Currently in my downloads folder are about 30 up to date guides on how to commit various types of financial fraud, typically involving how to ‘cash out’ stolen credit cards, accounts and defraud websites in reliable fashions. And I can’t ethically write about it, because I worry that these would be of more interest to criminals than to law enforcement or financial institutions.

What would Richard Stallman do?

Back in the 80’s, I imagine the early hackers faced similar dilemmas as they discovered an unexpected quirk in some software or a remote system. Should they disclose the vulnerability and risk legal action by the vendor or system’s owner, or should they they keep it to themselves, or share it only with a select few?

Right now, as someone who is not completely anonymous on the internet, should I risk a call from lawyer at a bank, or worse, a visit from the police? Yet the protections offered to these insecure institutions are what allows for millions of pound of consumer fraud and irrevocable data loss to happen every year in the UK.

Financial institutions are capable of moving beyond reused card numbers with bolt-on IP and browser detection features, but choose not to, presumably because of the cost of upgrading their legacy systems and their economic and political dominance means they have few bodies with the power to compel them to do so.

And thus, the establishment-based status-quo keeps us insecure and unsafe online. :(