hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Running a Web Hosting Business : Fraudrecord.com - What are your thoughts?
Reply

Forum Jump

Fraudrecord.com - What are your thoughts?

Reply Post New Thread In Running a Web Hosting Business Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #61  
Old
Junior Guru Wannabe
 
Join Date: Jun 2009
Posts: 74
Well that's something you should consult with an attorney with as to what can be shared and when, and if the user has to opt in to letting it be shared. I am simply making the point that hashing IMO still constitutes share information and explained why. And yes they do hash it, with the same publicly known value, which means I can generate a table of equivalents or just do a live brute force if I want to. Regardless both hosts the reporting host and requesting host can know with a level of certainty they are talking about the same original value thus how is that different as if they shared the original value directly other than the middle man (Fraud Record) doesn't know the original value.

When it comes to the internet and the fact that international boundaries are crossed things can get complicated quick. I am simply saying that since hashes are designed to to always result int he same hash from the same initial value and rarely (if ever) generate the same hashed value from different initial values is effectively the equivalent of the original data and likely to be subject to the same regulations again in my opinion.

I am just stating you should consider it carefully before sharing information with such a service or even using information from such a service before just doing so because it MAY cause legal problems if you violate applicable regulations. The line the OP keeps using that says no information is being shared in in my opinion inaccurate because of the consistency of hashing, actually if hashing wasn't consistent you would keep getting false positives and negatives and such a service would be useless.

And yes this would apply to use of a service like maxmind too. I personally authorize the charge only but don't complete the transaction until I have manually reviewed the signup and in many cases have even spoken with the customer on the phone.


Last edited by Ryan524; 12-03-2012 at 05:56 PM.
Sponsored Links
  #62  
Old
Web Hosting Master
 
Join Date: Feb 2004
Location: Scotland
Posts: 2,827
Quote:
Originally Posted by nibb View Post
How exactly would you do the search if the data is hashed? You need something to match against it, which means you already know the customer data in the first place. Its not a public database where you search a name and get back results. You need the data in the fist place to try to match it to a specific hash.
Just because you put something in your TOS does not mean you can do it legally.

As for your need something to match it to comment, take the following:

Company 1 phones company 2 and says:

Look, we just had a signup from Joe Bloggs who lives down at 123 whatever street, know anything about them?

Company 2 replies with "Yeah, terrible customer, charged back on their service with us and can you believe they even contacted our support? The cheek!"

Now, by your reasoning the above is ok because Company 1 already knows the person's details so it can't be a breach of data regulations, even though personal data is being shared between 2 companies, right?

  #63  
Old
Web Hosting Master
 
Join Date: Jun 2005
Posts: 2,964
Quote:
Originally Posted by incloudibly View Post
They use salted hashes so even public name database would be of no use.
Which was exactly my point.

__________________
PingHosters - Expert community for hosters - NEW: Post Reviews

Sponsored Links
  #64  
Old
Web Hosting Master
 
Join Date: Jun 2005
Posts: 2,964
Quote:
Originally Posted by Wullie View Post
Just because you put something in your TOS does not mean you can do it legally.

As for your need something to match it to comment, take the following:

Company 1 phones company 2 and says:

Look, we just had a signup from Joe Bloggs who lives down at 123 whatever street, know anything about them?

Company 2 replies with "Yeah, terrible customer, charged back on their service with us and can you believe they even contacted our support? The cheek!"

Now, by your reasoning the above is ok because Company 1 already knows the person's details so it can't be a breach of data regulations, even though personal data is being shared between 2 companies, right?
You are completely going off track with this... which is not fair for their service either. You are making up situations exactly where they break regulations on your "personal opinion" and this is not how the service works either in real life.

But anyway I will try to reply to this anyway:

Putting something in the TOS does not make it legal. But putting a clause that data will be hashed and send encrypted to a third party is by no way more illegal (in your sense of opinion) or in moral than what some companies are doing right now in their TOS while sharing data with third parties as well. Facebook does the same and does not even hash the data, actually its PUBLIC and everyone can access them, all they need is the customer to say "yes, we accept this". So how can you even consider sharing hashed data to be different than this....

Someone mentioned, sure Google, Apple uses it for their own, use, Facebook does not. It shares them with anyone and thousands of companies. And that data is plain text, not even hashed...

Also, your imaginary story of both companies talking in the phone and sharing data would be no different than Apple doing the same with Google, or Microsoft with Google, or anyone else in the planet earth.

How is this fault of the service? Its the companies that are breaching the regulations and sharing data and you donīt even need a service like Fraudrecord for this either. I can also share or send customer data by email or via phone, in plain text or how I like. How exactly is this the fault of FraudRecord which is not even involved?

How is this different from Hosting company 1, sending a private message here on WHT to company 2 about some customer as well? Its not. They are breaching the regulations by their own.

You are really trying to prove such service is illegal while someone could argue what Facebook does is 1000 times more illegal and guess what? So far its not, because all they need is the customer to be informed in the TOS about this which they did.

