The Discovery Machine

🔍 Discovery Machine — All Questionnaires

Knowledge · Questionnaires · Interactive Tools

Consumer, Legal & Digital Reading

Every transaction is a negotiation. Every contract is a story. Learn to read both.

Part One: Consumer Assessment

"Is This a Scam?" — The Comprehensive Detection Framework

Scams share a common architecture: artificial urgency, exploited trust, a plausible hook, and an irreversible payment method. Once you see the skeleton, the flesh varies only by context.

Online Shopping: Fake Sites

URL Inspection (First Line of Defense): - Check the domain carefully: amazon-deals-shop.com ≠ amazon.com - Look for character substitution: arnazon.com, paypa1.com - Legitimate retailers rarely use hyphens or extra words in their primary domain - Look for .net, .co, .shop where you'd expect .com

Site Quality Signals: - Stock photo reverse search: Right-click product images, use Google or TinEye reverse image search. Scam sites frequently steal images from legitimate retailers. - Contact information: Missing address or phone number? 🔴 Red flag. Use Google Maps to verify the address actually exists. - About Us page: Generic, vague, or missing? Suspect. - Return policy: Either missing or impossibly customer-hostile (no returns, store credit only, customer pays return shipping internationally).

Pricing: - Products priced 40-70% below market are a reliable scam signal — especially branded goods - "Limited time" countdown timers on product pages are manipulation tactics; reset when you reload - Bundle deals that seem too comprehensive to be real

Payment Methods: - 🔴 Wire transfer or bank transfer: untraceable, non-reversible - 🔴 Cryptocurrency: same - 🔴 Gift cards (no legitimate retailer asks for gift card payment) - 🟢 Credit card: disputed transactions are recoverable - 🟡 PayPal (goods and services, not "friends and family" — the latter removes protections)

Review Patterns: - All 5-star reviews, all posted within days of each other - Generic language: "Good product, fast shipping" repeated - No critical reviews at all (suppressed or fabricated) - Reviewer profiles have no history or multiple reviews from same period

Phone Scams

The IRS Never: - Calls you first (they write letters) - Demands immediate payment over the phone - Requires gift cards or wire transfers - Threatens immediate arrest

The Tech Support Scam: - Unsolicited popup claiming virus/infection: 🔴 close the window, do not call the number - Caller claiming to be Microsoft/Apple who "detected a problem": hang up - Remote access requests from unsolicited callers: 🔴 always refuse - Pattern: Create panic → establish authority → demand payment to "fix" fake problem

The Grandparent Scam: - Caller pretends to be grandchild in emergency ("I'm in jail, don't tell Mom") - Creates urgency and secrecy: two hallmarks of manipulation - Verify by calling the grandchild directly on their known number before doing anything

The Romance Scam: - Established over weeks or months on dating apps/social media - Perpetrator never able to meet in person (always an obstacle) - Eventually asks for money: emergency, investment, plane ticket - Often moves conversation off-platform quickly - 🔴 If someone you've never met in person asks for money: it's a scam

The Crypto Scam: - "I'll teach you to invest" followed by "deposit here on this platform I use" - "My uncle/cousin works for crypto exchange, can get you returns" - Fake platforms show impressive returns; you can't withdraw funds without "taxes" or "fees"

Prize/Lottery Scam: - "You've won — pay processing fee to receive" - You cannot win a lottery you didn't enter

In-Person Scams

Contractor Fraud: - Door-to-door after storm offering to "inspect" your roof (and always finds damage) - Requires cash payment upfront - No written estimate or contract - Uses high-pressure time-limited pricing

Charity Solicitation: - Verify charities at Charity Navigator or GuideStar before donating - Cash-only collections with no receipts - Vague mission statement that doesn't connect to a real organization

Distraction Theft: - One person engages you in conversation/spills something on you - Partner takes wallet, bag, or phone during distraction - Common in tourist areas, cafes, busy streets

The Petition Distraction: - Someone asks you to sign a petition; during signing, accomplice pickpockets - Or the "petition" includes a donation form buried in fine print

Email Phishing

URL Hovering (Desktop): - Hover over any link before clicking — the actual URL appears in the browser status bar - login.bankofamerica.com.malicious.ru — the real domain is malicious.ru - Legitimate banks/PayPal/Amazon use their primary domain; nothing after .com except a path

Sender Spoofing: - Display name can be anything; check the actual email address - "PayPal Security" <no-reply@paypa1-account-support.com> — the display name is fake - Spoofed headers can make it look like it came from the right domain — still hover links

Urgency Language: - "Your account will be suspended in 24 hours" - "Unauthorized access detected — verify immediately" - "Final notice before legal action" These are designed to bypass your critical thinking. Pause before acting.

