this post was submitted on 29 May 2024
41 points (97.7% liked)

Asklemmy

43863 readers
1633 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy πŸ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 

I put in a credit card application for Bilt and they want address and id verification via fax. They really want me to send a fax apparently

Most of my documents are virtual now, and I don't have a fax machine. I see that on Google play there are a variety of apps for sending faxes. Is this a good option to go through? Or should I print stuff and find a library with a fax machine

all 37 comments
sorted by: hot top controversial new old
[–] cereals@lemmy.ml 39 points 5 months ago (2 children)

Do they want you to fax them your Id?

Whatever this company is doing, stay away from it. This is ridiculous. Fax isn't encrypted at all. Anyone asking you to do this has no idea about security and shouldn't handle your data.

Also please don't use some random fax app from the play store. They all seem sketchy as hell.

[–] explore_broaden@midwest.social 16 points 5 months ago (1 children)

I mean it’s as secure as standard phone call, which most people are comfortable giving things like SSN over, no?

[–] MajorHavoc@programming.dev 12 points 5 months ago* (last edited 5 months ago) (1 children)

Great question. There is an important difference:

A standard phone call places a burden on malicious listening software to decode raw audio into computer parseable text, before it's useful to an attacker. Computers are getting to be pretty good at this, but it's still kinda expensive, relative to the massive amounts of hours of calls that one might need to snoop and parse to get a good tidbit worth stealing.

Fax, being already raw image data, incurs a much lower cost of doing ocular character recognition (OCR).

So an attacker can pay a lot for expensive voice recognition to pull an SSN off a voice call, or pay far less to pull an SSN out of a fax using OCR.

Attackers like both, if they're motivated and well financed. But an underfunded or lazy attacker is going to prefer to listen in on the fax line.

Note that this is a reversal of previous security preferences, when the snooping would have usually been done by a bored human. Bored humans are great at parsing audio calls, and have no idea what they've overheard in a (bleep boop beepity boop) fax call.

This has been: "Cybersecurity insights that make us all sleep a bit more poorly."

[–] explore_broaden@midwest.social 4 points 5 months ago (2 children)

This is a really good point, but I’m still curious how bad actors are doing the actual wiretapping on any more than a targeted scale.

[–] MajorHavoc@programming.dev 5 points 5 months ago

Great point. As far as I'm aware, for the most part, they're not. Lazy bad actors can just buy a bulk set of fresh SSNs and credit card numbers off of the dark web for cheap.

Fax is still a terrible solution, overall. But it's not usually a huge risk - other than as a warning sign that one might be working with an incompetent or malicious organization.

[–] cereals@lemmy.ml 3 points 5 months ago

Probably nothing bad happens with those faxes. A malicous actor would still need access to the physical analogue line or to the network to sniff the RTP packets (depending on how the fax is transmitted) on one of the two sides. In theory all providers involved could also sniff the traffic since calls/faxes are never end to end encrypted. But something could happen, and I dislike it very much that they demand their users to take this risk.

[–] stoy@lemmy.zip 3 points 5 months ago

The financial, legal and medical sectors are built on fax, I know that companies often use efax services.

This means that you email the efax provider, they turn the attached document into a fax and send it, then if the recipient uses an efax service the fax gets turned back into an attachment and emailed to the recipient.

[–] darklamer@lemmy.dbzer0.com 35 points 5 months ago (2 children)

I would like to suggest that anyone who in the year 2024 insists on you communicating with them by fax can't be trusted and your best solution is therefore to stay away.

[–] 30p87@feddit.de 12 points 5 months ago (2 children)

May I introduce you to the german government?

[–] refurbishedrefurbisher@lemmy.sdf.org 13 points 5 months ago (1 children)

Or the American healthcare industry.

[–] Dhs92@programming.dev 10 points 5 months ago (1 children)
[–] MajorHavoc@programming.dev 11 points 5 months ago* (last edited 5 months ago)

This has been an excellent summary. I don't trust any of these.

[–] PerogiBoi@lemmy.ca 8 points 5 months ago (2 children)

Most things in the Canadian government can only be transferred by fax or post mail.

[–] CanadaPlus@lemmy.sdf.org 6 points 5 months ago (1 children)

Yup. So dumb. I've heard some German institutions are the same.

They will look you dead in the eye and say their IT people say it can't be hacked.

[–] ThoGot@lemm.ee 4 points 5 months ago

some German institutions

most

[–] intensely_human@lemm.ee 1 points 5 months ago

there you go

[–] vk6flab@lemmy.radio 20 points 5 months ago (1 children)

The comments here in relation to the arcane nature of fax machines might not be aware that often this relates to legal requirements to receive physical proof.

Interestingly, nobody has to my knowledge challenged the wisdom of this requirement in court. At the end of the day, there is no real way to prove your identity using either a letter or a fax.

Using email, you could exchange an electronic key in person and know that the sender has the agreed key. Note that it still doesn't prove the identity of the sender.

[–] sndmn@lemmy.ca 13 points 5 months ago (1 children)

They don't have fax machines where I live.

The 21st century.

[–] MajorHavoc@programming.dev 5 points 5 months ago* (last edited 5 months ago)

Yes, but also somehow, fax machines will also outlive us all.