Find a lawyer that is willing to say this is breaching regulations and who is willing to say almost what every single major Internet company did or is doing is as we speak is also illegal. Sure anyone can, but they will ever win? Dream on.

I just took Facebook as one example, I can probably put 1000 more examples of data sharing which is worst than this and done by major fortune companies worldwide.

__________________
PingHosters - Expert community for hosters - NEW: Post Reviews


Last edited by nibb; 12-03-2012 at 06:16 PM.
  #65  
Old
Web Hosting Master
 
Join Date: Feb 2004
Location: Scotland
Posts: 2,827
Quote:
Originally Posted by nibb View Post
How is this different from Hosting company 1, sending a private message here on WHT to company 2 about some customer as well? Its not. They are breaching the regulations by their own.
Just because it may happen does not mean it isn't a breach of data regulations or that somehow "well other do it, so it's ok".

Quote:
Originally Posted by nibb View Post
You are really trying to prove such a service is illegal while someone could argue what Facebook does is 1000 times more illegal and guess what? So far its not, because all they need is the customer to be informed in the TOS about this which they did.
I never said it was illegal, at least not intentionally. I said it may not be allowed under certain laws and dismissing these claims on the basis that it's a hash so it's not personal details is pretty stupid without actual clarification of that.

The problem I personally have was never the database in itself, it was the other things that go with it:

1) Anyone can submit to it or read from it.

2) Taking (1) into account, there is no sure fire way to remove yourself if you are wrongly listed. (It may be possible to argue your case, but like you said they are not required under our law to do anything. This in itself could potentially make it unusable in the UK for example)

3) A lot of the hosts who I see claiming to use this do not list anywhere about sharing data with this company. Like I said previously, the argument being that it's a hash, so it's not data.

4) There are no retention details published. If I commit a wrong, am I still going to be punished 20 years into the future? Even most criminal records are considered spent after a period of time and blips in my credit are only recorded for 6 years, so why should this be any different?

5) How many people who get listed on this are actually innocent people? Got a chargeback? Report it to the database but oops, you just reported an innocent party who got their card stolen, not the offender.

There are other potential problems I thought of previously, but this is all I can think of just now. Once again I am not saying nobody should use this or the database itself is a problem, it's all about how people use it and whether they are actually checking whether they are allowed to use it or not.

  #66  
Old
Junior Guru Wannabe
 
Join Date: Jun 2009
Posts: 74
You are getting into legalities of sharing data which is something an attorney should be consulted about.

I am simple refuting the point the OP has made multiple times about it not sharing data because it uses hashes. I demonstrated that because of how hashes work they are virtually equivalant to the original data and then therefore (in my option) covered under the same laws and if they transmitted non hashed data.

The OP has stated in this thread his option is that it is not the same, i am simply refuting that point. Again consult an attorney if you want a legally binding answer, I am simply refuting it so that people just don't blindly think the OP is right to to find out that maybe he is wrong and then find themselves in legal trouble.

  #67  
Old
Web Hosting Master
 
Join Date: Jun 2005
Posts: 2,964
Quote:
Originally Posted by Ryan524 View Post
You are getting into legalities of sharing data which is something an attorney should be consulted about.

I am simple refuting the point the OP has made multiple times about it not sharing data because it uses hashes. I demonstrated that because of how hashes work they are virtually equivalant to the original data and then therefore (in my option) covered under the same laws and if they transmitted non hashed data.

The OP has stated in this thread his option is that it is not the same, i am simply refuting that point. Again consult an attorney if you want a legally binding answer, I am simply refuting it so that people just don't blindly think the OP is right to to find out that maybe he is wrong and then find themselves in legal trouble.
And so would SSL traffic, IPsec and VPN traffic. It DOES share data. The question is what data? Hashes, it can be considered anonymous data like GUID, not personal data.

If we want to go the route that you can match this with personal data, like I said before, you could also do this with a unique identifier in the iPhone and Google Chrome and every other product out... If you have someone that works with you to match the data of have something to compare it, so this is true for every other anonymous data as well.

The data shared is not personal. If you all here want to argue it is, because you can match it with personal information, so it can be done in iPad, Windows and every other identifier.

__________________
PingHosters - Expert community for hosters - NEW: Post Reviews


Last edited by nibb; 12-03-2012 at 06:50 PM.
  #68  
Old
Web Hosting Master
 
Join Date: Jun 2005
Posts: 2,964
Quote:
Originally Posted by Wullie View Post
Just because it may happen does not mean it isn't a breach of data regulations or that somehow "well other do it, so it's ok".



I never said it was illegal, at least not intentionally. I said it may not be allowed under certain laws and dismissing these claims on the basis that it's a hash so it's not personal details is pretty stupid without actual clarification of that.

The problem I personally have was never the database in itself, it was the other things that go with it:

1) Anyone can submit to it or read from it.

