Jekyll2023-01-14T08:15:08-08:00/feed.xmlLeopold’s websiteOBS, Zoom and Itempool live all together on Mac2020-08-06T00:00:00-07:002020-08-06T00:00:00-07:00/2020/08/06/obs-zoom-mac<h2 id="the-goal">The goal</h2>
<p>I wanted to be able to have a setup with</p>
<ul>
<li>Screen sharing my desktop (the basics)</li>
<li>My face embedded on the screen with a transparent background (like Twitch streamers :-))</li>
<li>A way to annotate on my screen using a mouse or an iPad</li>
<li>A way to embed itempool.com live Q&A’s (like in <a href="https://www.youtube.com/watch?v=QvuQH4_05LI">3Blue1Brown live videos</a>)</li>
</ul>
<p>And the whole thing should run on Mac (Catalina+) with a recent iPad + stylus (iOS13+) and usable on Zoom.
The goal is to teach a programming workshop.</p>
<p>The quick way would be to share my desktop from Zoom directly, but that’s no fun :-)</p>
<p>In the end that’s how it looks.
The participants only see the top part.</p>
<p>Regular stuff with annotations.
<img src="../../../misc/obs.png" alt="obs" height="400" /></p>
<p>Itempool overlay. Ideally you’d pick a slide related to the question, or just show your face.
<img src="../../../misc/obs_itempool.png" alt="obs+itempool" height="400" /></p>
<h2 id="what-youll-need">What you’ll need</h2>
<ul>
<li>A Mac</li>
<li>Optional: an iPad, to run <a href="https://support.apple.com/en-us/HT210380">Sidecar</a>, with a stylus. If you want to annotate with an iPad.</li>
<li>Optional: some sort of green screen behind you. I made one using those <a href="https://www.michaels.com/fluorescent-poster-board-by-creatology/10591248.html">cheap green posters</a>.
Anything would do. The key is to have a very bright <em>smooth</em> (uniform) green material. I am using 3 sheets (so that’s about 3$) mounted on an unused Canvas.</li>
</ul>
<h2 id="setup">Setup</h2>
<h1 id="a-itempool">A. Itempool</h1>
<ol>
<li>Create an account at <a href="itempool.com">Itempool</a>, pick a nice username (it will show up in the URL the participants use to vote).</li>
<li>Create a pool of questions.</li>
<li>Create a challenge.</li>
<li>Start the live challenge by clicking on “administer live”.</li>
</ol>
<p>You should now be able to use the address https://itempool.com/username/live/stats (change username with yours) to overlay the results on your stream.
This webpage has a transparent background so it can be embedded on top of your screen (or webcam) for instance.</p>
<h1 id="b-optional-mount-your-green-screen">B. (Optional) Mount your green screen</h1>
<p>If you have a green screen, mount it behind you !
The keys are</p>
<ol>
<li>good lighting with no strong shadows;</li>
<li>smooth background.</li>
</ol>
<h3 id="alternative">Alternative</h3>
<p>If you don’t have a green screen, you can use <a href="https://www.chromacam.me/">chromacam</a>. The free version
will</p>
<ul>
<li>capture your webcam,</li>
<li>remove the background and replace if with a green background,</li>
<li>create a virtual webcam from that.</li>
</ul>
<p>You can them use that virtual webcam as a source in OBS, which will then create another virtual webcam for Zoom.
Lots of virtual webcams :-)</p>
<p>There are two issues.</p>
<ul>
<li>There is a watermark in the feed. Not pretty. You can try to filter it out in OBS but it’s a bit tricky and not convenient.</li>
<li>The background removal is OK-ish, but not super accurate. Not as good as Zoom’s built in one.</li>
</ul>
<h1 id="c-install-obs">C. Install OBS</h1>
<ol>
<li>Install <a href="https://obsproject.com/">OBS</a> for Mac</li>
<li>Install <a href="https://github.com/johnboiles/obs-mac-virtualcam">this plugin</a> to create a virtual webcam on Mac.
