can get more information and confirm that everything is on the up-and-up.

The rule also regulates the third parties that can get your data, establishing stringent criteria for which kinds of entities can do this. It also limits how they can use your data (strictly for the purposes you authorize) and what they need to do with the data when that has been completed (delete it forever), and what else they are allowed to do with it (nothing). There's also a mini "click-to-cancel" rule that guarantees that you can instantly revoke any third party's access to your data, for any reason.

The CFPB has had the authority to make a rule like this since its founding in 2010, with the passage of the Consumer Financial Protection Act (CFPA). Back when the CFPA was working its way through Congress, the banks howled that they were being forced to give up "their" data to their competitors.

But it's not their data. It's your data. The decision about who you share it with belongs to you, and you alone.

Enjoy a 31% discount on an excellent gaming mouse and watch your performance skyrocket.

Article URL: https://kde.org/fundraisers/yearend2024/

Comments URL: https://news.ycombinator.com/item?id=41993998

Points: 1

# Comments: 0

Article URL: https://www.anthropic.com/research/evaluating-feature-steering

Comments URL: https://news.ycombinator.com/item?id=41993995

Points: 1

# Comments: 0

There are so many great Ask HN threads asking about book recommendations, so I combined all of them and extracted the books mentioned in them.

I hope you find a good book! Feedback is welcome :)

Comments URL: https://news.ycombinator.com/item?id=41993987

Points: 1

# Comments: 0

Article URL: https://www.depesz.com/2013/01/28/index-on-ab-vs-ba/

Comments URL: https://news.ycombinator.com/item?id=41993986

Points: 1

# Comments: 0

Hi, I've been building Lighthouse for the better part of a year, and now seems to be a good opportunity to do a Show HN.

Lighthouse is a RSS feed reader, and also supports subscribing to newsletters.

It works really well for personal content curation, because differently from most readers, new content first arrives in the Lighthouse Inbox, where articles are either bookmarked (to move to library) or archived.

The assumption is that even if you subscribed to a feed or newsletter, it doesn't mean you want to read everything they post. So an additional curation step helps keeping unwanted content out.

Would love to know what you think about it!

Comments URL: https://news.ycombinator.com/item?id=41993985

Points: 1

# Comments: 0

Article URL: https://www.fourmilab.ch/documents/OhMyGodParticle/

Comments URL: https://news.ycombinator.com/item?id=41993977

Points: 1

# Comments: 0

Article URL: https://www.cnbc.com/2024/10/28/jpmorgan-suing-customers-over-infinite-money-glitch.html

Comments URL: https://news.ycombinator.com/item?id=41993965

Points: 1

# Comments: 0

Article URL: https://arxiv.org/abs/2410.20587

Comments URL: https://news.ycombinator.com/item?id=41993962

Points: 1

# Comments: 0

Article URL: https://finance.yahoo.com/news/p-500-decade-big-gains-081931407.html

Comments URL: https://news.ycombinator.com/item?id=41993957

Points: 2

# Comments: 0

Foldable phones from Google and Samsung each have their own strengths and weaknesses when it comes to photography.

I took the Lotus Eletre EV on a huge road trip, facing deserts, blizzards and painfully narrow mountain roads.

Fortinet has updated their security advisory addressing a critical FortiManager vulnerability (CVE-2024-47575) to include additional workarounds and indicators of compromise (IOCs). A remote, unauthenticated cyber threat actor could exploit this vulnerability to gain access to sensitive files or take control of an affected system. At this time, all patches have been released.

CISA previously added this vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation, as confirmed by Fortinet.

CISA strongly encourages users and administrators to apply the necessary updates, hunt for any malicious activity, assess potential risk from service providers, report positive findings to CISA, and review the following articles for additional information: 

• Fortinet Advisory FG-IR-24-423, 
• CISA alert on the Fortinet FortiManager Missing Authentication Vulnerability, 
• Google Threat Intelligence article Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575).