Fun fact: It's actually possible to avoid being exterminated by a T-800, if one sends a properly formatted fax to the correct number, during business hours, with a correct cover page.

[–] Mountaineer@aussie.zone 12 points 5 months ago (1 children)

This requirement is designed to be hard, and as such is a major red flag to me.
What else is this company going to be difficult with?
Can i only get customer support or cancel my account in person, between 9-4 on the 2nd Friday of the month?
I would consider alternatives, if possible.

[–] Sinfaen@beehaw.org 6 points 5 months ago (3 children)

Bilt is backed by Wells Fargo I'm pretty sure. All of their other communication has been through email, it's just this one thing

Context: I'm trying to get points for rent

[–] MajorHavoc@programming.dev 8 points 5 months ago* (last edited 5 months ago)

Bilt is backed by Wells Fargo I'm pretty sure.

I just threw up in my mouth a little.

Surely those raging asshole scammers (in leadership) at Wells Fargo wouldn't back an untrustworthy organization. (This was sarcasm. I believe they have before, and will again.)

On getting points for rent, you'll find that many law abiding organizations don't allow it, under debt swap laws.

Using points to encourage people to put a large critical expense such as rent, on a high interest rate credit card - is (correctly) considered unacceptably predatory, even in most modern capitalist dystopias.

My recommendation is be very alarmed, and flee from this plan.

[–] vk6flab@lemmy.radio 7 points 5 months ago

I'd email it as an attachment.

In Australia the local post office has fax facilities.

[–] HottieAutie@lemmy.dbzer0.com 2 points 5 months ago

First Union, which was bought by Wachovia, which was bought by Wells Fargo was my first bank account. Sometime around 2009, it came out that they were doing some pretty shady shit along with going out of their way to fuck their customers out of money by posting their purchases in a way that would maximize fees. It was a blatant dickhead move. I immediately closed my account with them and will never go back.

[–] CaptainBasculin@lemmy.ml 10 points 5 months ago* (last edited 5 months ago)

Post offices could work; hovever I wouldn't really reccomend working with a bank that doesn't have modern ways to recieve customer data.

[–] mannycalavera@feddit.uk 10 points 5 months ago (2 children)

A fax machine? LOL wut?! What year is this? Fuck me that's aggressively backwards.

[–] Micromot@lemmy.zip 8 points 5 months ago

Have you ever experienced german bureaucracy?

[–] pepsison52895@lemmy.one 1 points 5 months ago

I actually do customer support for a faxing service. You'd be amazed how widely used it is still.

[–] 667@lemmy.radio 8 points 5 months ago* (last edited 5 months ago)

FaxSalad. I also have needed to send a fax when I have virtually zero paper, or even when I do have paper I still have no fax machine.

You can even send it as HIPAA-compliant which they don’t (or are not supposed to) keep a server-side copy.

[–] StrawberryPigtails@lemmy.sdf.org 6 points 5 months ago (1 children)

Well that’s a tech I haven’t heard of in a while. I suppose it tracks that if telegrams were still in use till 2006 that fax’s would still be in use today.

To help answer your question, a cursory search turned this up:

https://www.howtogeek.com/218505/how-to-fax-a-document-from-your-smartphone/

https://www.getfaxing.com/2016/05/02/can-i-use-my-mobile-cell-phone-as-a-fax-modem-to-send-a-fax/

Honestly, it should be possible to send faxes from your cell phone for free though. Or from a laptop using your cellphone’s voice line. It’s a phone after all and fax machines sent their data over phone lines. I seem to remember using my cell phone for dial up internet back in the day, so it should have been possible to send faxes at that time as well. Unless there is an OS limitation, I can’t see any reason why that might have changed, even with the changes in tech since then. Hell of a rabbit hole you’ve found for me! Thanks!

@Sinfaen@beehaw.org

Digging into it further it looks like modern phone technology has become incompatible with fax and modem technologies. Seems to be something to do with how voice over IP (VOIP) compresses the voice line which damages any digital signal sent over it. It looks like this affects both cell phones and modern landlines as well.

The only real options in 2024 seem to be to use a fax service, or to purchase a landline that explicitly supports fax and use a fax machine or a computer with a modem to send the fax. A fax service would probably be cheaper for a one off fax. Thanks again for the rabbit hole. That was interesting!

https://forums.macrumors.com/threads/can-i-hook-up-a-fax-machine-to-my-iphone.485116/

https://superuser.com/questions/748154/use-a-smartphone-as-a-dial-up-modem#748163

[–] DudeDudenson@lemmings.world 3 points 5 months ago

Have you asked if you can't use regular physical mail or walk the papers to an office yourself?

Otherwise you'd be better off finding someone in an office somewhere that still has a working fax machine and offering them a few bucks to send it

I've used Fax.Plus several times with no issues, though not in at least a couple of years. Also used eFax a ton back in the day.

[–] pelletbucket@lemm.ee 1 points 5 months ago

I used to work at a car dealership, this was like 15 years ago, and even then we already had an email system set up that could send and receive faxes for insurance shit.

[–] pelletbucket@lemm.ee 1 points 5 months ago

there's an app called eFax but I don't know if it's free. your local FedEx store will probably send a fax for you for like a dollar