Nainstalovat Steam
přihlásit se
|
jazyk
简体中文 (Zjednodušená čínština)
繁體中文 (Tradiční čínština)
日本語 (Japonština)
한국어 (Korejština)
ไทย (Thajština)
български (Bulharština)
Dansk (Dánština)
Deutsch (Němčina)
English (Angličtina)
Español-España (Evropská španělština)
Español-Latinoamérica (Latin. španělština)
Ελληνικά (Řečtina)
Français (Francouzština)
Italiano (Italština)
Bahasa Indonesia (Indonéština)
Magyar (Maďarština)
Nederlands (Nizozemština)
Norsk (Norština)
Polski (Polština)
Português (Evropská portugalština)
Português-Brasil (Brazilská portugalština)
Română (Rumunština)
Русский (Ruština)
Suomi (Finština)
Svenska (Švédština)
Türkçe (Turečtina)
Tiếng Việt (Vietnamština)
Українська (Ukrajinština)
Nahlásit problém s překladem
Autor tohoto tématu označil jeden z příspěvků jako nejlepší (často jde o odpověď na původní otázku).
Pravidla a pokyny k diskuzím
Nahlásit tento příspěvek
I love how you edited his post to remove the part that I quoted... The part about taxes and gift cards. Again, I quoted and responded to
No amount of quote editing on your part changes my post. I was discussing THIS part, you know the actual part I quoted and responded to......
I responded to -
Nothing more. As usual you try to swoop in and act like the only person who knows anything and stuck your foot in your mouth trying to attack me for not even discussing what you claim I was discussing just because you can't help but try to attack me anytime I post.
Clearly you didn't read it, so next time perhaps you should just actually read posts before you try attacking them......
but you did say this
which is the one sentence of your post i was referring too in my response. that was it. rest i ignored because it wasnt incorrect.
and yes, its not your billing address unless you live there but again ... they dont need your address anyway.
which is the part i addressed because its the part that is also "on topic" in the thread titled "Steam does ask suddenly for ID"
Sadly that's not how the gift card system works. IMO it WOULD be simpler if it worked that way, but it would also result in a lot of theft and loss of tax income so it will most likely NEVER work that way.
That is why as I said that taxes are charged when the gift card is used. The only exception in which taxes can be charged on a gift card is if its for a place that is subject to only one tax code. Aka a store or chain that operates in only 1 region for instance could have the tax charged at the time of sale on the gift card because there is no ambiguity over the tax rate when the card is used.
To a none business consumer (not for the purpose of economic activity) whose not legally required to record and declare VAT it does not mean a hill of beans. Steam does not advertise price (ex vat) so to us its a single price we either want to pay or not. To be honest even if it was ex quoted, it still wouldnt make a difference as its not like we can tax deduct it now is it.
Now im not sure about this in your last paragraph so correct me if needed but are you asking what data to fill out if you happen to be in an internet cafe for example or a free wifi hotspot ?
I can tell you from the EU side article 24a(1) that technically its location is to be taken as "it shall be presumed that the customer is established, has his permanent address or usually resides at the place of that location and that the service is effectively used and enjoyed there".
HOWEVER
Article 24d(1) states a supplier may rebut ( claim your evidence to be false ) a presumption referred to in Article 24a or in point (a), (b) or (c) of Article 24b of this Regulation on the basis of three items of non-contradictory evidence indicating that the customer is established, has his permanent address or usually resides elsewhere.
WHY
Article 24d(2) A tax authority may rebut presumptions that have been made under Article 24a, 24b or 24c where there are indications of misuse or abuse by the supplier..
Digest this and feel free to ask further questions if indeed you are a EU citizen and this is what you are asking with regards to your last paragraph.
Discord, a platform to chat about games got hijacked with Malware AnarchyGrabber.
Basically once you get a message from friend, you have the virus.
https://www.gamestar.de/artikel/discord-trojaner-malware,3358149.html
AnarchyGrabber Steals Passwords, Spreads to Discord Friends,
once you log in now by Discord, it does disable two-factor authentication, steals info of user name, plaintext password and user token. And Discord is completely incapable to stop it.
That's why such "ID ask" laws, should not exist in first place.
TL:DR dumb people click download virus file without thinking, just like they would with publishing sites.
If I try to send you a file to download, and told you to click it without question, would you do it? Because that literally what this is.
To make more of a point, there will always be someone trying to give whomever dumb enough to download the virus, and this can happen anywhere, forum, VOIP, email, and etc... Yes it's that simple.
Well, lets say I do get message from friend via steam, than steam asks me to update and type in my password, and there is nothing different, I would do it.
The "Virus" did copy / paste how Discord look, get message and asking for update.
Again, the virus got downloaded via Discord. Why should similar virus not attack steam?
I assume you just cherry pick what you wanted to read, or fail to understand what was just explained to you.
Steam doesn't 'ask you to update' just as Discord doesn't.
Your friend (Via discord or Steam chat) sends you a link to a malicious download disguised as a game update.
This behaviour isn't anything new in regard attack vectors and it's been happening since the days of TeamSpeak. That's why manychat client don't allow binary/zip attachments and filter certain URLs known for delivering malicious content (Like the URL Filter in Steam)
However it's an ongoing battle with phishers finding new ways of bypassing those safeguards and services patching those bypasses.