This will let us create a virtual webcam from the OBS stream, and Zoom will take that as an input, thinking it’s a regular webcam.</li>
<li>Restart your laptop (may or may not matter)</li>
</ol>
<p>If you have issues with this like I did (basically the webcam would not show up in Zoom), try uninstalling <em>completely</em> the plugin, OBS, and reinstalling in the right order, properly.</p>
<h1 id="d-setup-obs">D. Setup OBS</h1>
<p>OBS is a way to arrange different pieces (like a webcam, a screen sharing, some extra text, etc) into one video stream
that you can then feed to Zoom (or other).</p>
<p>Start OBS, and then</p>
<ol>
<li>Add a source “Display Capture”, and resize it to fill the whole window. This will capture your desktop. You can also capture individual windows, but then participants won’t see your mouse pointer.</li>
<li>Add a source “Webcam” and place it somewhere. I use the bottom right.</li>
<li>(Optional, if green screen) Right click on “Webcam”, go to “Filters”, in “Effect Filter” add a “Chroma Key”. You can play with the settings (in particular similarity) so that it catches the green screen properly. It should make your background transparent.</li>
<li>Add a “Browser” and use the Itempool url as “URL”. Resize and position it where you want.</li>
<li>In “Tools” click on “Start virtual camera”</li>
</ol>
<p>Additionaly you can create multiple scenes to have different setups saved, but I haven’t tried that yet.
You click on the “Eye” next to each source to hide it, and you can reorder them (right-click and “Order”) from background to foreground.</p>
<h1 id="e-optional-install-swordsoft-screenink-free-and-setup-sidecar">E. (Optional) Install SwordSoft Screenink Free and setup SideCar</h1>
<ol>
<li>Install SwordSoft Screenink Free from the App store. Any other tool you find would word, but that one is free and works well for me.
You can use this to annotate your screen and point to things.</li>
<li>Connect your iPad to your Mac using Sidecar. Mirror your screen to your iPad, and pick your laptop as the main display.
Combined with Screenink, you can now directly annotate your laptop screen using your stylus. Perfect to points to things or annotate slides.</li>
</ol>
<p>If you heavily annotate slides, I would recommand annotating directly in your PDFs (don’t use Screenink) and saving it to share with participants after.</p>
<h1 id="f-start-zoom">F. Start Zoom</h1>
<ol>
<li>Start your Zoom meeting</li>
<li>In “Share Screen” go to advanced and pick “Content from 2nd Camera”. There, use the “Switch camera” button to pick your OBS virtual webcam.
This is important. If you only replace your regular camera with the OBS virtual webcam, the quality will be very poor (Zoom optimizes for latency there, not quality). You need to use the second camera if you want to share text for instance.</li>
</ol>
<h2 id="limitations">Limitations</h2>
<ul>
<li>Unefortunately, participants won’t be able to annotate your screen. Zoom does not allow annotations on shared “2nd camera”. This is a feature and not a bug, at the moment.</li>
<li>If you use Screenink to annotate your screen, you’ll most likely “lose” all those annotations when you stop or erase them (it actually saves them, but without the “context”, it’s hard to share/reuse).</li>
</ul>The goalLoops are slow in language X. Is it?2019-05-22T00:00:00-07:002019-05-22T00:00:00-07:00/2019/05/22/loops<p>This is an elementary comparison of “loop speeds” in some classical “scientific” languages. See summary at the end.</p>
<p>This experiment was conducted on MacOSX 10.14.5 on</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lcambier$ sysctl -n machdep.cpu.brand_string
Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
</code></pre></div></div>
<h2 id="c-version">C version</h2>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lcambier$ gcc --version
Configured with: --prefix=/Applications/Xcode.app/Contents/Developer/usr --with-gxx-include-dir=/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.14.sdk/usr/include/c++/4.2.1
Apple LLVM version 10.0.1 (clang-1001.0.46.4)
Target: x86_64-apple-darwin18.6.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
</code></pre></div></div>
<h3 id="the-code">The code</h3>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>#include <stdio.h>
#include <chrono>
#include <iostream>
const int N = 100000000;
using namespace std;
int main() {
auto start = std::chrono::system_clock::now();
double prod = 1.0;
double inc = 1.0 / ((double)N);
for(int i = 0; i < N; i++) {
prod *= (1.0 + inc);
}
auto end = std::chrono::system_clock::now();
printf("Prod (~ e?): %e\n", prod);
cout << "C++ tooks " << chrono::duration_cast<std::chrono::microseconds>(end - start).count() << "us.\n";
return 0;
}
</code></pre></div></div>
<h2 id="using--o0">Using -O0</h2>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lcambier$ g++ -O0 loop.cpp -std=c++11
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lcambier$ ./a.out
Prod (~ e?): 2.718282e+00
C++ tooks 316146us.
