Article 43

 

Shopping

Being a customer today increasingly means voluntarily SURRENDER of personal info at a time when IDENTITY THEFT and fraud are out of control.

Here’s some examples I got this morning when trying to buy a few things over the phone, on the internet, and a real store.  All except the real store take credit card payments only.

---

I called VERIZON WIRELESS today thinking of switching cell phone providors because my new job has an employee discount with them. The rep insists on a social security number to act as identifying account info, not just a credit check. Sounds like DISH NETWORK. Neither got me as a new customer.

Then I looked around DVD neXt Copy’s WEBSITE for their EULA. They’re of the ilk that uses DRM and product activation that’s good only once on one computer, and not disclosed anywhere on their website.  The EULA’s only available when installing the product - which means after you already bought and paid for it, and the DRM language is too vague to be of any use trying to figure out exactly what a variety of communications means.  Keeping that info secret worked once for the vendor getting me to buy it’s software last year, but DVD neXt Copy won’t be getting any more business of mine: 

AUTOMATIC COMMUNICATIONS FEATURES
The SOFTWARE PRODUCT consists of interactive Internet applications that perform a variety of communications over the Internet as part of its normal operation.  A number of communications features are automatic and are enabled by default. By installing and/or using the SOFTWARE PRODUCT, you consent to the SOFTWARE PRODUCT’S communications features.  Once you have activated the SOFTWARE PRODUCT, user information including your user id will be sent in communications with DVD neXt COPY’S servers. This information is used to perform a background check against DVD neXt COPY’S license servers. You are responsible for any telecommunications or other connectivity charges incurred through use of the Software.

SYSTEMS SOFTWARE
You may install and use one copy of the SOFTWARE PRODUCT on a single Computer or laptop, including a workstation, terminal or other digital electronic device ("COMPUTER"). Storage/Network Use - You may also store or install a copy of the SOFTWARE PRODUCT on a storage device, such as a network server, used only to install or run the SOFTWARE PRODUCT on your other COMPUTERS over an internal network, not to exceed 2 network computers.

Then I surfed over to eBay looking at STEIFF DOLLS.  They should make nice holiday gifts.  But from what I READ over at Gripeline:

EBAY and PAYPAL privacy policies practically give them the right to sell your financial information on street corners.

Finally, I went to buy new tires for the car.  They guy at the tire store demands to see and database my drivers license number.  Almost as bad as what I think about MICROSOFT’S ATTITUDE WITH WGA.

What’s a conscientious consumer to do to guard against identity theft, fraud, insulting EULAs, and trying to keep his private info private - not buy anything?

I used to love shopping.

Posted by Elvis on 11/18/06 •
Link to this articleLink to this article and comments
Home
 
  1. Drivers License Swipes Raise Privacy Concerns

    With ID swipe, Big Brother bellies up to the bar

    BY IAN T. SHEARN
    Star Ledger
    November 21, 2006

    It’s College Night at KatManDu, a popular Trenton nightclub, and the late-arriving crowd is predictably young.

    Bouncers pat down male patrons and politely ask for IDs. They swipe everyone’s driver’s license through a small, yellow electronic box that reads a bar code and instantly displays the customer’s age.

    Club managers love the gadget, and it’s rapidly becoming standard issue at the bigger clubs in Manhattan, New Jersey and elsewhere.

    But the box does more than just check birth dates. It also retains the customer’s name, address, license number—even height, weight and eye color. All that information then can easily be downloaded into a computer system.

    Most patrons have no idea their information is being electronically stored—nor are they asked if they mind.

    “Why do they need it?” asked Tara Fort, a 22-year-old customer from Hamilton Township, who became agitated when told the scanning device was storing personal information.

    “They probably want to send you a bunch of crap you don’t want. ... At least tell me you’re taking my information.”

    While federal law prohibits sharing or selling data from driver’s licenses, there is nothing on the books in New Jersey preventing bars from collecting and storing it. A handful of states—including New Hampshire, Texas and Nebraska—have outlawed the practice, but a spokesman for the New Jersey Attorney General’s Office said the issue has never come up.

    Joseph Surdo, a manager at KatManDu, said his club has built a database of more than 15,000 names in a year, but he stressed the information is used only for in-house promotional purposes.

    “I don’t sell the list,” said Surdo, the club’s director of marketing and entertainment, adding that only two other employees had access to the information.

    Such assurances don’t mollify some privacy advocates, who see the potential for identify theft or the illicit sales of such lists.