As usual the last line of defense is the user. Users exersicing caution, NEVER following unsolicited links and ALWAYS downloading patches and updates through the oficial sites is the best and last counter against malware
So true, i don`t even get why this belongs to this topic.
one can hide an executable in a jpeg. send it. they click to make it bigger, and they infected themselves.
sites like the drudgereport (a large news aggregation site with 862 million visits in the last 30 days), cnn for a more 'mainstream' name, or a site made with wordpress or using contact form 7, etc are all risk. literally go to the site and get infected. sure, they fix the site as soon as possible and often its advertised that there is a problem. but that doesnt stop the first few 100,000 people who went there without knowing from getting hit by it.
https://haveibeenpwned.com/ is crazy. i have one email that was pwned in many different ways.
openoffice software and had to register.
Disqus and had to register
Exploit.In - a list of almost 600 million stolen email and passwords from various places
LinkedIn and had to register
MySpace from long, long ago
and i was also scraped from linkedin.
point is that all of those companies are "reputable". just reading the news can carry a risk.or registering to use office software. or going to the website of a business. and none of that is the consumer/customers fault.
nothing you can do about it.
then there are the things most people dont really understand about their own systems. java updates and the fact everyone has java but its weak af even when its updated. nothing you can do about java either. except not use it. but the reality is that there are other crap programs we all use that are just about as bad.
if you use a mobile phone you are even worse off. MOST android apps have huge security holes. not some. MOST. and conversely to what many think, apparently the more popular a program/app is the more likely it is to have those holes. legit apps. apps we all use. gotten from the app store. all with huge holes.
which is precisely why 2fa is freaking stupid if you use your phone. NEVER do anything important on your phone. ever. because your phone is THE weak link into everything else. dont check emails. dont sign into steam. dont be signed into google. NOTHING. you cant trust the apps on your phone. you cant trust your phones security settings. you cant trust the cell phone tower your phone is using. you cant trust google not to be harvesting your location data. you name it and your phone sucks for it unless the one thing you named is bending you over with your pants around your ankles in that case your phones perfect.
all valve or any other company can do is make it hard and time consuming to crack into their systems.
we as individuals also have additional vulnerabilities in the systems of HOW we access these companies. do we use our phone? our browser? a cell phone tower? wifi? each carries different risks and they stack. and the chances that ALL of them are ok at ALL times is statistically zero.
as users it is almost criminally stupid to provide these companies with more info than we absolutely need to because anything we provide them will almost assuredly at some point be stolen and when it is stolen it can be used against us.
so lets look at what valve wants in this context and sort out their requests ...
1: they want us to link our accounts to youtube. which in turn gives away our google account. many people use the same password. yes we all know they shouldnt. but they do. with google they not only get access to get around the 2fa but also location data.
2: they want us to link our accounts with a phone number which in turn which can be used to search public records finding name and birth date, address, the property taxes, and the names of members of my family. that information can be used to target phish attacks or even do criminal background checks, credit checks, pull up data on your home such as blueprints, and can even hijack that phone number to get all the alerts as they systematically reset all your passwords.
3: they keep credit-debit card/bank information in their database so we dont need to re-enter it each time and so far it appears it has only been stolen encrypted or salted but the fact is it has been stolen and that data should need to be re-entered at each sale. not just because valve can have it stolen but if our accounts are stolen then anyone can roll right over there and get the details.
4: that we provide complete billing information to valve.
snowballs in hell have a better chance of getting this info out of me than valve.
But this is the thing, people that keeps on hating security updates, fail to understand they exist to counter act agasint these virus, which why using common sense, staying up to date with security updates, is the smartest thing to be doing, this apply to everything, email, forums, VOIP, OS, games, and etc... If you use the internet, and provide information over the internet, then you know that your risk is always there because you're online, and as long your providers / services have internet access that store your info, such as bank, credit card, and etc, are always at risk because you can access them online via internet, and that's hard fact truth.
-Phishing (Deceiving the user to give away their credentials)
-RATs (Deceiving the user to run a piece of software disguised as a diferent kind of software)
By that rule you better not touch anything computer at all. The only difference between phones and computers nowadays is a SIM card slot.
'You can't trust this device at all' is nothing but a paralyzing strategy.
As much as it's been parroted since Steam added the mobile authenticator I have yet to see one case of account theft originated on the phone. They're still mostly making people log into 'ThisSiteisNotAScam dot russia' or (as OP mentions) telling people to 'run this program called 'ThisIsADiscourdPatchAndTotallyNotARAT.exe'
Phishers always use the path of less resistance (Also the less costly path). It's still way more profitable to simply make the user log into a fake site to phish his credentials (Or try the credentials from a data leak) than to attack through a phone vulnerability that might land on a phone tied or not to a service of your interest...
There's a line between teaching users good security practices and stilling fear. Once you cross that line you're doing more harm than good, since fear shuts down rationality (And fear is one of the most loved attack vectors for bad actors)
Teaching people common sense and proper security practices = good advice.
"NEVER do anything important on your phone. ever." = Bad advice.