https://hey.paris/tags/crooks/ Recent content in Crooks on Dr Paris Buttfield-Addison Hugo en © Dr Paris Buttfield-Addison · I live on the land of the muwinina people. Sovereignty was never ceded. Tue, 12 Aug 2025 00:00:00 +0000 https://hey.paris/posts/cba/ Tue, 12 Aug 2025 00:00:00 +0000 https://hey.paris/posts/cba/ <p><a href="https://commbank.com.au">CBA</a> has been naughty, and too reliant on their <a href="https://www.abc.net.au/news/2025-07-29/commonwealth-bank-says-ai-behind-dozens-of-job-cuts/105586312">AI boyfriend</a>. Here&rsquo;s what happened:</p> <ul> <li>A CBA customer contacted bank requesting contact details for <a href="https://secretlab.sg">Secretlab</a> (a company that <em>is not</em> us, and makes chairs)</li> <li>CBA staff member queried ChatGPT (possibly via their own personal, unauthenticated access to ChatGPT) to obtain phone number for Secretlab (chairs)</li> <li>CBA staff disclosed the retrieved phone number to the requesting customer</li> <li>The retrieved phone number is a number belonging to one of the directors of <a href="https://secretlab.games">Secret Lab</a> (a company that does <em>not</em> make chairs, and <em>is</em> us), a customer of CBA, and is used for our CBA account and our Director&rsquo;s CBA account</li> <li>Therefore, CBA disclosed customer <a href="https://www.commbank.com.au/support/privacy.html">personal information</a> to another, unrelated customer, and trusted a third-party LLM (ChatGPT), accessed seemingly unauthenticated on the consumer ChatGPT platform, as a source for data to provide to another customer</li> <li>During investigation, CBA staff replicated the same ChatGPT query process, seemingly on a personal phone, again unauthenticated, and on the consumer ChatGPT platform:</li> </ul> <figure><img src="https://hey.paris/posts/cba/cba-muppet.png"> </figure> <ul> <li>Signs indicate this might be routine practice amongst CBA staff</li> </ul> <p>Oh, and they gave out the phone number for us, Secret Lab (not chairs), to someone looking for Secretlab&rsquo;s (chairs) phone number. So, in the end of all this, they weren&rsquo;t even helpful. LLMs in a nutshell, really.</p> https://hey.paris/posts/wise/ Wed, 14 May 2025 00:00:00 +0000 https://hey.paris/posts/wise/ <p><a href="https://wise.com">Wise</a> has stolen more than $60,000 AUD from us, and refuses to let us access it.</p> <p><a href="https://secretlab.games">We&rsquo;ve</a> had a Wise account for around 5 years (since they were called TransferWise). It&rsquo;s been a really useful way to transact in foreign currencies, and pay for things when we&rsquo;re travelling for work.</p> <p>In early-April 2025, Wise asked us to provide some additional information on our Ultimate Beneficial Owners (UBOs) by uploading a statement of shareholders, and the ID of the owners. Perfectly reasonable stuff for an entity that pretends to be a bank to ask for.</p>