    “If the information is gathered, someone somewhere will use it for reasons it wasn’t intended,” said Melissa Ngo, staff counsel at the Electronic Privacy Information Center, a nonprofit group in Washington, D.C. “This is about taking your information without your consent. It can be misused and abused.”

    That is exactly why New Hampshire passed a law preventing the scanning of driver’s licenses, Rep. Neal Kurk said.

    “That bill was part of a decade-long effort to ensure the driver’s licenses are used only for the purpose for which they were intended, which is to operate a motor vehicle,” said Kurk, a Republican and 20-year member of the state’s House of Representatives. “Privacy is very fragile and very easily lost.”

    Privacy was not a big concern for most of the two dozen or so patrons recently interviewed at KatManDu; few expressed reservations about having their licenses swiped.

    “I don’t see no problem,” said Dan Slaiciunas, 22. “That happens every day on the Internet. Any hacker can get the information anyway.”

    Joe Tripician, a New York filmmaker and Web media executive, said such reactions aren’t surprising from a generation accustomed to sharing personal information on Web sites such as Facebook.com and MySpace.com.

    “The kids don’t care,” Tripician said, “because only old people like you and me suffer from the illusion of privacy these days.”

    Mark Baughman of TriCom Technologies, the California company that makes the $1,500 scanners used by KatManDu and other clubs, said most customers want the devices for age-verification purposes. But they become more interested when they see marketing possibilities, he said.

    “With two clicks, I can have the list they want and mailing labels ready to print in four minutes,” Baughman said.

    Club owners and manufacturers also contend the computer’s ability to tag problem customers helps keep an establishment safe.

    A scanning system sold by Barlink, a Canadian company, allows clubs to tap into a central database and identify unruly patrons who may have been banned elsewhere, said Brad Hartford, the company’s owner.

    The technology’s public safety benefits outweigh the risks, Hartford said, and are a compelling reason to retain the data.

    Ngo, of the privacy-information center, disagreed.

    “There are ways to ensure security without violating the privacy rights of every customer,” Ngo said. “But if that’s what they want to do, then tell their customers, ... ‘If you want to come into this club, we are going to swipe your license, and we’re going to keep it in our computer for X years.’”

    Brooke Singer, a professor of new media studies at the State University of New York/Purchase, said she first became aware of such devices four years ago, when her license was swiped at a state-run liquor store in Pittsburgh. She said she later learned the Pennsylvania Liquor Control Board kept a database of everyone who buys alcohol from state-run outlets.

    Her interest piqued, she decided to investigate the practice. Backed by grant money and donations, Singer and partners created a traveling faux-bar where they served drinks and educated their customers about the power of the swipe. Everyone who came in had their licenses scanned and, with the assistance of a little “‘pre-data mining,” soon viewed more information about themselves than they could have imagined was out there.

    Tapping into Census data and other free databases, Singer was able to show her swiped patrons their profiles on a flat-screen TV behind the bar. A map showing the location of their home. Their likely income range. Their consumer behavior.

    “This,” Singer said, “is just the tip of the iceberg.”

    SOURCE

    Posted by Burned Out Baby Boomer  on  11/22/06
  2. IHOP Changes Policy of Asking for IDs

    Red Orbit
    November 28, 2006

    QUINCY, Mass. - John Russo has been a victim of identity theft. So when he was asked to fork over a photo ID just to be seated at an IHOP pancake restaurant, he flipped. “‘You want my license? I’m going for pancakes, I’m not buying the Hope diamond,’ and they refused to seat us,” Russo said, recounting his experience this week at the Quincy IHOP.

    The restaurant now has agreed to reverse the policy of requiring customers to turn over their driver’s licenses before they can order - a rule that was enacted to discourage “dine and dash” thefts.

    WCVB-TV in Boston reported the Quincy restaurant’s policy had been enacted without corporate approval.

    IHOP Corp., based in Glendale, Calif., released a statement Monday night to WCVB that said an employee felt the policy could eliminate the problem of people leaving without paying.

    “This was done without the knowledge or approval of management. ... We apologize to any guest who was inconvenienced,” the statement said.

    Russo said a security guard at the restaurant had “at least 40” licenses in hand when he arrived to eat.

    “Identity theft is rampant. I wouldn’t want to give my license, with my address or Social Security number to anyone that I’m not familiar with,” Russo said. “I’m going just for breakfast.”

    SOURCE

    Posted by Burned Out Baby Boomer  on  11/29/06
  3. A Hard Lesson in Privacy

    Scott Granneman looks at a hard lesson in personal privacy and security through the lens of a very public and well-known female television show host in Europe.

