Just put the card in directly on random websites.
I’m not joking - if you follow your existing “should I even be using this site anyway?” signs, it’s going to typically be fine (in 2024!) to use your debit card there.
(Edit: To be clear, things have changed. Time travelers from the past should absolutely not follow this advice back in 2002!)
And when something does go wrong, you’ll get better support from your credit union than PayPal would. (You don’t still use a bank like a sucker, right…?!)
The worst case, usually, is they reverse the fraud and issue a new card to prevent further fraud.
So I guess it’s a few things:
- Get a credit union, rather than a bank.
- Choose one or two of debit (edit: or credit) cards for all online use. Life is simpler when fraud does occur, if I have another card that still works for gas and groceries.
- Use the debit card directly, online, with any trusted site. There’s no need for PayPal to exist anymore.
Many years ago, PayPal’s innovation was treating people who shop online like actual people. The rest of the world has caught up, while PayPal lost sight of that.
Source: I worked in FinTech. It’s amazing how bad your current options are, but it tends to work out, anyway. There’s an extremely ethical and detail-oriented army of women named Karen, behind the scenes, looking out for you.
Edit: And as far as I can tell, not one of the extremely ethical and detail oriented women named Karen works for PayPal. Big tech companies rarely successfully keep that kind of no-nonsense-tolerated top talent.
While I know Signal isn’t perfect, I do like it and I haven’t seen anything that is better (on the whole).
Agreed. But it is worth mentioning that XMPP with OMEMO seems to be the current gold standard - runs almost everywhere, tons of available (free) servers, secure end to end messages, and fully auditable public source code.
I wonder too!
I’m betting on trial and error. Probably has a mysterious comment in the code, as a warning to other.
Source: I develop software and find these things are either deeply researched and analyzed scientific theory, or the result of guesswork and trial and error. At a ratio of about 95% and 5% respectively.
It gets weird fast, because before privacy controls in the Lemmy source code mean anything, we need trusted third party verification of a server’s patch level, and security controls.
That can be done, and I think Lemmy has a shot at getting to that point, but it’ll be awhile.
In the meantime, I suspect the Lemmy developers are hesitant to add and advertise features that you can’t be sure are actually correctly enabled on your instance.
But yeah, let’s not let perfect be the enemy of moving toward better.
Edit: Assuming you completely trust your instance admin, we could start adding some basic privacy to actions taken on your home instance.
But as soon as the user starts interacting via federation, all bets are off - because the federated instance may he malicious.
I think we might see one or more “trusted fediverse” groups emerge in the next few years, with instance admins making commitments to security controls, moderation, code of conduct, etc.
So, in theory, the lemmy software could start implementing privacy controls that allow users to limit their visibility to whichever part of the fediverse their instance admin has marked as highly trusted.
But even then, there’s risks from bad actors on highly trusted instances that still allow open signups.
Anyway, I totally agree with you. It’s just a genuinely complex problem.
I’ve heard this advice as well. It certainly doesn’t hurt, if you have credit cards, to prefer them.
I imagine it is a lot nicer to have a fraudulent item on a future bill, than an actual fraudulent deduction from a current active account. And fraud correction is prompt enough, that the bill never comes due on a CC, whereas the money is, indeed, missing immediately on a debit card.
That said, not having any credit cards, I would never open one simply for the fraud protection.
Debit card fraud correction has always been prompt and accurate, for me.
The card companies do not discriminate, currently, between corrections on credit and debit cards. Currently, that’s largely thanks to contract language with their debit card customers that prevents them from such discrimination.
I added disclaimers like crazy above, because FinTech is a constantly evolving industry with constantly changing terms of service. And because most people working in FinTech are assholes who want to scam you.
Edit: I’ve corrected the above advice with yours, thanks! There’s certainly no reason to prefer debit over credit for online use, for anyone who has both card types. I just have a bad habit of using the words interchangeably because I only carry debit cards.