errant-ezra
A Whole Lot Of Nothing
My silly little gay blog. Run by a 23 year old disaster queer. Sometimes I do witchy stuff. Sometimes I talk about Drawfee or TlT or my goofy-ass sword friends. That’s basically my whole personality. He/him
350 posts
Don't wanna be here? Send us removal request.
Last Seen Blogs
jackskeleton77
Untitled
zizzigayo
Racconti ed Eros. Fantasia? Realtà?
withlovebarb
WITH LOVE BARBARA
timokrausworld
Timo Kraus
corrector-blog
Corrector
Note
My yearbook quote was “Be undeniable” which was a quote from Nathan in one of the anime history eps (the one with Bessie Stringfield)
hi idk if this is a weird ask but I'm graduating highschool in a few months and i want my senior quote to be a drawfee quote, do you have any recommendations? I'm indecisive and i figure crowdsourcing my senior quote would be extremely funny anyway <3
oH gODD THE PRESSURE. uhhdnnfgn. personally i think any of them would be great i dont think drawfee ever had a bad track and it just depends on how much u want to incriminate urself lmao. like i would say sonic butthole saga related but i don't want that on my conscience . if anyOne else has recs tho !!!!!
87 notes
·
View notes
Text
Drawfee, a comedy art YouTube and Twitch channel with almost 2Million subscribers
also having charity stream for Palestine Children Relief Fund
On February 24, 2024 3pm-6pm United States Eastern TimeZone (ET) on Twitch.
(A lot "nonpolitical" channels n people are able show support n help, in own ways. Don't forget you matter.)
https://twitch.tv/drawfeeshow/schedule
13K notes
·
View notes
Text
9K notes
·
View notes
Text
I work in IT and have some recommendations that can help prevent scams like this!
1. Never follow a direct link unless you’re 100% sure it goes where it says it will go (for example, if you just signed up for a service and it sent you a confirmation link, that’s ok because it’s one that you are expecting. Even then, I recommend hovering over the link if you’re on desktop to make sure the url matches what it says it is). If you’re not sure, go to your browser and go to the site directly instead of clicking the link.
2. Make sure everything lines up. Are there misspellings? Does the email address make sense? When you hover over the sender, does it match what it says it should be? If it’s from a certain service, should that service have access to this email account (ex: I don’t have any social media connected to my work account, so any emails from them sent there would be suspicious)? If any of this feels off, dig a bit deeper before going ahead with it.
3. If it’s a phone call from the bank/anything else that seems urgent but requires personal info to validate, call them directly. You can even save the phone number so that if you get a call from someone who isn’t that number but claims to be, you know something might be up.
3b. If it’s a message or call from a family member or friend, but is very vague/asks for personal info/requires you to click a link, contact them directly. I keep seeing these Facebook posts that friends get tagged in which are just a link to a “video” with a caption like “is this you?” Or “I can’t believe they’re gone.” If you see anything like that, definitely let the friend/family member who posted it know so they can change their passwords. This is less common, but I’ve also seen people talking about AI voice replications being used to scam people- calling and pretending to be a family member in an emergency. I’m not sure if this is something that’s actually happening or more of an urban legend, but if you do get a call like this, obviously don’t send them any money or share any personal info unless they’re able to first provide proof that they are who they say they are. Personally, if any of my family members were in an emergency, I doubt they would be asking for money or my card info.
4. Scams and phishing are built on social psychology. It’s much easier to feed off a person’s fear/stress than it is to hack into a system externally. Are you being given an urgent call to action? Is there a threat of negative consequences if you don’t act quickly? If so, you are very likely being scammed. Once again, try to access whatever it is from an external source (call/go to the website yourself) to validate whether the issue is real. Bank calling about fraudulent charges? Check your online banking app or call the bank back. Subscription is lapsing and you should renew now to get 20% off? Go to the site and see for yourself if that’s the case. Login from an unrecognized device? Go to the page, change the password and log out from all devices.
5. If you ever get a double login screen, close out of the site, retype the url and try again. If you click a link and it takes you to a login screen (I’m sure you’ve all realized the pattern here by now) go to the site directly and login from there.