    Sometimes I hear a story that is simply breathtaking in its stupidity and potential for disaster. For your delectation, horror, and amazement, here is one relayed to me by a good friend a few days ago. He’s living in a European country that shall remain unnamed; in addition, the names and some details have been changed to protect the guilty (and the very dumb). It was transmitted to me via Skype, so I’ve also cleaned up the spelling and punctuation common to IM conversations so that it’s more readable.

    Boy have I got a story for your SecurityFocus column. My brother-in-law just bought a used Intel 20” iMac. The seller was a nice looking blonde, who didn’t wipe the disk. You can probably see where this is going, but it’s better than that.

    For some reason, he thought he needed her password to reinstall the system, so he called her and she gave it to him. Well, he had already seen some pornographic pictures on the hard drive that weren’t password protected. Most of them weren’t too explicit, aside from a couple of [oral sex] shots. But the password uncovered some videos where she gets sodomized, apparently by her boyfriend, or only one guy at any rate.

    Now the pics and vids are all on his iPod. He pulled them off the computer.

    It gets better.

    At this point, I was thinking, “How in the world could it?” But my buddy was right. It got better.

    My brother-in-law doesn’t watch a lot of television, but somehow he figured out that the blonde is the host of [a very popular television show in that country]! I saw the vids and I went to the official website, and there she was. There’s no doubt about it, it’s the same woman.

    I couldn’t believe it either. How can you be that stupid!?

    Don’t even bother asking me for her name, or the name of the TV show, as I’ve been sworn to secrecy. Instead, let’s ponder the lessons we can learn from this salacious debacle.

    Lesson 1: Wipe your disks

    I’ve touched on this one before, and I know it seems like common sense to the folks reading this column, but my pal’s story sure makes one thing painfully clear: many (most?) “ordinary” users don’t understand the concepts of wiping a hard drive securely before relinquishing a computer.

    It’s one thing to drag your personal files to the trash and then empty it - lots of people undoubtedly think that will be enough to protect them. A few more knowledgeable ones understand that trashed files can still be recovered, so they want to remove that sensitive data more completely. This usually means asking a friendly computer nerd for advice or help, or Googling for freeware, or paying for some commercial piece of software that will overwritedata the necessary number of times. (Editor’s note: Mac users can use the Secure Empty Trash menu to securely delete files.) A tiny number of people - call them “paranoid security experts” - will go the final step and drill, bash, or bend their hard drives so that the data will be totally unrecoverable.

    And then we have the ... well, I don’t really want to call them users, since they’re more used by than users of their computers - people who don’t even try to remove their data from the PCs in their possession. Even if that data is intensely personal. As in, involving acts or knowledge that really should be kept private. Or, to put it another way, in what reality did that young woman think leaving pictures of her engaged in sexual acts on her Mac was a good idea? Did she not understand that those images and videos were left on the machine that she was selling? Had she copied them somewhere - to another machine, an iPod, or a USB stick - and thought that copying was actually moving?

    The embarrassing goodies didn’t have to be sexy pics and vids, of course. They could just as easily have been IM conversations, or emails, or letters, or banking info, or accounts of medical issues, or just about anything that should be seen as privy to only a very few. No matter what it is, the lesson is crystal clear: destroy that data before it leaves your possession!

    Lesson 2: Protect your passwords

    But now we come to the second incomprehensible action our randy young lass committed. Once again, I’ve written before about the cavalier attitude many computer users display toward their passwords. This one, however, is just shocking in its utter imbecility. Selling your computer, I can understand. Accidentally leaving naughty JPEGs and MPEGs behind I don’t comprehend, but I can kind of - maybe, just barely, if I’m really feeling charitable and “in the giving vein,” as Richard III says - understand someone making a horrible mistake and thinking that stuff is gone when it’s really still there. But giving away your password when the buyer calls? No questions asked? What the ...? Do you see my face right now? Jaw dropped, eyes wide open in total disbelief, mouth agape? LADY, HAS BEING ON TV COMPLETELY MELTED YOUR [expletive] BRAIN?

    Let’s review, shall we? One, wipe your computer clean before you hand it off to a new owner. Two, if the new owner calls you requesting your password, don’t give it to him. There is no three.
    Once the toothpaste leaves the tube ...

    So, my TV personality friend, you’ve decided to whip out the digicam and take some shots of yourself and a male companion. But stills weren’t enough, so you added movies to the mix. Spicy! Unfortunately, once something has been committed to a digital file, it can be copied and transferred around the world in an instant. Seinfeld’s Kramer, Michael Richards, has certainly learned that lesson over the last week or so. Claire Swire and Peter Chung found out the hard way when their emails zoomed from inbox to inbox. Same thing for homophobic landscapers, rude managers in New Zealand, and incompetent HP support personnel: all had their stories sweep around the world, to their detriment. Eventually, music and movie BigCo’s will learn this painfully obvious truism, whether or not they really wish to, and DRM, in all its useless, inefficient, and consumer-hating glory, will go bye-bye.