</code></pre></div></div>
<p>So it took 0.3 secs.
(Part of) the assembly is shown here. The core of the loop is on line <code class="language-plaintext highlighter-rouge">0000000100000fee</code> (add 1 and 1/n) and on <code class="language-plaintext highlighter-rouge">0000000100000ff3</code> (the multiplication).</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>0000000100000fb4 movsd 0xefc(%rip), %xmm0
0000000100000fbc movsd 0xefc(%rip), %xmm1
0000000100000fc4 movq %rax, -0x10(%rbp)
0000000100000fc8 movsd %xmm1, -0x18(%rbp)
0000000100000fcd movsd %xmm0, -0x20(%rbp)
0000000100000fd2 movl $0x0, -0x24(%rbp)
0000000100000fd9 cmpl $0x5f5e100, -0x24(%rbp)
0000000100000fe0 jge 0x10000100b
0000000100000fe6 movsd 0xed2(%rip), %xmm0
0000000100000fee addsd -0x20(%rbp), %xmm0
0000000100000ff3 mulsd -0x18(%rbp), %xmm0
0000000100000ff8 movsd %xmm0, -0x18(%rbp)
0000000100000ffd movl -0x24(%rbp), %eax
0000000100001000 addl $0x1, %eax
0000000100001003 movl %eax, -0x24(%rbp)
0000000100001006 jmp 0x100000fd9
</code></pre></div></div>
<h2 id="using--o3">Using -O3</h2>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lcambier$ gcc -O3 loop.c
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lcambier$ ./a.out
Prod (~ e?): 2.718282e+00
C++ tooks 128346us.
</code></pre></div></div>
<p>So about 0.12 secs.
The assembly (partial) is shown here. Compare with the above. The loop unrolling is clear on line <code class="language-plaintext highlighter-rouge">0000000100000a80</code> to <code class="language-plaintext highlighter-rouge">0000000100000aa4</code>.
This likely explains the performances differences with the -O3 version.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>0000000100000a65 movsd 0x493(%rip), %xmm1
0000000100000a6d movq %rax, %r14
0000000100000a70 movsd 0x490(%rip), %xmm0
0000000100000a78 nopl (%rax,%rax)
0000000100000a80 mulsd %xmm0, %xmm1
0000000100000a84 mulsd %xmm0, %xmm1
0000000100000a88 mulsd %xmm0, %xmm1
0000000100000a8c mulsd %xmm0, %xmm1
0000000100000a90 mulsd %xmm0, %xmm1
0000000100000a94 mulsd %xmm0, %xmm1
0000000100000a98 mulsd %xmm0, %xmm1
0000000100000a9c mulsd %xmm0, %xmm1
0000000100000aa0 mulsd %xmm0, %xmm1
0000000100000aa4 mulsd %xmm0, %xmm1
0000000100000aa8 addl $-0xa, %ebx
0000000100000aab jne 0x100000a80
0000000100000aad movsd %xmm1, -0x18(%rbp)
</code></pre></div></div>
<h2 id="julia">Julia</h2>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lcambier$ julia --version
julia version 1.1.0
</code></pre></div></div>
<p>Then, from the REPL</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>using Printf
function main()
@time begin
N = 100000000
inc = 1.0 / N
prod = 1.0
for i = 1:N
prod = prod * (1.0 + inc)
end
end
@printf("Julia Prod (~ e?): %e\n", prod)
end
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>julia> include("loop.jl")
main (generic function with 1 method)
julia> main()
0.131840 seconds
Julia Prod (~ e?): 2.718282e+00
julia> main()
0.147879 seconds
Julia Prod (~ e?): 2.718282e+00
</code></pre></div></div>
<p>The second timing should be the reference. The first one includes the JIT (“compilation”).</p>
<h2 id="python">Python</h2>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lcambier$ python3 --version
Python 3.6.8 :: Anaconda custom (x86_64)
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>import time
def main():
t0 = time.time()
N = 100000000
inc = 1.0 / N
prod = 1.0
for i in range(N):
prod = prod * (1.0 + inc)
print("Python Prod (~ e?): {}\n".format(prod))
t1 = time.time()
print("Time: {} s.".format(t1-t0))
main()
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lcambier$ python3 loop.py
Python Prod (~ e?): 2.71828179834636
Time: 6.2512829303741455 s.
