Page 2 of 3 FirstFirst 123 LastLast
Results 26 to 50 of 72
  1. #26
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by nibb View Post
    When its hashed, you transforms the bits and bytes to something else, something which is completely non sense digits, which doesn't mean anything to anyone except computers. You are not transmitting any data client out, ever, not sharing it either because the hash is already new data.

    You donīt need to ask anything to anyone because you are not sharing customer data in any way. Even if it was, (which is not) it would be fake data anyway, because you don't expect fraudster and scammers to use real data, which is what providers report it seems. Not data from each and every single customer.
    The UK has pretty strong laws for Data Protection and "sharing" and I merely want to make sure I can legally do this without facing fine or imprisonment...

    The Data Sharing Code Of Pratice states this:

    By ‘data sharing’ we mean the disclosure of data from one or more organisations to a third party organisation or organisations, or the sharing of data between different parts of an organisation. Data sharing can take the form of:
    • a reciprocal exchange of data;
    • one or more organisations providing data to a third party or parties;
    • several organisations pooling information and making it available to each other;
    • several organisations pooling information and making it available to a third party or parties;
    • exceptional, one-off disclosures of data in unexpected or emergency situations; or
    • different parts of the same organisation making data available to each other.
    Before sharing any personal data you hold, you will need to consider all the legal implications of doing so.
    Or would you like to take my fine or imprisonment should that happen?

    P.S Not all fraudulent clients use fake or false details what about whose who use genuine details to pass your fraud checks then just submitt a charge back some few months later?
    Last edited by Server Management; 03-03-2012 at 07:42 AM.
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  2. #27
    Join Date
    Feb 2006
    Location
    Kusadasi, Turkey
    Posts
    3,379
    Quote Originally Posted by cd/home View Post
    P.S Not all fraudulent clients use fake or false details what about whose who use genuine details to pass your fraud checks then just submitt a charge back some few months later?
    Correct. Additionally, FraudRecord also targets disruptive clients as well. It doesn't assume the client data is falsified, but the client itself is misbehaving.

    But at the end, FraudRecord never receives actual client data, so it can never leak sensitive information by hacking or for commercial gains.
    Fraud Record - Stop Fraud Clients, Report Abusive Customers.
    █ Combine your efforts to fight misbehaving clients.

    HarzemDesign - Highest quality, well designed and carefully coded hosting designs. Not cheap though.
    █ Large and awesome portfolio, just visit and see!

  3. #28
    Join Date
    Sep 2003
    Posts
    3,857
    Quote Originally Posted by Harzem View Post
    Correct. Additionally, FraudRecord also targets disruptive clients as well. It doesn't assume the client data is falsified, but the client itself is misbehaving.

    But at the end, FraudRecord never receives actual client data, so it can never leak sensitive information by hacking or for commercial gains.
    What's in place to prevent abuse of the service? For example what if a host is to blame in an instance but brands the customer as abusive on the site? What if a host lies?

    Also if you don't mind me asking, how many reports do you have so far from how many different hosts?

  4. #29
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by Harzem View Post
    But at the end, FraudRecord never receives actual client data, so it can never leak sensitive information by hacking or for commercial gains.
    I have another question:

    How does this comply with the Freedom of Information Act should one request which and what information you hold about them?
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  5. #30
    Join Date
    Feb 2006
    Location
    Kusadasi, Turkey
    Posts
    3,379
    Quote Originally Posted by IH-Rameen View Post
    What's in place to prevent abuse of the service? For example what if a host is to blame in an instance but brands the customer as abusive on the site? What if a host lies?
    There is a host reputation system, also every report for a client lists the reporting host, along with the description. Any company utilizing our system receives a fraud score and reliability point along with it. The system doesn't prevent signups based on score criteria, so every host that sees a match needs to inspect the reports by themselves. They can choose to ignore any report by any company. This is only an adviser, not a ruler.

    Quote Originally Posted by IH-Rameen View Post
    Also if you don't mind me asking, how many reports do you have so far from how many different hosts?
    This system is just beginning. We don't have many reports. This is the first public thread about this system. We have about 16 member companies, 10 of which also created reporter profiles.

    Quote Originally Posted by cd/home View Post
    I have another question:

    How does this comply with the Freedom of Information Act should one request which and what information you hold about them?
    There is no information stored about anyone, so that act isn't even applicable. Since we don't hold any retrievable information about any client, we can't provide the information back to them, to any legal authority, or even to ourselves. Even we don't know what private information we are storing. This is what universally accepted hashing mechanism is all about.