    With this understanding, let’s talk like reasonable adults here, Ms. European TV Personality. Here’s the deal: unless you have an exhibitionist streak a kilometer wide (I used that instead of “mile” since you use the metric system), you really, really, really shouldn’t take photos and movies of yourself in flagrante delicto. It doesn’t matter how much in love (or lust) you think you are with the dude. Murphy’s Law holds here about as strongly as anywhere else, so I can guaran-freakin’-tee you that those very embarrassing items will end up in the possession of people you’d rather were not possessing them. Whether through accident, theft, anger, maliciousness, or lasciviousness, someone besides you and your lover is going to get their paws on those jpegs and movies, and at that point, potentially anyone who can access the Internet is going to get quite an eyeful. Girl gone wild, indeed.

    Look at my friend’s brother-in-law. What’s the first thing he did after discovering the goods and showing them to my buddy? Why, put them on his iPod, of course! All the better to show other friends. And to transfer ... or upload ... or add to YouTube ... or ... you get the idea. So far he’s resisting urges to spread the movies and images around, but how much longer will he resist? Do you really want to find out, oh lady of mystery? On the one hand, it’s unfortunate that this entire incident has happened to you, since at any moment you could find yourself needing to do a lot of red-faced explaining; on the other, though, it’s almost too bad that I won’t publish your name and identity. Perhaps if that info was made public, it would cause you and a lot of other people to learn a very painful, and very real in today’s world, lesson about security, privacy, and the importance of keeping personal matters secret.

    SOURCE

    Posted by Burned Out Baby Boomer  on  11/30/06
  4. Personal Firewall For The RFIDs You Carry

    A Platform for RFID Security and Privacy Administration is a PAPER by Melanie R. Rieback and Georgi N. Gaydadjiev that won the award for Best Paper at the USENIX LISA (Large Installation Systems Administration) conference today. It proposes a “firewall for RFID tags”—a device that sits on your person and jams the signals from all your personal wireless tags (transit passes, etc), then selectively impersonates them according to rules you set. Your contactless transit card will only send its signal when you authorize it, not when some jerk with an RFID scanner snipes it as you walk down the street. The implementation details are both ingenious and plausible—it’s a remarkable piece of work. Up until now, the standard answer to privacy concerns with RFIDs is to just kill them—put your new US Passport in a microwave for a few minutes to nuke the chip. But with an RFID firewall, it might be possible to reap the benefits of RFID without the cost.

    SOURCE

    Posted by Burned Out Baby Boomer  on  12/06/06
  5. Self-tuning portable RF jammer disguised as menthol cigs

    NINJA STRIKE FORCE member LADY ADA has posted A DESIGN for a self-tuning, microprocessor controlled, wide band RF jammer.

    Lady Ada (who is, omg, a girl! not knitting, but hacking hardware!) explains:
    THIS WEBSITE details the design and construction [of a] Wave Bubble: a self-tuning, wide-bandwidth portable RF jammer. The device is lightweight and small for easy camoflauging: it is the size of a pack of cigarettes.

    An internal lithium-ion battery provides up to 2 hours of jamming (two bands, such as cell) or 4 hours (single band, such as cordless phone, GPS, WiFi, bluetooth, etc). The battery is rechargeable via a mini-USB connector or 4mm DC jack (a common size). Alternately, 3 AAA batteries may also be used.

    SOURCE

    Posted by Burned Out Baby Boomer  on  01/19/07
  6. Warner Music sues paralyzed stroke victim

    Warner Music is suing a retired railroad man in Florida whose left side has been paralyzed by a stroke and whose sole source of income is his disability check.

    Although the defendant John Paladuk, an employee of C&N Railroad for 36 years, was living in Florida at the time of the alleged copyright infringement, and had notified the RIAA that he had not engaged in any copyright infringement, and despite that the fact that Mr. Paladuk suffered a stroke last year which resulted in complete paralysis of his entire left side and severely impaired speech, rendering him disabled, and despite the fact that his disability check is his sole source of income, the RIAA commenced suit against him on February 27, 2007.

