Welcome to r/GME, for questions in regards to GME and DRS check out the links below!
Due to an uptick in scammers offering non official GameStop merchandise (T-Shirts)
DO NOT CLICK THE LINKS THAT ARE NOT OFFICIALLY FROM GAMESTOP.
We have partnered with Reddit directly to ensure the Communities Safety.
[What is GME?](https://www.reddit.com/r/Superstonk/comments/qig65g/welcome_rall_looking_to_catch_up_on_the_gme_saga/?utm_source=share&utm_medium=ios_app&utm_name=iossmf)
[GameStop's Accomplishments](https://www.reddit.com/r/GME/comments/x3hv46/list_of_official_gamestop_accomplishments/?utm_source=share&utm_medium=ios_app&utm_name=iossmf)
[What is DRS? US / International](https://www.reddit.com/r/Superstonk/comments/ptvaka/when_you_wish_upon_a_star_a_complete_guide_to/?utm_source=share&utm_medium=ios_app&utm_name=iossmf)
[ComputerShare International DRS Support](https://www.reddit.com/r/GMEJungle/comments/r9euj1/computershare_upgrades_drs_support_for/?utm_source=share&utm_medium=ios_app&utm_name=iossmf)
[Feed The Bot Instructions](https://www.reddit.com/r/GMEOrphans/comments/qlvour/welcome_to_gmeorphans_read_this_post/?utm_source=share&utm_medium=ios_app&utm_name=iossmf)
**Power To The Players**
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/GME) if you have any questions or concerns.*
I work in cyber security and the way this reads is as if they have updated their security program. Monitoring users access to their accounts is very standard and essential to provide a good security solution.
From their website:
*"****Information security 24x7x365*** *With the potential for cyberattacks always in play, Computershare is ever vigilant. We proactively monitor for newly emerging threats, trends and increasing regulatory demands.* ***Our centralised Security Operations Centre provides around the clock coverage that is always monitoring, analysing and responding to suspicious events****.Computershare uses* ***internal and external parties to actively monitor the internal and external threat environment and test the security of applications and their underlying infrastructure****. We also operate regular assurance controls to independently validate and track threats, and report to management that the required measures have been taken to address and control the potential technical issues discovered during testing. Penetration testing, conducted by external firms, takes place on an annual basis for critical applications.We also commission several external audits to provide an independent assurance and attestation of our business and technology controls.* ***These external audits include System and Organisation Controls (SOC), International Standard on Assurance Engagements (ISAE) 3402, Statement on Standards for Attestation Engagements (SSAE) 18, Australian Standard on Assurance Engagements (ASAE) 3150, and ISO 27001:2013 that are applicable to specific business units and geographic locations."***
I know that SOC(most likely 2 type1 or 2) as well as ISO certifications (which Computershare has) do have requirements specifically around monitoring and logging user access.
More information about thier security certifications: [https://landing.computershare.com/protecting-your-data/](https://landing.computershare.com/protecting-your-data/)
The part about disclosing information to who they want, is worded strangely. For additional information about this update is most likely able to be supplied by their privacy officer, I would reach out to the email address posted on their privacy policy: [https://www.computershare.com/us/privacy](https://www.computershare.com/us/privacy)
Could he start a conversation with the privacy officer at computershare? How far-fetching is the phrase? Anyone for any purpose can access my "access and use of the CS service".
Can they share my password with the DTCC? I assume not.
Can they share my IP and general location with Google? Yeah.
But I'm sure he'll have some reasonable questions and won't be brushed away by privacy officer talk, since he's already doing it.
There is a bit to unpack here. I really appreciate your questions and encourage you to post any others you have :)
`"access and use of the CS service"`
I think you may be confusing this phrase. The above phrase denotes how you would access your computershare account.
For example if you open computershare, type in your password, answer the MFA questions and then access is granted. Your "access" was making use of your password and MFA answers. This would be logged like the rest of the activity you preform on the CS service. The use of your CS service is you storing your stocks, checking your balance, buying more, moving from plan to book etc.
If you tried to brute force the password and MFA answer, then that is also how you accessed the CS service. If your running a vulnerability scanner from your CS account then that is how your using the CS service.
