Thank you for being forthcoming about all this. I don't mean to be a pain in your ass and I know your intentions are good. I hope this all ends up being a force for good and that things like the NYT coverage help avoid legal issues with Equifax. Good luck to you in that regard.
For the record, the favicon requests that went out after "submitting" your site's data did not appear to transmit any form data to that server. I just noticed that it'd be trivially easy to do that if someone else emulated this as a bad actor.
I think we can all agree that Equifax chose extremely poorly with a separate domain name, one that is just crassly phishy-sounding already, and opening itself up to actual bad actors.
For the record, the favicon requests that went out after "submitting" your site's data did not appear to transmit any form data to that server. I just noticed that it'd be trivially easy to do that if someone else emulated this as a bad actor.
I think we can all agree that Equifax chose extremely poorly with a separate domain name, one that is just crassly phishy-sounding already, and opening itself up to actual bad actors.