</code></pre></div></div>
<h2 id="matlab">Matlab</h2>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>tic();
N = 100000000;
inc = 1/N;
prod = 1.0;
i = 1;
while i < N
prod = prod * (1 + inc);
i = i+1;
end
fprintf('Matlab Prod (~ e?): %e\n', prod);
toc();
</code></pre></div></div>
<p>From the Matlab prompt</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>>> loop
Matlab Prod (~ e?): 2.718282e+00
Elapsed time is 125.433666 seconds.
</code></pre></div></div>
<h2 id="go">Go</h2>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>package main
import "fmt"
func main() {
N := 100000000
inc := 1.0 / float64(N)
prod := 1.0
for i := 0; i < N; i++ {
prod = prod * (1.0 + inc)
}
fmt.Println("Go Prod (~ e?): %e\n", prod)
}
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lcambier$ time ./comp_loop
Go Prod (~ e?): %e
2.71828179834636
real 0m0.146s
user 0m0.140s
sys 0m0.003s
</code></pre></div></div>
<h2 id="summary">Summary</h2>
<ul>
<li>C(-O0): 0.3 secs</li>
<li>C(-O3): 0.12 secs</li>
<li>Julia: 0.14 secs</li>
<li>Python: 6.2 secs</li>
<li>Matlab: 125 secs</li>
<li>Go: 0.14 secs</li>
</ul>
<p>We can safely assume that the 0.15 secs is pretty much as good as we could do for a compiled (or JIT) language.
The -O0 is slower simply because of the lack of any optimization.
Python, as expected, is significantly slower (it’s interpreted).
And Matlab, well…</p>This is an elementary comparison of “loop speeds” in some classical “scientific” languages. See summary at the end.Some thoughts on digital security2019-01-25T00:00:00-08:002019-01-25T00:00:00-08:00/2019/01/25/security<h2 id="what-is-this-and-who-is-this-for">What is this and who is this for?</h2>
<p>Those are my thoughts on “digital security” for <em>normal people</em>.
This is not for journalists, politicians or anyone who think they could be a target of a powerful “actor”.
This is more for normal people who care and try to protect themselves with the most with basic tools and techniques.</p>
<p>Note that this is not, at all, about privacy.</p>
<p>Finally, this is centered around the US, but most of the advices are valid everywhere else.</p>
<h2 id="web-101">Web 101</h2>
<p>What to do to properly secure your online accounts.</p>
<h3 id="passwords-hygiene">Passwords hygiene</h3>
<ol>
<li><strong>DO NOT</strong> reuse passwords.
Why? Because poorly-secured websites get hacked and <a href="https://haveibeenpwned.com/">leack your stuff everyday</a>.
If you had an account there, your login/password pair is now probably public, or can be bought for 1$ on the “dark web”.</li>
<li>Avoid very short or trivial passwords. My favorite: just pick three or four random words. <a href="https://www.xkcd.com/936/">Related XKCD post</a>.</li>
<li>Use a password manager to store all your unique passwords.
The idea is to store all your passwords in an encrypted database readable by you only.
Most have autofill features to make the workflow as easy as possible, and passwords generation features.
Of course, a password manager means you do have to place <em>some</em> trust in it, especially if it’s commercial and/or closed sources.
Some examples or relatively well known and trusted solutions:
<ul>
<li><a href="https://keepass.info/">Keepass</a> (FOSS, Windows only, many forks for other platforms). A bit clunky but well trusted. Works with a local encrypted file that you can sync between devices with Dropbox or other.</li>
<li><a href="https://1password.com/">1password</a> (Commercial, all platforms, pretty expensive). Sync across devices, very smooth interface. What I personally use.</li>
<li><a href="https://bitwarden.com/">Bitwarden</a> (Commercial but open source, all platforms). Open source, sync across devices.</li>
<li><a href="https://www.lastpass.com/">Lastpass</a> (Commercial, free version, all platforms). Not a big fan of the interface, but fine.</li>
</ul>
</li>
</ol>
<p>Personally, I always thought <a href="https://www.dashlane.com/">Dashlane</a> was very “fear-mongering” (they mix their password manager with “Dark web monitoring” and other “VPNs”), but that’s just my opinion.