6. If you’re at all concerned that you may have fallen for a scam, that’s ok! It happens! It’s time to change your passwords, logout of the service on all devices, and (if it’s a bank or something else with sensitive info) contact the service and inform them of the potential issue.
7. Trust your gut. While you may not be consciously aware that something is off, a lot of times there are cues that we pick up on without even realizing. If it seems even remotely fishy, it’s *always* better to be safe than sorry.
How I got scammed
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
https://pluralistic.net/2024/02/05/cyber-dunning-kruger/#swiss-cheese-security
I wuz robbed.
More specifically, I was tricked by a phone-phisher pretending to be from my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I figured out what happened. And then he tried to do it again, a week later!
Here's what happened. Over the Christmas holiday, I traveled to New Orleans. The day we landed, I hit a Chase ATM in the French Quarter for some cash, but the machine declined the transaction. Later in the day, we passed a little credit-union's ATM and I used that one instead (I bank with a one-branch credit union and generally there's no fee to use another CU's ATM).
A couple days later, I got a call from my credit union. It was a weekend, during the holiday, and the guy who called was obviously working for my little CU's after-hours fraud contractor. I'd dealt with these folks before – they service a ton of little credit unions, and generally the call quality isn't great and the staff will often make mistakes like mispronouncing my credit union's name.
That's what happened here – the guy was on a terrible VOIP line and I had to ask him to readjust his mic before I could even understand him. He mispronounced my bank's name and then asked if I'd attempted to spend $1,000 at an Apple Store in NYC that day. No, I said, and groaned inwardly. What a pain in the ass. Obviously, I'd had my ATM card skimmed – either at the Chase ATM (maybe that was why the transaction failed), or at the other credit union's ATM (it had been a very cheap looking system).
I told the guy to block my card and we started going through the tedious business of running through recent transactions, verifying my identity, and so on. It dragged on and on. These were my last hours in New Orleans, and I'd left my family at home and gone out to see some of the pre-Mardi Gras krewe celebrations and get a muffalata, and I could tell that I was going to run out of time before I finished talking to this guy.
"Look," I said, "you've got all my details, you've frozen the card. I gotta go home and meet my family and head to the airport. I'll call you back on the after-hours number once I'm through security, all right?"
He was frustrated, but that was his problem. I hung up, got my sandwich, went to the airport, and we checked in. It was total chaos: an Alaska Air 737 Max had just lost its door-plug in mid-air and every Max in every airline's fleet had been grounded, so the check in was crammed with people trying to rebook. We got through to the gate and I sat down to call the CU's after-hours line. The person on the other end told me that she could only handle lost and stolen cards, not fraud, and given that I'd already frozen the card, I should just drop by the branch on Monday to get a new card.
We flew home, and later the next day, I logged into my account and made a list of all the fraudulent transactions and printed them out, and on Monday morning, I drove to the bank to deal with all the paperwork. The folks at the CU were even more pissed than I was. The fraud that run up to more than $8,000, and if Visa refused to take it out of the merchants where the card had been used, my little credit union would have to eat the loss.
I agreed and commiserated. I also pointed out that their outsource, after-hours fraud center bore some blame here: I'd canceled the card on Saturday but most of the fraud had taken place on Sunday. Something had gone wrong.
One cool thing about banking at a tiny credit-union is that you end up talking to people who have actual authority, responsibility and agency. It turned out the the woman who was processing my fraud paperwork was a VP, and she decided to look into it. A few minutes later she came back and told me that the fraud center had no record of having called me on Saturday.
"That was the fraudster," she said.
Oh, shit. I frantically rewound my conversation, trying to figure out if this could possibly be true. I hadn't given him anything apart from some very anodyne info, like what city I live in (which is in my Wikipedia entry), my date of birth (ditto), and the last four digits of my card.
Wait a sec.
He hadn't asked for the last four digits. He'd asked for the last seven digits. At the time, I'd found that very frustrating, but now – "The first nine digits are the same for every card you issue, right?" I asked the VP.
I'd given him my entire card number.
Goddammit.