2) Taking (1) into account, there is no sure fire way to remove yourself if you are wrongly listed. (It may be possible to argue your case, but like you said they are not required under our law to do anything. This in itself could potentially make it unusable in the UK for example)

3) A lot of the hosts who I see claiming to use this do not list anywhere about sharing data with this company. Like I said previously, the argument being that it's a hash, so it's not data.

4) There are no retention details published. If I commit a wrong, am I still going to be punished 20 years into the future? Even most criminal records are considered spent after a period of time and blips in my credit are only recorded for 6 years, so why should this be any different?

5) How many people who get listed on this are actually innocent people? Got a chargeback? Report it to the database but oops, you just reported an innocent party who got their card stolen, not the offender.

There are other potential problems I thought of previously, but this is all I can think of just now. Once again I am not saying nobody should use this or the database itself is a problem, it's all about how people use it and whether they are actually checking whether they are allowed to use it or not.
1) Same today with Facebook

2) Same with Facebook, you cannot remove your data or account, you delete it, log in and all the data is there again

3) Allot of websites donīt claim either they send data to Facebook, just by having the like button on the website, facebook is actually tracking. Same again the same here is true for half of the internet.

4) Not sure about that.

5) Not sure, but is not a blacklisting site. Its a screeening site, the hosting and company can still decide to provide the service or not. Its no different than Maxmind saying your customers is logged from Chine, but his CC card is from the US. Its the host that decides if its fraud or not.

__________________
PingHosters - Expert community for hosters - NEW: Post Reviews

  #69  
Old
Junior Guru Wannabe
 
Join Date: Jun 2009
Posts: 74
Quote:
Originally Posted by nibb View Post
And so would SSL traffic, IPsec and VPN traffic.
If those technologies are being used to transmit data to third parties covered under applicable laws and regulations then I would say yes.

  #70  
Old
Web Hosting Master
 
Join Date: Jun 2005
Posts: 2,964
Quote:
Originally Posted by Ryan524 View Post
If those technologies are being used to transmit data to third parties covered under applicable laws and regulations then I would say yes.
So what is your point, based on this the whole Internet should be regulated, as Internet is sharing data.

Again, its sharing hashes, this is no different than any other data. Can you match it with personal information of a specific individual? Yes, and so you can with other data.

__________________
PingHosters - Expert community for hosters - NEW: Post Reviews

  #71  
Old
Junior Guru Wannabe
 
Join Date: Jun 2009
Posts: 74
Some data sharing is regulated. As I already mentioned I was refuting the OPs point that since the data is hashed it is not covered by regulation.

I'm sorry but I don't know how to make that any clearer for you.

  #72  
Old
Web Hosting Master
 
Join Date: Feb 2004
Location: Scotland
Posts: 2,827
Quote:
Originally Posted by nibb View Post
1) Same today with Facebook

2) Same with Facebook, you cannot remove your data or account, you delete it, log in and all the data is there again

3) Allot of websites donīt claim either they send data to Facebook, just by having the like button on the website, facebook is actually tracking. Same again the same here is true for half of the internet.

4) Not sure about that.

5) Not sure, but is not a blacklisting site. Its a screeening site, the hosting and company can still decide to provide the service or not. Its no different than Maxmind saying your customers is logged from Chine, but his CC card is from the US. Its the host that decides if its fraud or not.
You keep using Facebook or UUIDs as a comparison and they really aren't even similar.

My details get on Facebook because I provide them to Facebook, they don't appear on Facebook because I signup with Google for a mail account. In this case, the details are going to a third party to be read by other third parties without my specific consent in a lot of cases.

As for SSL etc, those again are not being passed to third parties. You really need to make the distinction here between sharing data between you and the client and sharing data between you, the client and a third party who then makes it available publicly to others.


Last edited by Wullie; 12-03-2012 at 08:01 PM.
Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
About 30% done -- thoughts? David Web Site Reviews 19 09-10-2011 04:28 PM
Im having second thoughts lately .... unity100 Running a Web Hosting Business 20 12-05-2009 08:47 PM
Your thoughts freshjada Ecommerce Hosting & Discussion 2 12-19-2005 02:28 PM
Your thoughts please JMD Web Site Reviews 3 07-08-2002 09:39 PM
Your thoughts please JMD Web Site Reviews 0 07-07-2002 02:11 PM

Related posts from TheWhir.com
Title Type Date Posted
.ME Registry Targets Bloggers with New Loyalty Program Web Hosting News 2014-01-06 16:08:11
Neo Telecoms Acquires 35 Percent Stake in French Provider Hits Datacenter Web Hosting News 2013-05-27 10:57:38
ICANN Plans Beijing Office for Global Engagement Web Hosting News 2013-04-09 16:21:35
eNom Readies One and Two-Character .ORG Domain Auction Web Hosting News 2013-04-01 13:31:57
DreamHost to Host First Ever DreamCon User Conference in August Web Hosting News 2013-01-23 14:09:22


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?