Attachment Types to Refuse: - .exe, .vbs, .js (executables and scripts) - Office files (.docx, .xlsx) asking you to "Enable Macros" — 🔴 always refuse - PDFs requesting you enable JavaScript or open external links

Job Offer Scams

Advance Fee Pattern: "Congratulations! You've been selected. To process your application, please pay a registration/training/equipment fee." No legitimate employer requires upfront payment.

Check Overpayment: - You're hired for remote work; sent a check to purchase equipment - Check "accidentally" overpaid; asked to wire back the difference - Check is fraudulent; you're out the wired amount

Reshipping ("Package Manager"): - Job is to receive packages and reship abroad - The packages contain goods purchased with stolen credit cards - You become an unwitting participant in fraud

Rental Scams

Copied Listings: - Scammers take real Craigslist/Zillow listings, repost at lower price - Reverse image search the property photos — if they appear on other listings or Google Street View at a different address, it's fake

Wire Transfer / Zelle Only: No legitimate landlord requires advance deposit by wire before you've seen the property.

Can't Show the Property: - "I'm overseas for work" / "military deployment" / "missionary work" - If you can't see the property in person before paying: walk away

Too Cheap: Below-market pricing in a rental market is the hook. If it's 40% under market rate in a desirable area, there's a reason.

"Is This Car Dealer Honest?" — Dealer Assessment Checklist

Before the Lot: - Research the vehicle's actual market price (Kelley Blue Book, Edmunds, TrueCar) - Know your credit score before financing — dealers can mark up interest rates - Pre-arrange financing from a bank or credit union as leverage

Bait-and-Switch Patterns: - Advertised car is "just sold" when you arrive; here's a similar but more expensive one - Price changes between verbal quote and finance office - Add-ons (paint protection, fabric protection, window tinting) presented as "already done" and included in price

Fee Padding Recognition: Legitimate fees: dealer documentation fee (varies by state), registration fees, destination charge. Questionable fees: "market adjustment," "dealer prep," "advertising fee," "VIN etching" (often added without asking). Ask for an itemized out-the-door price before negotiating.

Negotiation Leverage: - Negotiate the total price, not monthly payment (payment framing allows dealers to extend loan terms) - Be willing to walk — this is your single strongest leverage - End of month/quarter, dealers have quotas and are more flexible - Cash isn't always king — dealers make money on financing

"Is This Contractor Legitimate?"

Verification Steps: 1. License: Request license number; verify with your state contractor board 2. Insurance: Request certificate of insurance (COI) naming you as additionally insured; call the insurer to confirm it's current 3. References: Get 3 recent references; ask specifically "Did the project come in on budget and on time?"

Contract Red Flags: - No written contract offered - Vague scope of work ("general renovations") - No start/completion dates - No permit mention (many jobs require permits)

Payment Schedule: - Never >30% upfront for materials - Milestone-based payments tied to completion stages - Final payment only on completion and your satisfaction

Lien Waiver Importance: When you pay a contractor, their subcontractors and material suppliers can still file a lien against your property if the contractor doesn't pay them. Get a lien waiver signed by the contractor (and any major subs) as a condition of final payment.

"Is This Investment Legitimate?"

SEC Red Flags: - Investment not registered with SEC (check SEC EDGAR at sec.gov/edgar) - Seller not registered as broker-dealer or investment advisor - Promises of guaranteed returns (nothing is guaranteed) - Overly consistent returns that never vary with market conditions (Madoff's tell) - Pressure to invest immediately or miss the window

Ponzi Characteristics: - Returns paid from new investor money, not actual investment gains - Unable to explain the underlying investment strategy clearly - Difficulty withdrawing funds or receiving statements - Social trust networks used (church, community, ethnic groups — "affinity fraud")

Too-Good-to-Be-True Returns: Market average (S&P 500, inflation-adjusted) ~7%. Anyone promising 15-30% "safely" is either lying or taking risks they're not disclosing.

