Results 1 to 13 of 13
  1. #1
    Join Date
    Nov 2010
    Posts
    107

    FraudRecord legality

    Is this legal, in the UK at least?

    The Data Protection Act in the UK is very clear and strict with regards to the sharing of personal data, and I can't see how Fraud Record can comply with it.

    The DPA states that customers must be clearly notified who their data is being shared with - this would mean whenever a host reports someone, they would need to notify the user exactly WHO has access to that info, ie list all the webhosts

    It also says that data cannot be shared outside the EU unless tight security safeguarding is in place - can Fraud Record vouch for the security of every webhost co who uses it's services? Ie SSL certs are a must etc

    Another thing it mentions is data has to be factual and correct at all times - seems a very grey area for a hosts personal opinion..?

    Now I'm by no means a lawyer, but I just thought I'd bring it up, as the chances are if Fraud Record doesn't comply with the DPA (before you all go 'we're in the US who cares'), then it's highly doubtful if you're a host using it in the UK you aren't breaking the law.

    I'd also be interested as to what US laws make of this?

  2. #2
    Join Date
    Nov 2010
    Posts
    107
    I'd also like to quickly add that I've never used Fraud Record (only quickly looked at its website), so please correct me if I'm wrong

  3. #3
    Fraud record has some obvious liability and privacy concerns regardless of jurisdiction. Hopefully that particular issue doesn't come up as a serious problem as it does seem to be a valuable service. Personally I would think twice before submitting customer data there.
    IOFLOOD.com -- We Love Servers
    Phoenix, AZ Dedicated Servers in under an hour
    ★ Ryzen 9: 7950x3D ★ Dual E5-2680v4 Xeon ★
    Contact Us: sales@ioflood.com

  4. #4
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,932
    FraudRecord does not store client data so there are no privacy concerns. There are no names, phone numbers, addresses, IPs, e-mail addresses, or any other identifying information in their databases.

    Maxmind stores more information in their databases than FraudRecord does and they are being used by a lot more hosting providers.
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  5. #5
    Join Date
    Oct 2002
    Location
    /roof/ledge
    Posts
    28,088
    Quote Originally Posted by ZKuJoe View Post
    FraudRecord does not store client data so there are no privacy concerns. There are no names, phone numbers, addresses, IPs, e-mail addresses, or any other identifying information in their databases.
    How then does it offer records of evil doers if nothing is stored?
    Your one stop shop for decentralization

  6. #6
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,932
    Quote Originally Posted by bear View Post
    How then does it offer records of evil doers if nothing is stored?
    Here's the example on their website of what their database looks like:

    name = ac2c739924bf5d4d9bf5875dc70274fef0fe54cf
    email = 34efd0a968b48cbf9a43ac3e73053e4f343234e4
    email2 = 2a1ab4a6ed14713d0e26127c1920417e4b193924
    ip = f25c0306279af0bd9faf1caf0549daedb3472b7f
    phone1 = 3f09086d8d4e4019eb534ce28e6b64c8ef563ec9
    phone2 = d542e4bad3dbb13bcf0e31f484394997cd969b18
    domain = ff07748b4d4b8f08f21499e078ef792fded46641
    Source: https://www.fraudrecord.com/security/
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  7. #7
    Join Date
    Mar 2014
    Location
    London
    Posts
    261
    Quote Originally Posted by bear View Post
    How then does it offer records of evil doers if nothing is stored?

    The data is hashed up.

    According to the site

    "
    FraudRecord uses a one-way encryption algorithm (salted and looped SHA-1) to receive and test client information. Our database never receives actual client information, it only accepts the encrypted version. There is no way to reverse-engineer the algorithm and access the actual client information.
    An email address like "john.smith@example.com" becomes "34efd0a968b48cbf9a43ac3e73053e4f343234e4" before even reaching our servers. The only way to query this information by other companies is to have the same client registered with them, so they can use "john.smith@example.com" to create "34efd0a968b48cbf9a43ac3e73053e4f343234e4" and access our database.
    Our database only stores the encrypted information, which cannot be used to determine the actual email address in any case, even by us. We also protect our access routes via SSL certificates. If you like to read more technical details, you can visit our security details page."
    Last edited by eriahosting; 01-20-2015 at 10:13 PM.
    Eria Hosting- eria.io
    Premium Web Hosting.
    cPanel | Softaculous | CloudLinux | Domains | SSL | SSD

    PayPal | Stripe

  8. #8
    Join Date
    Oct 2002
    Location
    /roof/ledge
    Posts
    28,088
    If that's the case, then that answers the legality question. If it can only be compared and not reversed, it's not an issue.
    Your one stop shop for decentralization

  9. #9
    Quote Originally Posted by bear View Post
    How then does it offer records of evil doers if nothing is stored?
    I assume it stores md5 hashes so that you can test for exact matches. That certainly increases the security of the solution and discourages mining the data, but I don't know that it has any bearing on the legality of the service.