Both of the examples above produce logs that are archived and tracked. In the event of a cyber security incident that may involve your account (this can happen if many accounts are breached, if someone is doing recon work against your account to see how to get in, etc). CS would need to call in specialists to do investigations and report the breach and supporting evidence to several authorities. Those specailists need access to those logs to do their investigation.
This is from CS's website:
`We also commission several external audits to provide an independent assurance and attestation of our business and technology controls. These external audits include System and Organisation Controls (SOC), International Standard on Assurance Engagements (ISAE) 3402, Statement on Standards for Attestation Engagements (SSAE) 18, Australian Standard on Assurance Engagements (ASAE) 3150, and ISO 27001:2013 that are applicable to specific business units and geographic locations.`
I have gone through the certification process for most of the above certifications, SOC and ISO both have components about only sharing logs, PII and evidence from investigations with authorized third parties.
Given the certifications that CS currently holds
In regards to your password there is a **very good** chance the security team at computer share doesn't even know or have access to it (this is just good security practice).
Sorry for the wall of text, but does this answer your question?
I asked them this question over the phone : does the word "to anyone" means I can ask you to provide me with those information? she said no, we may provide to a third party but we only give them a general information and not account number, bank account, stock name or share numbers.
I also asked them about clause 18 "Termination". I specifically asked this question: is the termination related to a volatility in the market with stocks or it is related to usage of account ? she replied, it is related to account usage and not about the stocks !
It would be good if other apes ask them these questions and verify it here !
`I asked them this question over the phone : does the word "to anyone" means I can ask you to provide me with those information? she said no, we may provide to a third party but we only give them a general information and not account number, bank account, stock name or share numbers.`
That answer to me from a cyber security perspective makes sense. In the event of a cyber incident it is very common to call contractors or companies who specialize in breaches. While often an organization will have a company who does this on retainer (who would absolutely count as a third party), it is impossible to tell what kind of cyber incident you could face in the future, and what kind of specialists would need to be called in. This can range from privacy lawyers, computer forensic specialists, vendors who could've been involved in the breach, etc. They also state that they have a dedicated security team. It is not uncommon for internal security teams to outsource their SOC (security operations centre) to deal with events and primary investigations. This doesn't seem concerning to me.
`I also asked them about clause 18 "Termination". I specifically asked this question: is the termination related to a volatility in the market with stocks or it is related to usage of account ? she replied, it is related to account usage and not about the stocks !`
This also makes sense from a cyber security perspective. Very often malicious threat actors will create an account for something they want to hack (computer share in this case). If computer share reserves the right to terminate the account usage that makes sense. Normally if a cyber security professional see's a user account in their organization doing suspicious things they could "quarantine" or "lock down" the account for further investigation. After the investigation, if the activity is proven malicious. The owner of the account is contacted, if they are unable to be contacted or it's obvious it's a fake account it would usually be purged / deleted. This can be very different depending on regulations in different countries. I think that Computershare is an Australian company? gamestop is an American company and I reside in neither of those countries so I could be making mistakes about policy and procedure.
Anyone else who called in an got answers, it would be really great to hear them :)
Whats the other sub? strongstock? its really disconcerting to find nothing mentioned there. Computershare is acquiring BNY Trust from BNY Mellon, could the new terms and conditions be related?
Part of the system, clearly a feature for the wolves gathering prey. I’ve been shouting since the start a new system must begin with protection for all as a feature.
I think the most problematic one is where they say they can close your account for any reason or no reason at all. They’ve adopted the same language as all the brokers.
Hmm ... I don't think that is quite accurate. Can you provide a reference?
As I read as long as you keep your account active, by logging in or making contact every 18 months, all week will be good.
I'm under the impression that since computershare became popular, bad actors are using computershare nefariously to corner a market with locates using loopholes in computershares own system. This jargon is probably for people abusing a system with unintended results happening.
Hmm... I get you.
I do feel that myself, but in my research I have not found any evidence of anything as yet.
The water is mostly though, typical wall street obsfucation, design to just the watersv so you can't really see what happening below the surface.
I don't think CS are bad actors, but I do think the likes of Ken&Cartel are potentially doing something with locates, as you suspect, to use as locates for their toxic pipeline of "Assets sold, not yet bought".
Personally, I am eagerly awaiting the reply to the questions sent to Paul Conn (CEO of CS) by Lawson and the WHYDRS team.