The thing is, I know a lot about fraud. I'm writing an entire series of novels about this kind of scam:
https://us.macmillan.com/books/9781250865878/thebezzle
And most summers, I go to Defcon, and I always go to the "social engineering" competitions where an audience listens as a hacker in a soundproof booth cold-calls merchants (with the owner's permission) and tries to con whoever answers the phone into giving up important information.
But I'd been conned.
Now look, I knew I could be conned. I'd been conned before, 13 years ago, by a Twitter worm that successfully phished out of my password via DM:
https://locusmag.com/2010/05/cory-doctorow-persistence-pays-parasites/
That scam had required a miracle of timing. It started the day before, when I'd reset my phone to factory defaults and reinstalled all my apps. That same day, I'd published two big online features that a lot of people were talking about. The next morning, we were late getting out of the house, so by the time my wife and I dropped the kid at daycare and went to the coffee shop, it had a long line. Rather than wait in line with me, my wife sat down to read a newspaper, and so I pulled out my phone and found a Twitter DM from a friend asking "is this you?" with a URL.
Assuming this was something to do with those articles I'd published the day before, I clicked the link and got prompted for my Twitter login again. This had been happening all day because I'd done that mobile reinstall the day before and all my stored passwords had been wiped. I entered it but the page timed out. By that time, the coffees were ready. We sat and chatted for a bit, then went our own ways.
I was on my way to the office when I checked my phone again. I had a whole string of DMs from other friends. Each one read "is this you?" and had a URL.
Oh, shit, I'd been phished.
If I hadn't reinstalled my mobile OS the day before. If I hadn't published a pair of big articles the day before. If we hadn't been late getting out the door. If we had been a little more late getting out the door (so that I'd have seen the multiple DMs, which would have tipped me off).
There's a name for this in security circles: "Swiss-cheese security." Imagine multiple slices of Swiss cheese all stacked up, the holes in one slice blocked by the slice below it. All the slices move around and every now and again, a hole opens up that goes all the way through the stack. Zap!
The fraudster who tricked me out of my credit card number had Swiss cheese security on his side. Yes, he spoofed my bank's caller ID, but that wouldn't have been enough to fool me if I hadn't been on vacation, having just used a pair of dodgy ATMs, in a hurry and distracted. If the 737 Max disaster hadn't happened that day and I'd had more time at the gate, I'd have called my bank back. If my bank didn't use a slightly crappy outsource/out-of-hours fraud center that I'd already had sub-par experiences with. If, if, if.
The next Friday night, at 5:30PM, the fraudster called me back, pretending to be the bank's after-hours center. He told me my card had been compromised again. But: I hadn't removed my card from my wallet since I'd had it replaced. Also, it was half an hour after the bank closed for the long weekend, a very fraud-friendly time. And when I told him I'd call him back and asked for the after-hours fraud number, he got very threatening and warned me that because I'd now been notified about the fraud that any losses the bank suffered after I hung up the phone without completing the fraud protocol would be billed to me. I hung up on him. He called me back immediately. I hung up on him again and put my phone into do-not-disturb.
The following Tuesday, I called my bank and spoke to their head of risk-management. I went through everything I'd figured out about the fraudsters, and she told me that credit unions across America were being hit by this scam, by fraudsters who somehow knew CU customers' phone numbers and names, and which CU they banked at. This was key: my phone number is a reasonably well-kept secret. You can get it by spending money with Equifax or another nonconsensual doxing giant, but you can't just google it or get it at any of the free services. The fact that the fraudsters knew where I banked, knew my name, and had my phone number had really caused me to let down my guard.
The risk management person and I talked about how the credit union could mitigate this attack: for example, by better-training the after-hours card-loss staff to be on the alert for calls from people who had been contacted about supposed card fraud. We also went through the confusing phone-menu that had funneled me to the wrong department when I called in, and worked through alternate wording for the menu system that would be clearer (this is the best part about banking with a small CU – you can talk directly to the responsible person and have a productive discussion!). I even convinced her to buy a ticket to next summer's Defcon to attend the social engineering competitions.
There's a leak somewhere in the CU systems' supply chain. Maybe it's Zelle, or the small number of corresponding banks that CUs rely on for SWIFT transaction forwarding. Maybe it's even those after-hours fraud/card-loss centers. But all across the USA, CU customers are getting calls with spoofed caller IDs from fraudsters who know their registered phone numbers and where they bank.