    I'm not aware of any legal precedent for something very similar to fraud record.

    There are several legal justifications for their actions to be considered legally protected speech, or at minimum, not illegal, but also several possible legal justifications that could possibly be used to support the opposite conclusion.

    Which potential legal theories would win in court is an open question. As well, any negative reports that someone may find issue with, the liability very likely would fall upon the host posting the negative report, and not necessarily be a legal problem for the fraud record admins.

    It's worth keeping in mind that slander and defamation laws do not necessarily require the speech be untruthful in order to run afoul of the law. So someone posting a report is potentially opening themselves up to slander / defamation liability simply by posting a report.
    IOFLOOD.com -- We Love Servers
    Phoenix, AZ Dedicated Servers in under an hour
    ★ Ryzen 9: 7950x3D ★ Dual E5-2680v4 Xeon ★
    Contact Us: sales@ioflood.com

  10. #10
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,932
    Quote Originally Posted by funkywizard View Post
    It's worth keeping in mind that slander and defamation laws do not necessarily require the speech be untruthful in order to run afoul of the law. So someone posting a report is potentially opening themselves up to slander / defamation liability simply by posting a report.
    Hence why I recommend any provider that utilizes third party services for anything like this to include some wording in your Terms of Service that the client agrees to.
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  11. #11
    Join Date
    Feb 2006
    Location
    Kusadasi, Turkey
    Posts
    3,379
    FraudRecord has been questioned a million times in the past regarding legality, especially in UK. So far, no one could offer a specific law that we are breaking.

    Quote Originally Posted by ZKuJoe View Post
    Hence why I recommend any provider that utilizes third party services for anything like this to include some wording in your Terms of Service that the client agrees to.
    It's not actually just a "recommendation". I've put it up on the signup page that all member companies must place a clause in their TOS that explains the client may be reported to FraudRecord in certain cases. Any host that doesn't do that is violating their local laws.

    The system was designed using one-way hashes with special salting. No existing rainbow tables can be used, the data is pretty safe. Not even I can see the submitted client data. Any host that queries a client already has all the information, we can only run a comparison on existing hashes.
    Fraud Record - Stop Fraud Clients, Report Abusive Customers.
    █ Combine your efforts to fight misbehaving clients.

    HarzemDesign - Highest quality, well designed and carefully coded hosting designs. Not cheap though.
    █ Large and awesome portfolio, just visit and see!

  12. #12
    Join Date
    Mar 2012
    Posts
    1,421
    Fraudrecord down?
    Quote Originally Posted by Harzem View Post
    FraudRecord has been questioned a million times in the past regarding legality, especially in UK. So far, no one could offer a specific law that we are breaking.



    It's not actually just a "recommendation". I've put it up on the signup page that all member companies must place a clause in their TOS that explains the client may be reported to FraudRecord in certain cases. Any host that doesn't do that is violating their local laws.

    The system was designed using one-way hashes with special salting. No existing rainbow tables can be used, the data is pretty safe. Not even I can see the submitted client data. Any host that queries a client already has all the information, we can only run a comparison on existing hashes.
    --

  13. #13
    Join Date
    Feb 2006
    Location
    Kusadasi, Turkey
    Posts
    3,379
    Quote Originally Posted by HRR1963 View Post
    Fraudrecord down?
    It's up. Can you try again in a few minutes?
    Fraud Record - Stop Fraud Clients, Report Abusive Customers.
    █ Combine your efforts to fight misbehaving clients.

    HarzemDesign - Highest quality, well designed and carefully coded hosting designs. Not cheap though.
    █ Large and awesome portfolio, just visit and see!

Similar Threads

  1. fraudrecord.com down
    By StealthyHosting in forum Providers and Network Outages and Updates
    Replies: 29
    Last Post: 09-04-2014, 05:33 PM
  2. Do you use FraudRecord? You should!
    By BrianHarrison in forum Running a Web Hosting Business
    Replies: 68
    Last Post: 03-24-2014, 08:25 PM
  3. FraudRecord.com Get those clients before you get got!
    By FRCorey in forum Running a Web Hosting Business
    Replies: 62
    Last Post: 11-16-2013, 04:01 AM
  4. Fraudrecord.com - What are your thoughts?
    By Kevin K in forum Running a Web Hosting Business
    Replies: 71
    Last Post: 12-03-2012, 07:46 PM
  5. FraudRecord seems Promising
    By VPS Unlimited in forum Fraud and Abuse
    Replies: 31
    Last Post: 05-26-2012, 01:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •