This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.
Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.
We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:
-
Shaming.
-
Attempting to 'build consensus' or enforce ideological conformity.
-
Making sweeping generalizations to vilify a group you dislike.
-
Recruiting for a cause.
-
Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.
In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:
-
Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.
-
Be as precise and charitable as you can. Don't paraphrase unflatteringly.
-
Don't imply that someone said something they did not say, even if you think it follows from what they said.
-
Write like everyone is reading and you want them to be included in the discussion.
On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.
Jump in the discussion.
No email address required.
Notes -
Not sure what happened to this week's Friday Fun thread? Are these manually posted instead of automated? Anyway, was going to throw this on the fun thread--
Does Chipotle have real, legitimate reason to enforce 2FA on its customers? And is it at all possible there is non-security motivation behind its phone requirement?
I don't recall exactly when the change was implemented, but think it was sometime earlier this year, when, as an existing customer, I was forced to add a phone number to my account. I forgot about it until now, when I was logging into the website, and it texted me a code that I needed to enter. This was the same device I've previously logged on, with the same IP etc. Nothing suspicious that would warrant more stringent security.
Worst of all, it's not an option to disable it. The accounts/profiles section, under 2FA, just shows a sentence that says they use it to enhance security. So no way to opt out. And of course, a phone number is required on the account, so you can't remove it and somehow force 2FA to go through email. Granted, those using mobile apps are presumed to have a phone number, but for those ordering on the website, couldn't it be argued that the company "discriminates" against, uh, vulnerable, low-income populations who don't own phones? Cue Diablo Immortal no-phones meme.
Googling Chipotle and 2FA, there are a couple of Reddit threads that claim their accounts were hacked, and somehow a hacker ordered $60 or $120 worth of food through their app. I have no idea if these examples of being "hacked" is truly a matter of Chipotle's back end being compromised, or just someone whose credentials were phished, a reused password sold on the dark web, or a lost or stolen phone being used. My prior is it's overwhelmingly the latter and not the former.
My suspicion, therefore, is Chipotle wants to collect customer phone numbers for marketing or business intelligence purposes, and to ensure universal compliance, tacks on a security label. That, or their CISO is an idiot who thinks heavy-handed policies (reminiscent of password policies that require special characters and thus go against the probably-more-secure use of passphrases) are the only path to security. I would have no problem with a bank or work email enforcing 2FA, but I do have a problem for being required to do the same for a burrito joint. Unfortunately for me, there is no real recourse--I like their food still, and boycotting will realistically hurt me more than them, not to mention will unlikely signal to the higher ups that their so-called security policy is losing customer goodwill.
And it's death by a thousand cuts. With all the data breaches, protecting your SSN and birth dates seem increasingly futile. At some point random mobile games will require you to authenticate with phone numbers and maybe mailing addresses "for security purposes", and we'll all be too numb to notice anything unusual.
There's a very legit purpose here. No one is stealing burritos, but quite possibly Chipotle is seeing lots of CC fraud.
Suppose you have a bunch of stolen CCs, about 75% of which have already been reported stolen, and you plan to buy a bunch of x-boxes from Walmart with them. If you pickup an order placed online with card reported as stolen, you face the risk of Walmart calling the cops who walk out to the online order pickup parking and arrest you.
So what you do is before buying the x-box you want to test the credit card by making a low value/low suspicion purchase that you don't face the risk of arrest for. A burrito from a national chain (which you never pick up) works nicely.
This is a huge pain for chipotle. They pay penalties on the shady purchases and have the fraudulent transactions eventually clawed back (messing with cashflow). Also uneaten burritos aren't free to produce.
By requiring 2FA you make it costlier for scammers to play this game. (And "costlier" != "impossible". I know you can get a SIM card for $20 at the tmobile store, but now you've just made using a stolen card $20 more expensive and required the scammer to make an extra trip.)
More options
Context Copy link
More options
Context Copy link