I've been mulling this over for most of a month now, and one thing has really been eating at me: the way that AI is going to make this kind of problem much worse.
Not because AI is going to commit fraud, though.
One of the truest things I know about AI is: "we're nowhere near a place where bots can steal your job, we're certainly at the point where your boss can be suckered into firing you and replacing you with a bot that fails at doing your job":
https://pluralistic.net/2024/01/15/passive-income-brainworms/#four-hour-work-week
I trusted this fraudster specifically because I knew that the outsource, out-of-hours contractors my bank uses have crummy headsets, don't know how to pronounce my bank's name, and have long-ass, tedious, and pointless standardized questionnaires they run through when taking fraud reports. All of this created cover for the fraudster, whose plausibility was enhanced by the rough edges in his pitch - they didn't raise red flags.
As this kind of fraud reporting and fraud contacting is increasingly outsourced to AI, bank customers will be conditioned to dealing with semi-automated systems that make stupid mistakes, force you to repeat yourself, ask you questions they should already know the answers to, and so on. In other words, AI will groom bank customers to be phishing victims.
This is a mistake the finance sector keeps making. 15 years ago, Ben Laurie excoriated the UK banks for their "Verified By Visa" system, which validated credit card transactions by taking users to a third party site and requiring them to re-enter parts of their password there:
https://web.archive.org/web/20090331094020/http://www.links.org/?p=591
This is exactly how a phishing attack works. As Laurie pointed out, this was the banks training their customers to be phished.
I came close to getting phished again today, as it happens. I got back from Berlin on Friday and my suitcase was damaged in transit. I've been dealing with the airline, which means I've really been dealing with their third-party, outsource luggage-damage service. They have a terrible website, their emails are incoherent, and they officiously demand the same information over and over again.
This morning, I got a scam email asking me for more information to complete my damaged luggage claim. It was a terrible email, from a noreply@ email address, and it was vague, officious, and dishearteningly bureaucratic. For just a moment, my finger hovered over the phishing link, and then I looked a little closer.
On any other day, it wouldn't have had a chance. Today – right after I had my luggage wrecked, while I'm still jetlagged, and after days of dealing with my airline's terrible outsource partner – it almost worked.
So much fraud is a Swiss-cheese attack, and while companies can't close all the holes, they can stop creating new ones.
Meanwhile, I'll continue to post about it whenever I get scammed. I find the inner workings of scams to be fascinating, and it's also important to remind people that everyone is vulnerable sometimes, and scammers are willing to try endless variations until an attack lands at just the right place, at just the right time, in just the right way. If you think you can't get scammed, that makes you especially vulnerable:
https://pluralistic.net/2023/02/24/passive-income/#swiss-cheese-security
Image:
Cryteria (modified)
https://commons.wikimedia.org/wiki/File:HAL9000.svg
CC BY 3.0
https://creativecommons.org/licenses/by/3.0/deed.en
10K notes
·
View notes
Text
I know the US government acts like a corporation but it’s not.
Not voting isn’t the same as a boycott. Because you can’t bankrupt a government by not voting. All you get by not voting is less control over what the money is doing.
The money comes from taxes, not voting. Abstaining from voting does nothing to reduce the governments ability to get money and spend it on shit.
So yes, sometimes you vote to reduce harm because not voting WILL NOT REDUCE HARM.
It’s not a boycot. Abstaining doesn’t take power from the government. It just reduces the number of people they feel answerable to.
42K notes
·
View notes
Text
i know we’re both just messing around pretending to be whole but look at me. if the train was coming would you move. if the ground was falling from under your feet would you even notice or would it just be another tuesday for you. if somebody stabbed you could it hurt worse than you already do. what i’m saying is that i love you but i think we both drive over the speed limit when it’s raining. what i’m saying is that i want to hold your hand and i understand about how you sometimes have to sit down in the shower. what i’m saying is that i’m here for you and if the train comes please move.