Product Quality Assessment

Clothing: - Stitching: Should be tight, even, no loose threads. 8-12 stitches per inch is quality; fewer is cheaper. - Seam finish: Look inside — French seams or bound seams on quality garments; raw overlocked edges on cheaper - Fabric: Natural fibers (cotton, wool, linen, silk) generally more durable and breathable; feel weight and drape - Buttons: Shell or horn buttons on quality garments; plastic on cheaper; check that button holes are reinforced

Furniture: - Joinery: Mortise-and-tenon, dovetail, or dowel joints indicate quality. Staples and wood glue alone do not. - Wood: Solid wood vs. particle board vs. MDF (lift a corner — particle board is heavier than it looks relative to strength) - Finish: Rub a hidden spot with a damp cloth — cheap finish will show water marks easily - Drawer construction: Dovetail corners, wood bottoms = quality; stapled corners, cardboard bottoms = budget

Electronics: - Build quality: Metal chassis typically more durable than plastic; check seam gaps and panel alignment - Weight: Heft often indicates real components, not air and plastic - Repairability indicators: iFixit scores, presence of screws (vs. glued-shut), availability of replacement parts - Brand support duration: How long does the manufacturer provide software updates? (Relevant for phones, routers, smart devices)

Part Two: Legal Literacy

"Do I Need a Lawyer?" — Decision Framework

Situation	Lawyer?	Urgency
Criminal charges (any)	🔴 Yes	Immediately — before speaking to police
DUI arrest	🔴 Yes	Within 24 hours
Serious civil lawsuit (>$10K)	🔴 Yes	Before responding
Child custody dispute	🔴 Yes	Early; self-representation costly
Immigration issues	🔴 Yes	Beware notarios/non-attorney immigration consultants
Workplace discrimination	🟡 Consult	EEOC complaint first; attorney for litigation
Landlord-tenant dispute	🟡 Depends	Legal aid may be free; small claims court possible
Contract review (significant)	🟡 Consult	One-time review can prevent costly errors
Divorce (uncontested, no children)	🟡 Optional	Online services adequate for simple cases
Traffic ticket	🟢 Usually not	Fight it yourself or pay
Small claims	🟢 No	Lawyers often not permitted anyway

"Is This Contract Fair?" — Red Clause Identification

Mandatory Arbitration Clause: "All disputes shall be resolved by binding arbitration..." — This waives your right to sue in court. Arbitrators are often paid by the companies that repeatedly use them. Class action waivers often bundled here.

Auto-Renewal Clause: "This agreement automatically renews for successive one-year terms unless cancelled 30 days prior..." — Note the cancellation window and calendar it immediately.

Liquidated Damages: Pre-set damages for breach. Sometimes reasonable; sometimes punitive. Ask: is this proportionate to actual likely harm?

Non-Compete Breadth: "Employee agrees not to work in any competitive business for 3 years within 50 miles..." — Enforceability varies by state; California largely refuses to enforce them. Still worth flagging before signing.

Indemnification Overreach: "Customer agrees to indemnify Company against any and all claims..." — You're agreeing to pay the company's legal fees even if their product hurt you.

Warranty Disclaimer: "PRODUCT PROVIDED 'AS IS' WITHOUT WARRANTY OF ANY KIND..." — Know what you're giving up. Implied warranties (merchantability, fitness for purpose) may still apply under UCC regardless of disclaimer.

Rights During Police Encounters (US)

What You Must Do: - Identify yourself if lawfully stopped (varies by state — "stop and identify" states require providing name; most require providing ID if driving) - Comply with lawful orders regarding physical movement - Do not physically resist, even if you believe the stop is unlawful (challenge it in court, not on the street)

What You Can Refuse: - Consent to search (car, home, person) — "Officer, I do not consent to searches" - Answering questions beyond identification — "I'm invoking my right to remain silent" - Talking without a lawyer present if detained or arrested

Recording: In all 50 states, you have the right to record police in public performing their duties. You may not interfere with their duties. Keep your phone visible, announce you are recording in one-party consent states, stay calm.