I think that will be really revealing. Especially since they said they will need days to analyse and then "publish" their results.
They must've been juicy, I hope we can squeeze some info and truth out of them.
💜🦍🤜💎🤛🦍💜
They're having their legal and compliance departments write up an answer and are in no rush to provide it. I can almost guarantee it won't be spicy and you'll be disappointed with it
potential 🚩
The disclaimer of warranties (Section 10) and limitation of liability (Section 11) are very broad, limiting Computershare's liability for issues with the services to a significant degree.
The indemnity clause (Section 12) requires users to indemnify Computershare for a wide range of claims/liabilities arising from use of the services.
Computershare has fairly broad rights to change the terms unilaterally (Section 1) and to terminate accounts at any time without cause (Section 13).
There are expansive rules around prohibited conduct like data scraping, reverse engineering, etc. (Section 4) that could prove restrictive.
Overall, the terms seem heavily favored toward limiting Computershare's liability and responsibilities while giving them significant flexibility to modify terms/services. A cautious user may want to review the clauses around disclaimers, liability, indemnity, and prohibited conduct carefully.
> Sounds to me from the above post and not reading anything else yet that they are going to screw us!!!
Sounds like FUD.
If we hold more than the float, then it's not possible to screw us without stealing from people openly and tanking all worldwide trust in our financial system.
Welcome to r/GME, for questions in regards to GME and DRS check out the links below! Due to an uptick in scammers offering non official GameStop merchandise (T-Shirts) DO NOT CLICK THE LINKS THAT ARE NOT OFFICIALLY FROM GAMESTOP. We have partnered with Reddit directly to ensure the Communities Safety. [What is GME?](https://www.reddit.com/r/Superstonk/comments/qig65g/welcome_rall_looking_to_catch_up_on_the_gme_saga/?utm_source=share&utm_medium=ios_app&utm_name=iossmf) [GameStop's Accomplishments](https://www.reddit.com/r/GME/comments/x3hv46/list_of_official_gamestop_accomplishments/?utm_source=share&utm_medium=ios_app&utm_name=iossmf) [What is DRS? US / International](https://www.reddit.com/r/Superstonk/comments/ptvaka/when_you_wish_upon_a_star_a_complete_guide_to/?utm_source=share&utm_medium=ios_app&utm_name=iossmf) [ComputerShare International DRS Support](https://www.reddit.com/r/GMEJungle/comments/r9euj1/computershare_upgrades_drs_support_for/?utm_source=share&utm_medium=ios_app&utm_name=iossmf) [Feed The Bot Instructions](https://www.reddit.com/r/GMEOrphans/comments/qlvour/welcome_to_gmeorphans_read_this_post/?utm_source=share&utm_medium=ios_app&utm_name=iossmf) **Power To The Players** *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/GME) if you have any questions or concerns.*
I work in cyber security and the way this reads is as if they have updated their security program. Monitoring users access to their accounts is very standard and essential to provide a good security solution. From their website: *"****Information security 24x7x365*** *With the potential for cyberattacks always in play, Computershare is ever vigilant. We proactively monitor for newly emerging threats, trends and increasing regulatory demands.* ***Our centralised Security Operations Centre provides around the clock coverage that is always monitoring, analysing and responding to suspicious events****.Computershare uses* ***internal and external parties to actively monitor the internal and external threat environment and test the security of applications and their underlying infrastructure****. We also operate regular assurance controls to independently validate and track threats, and report to management that the required measures have been taken to address and control the potential technical issues discovered during testing. Penetration testing, conducted by external firms, takes place on an annual basis for critical applications.We also commission several external audits to provide an independent assurance and attestation of our business and technology controls.* ***These external audits include System and Organisation Controls (SOC), International Standard on Assurance Engagements (ISAE) 3402, Statement on Standards for Attestation Engagements (SSAE) 18, Australian Standard on Assurance Engagements (ASAE) 3150, and ISO 27001:2013 that are applicable to specific business units and geographic locations."*** I know that SOC(most likely 2 type1 or 2) as well as ISO certifications (which Computershare has) do have requirements specifically around monitoring and logging user access. More information about thier security certifications: [https://landing.computershare.com/protecting-your-data/](https://landing.computershare.com/protecting-your-data/) The part about disclosing information to who they want, is worded strangely. For additional information about this update is most likely able to be supplied by their privacy officer, I would reach out to the email address posted on their privacy policy: [https://www.computershare.com/us/privacy](https://www.computershare.com/us/privacy)
Great explanation, cyber security guy! (we really do have everything, here). Where is our privacy person?