71K notes
·
View notes
Text
yippee my first post!! my humble offering to the tlt fandom shall be this htn harrow (?)
ft. eye details
1K notes
·
View notes
Text
drives me up a wall living in a very very red district, like “no democrat is ever going to win any local election, let alone a real leftist” district, like “our school board members ran on who was the most anti-mask” red, like “I pass white supremacist signs on the way to buy weed” red
and being in the local leftist community and the guy who runs the anarchist book club and the lady who helps keep the warming shelters open and the people who marched on city hall when a local business was getting death threats for having a drag show are all members of a discord and we get on this discord and have frank discussions about how best to vote
the people who do the protests and the mutual aid and all the real work
going “okay, they’re both fascists, but this one lacks ambition and seems happy to just glide in the position” or “they both suck, but this one can be reasoned with if you frame it patriotically enough” like we don’t even have a democrat to vote for. we know what a vote is. we know what we hope accomplish with it. we know what it can do, and we know what it can’t.
and going from those discussions to here where people think that your vote is some kind of fucking??? enabling maneuver??? as if someone isn’t going to end up in that seat regardless of what you do???
we didn’t build this system, we just live in it. we’re just trying to survive. a vote isn’t a statement of your values, it’s not an endorsement, it’s not a marriage contract, it’s a strategic play you make to keep alive.
the biggest mistake I see leftists making is overestimating their own popularity. “well but everyone would be leftist if they just-“ no, stop, 1) you can’t possibly know that 2) everyone will not just
36K notes
·
View notes
Text
this didnt do well on youtube if it gets better reception on tumblr i will kiss every user. well. um maybe not every user and maybe not kiss. perhaps some other gesture of gratitude
1K notes
·
View notes
Text
me in the not-so-distant future of 2032 taking my beautiful wife out for a walk on a foggy day: damn it's like silent hill up in this bitch! 😂
my wife: fuck you you say that every time it's a little foggy outside. you haven't even played the games. i hate you so much
our clone of former beatles drummer ringo starr who we normally keep locked in our basement but is currently joining us for his allotted 30 minutes of weekly outside time: ringo!
39K notes
·
View notes
Text
Or “it’s too much for even two people working together to get everything done and support a family, so why is our society designed in such a way where we’re expected to somehow thrive in that situation? Why don’t we have more community based support systems? Why are we expected to exist in small nuclear family units instead of in larger social groups where more people exist to take on certain responsibilities, and we all work together to support each other?”
the triple burden (housework, childcare AND paid employment) IS a real issue that feminists have been discussing for decades... but the way tiktok tradfem tradwife girlies have twisted that into "it's too much stress for women to take on all the housework AND work full-time, so we should ~nurture our divine femininity~ by quitting our jobs becoming housewives and relying completely on our Strong Men to support us financially!!" rather than "it's too much stress for women to take on all the housework AND work full-time, so maybe men could start pulling their fucking weight around the house more and do the dishes every now and again"
33K notes
·
View notes
Text
This is genuinely my favorite family photo of all time. Half of us aren’t the gender that we are in the picture anymore, but it never fails to crack me up. I can’t imagine not having and cherishing photos like this
(Rock covered because I don’t wanna get doxxed)
Every time I see that G--gle phone photoshop commercial my heart is filled with infinite sadness, like, yeah it's cool you can have a good family photo, it's cool you can do that, but god, there is something to be said for the honestly of a family photo where you're blinking, or crying, or have ugly wrinkles.
What is too unsightly for you? Would you swipe-click-replace out the image of my cousin crying on our Florida trip family reunion photo? Would you remove the plastic snake I have clenched in my grip, which I still have to this day? Would you scoff at the wrinkles around our eyes and the strands of hair on our faces as we squint into the wind, the day before the massive storm? Would I remember it if I didn't have these reminders, if the picture was perfect and clean, all children in a row with perfect gleaming white tombstone tooth smiles? No tears. No plastic snake.
Everyone is beautiful and no one looks genuine.
37K notes
·
View notes
Text
I haven’t seen the show but the book it’s based off is well worth a read if you haven’t! Or even if you have! Douglas Adams books are always a good time
you know hwat show was really good but nobody talks about it for some reason? dirk gently's holistic detective agency. it had such a chaotic and whimsical vibe but it pulled it off really well adn i always felt like the season finales were cohesive enough to tie everything together. why doesnt anybody talk about dirk gently's ho actually i see why no one talks about it now the title's too fucking long. nobody's going to type that shit letter by letter into netflix. htat's a whole fall out boy album
30 notes
·
View notes
Text
Styx has a song about meeting angels except they’re actually aliens and then they all go to space together.