Miranda Rights: Miranda (right to remain silent, right to attorney) only triggers upon custodial interrogation — when you're under arrest AND being questioned. Police can ask questions without Miranda warnings if you're not under arrest. You can invoke Miranda at any time: "I am invoking my right to remain silent and my right to an attorney."

Tenant Rights Assessment

Lease Red Flags: - "Landlord may enter at any time without notice" — Most states require 24-48 hours notice - "Tenant waives all rights to habitable premises" — Unenforceable - Illegal fees: application fees exceeding actual screening costs (state-specific limits) - "No guests overnight" restrictions (often unenforceable)

Habitability Standards: Landlords are generally required to provide: heat, hot water, functioning plumbing, structural soundness, pest-free conditions, working locks. Specific standards vary by state and municipality.

Constructive Eviction: If conditions become so uninhabitable that you're forced to leave, you may be able to terminate lease without penalty and potentially sue for damages. Requires documentation and usually written notice to landlord first.

Security Deposit: - Most states limit deposits to 1-2 months' rent - Deductions limited to actual damages beyond normal wear and tear - Must be returned within statutory period (14-45 days depending on state) with itemized deductions - Wrongful withholding: many states allow 2x-3x damages plus attorney fees

Employment Rights

At-Will Exceptions: Employment in most US states is "at-will" — terminated for any reason or no reason. Exceptions: - Implied contract (employee handbook with termination procedures) - Implied covenant of good faith - Public policy violation (fired for jury duty, whistleblowing, refusing to break law) - Discrimination based on protected class

Wrongful Termination Indicators: - Timing suspicious (days after filing complaint, taking FMLA leave, reporting safety violation) - Inconsistent application of rules compared to similarly situated employees - Documentation created retroactively - Manager made discriminatory comments prior to termination

Hostile Work Environment (Legal Standard): Not merely unpleasant — must be: (1) based on protected characteristic, (2) severe OR pervasive (not a one-time comment), (3) alter terms and conditions of employment. The legal bar is higher than the colloquial use of the phrase.

Whistleblower Protections: Federal and state laws protect employees who report: illegal activity, safety violations, fraud, securities violations. Protections vary by industry and what's being reported. Document everything before reporting.

Small Claims Court Viability Assessment

Jurisdiction Amounts by State: $2,500-$25,000 depending on state. Check your state's current limit.

Collectability Assessment: Winning a judgment means nothing if you can't collect. Ask: - Does the defendant have assets? (Property, business, bank accounts) - Are they a business or individual? (Business easier to collect from via bank levy) - Are they local? (Out-of-state collection is harder)

Evidence Strength: - Written contracts, texts, emails > verbal agreements - Photos, receipts, invoices are essential - Organize chronologically; anticipate their defense

The Process: File in defendant's county typically. Filing fee $30-$100. Both parties present to judge. Decision usually same day. If defendant doesn't pay: wage garnishment, bank levy, property lien options.

Part Three: Digital Literacy

"Is This Website Trustworthy?"

SSL/HTTPS: The padlock icon means the connection is encrypted — not that the site is legitimate. Scam sites now routinely use HTTPS. It's necessary but not sufficient.

Domain Age: Free tool: whois.domaintools.com or ICANN Lookup. A site selling luxury goods with a domain registered three weeks ago is suspicious.

Contact Verification: Phone number: does it actually connect to a person or business? Address: plug it into Google Maps; does it look like an actual business?

Privacy Policy Assessment: A legitimate site has one. Read the "third party sharing" section — some sites sell your data to hundreds of brokers.

WHOIS Lookup: Many legitimate businesses now use privacy protection (obscuring owner details), so private registration alone isn't damning. But a site with no contact info AND private WHOIS AND recent registration is a strong red flag constellation.

"Is This App Safe?"

Permissions Assessment: Every permission an app requests should have a clear functional reason.

Permission	Suspicious if requested by...
Contacts	Flashlight, calculator, game
Location (always on)	Anything without navigation purpose
Microphone	Apps with no audio feature
Call logs	Non-communication apps
SMS	Apps with no messaging feature

Rule: If you can't explain why a flashlight needs your contacts, it's harvesting your data.