Finally, you can use Apple’s Keychain, or Chrome password manager. I personally prefer to keep my password manager separated from my Google/Apple accounts/devices, but that’s probably fine as well.</p>
<p>In the worst case, if you think your home is safe enough, a notebook can be pretty good. But not very convenient, and it better doesn’t get stolen.</p>
<p><a href="https://www.xkcd.com/538/">Another related XKCD</a></p>
<h3 id="use-2fa-everywhere">Use 2FA everywhere</h3>
<p>Use two factor authentication everywhere you can.
It means to log in you will need something you <em>know</em> (your unique password) and something you <em>have</em> in your hand, typically your phone. You typically need to enter the second factor every month or so. The idea is to protect you if you password ever gets leaked, somehow.
You have four possible choices:</p>
<ul>
<li>A text send by SMS. Not great, because of the SIM porting issue. Better than nothing, but I would stay away from it. More below.</li>
<li>A one-time “pseudorandom” code generated by an app like Google authenticator. A fine option for most people.</li>
<li>A push sent to Duo or the app version of the website. Fine, but requires a new app for each website.</li>
<li>A security key implementing the U2F standard. The best, by far. See how <a href="https://www.pcmag.com/news/362659/to-stop-phishing-google-gave-security-keys-to-all-employees">It helped Google prevent phishing</a>. Not all website support it, but many important ones (Google, Facebook, Microsoft, Dropbox, …) do.</li>
</ul>
<p>Make sure you have <strong>backups</strong> of your 2FA (like 1 key and 1 app, or 2 keys, or 2 apps on 2 phones). You don’t want to get locked out because your account is <em>too secure</em>.</p>
<p><img src="../../../misc/2fa.png" alt="2FA" height="600" /></p>
<p>Why are security keys the best ? Basically, they are mini “crypto engines”. When you register the key with a website, the key will generate a public/private key pair, and send the public key to the website.
Then, when logging in the next time, you can prove you are yourself by signing a message using the private key that only you have, and this private key never leaves the physical device (<a href="https://developers.yubico.com/U2F/Protocol_details/Overview.html">I am oversimplifying</a>).
This is similar to SSH keys, and infinitely superior to passwords, since you never share anything secret with anyone. It also enables powerful anti-phising features.</p>
<h3 id="avoid-using-your-phone-number-for-recovery2fa">Avoid using your phone number for recovery/2FA</h3>
<p>Phones companies are very, very bad at keeping accounts secure.
The usual attack is someone calls your provider, claiming to be you, and asking to <em>port</em> your phone number to a new SIM card. If he’s convincing enough (your are a paying customer, after all), he may successfully convince the rep that he is you and port your phone number to another device. From there, all texts and calls will be redirected to the attacker’s device.</p>
<p>The worst is when the phone number is used for <em>both</em> password recovery and 2FA texts verification (that’s my Bank, <a href="https://www.sfcu.org">SFCU</a>, default…). In that case, it’s basically over, and the attacker has full access to your accounts.
For those reasons, I would stay away from using your phone number for anything security related.
The only good thing about phone # is that they are hard to loose (since, well, they can easily be ported).</p>
<p>This section relevance certainly varies depending on where you live. That being said, the issue with phone remains the same: you’re including a third-party in the loop (you have to trust, a lot, your carrier), which is better to avoid if you can.</p>
<h3 id="do-periodic-checks">Do periodic checks</h3>
<p>Every 3 months or so, check all your important accounts (Google, Microsoft, Apple, Dropbox, Facebook, Instagram, …):</p>
<ul>
<li>That all the recovery emails are up-to-date</li>
<li>That all 2FA methods are under your control and that you have backups of them</li>
<li>That you’re not connected to anything suspicious</li>
</ul>
<h2 id="phones">Phones</h2>
<ul>
<li>Setup a “Porting PIN” or “Account PIN”. Regardless of the SIM porting issue, it’s a good idea to make sure you have a PIN to protect your account. Call you provider and set this up right now.