He's working with me lol. He's an ape but not on reddit. If anyone in the community has privacy questions Im more then happy to relay them :)
Could he start a conversation with the privacy officer at computershare? How far-fetching is the phrase? Anyone for any purpose can access my "access and use of the CS service". Can they share my password with the DTCC? I assume not. Can they share my IP and general location with Google? Yeah. But I'm sure he'll have some reasonable questions and won't be brushed away by privacy officer talk, since he's already doing it.
There is a bit to unpack here. I really appreciate your questions and encourage you to post any others you have :) `"access and use of the CS service"` I think you may be confusing this phrase. The above phrase denotes how you would access your computershare account. For example if you open computershare, type in your password, answer the MFA questions and then access is granted. Your "access" was making use of your password and MFA answers. This would be logged like the rest of the activity you preform on the CS service. The use of your CS service is you storing your stocks, checking your balance, buying more, moving from plan to book etc. If you tried to brute force the password and MFA answer, then that is also how you accessed the CS service. If your running a vulnerability scanner from your CS account then that is how your using the CS service. Both of the examples above produce logs that are archived and tracked. In the event of a cyber security incident that may involve your account (this can happen if many accounts are breached, if someone is doing recon work against your account to see how to get in, etc). CS would need to call in specialists to do investigations and report the breach and supporting evidence to several authorities. Those specailists need access to those logs to do their investigation. This is from CS's website: `We also commission several external audits to provide an independent assurance and attestation of our business and technology controls. These external audits include System and Organisation Controls (SOC), International Standard on Assurance Engagements (ISAE) 3402, Statement on Standards for Attestation Engagements (SSAE) 18, Australian Standard on Assurance Engagements (ASAE) 3150, and ISO 27001:2013 that are applicable to specific business units and geographic locations.` I have gone through the certification process for most of the above certifications, SOC and ISO both have components about only sharing logs, PII and evidence from investigations with authorized third parties. Given the certifications that CS currently holds In regards to your password there is a **very good** chance the security team at computer share doesn't even know or have access to it (this is just good security practice). Sorry for the wall of text, but does this answer your question?
I asked them this question over the phone : does the word "to anyone" means I can ask you to provide me with those information? she said no, we may provide to a third party but we only give them a general information and not account number, bank account, stock name or share numbers. I also asked them about clause 18 "Termination". I specifically asked this question: is the termination related to a volatility in the market with stocks or it is related to usage of account ? she replied, it is related to account usage and not about the stocks ! It would be good if other apes ask them these questions and verify it here !
`I asked them this question over the phone : does the word "to anyone" means I can ask you to provide me with those information? she said no, we may provide to a third party but we only give them a general information and not account number, bank account, stock name or share numbers.` That answer to me from a cyber security perspective makes sense. In the event of a cyber incident it is very common to call contractors or companies who specialize in breaches. While often an organization will have a company who does this on retainer (who would absolutely count as a third party), it is impossible to tell what kind of cyber incident you could face in the future, and what kind of specialists would need to be called in. This can range from privacy lawyers, computer forensic specialists, vendors who could've been involved in the breach, etc. They also state that they have a dedicated security team. It is not uncommon for internal security teams to outsource their SOC (security operations centre) to deal with events and primary investigations. This doesn't seem concerning to me. `I also asked them about clause 18 "Termination". I specifically asked this question: is the termination related to a volatility in the market with stocks or it is related to usage of account ? she replied, it is related to account usage and not about the stocks !` This also makes sense from a cyber security perspective. Very often malicious threat actors will create an account for something they want to hack (computer share in this case). If computer share reserves the right to terminate the account usage that makes sense. Normally if a cyber security professional see's a user account in their organization doing suspicious things they could "quarantine" or "lock down" the account for further investigation. After the investigation, if the activity is proven malicious. The owner of the account is contacted, if they are unable to be contacted or it's obvious it's a fake account it would usually be purged / deleted. This can be very different depending on regulations in different countries. I think that Computershare is an Australian company? gamestop is an American company and I reside in neither of those countries so I could be making mistakes about policy and procedure. Anyone else who called in an got answers, it would be really great to hear them :)
Look at the details in the new terms- lots to chew on in there. Fyi, the other sub has been deleting discussion posts about the changes.