Review Authenticity: - Surge of reviews around launch date with generic language = purchased reviews - Reviews that repeat same phrases ("works great, highly recommend") = bot pattern - No reviews at all for an app claiming millions of users = red flag

"Is This News Real?"

The SIFT Method: 1. Stop — Before sharing, pause 2. Investigate the source — Google the publication name + "credibility" or "bias" 3. Find better coverage — Is this story covered by multiple independent outlets? 4. Trace claims — Who originally made this claim? What's the primary source?

Lateral Reading: Don't evaluate a site by reading deeper into it — open new tabs and research the site itself. Media bias raters: AllSides, Ad Fontes Media Bias Chart, NewsGuard.

Image Reverse Search: Google Images or TinEye — paste or upload the image. A "breaking news" photo from a different country or year is fabricated context.

Date Verification: Old stories recirculate. Check the publication date, not just "when did I see this."

"Is This AI-Generated?"

Text Cues (as of 2024-2025): - Extremely even paragraph lengths - Hedging language in unusual density ("it's worth noting that," "it's important to consider") - Lack of specific anecdotes, proper nouns, or genuine personal experience - Lists with exactly the same grammatical structure throughout - Overuse of em-dashes and specific vocabulary ("delve," "tapestry," "nuanced")

Image Cues: - Hands and fingers (still a frequent failure point — too many, wrong anatomy) - Text within images (garbled, nonsensical) - Background details that don't quite cohere - Teeth (often wrong count or shape) - Jewelry and reflections (often inconsistent) - Ears (frequently malformed)

Audio/Video: - Mouth sync slight misalignment in video - Unnatural blinking frequency - Skin texture too smooth or inconsistently textured - Lighting direction inconsistent across face

Honest Caveat: Detection is becoming genuinely harder as models improve. No detection tool is reliable. Social and contextual verification (Is this person real? Can their identity be confirmed?) matters more than artifact detection.

Password Strength Assessment

Beyond Length — Entropy: A password's strength comes from unpredictability. correcthorsebatterystaple (random word combination, 28 chars) is stronger than P@ssw0rd! (predictable pattern, 9 chars with substitutions that crackers know to try).

Pattern Avoidance: - Keyboard walks: qwerty, 1qaz2wsx - Common substitutions: @ for a, 3 for e, 0 for o - Personal information: name + birth year, pet names, addresses - Dictionary words even with caps: Password1!

Breach Checking: haveibeenpwned.com — enter email to see if your credentials appear in known breaches. Passwords can also be checked directly.

The Practical Framework: - Use a password manager (Bitwarden is free and open-source; 1Password is polished) - Unique password for every account - Enable 2FA (hardware keys > authenticator apps > SMS) - Passphrase for master password: four+ random unrelated words

Privacy Risk Assessment: What You're Giving Away

Data Audit Framework:

For each service you use, assess: 1. What data is collected? (Read privacy policy data collection section) 2. Who do they share with? (Third parties, advertisers, law enforcement) 3. What's their breach history? (haveibeenpwned for your email; Google "[company] data breach") 4. What happens if you leave? (Can you export and delete your data?)

Tiered Privacy Sensitivity:

Data Type	Sensitivity	Who Wants It
Precise location history	🔴 Very High	Advertisers, law enforcement, stalkers
Health and medical	🔴 Very High	Insurers, employers
Financial behavior	🔴 High	Advertisers, lenders
Political/religious views	🟡 High	Advertisers, political campaigns
Browsing history	🟡 High	Advertisers, data brokers
Email contacts	🟡 Medium	Advertisers, phishing targets
Public social content	🟢 Lower	Background checkers, employers

The Free Service Rule: If you're not paying for the product, your attention and data are the product. This isn't a reason to avoid all free services — it's a reason to know what you're trading.

Every transaction has a subtext. Every contract tells you who the drafter was afraid of. Read both the page and the motive behind it.

🔍 Interactive: "Is This a Scam?" Checklist

🕵️ Scam Risk Checker

Check all the red flags that apply to your current situation. Results update as you check.