Results 1 to 13 of 13
Thread: FraudRecord legality
-
01-20-2015, 07:58 PM #1WHT Addict
- Join Date
- Nov 2010
- Posts
- 107
FraudRecord legality
Is this legal, in the UK at least?
The Data Protection Act in the UK is very clear and strict with regards to the sharing of personal data, and I can't see how Fraud Record can comply with it.
The DPA states that customers must be clearly notified who their data is being shared with - this would mean whenever a host reports someone, they would need to notify the user exactly WHO has access to that info, ie list all the webhosts
It also says that data cannot be shared outside the EU unless tight security safeguarding is in place - can Fraud Record vouch for the security of every webhost co who uses it's services? Ie SSL certs are a must etc
Another thing it mentions is data has to be factual and correct at all times - seems a very grey area for a hosts personal opinion..?
Now I'm by no means a lawyer, but I just thought I'd bring it up, as the chances are if Fraud Record doesn't comply with the DPA (before you all go 'we're in the US who cares'), then it's highly doubtful if you're a host using it in the UK you aren't breaking the law.
I'd also be interested as to what US laws make of this?
-
01-20-2015, 08:00 PM #2WHT Addict
- Join Date
- Nov 2010
- Posts
- 107
I'd also like to quickly add that I've never used Fraud Record (only quickly looked at its website), so please correct me if I'm wrong
-
01-20-2015, 08:14 PM #3
Fraud record has some obvious liability and privacy concerns regardless of jurisdiction. Hopefully that particular issue doesn't come up as a serious problem as it does seem to be a valuable service. Personally I would think twice before submitting customer data there.
IOFLOOD.com -- We Love Servers
Phoenix, AZ Dedicated Servers in under an hour
★ Ryzen 9: 7950x3D ★ Dual E5-2680v4 Xeon ★
Contact Us: sales@ioflood.com ★
-
01-20-2015, 09:38 PM #4Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
FraudRecord does not store client data so there are no privacy concerns. There are no names, phone numbers, addresses, IPs, e-mail addresses, or any other identifying information in their databases.
Maxmind stores more information in their databases than FraudRecord does and they are being used by a lot more hosting providers.-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
01-20-2015, 09:51 PM #5
-
01-20-2015, 10:02 PM #6Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
Here's the example on their website of what their database looks like:
name = ac2c739924bf5d4d9bf5875dc70274fef0fe54cf
email = 34efd0a968b48cbf9a43ac3e73053e4f343234e4
email2 = 2a1ab4a6ed14713d0e26127c1920417e4b193924
ip = f25c0306279af0bd9faf1caf0549daedb3472b7f
phone1 = 3f09086d8d4e4019eb534ce28e6b64c8ef563ec9
phone2 = d542e4bad3dbb13bcf0e31f484394997cd969b18
domain = ff07748b4d4b8f08f21499e078ef792fded46641-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
01-20-2015, 10:05 PM #7Web Hosting Guru
- Join Date
- Mar 2014
- Location
- London
- Posts
- 261
The data is hashed up.
According to the site
"
FraudRecord uses a one-way encryption algorithm (salted and looped SHA-1) to receive and test client information. Our database never receives actual client information, it only accepts the encrypted version. There is no way to reverse-engineer the algorithm and access the actual client information.
An email address like "john.smith@example.com" becomes "34efd0a968b48cbf9a43ac3e73053e4f343234e4" before even reaching our servers. The only way to query this information by other companies is to have the same client registered with them, so they can use "john.smith@example.com" to create "34efd0a968b48cbf9a43ac3e73053e4f343234e4" and access our database.
Our database only stores the encrypted information, which cannot be used to determine the actual email address in any case, even by us. We also protect our access routes via SSL certificates. If you like to read more technical details, you can visit our security details page."Last edited by eriahosting; 01-20-2015 at 10:13 PM.
█ Eria Hosting- eria.io
█ Premium Web Hosting.
█ cPanel | Softaculous | CloudLinux | Domains | SSL | SSD
█ PayPal | Stripe
-
01-20-2015, 10:09 PM #8
If that's the case, then that answers the legality question. If it can only be compared and not reversed, it's not an issue.
Your one stop shop for decentralization
-
01-20-2015, 10:11 PM #9
I assume it stores md5 hashes so that you can test for exact matches. That certainly increases the security of the solution and discourages mining the data, but I don't know that it has any bearing on the legality of the service.
I'm not aware of any legal precedent for something very similar to fraud record.
There are several legal justifications for their actions to be considered legally protected speech, or at minimum, not illegal, but also several possible legal justifications that could possibly be used to support the opposite conclusion.
Which potential legal theories would win in court is an open question. As well, any negative reports that someone may find issue with, the liability very likely would fall upon the host posting the negative report, and not necessarily be a legal problem for the fraud record admins.
It's worth keeping in mind that slander and defamation laws do not necessarily require the speech be untruthful in order to run afoul of the law. So someone posting a report is potentially opening themselves up to slander / defamation liability simply by posting a report.IOFLOOD.com -- We Love Servers
Phoenix, AZ Dedicated Servers in under an hour
★ Ryzen 9: 7950x3D ★ Dual E5-2680v4 Xeon ★
Contact Us: sales@ioflood.com ★
-
01-20-2015, 10:25 PM #10Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
01-20-2015, 11:10 PM #11Web Hosting Master
- Join Date
- Feb 2006
- Location
- Kusadasi, Turkey
- Posts
- 3,379
FraudRecord has been questioned a million times in the past regarding legality, especially in UK. So far, no one could offer a specific law that we are breaking.
It's not actually just a "recommendation". I've put it up on the signup page that all member companies must place a clause in their TOS that explains the client may be reported to FraudRecord in certain cases. Any host that doesn't do that is violating their local laws.
The system was designed using one-way hashes with special salting. No existing rainbow tables can be used, the data is pretty safe. Not even I can see the submitted client data. Any host that queries a client already has all the information, we can only run a comparison on existing hashes.█ Fraud Record - Stop Fraud Clients, Report Abusive Customers.
█ Combine your efforts to fight misbehaving clients.
█ HarzemDesign - Highest quality, well designed and carefully coded hosting designs. Not cheap though.
█ Large and awesome portfolio, just visit and see!
-
01-20-2015, 11:21 PM #12Web Hosting Master
- Join Date
- Mar 2012
- Posts
- 1,421
-
01-20-2015, 11:23 PM #13Web Hosting Master
- Join Date
- Feb 2006
- Location
- Kusadasi, Turkey
- Posts
- 3,379
█ Fraud Record - Stop Fraud Clients, Report Abusive Customers.
█ Combine your efforts to fight misbehaving clients.
█ HarzemDesign - Highest quality, well designed and carefully coded hosting designs. Not cheap though.
█ Large and awesome portfolio, just visit and see!
Similar Threads
-
fraudrecord.com down
By StealthyHosting in forum Providers and Network Outages and UpdatesReplies: 29Last Post: 09-04-2014, 05:33 PM -
Do you use FraudRecord? You should!
By BrianHarrison in forum Running a Web Hosting BusinessReplies: 68Last Post: 03-24-2014, 08:25 PM -
FraudRecord.com Get those clients before you get got!
By FRCorey in forum Running a Web Hosting BusinessReplies: 62Last Post: 11-16-2013, 04:01 AM -
Fraudrecord.com - What are your thoughts?
By Kevin K in forum Running a Web Hosting BusinessReplies: 71Last Post: 12-03-2012, 07:46 PM -
FraudRecord seems Promising
By VPS Unlimited in forum Fraud and AbuseReplies: 31Last Post: 05-26-2012, 01:56 PM