The Dear Hunter is a band whose name comes from their ongoing 5-album-long rock opera about a guy who just makes the worst fucking decisions all the time.
Rock bands used to just write about whatever the fuck. Not to be all "old music was better!" but when's the last time the world's highest selling band released a song about killing people with hammers. The Who made an entire rock opera about a deaf, mute, and blind guy who is so good at pinball that he inspires a cultlike group of devotees who think he's the next christ. It was released at the peak of their popularity and was made into a movie featuring people like Elton John and Tina Turner.
I think classic rock gets a reputation for being all about girls and cars and drugs but for about 15-20 years there were absolutely no rules on acceptable song subject matter. Pink Floyd has a song about a gnome going on an adventure. Alice Cooper has a whole album about breaking out of the Ableist Insane Asylum because he misses his dog. These weren't weird little indie groups, these were all highly successful charting bands getting radio airplay and selling out stadiums.
We need to bring this culture back. No more love songs. Sing about wizards.
28K notes
·
View notes
Text
*jigsaw voice* hello lock picking lawyer. you've made a name for yourself showing people how to break the law. but today it is you that will be- hey. HEY. KNOCK THAT OFF
55K notes
·
View notes
Text
Some things to note when you're discussing Palestine and Israeli apartheid in the coming days/weeks/months (not a complete list but will update as I have the emotional energy):
Do not refer to what is happening in Palestine as a "conflict" or "war." These words imply a balance of power that does not exist. Palestinians in the West Bank and Gaza have no military, no control of their borders, no control over their access to resources like electricity, water, and medical supplies, no freedom of movement, and, most importantly, they do not have the most powerful government in the world funding them.
Israel is an apartheid state. Refer to it as such. It is based in a settler colonialist system that actively recruits and funds people from the Jewish diaspora to move into homes on stolen Palestinian land. Since the formation of the state of Israel in 1948, 42% of the West Bank has been illegally settled while 86% of East Jerusalem has been stolen for settler use. Under international law, the expansion of these settlements is illegal. Israel has faced zero repercussions for their actions. Hold them accountable in your speech.
Do not refer to the Israeli army as the "IDF" (Israeli Defense Force). Palestinians refer to them as the "IOF" for a reason--Israel does not need to defend themselves from civilians who have no military. From 2008 to September 2023, over 3,800 Palestinian civilians were killed by the IOF. There is no need for oppressors to defend themselves--they are the ones on the offense at all times by the nature of their positions of power.
Remember that decolonization will not be a peaceful process. Do not condemn a group of people who have been brutally colonized, ethnically cleansed, and displaced from their homes for 75 years for fighting back against those oppressing them. This post concisely explains why the violence necessary for decolonization will never match that of the violence necessary for the sustained process of colonization. You cannot break free of a violent system with nonviolence. When Palestinians attempted peaceful protest in 2018 on the 70th anniversary of the Nakba, they along with clearly marked journalists, doctors, and medics were shot and killed for their actions. Oppressors will maintain their power status by any means necessary; the ongoing genocide of Palestinians is proof of that. Decolonization requires violence because colonization itself is an inherently violent system.
Zionism does not equate to Judaism. Do not let Zionist propaganda fool you into believing that condemning the Israeli government is in any way anti-Semitic. The Israeli government does not represent the views of all Jews, even those who are Israeli citizens. Governments should always, always be criticized and held to account for their actions. Israel is no exception to this rule. Anti-Zionism is not anti-Semitism. Anyone who tells you otherwise is weaponizing true Jewish oppression and suffering as a means to gain support for a violent, racist, apartheid government.
24K notes
·
View notes
Text
If I had a nickel for every time a recent piece of media had a scene about a character coming back from the brink of death set to a Kate Bush song, I would have two nickels. Which isn’t a lot, but it’s weird that it happened twice.
16 notes
·
View notes