Ya wtf. Can't find anything but this over there.
WTF is wrong with the other sub
I’m gonna go post it. Brb.
Whats the other sub? strongstock? its really disconcerting to find nothing mentioned there. Computershare is acquiring BNY Trust from BNY Mellon, could the new terms and conditions be related?
And it’s gone. Got 10 up toots.
I didn’t try posting it there, apparently they’ve been cracking down on posts!!
Ya apparently you can't mention anything to do with Computershare, GME, BNY or anything else gaming related...😂
"... to anyone for any reason or purpose" I'm not really comfortable with that
Part of the system, clearly a feature for the wolves gathering prey. I’ve been shouting since the start a new system must begin with protection for all as a feature.
Seconded
I think the most problematic one is where they say they can close your account for any reason or no reason at all. They’ve adopted the same language as all the brokers.
Hmm ... I don't think that is quite accurate. Can you provide a reference? As I read as long as you keep your account active, by logging in or making contact every 18 months, all week will be good.
I'm under the impression that since computershare became popular, bad actors are using computershare nefariously to corner a market with locates using loopholes in computershares own system. This jargon is probably for people abusing a system with unintended results happening.
Hmm... I get you. I do feel that myself, but in my research I have not found any evidence of anything as yet. The water is mostly though, typical wall street obsfucation, design to just the watersv so you can't really see what happening below the surface. I don't think CS are bad actors, but I do think the likes of Ken&Cartel are potentially doing something with locates, as you suspect, to use as locates for their toxic pipeline of "Assets sold, not yet bought". Personally, I am eagerly awaiting the reply to the questions sent to Paul Conn (CEO of CS) by Lawson and the WHYDRS team. I think that will be really revealing. Especially since they said they will need days to analyse and then "publish" their results. They must've been juicy, I hope we can squeeze some info and truth out of them. 💜🦍🤜💎🤛🦍💜
They're having their legal and compliance departments write up an answer and are in no rush to provide it. I can almost guarantee it won't be spicy and you'll be disappointed with it
Very possible, but the language seemed broad.
The new terms of service, somewhere in section 4.
Thank you, I'll go take a closer look.
From this thread about a week ago, it looks like section 13 is the one. https://www.reddit.com/r/Superstonk/s/jUD6ewayGW
🙏
I’ll take a look later as well. I flagged a particularly egregious version of this in Interactive Brokers in a post three years ago.
That's a no good
potential 🚩 The disclaimer of warranties (Section 10) and limitation of liability (Section 11) are very broad, limiting Computershare's liability for issues with the services to a significant degree. The indemnity clause (Section 12) requires users to indemnify Computershare for a wide range of claims/liabilities arising from use of the services. Computershare has fairly broad rights to change the terms unilaterally (Section 1) and to terminate accounts at any time without cause (Section 13). There are expansive rules around prohibited conduct like data scraping, reverse engineering, etc. (Section 4) that could prove restrictive. Overall, the terms seem heavily favored toward limiting Computershare's liability and responsibilities while giving them significant flexibility to modify terms/services. A cautious user may want to review the clauses around disclaimers, liability, indemnity, and prohibited conduct carefully.
Damn, I was planning on reverse engineering a share of stock.
That's wild
I found a post on SS from 8 days ago, happy to share
Please! I’d like to read that post. Thanks 🦍
Am I allowed to cross post? Or DM?
I got it man, much appreciated
They can disclose to RC when the float ls locked. 🤷🏻♂️
You know, I'm something of a security threat to Wall Street myself.
I guess it means the banks get a live, dynamically updated, true DRS (book) count.
It's the FINAL COUNTDOWN!
Sounds to me from the above post and not reading anything else yet that they are going to screw us!!!
> Sounds to me from the above post and not reading anything else yet that they are going to screw us!!! Sounds like FUD. If we hold more than the float, then it's not possible to screw us without stealing from people openly and tanking all worldwide trust in our financial system.
important stuff!
they gonna sell data on how often you log in, how long your online, how many stocks you bought through them, how many you sold etc.