    SOURCE

    Posted by Burned Out Baby Boomer  on  03/14/07
  7. The RFID Guardian: a firewall for your tage

    By Nate Anderson
    May 01, 2007
    ARS Technica

    Here, there, and everywhere

    Don’t carry RFID? You might be surprised; the short-range ID technology is currently found in everything from US passports to swipeless credit cards to public transit passes to World Cup tickets to car keys to the building access pass for your office building. A few of the digerati even elect to have RFID implants from VeriChip slipped beneath their skin in order to use them as cashless payment systems.

    Much of the information on these chips can be read without exotic equipment, assuming an attacker can get within several feet with a concealed RFID reader. Unfortunately, most tags give users no control over when they respond to queries, and they offer no notification, which means that sensitive data could be at risk in public places.

    The solution, for those concerned about such things, has so far been low-tech: smashing the chip with a hammer appears to be the preferred method for passports, but it is technically illegal and could lead to unpleasantness at customs.

    A new tool from a graduate student at the Vrije Universiteit in Amsterdam offers the first real-time cloak of protection to users concerned about security, and no hammer blows are required. The RFID GUARDIAN is essentially a firewall that can prevent or allow RFID queries, and can do so on a per-tag basis. Melanie Rieback, the Guardian’s designer, describes it as a portable, battery-powered device for personal RFID privacy—but even if you aren’t concerned about men in dark sunglasses snatching your passport data, the selective jamming tech in this diminutive device is fascinating stuff.

    I had a chance to sit down with Rieback during her recent trip to the United States, and she explained how the device works, what’s coming in version 3.0, and why she has no plans to profit from the technology.

    “I’m definitely not anti-RFID,” she explains. “I think there’s a lot of great things you can do with it, but I just think that like any other technology, they need to take security and privacy into consideration.”

    Here’s how the RFID Guardian gives that power to the people.

    And I need this… why?

    RFID got its start as an antitheft tool that soon became important for inventory management. Using RFID chips, it was suddenly simple for shippers to know how many pallets were in a trailer, and retailers could see how many razors were on a store shelf without keeping employees all night to do inventory. RFID received a massive boost when Wal-Mart required RFID tags to be used by all of its suppliers.

    Because such commercial deployments emphasize cost over security, most tags still have no access controls, so grabbing a tag’s information is relatively simple. Some specialized tags do employ basic cryptography, but this is not always robust. When researchers looked into the encryption found in the ExxonMobil SpeedPass, for instance, the algorithm turned out to use a 40-bit key and was cracked easily by a brute force attack. Tags with stronger cryptography tend to be prohibitively expensive, and thus are not often used.

    As the tags showed up in increasingly sensitive applications, security became more of a concern—at least to researchers and privacy advocates. Rieback was one of those people. As a graduate student searching for a Ph.D. dissertation topic, she spent eight months reading computer science research papers and discovered that the number of published works on RFID security could be counted on both hands. “It became painfully obvious that there was a deficiency in the area of RFID, and there is so much work to be done,” she says.

    So Rieback turned herself into one of the foremost academic authorities on RFID security and went on to develop the first RFID virus as a proof of concept. That got the industry’s attention. As Rieback tactfully puts it, there was a “mixed reaction” that even included some personal attacks. But other companies approached her team for consulting assistance within days of publishing the paper.

    After doing her part to publicize these security shortcomings of many RFID implementations, Rieback moved on to the RFID Guardian project, which would give people a measure of control over their tags. It became her Ph.D. project, and when she finalizes the next version in the next eight months or so, she should earn her doctorate. Even when that happens, though, she has no plans to drop the project. “I think this is important enough that we should finish it,” she says. “We should get it out there.”

    Eventual plans call for the Guardian to be incorporated into cell phones and PDAs, but the current model is a pocket-sized device that runs on its own battery and provides a circular 1m field of control over RFID tags, jamming any tags that the user does not want read. It sounds simple, but the technology behind it is surprisingly complex—complex enough that the current model uses what Rieback refers to as a “beast” of a CPU, an Intel XScale PXA270. Here’s what all that power is for.

    SOURCE

    Posted by Burned Out Baby Boomer  on  05/04/07

Name:

Email:

Location:

URL:

Smileys

Remember my personal information

Notify me of follow-up comments?

Next entry: Lucent Pre-merger Layoffs

Previous entry: Black Friday Revealed

<< Back to main

Home

Members:
Login | Register
Resumes | Members

In memory of the layed off workers of AT&T

Today's Diversion

Our absolute goal should be to render our knowledge priceless, then freely give it to those who wish. - Anonymous

Search


Advanced Search

Categories

Archives

Favorite Posts

Recent Entries

American Solidarity

Favorites

Statistics