It probably won’t prevent a very determined person, but that can help. Unless the criminal works for your carrier.</li>
<li><strong>DO NOT</strong> ever trust a called ID (i.e., the number showing up on your phone when someone calls). Never provide confidential information by replying to a call. Hang up and call back the number by looking it up online or on your card/statements.</li>
</ul>
<h2 id="random-advices">Random advices</h2>
<ul>
<li>Make sure you have backups of your laptop and phone. If you don’t, you <strong>will</strong> eventually lose (potentially important) data. It doesn’t just happen to others. What I personally have:
<ul>
<li>A (encrypted) 4 TB disk, next to my desk at home, backed up to using time machine;</li>
<li>A cloud backup using <a href="https://www.backblaze.com/">Backblaze</a>.</li>
</ul>
</li>
<li>Encrypt your phone, laptop and backup disks. It’s of limited use, but better than nothing. It’s by default on iOS, easy to set up on Android and Mac.</li>
<li>Enable auto-updates on your phone & laptop.</li>
<li>Put a 6-digits PIN on your phone. Forget those silly patterns, it’s way too easy to eavesdrop on.</li>
<li>Don’t enter any informations after having clicked on a link in emails (or SMS or texts). Or just don’t click on links in emails.</li>
</ul>
<h2 id="credit-fraud-aka-identity-theft">Credit Fraud (aka “Identity theft”)</h2>
<p>I hate the word “Identity theft”. It’s a way for companies to shift the blame on you for them not doing their job properly. Your dog still recognizes you.</p>
<p>So what’s the issue?
You have those companies, CRA’s (Credit Reporting Agencies - aka Equifax, Transunion and Experian, but also Innovis) that collect credit-related data on Bank’s customer. They get this info from the Banks directly.
Typically, in the US, people are uniquely identified using their SSN (Social Security Number).
Then, next time you ask for a loan, you will provide your name, a couple of info, and your SSN, and the bank will take a look at your file (what’s called a “Hard Pull”). They will also assume that if you have all that info, that’s enough to assume you are the one you claim you are.</p>
<p>The issue is that the SSN is <a href="https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do">basically public at this point</a>.
So the typical issue is a criminal will try to impersonate you, get a credit card “under your name”, buy a bunch of TV’s from Walmart and never pay the card.
Eventually, debt collectors will start running after you.
So, while you won’t be responsible for any debt assigned to you because of fraud, you will still be the one responsible for fixing it, somehow (since otherwise, delinquent debt will stay on your reports, and destroy your credit score).
What can you do ?</p>
<ul>
<li>Keep all confidential information secure. Don’t let your tax returns in the bin next to the printer.</li>
<li>Monitor your credit reports for anything suspicious. Federal Law (the <a href="https://www.ecfr.gov/cgi-bin/text-idx?SID=2b1fab8de5438fc52f2a326fc6592874&mc=true&tpl=/ecfrbrowse/Title16/16CIsubchapF.tpl">Fair Credit Reporting Act</a>) mandates those companies to give your your report for free every year. See the <a href="https://www.consumer.ftc.gov/articles/0155-free-credit-reports">FTC’s website</a> on free credit reports available <a href="https://www.annualcreditreport.com">here</a>.</li>
<li>Freeze your credit with all those agencies. You will receive a PIN. Without lifting the freeze using this PIN, the creditors won’t be able to pull you report, usually preventing them to give credit to the criminal. It’s all (placing, lifting and removing the freeze) free by Law. See the <a href="https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs">FTC’s website</a> on security freezes.</li>
</ul>
<p>Finally,</p>
<ul>
<li>Please, don’t pay those companies for “Monitoring” services. It’s like the mafia.</li>
<li>A “Credit Lock” is not the same as a “Credit Freeze”. The former is not regulated by law. The later is. Those shady companies are pushig for their home-cooked unregulated lock, because it’s, well, unregulated.</li>
<li>The issue shows up in other industries as well (defrauding the IRS to get a tax refund using your SSN, putting “utility bills” in your name, etc) but maybe less often. Just be aware that this is not only limited to the credit industry.</li>
</ul>
<h2 id="some-useful-links">Some useful links</h2>
<ul>
<li>A <a href="https://krebsonsecurity.com/">very good blog</a> about all sorts of security issues for “normal people”</li>
<li>A <a href="https://haveibeenpwned.com/">great website</a> to check wether your email (or password) is involved in any known breach, by <a href="https://twitter.com/troyhunt">Troy Hunt</a></li>
</ul>What is this and who is this for?