    Additionally, it is absolutely free to register and make a query about yourself, so you can see what your own score is. You can see which hosts reported you, what they said about you. You should provide your own information like email address, and see if any matching reports exist.

    Here is a database sample of the information we are storing about clients:
    http://i.imgur.com/mcfCX.png
    This is a fragment of an actual (unedited) database table for the hashes starting with "b". If anyone asks what the actual email address in row#13 is, we are as clueless as anyone. If the owner of the email address happens to make a query about himself by entering his email address, he can see that he is recorded to the system. If a hosting company makes a query about the same client, the system will return a match. Other than that, we have no clue who that person is.
    Last edited by Harzem; 03-03-2012 at 10:09 AM.
    Fraud Record - Stop Fraud Clients, Report Abusive Customers.
    █ Combine your efforts to fight misbehaving clients.

    HarzemDesign - Highest quality, well designed and carefully coded hosting designs. Not cheap though.
    █ Large and awesome portfolio, just visit and see!

  6. #31
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by Harzem View Post
    There is a host reputation system, also every report for a client lists the reporting host, along with the description. Any company utilizing our system receives a fraud score and reliability point along with it. The system doesn't prevent signups based on score criteria, so every host that sees a match needs to inspect the reports by themselves. They can choose to ignore any report by any company. This is only an adviser, not a ruler.



    This system is just beginning. We don't have many reports. This is the first public thread about this system. We have about 16 member companies, 10 of which also created reporter profiles.



    There is no information stored about anyone, so that act isn't even applicable. Since we don't hold any retrievable information about any client, we can't provide the information back to them, to any legal authority, or even to ourselves. Even we don't know what private information we are storing. This is what universally accepted hashing mechanism is all about.

    Additionally, it is absolutely free to register and make a query about yourself, so you can see what your own score is. You can see which hosts reported you, what they said about you. You should provide your own information like email address, and see if any matching reports exist.

    Here is a database sample of the information we are storing about clients:
    http://i.imgur.com/mcfCX.png
    This is a fragment of an actual (unedited) database table for the hashes starting with "b". If anyone asks what the actual email address in row#13 is, we are as clueless as anyone. If the owner of the email address happens to make a query about himself by entering his email address, he can see that he is recorded to the system. If a hosting company makes a query about the same client, the system will return a match. Other than that, we have no clue who that person is.
    I think at the minute its a grey area because your are storing data but its hashed so the data your are storing might be "hashed" data but that hashed "data" still contains sensitive information.

    Even in hashed or encrtyed form I think you still have to obey the Freedom Of Information Act, etc

    I will see what the ICO say when they reply back to me wherever or not I can use said service without risk...
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  7. #32
    Join Date
    Sep 2003
    Posts
    3,857
    Quote Originally Posted by cd/home View Post
    I think at the minute its a grey area because your are storing data but its hashed so the data your are storing might be "hashed" data but that hashed "data" still contains sensitive information.

    Even in hashed or encrtyed form I think you still have to obey the Freedom Of Information Act, etc

    I will see what the ICO say when they reply back to me wherever or not I can use said service without risk...
    Do you guys currently utilise MaxMind?

  8. #33
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by IH-Rameen View Post
    Do you guys currently utilise MaxMind?
    We currently manually fraud check orders these days.

  9. #34
    Join Date
    Sep 2003
    Posts
    3,857
    Quote Originally Posted by cd/home View Post
    We currently manually fraud check orders these days.
    And how do you do that? Any GeoIP tools?

  10. #35
    Join Date
    Feb 2006
    Location
    Kusadasi, Turkey
    Posts
    3,379
    Quote Originally Posted by cd/home View Post
    I think at the minute its a grey area because your are storing data but its hashed so the data your are storing might be "hashed" data but that hashed "data" still contains sensitive information.

    Even in hashed or encrtyed form I think you still have to obey the Freedom Of Information Act, etc
    Hashed data doesn't contain sensitive information. This is the legal standing. The original information is used to create the hash, but the hashed data is not a sensitive information.

    Actually, digital signatures, legally accepted and encouraged way of signing documents, uses hashes as a way to make sure the information belongs to the document owner. Only the document owner may decide to publish the original document. In FraudRecord case, all data stored in the database is digital signatures, not the documents themselves. Only someone who has the document (who has the same client) can create a matching signature and make a comparison.

    Freedom Of Information Act can't be applied in hashes. Hashing is not a community-driven method, it is legally accepted by governments. SHA-1 algorithm is designed by United States National Security Agency themselves, and published by USA National Institute of Standards and Technology.

    Just make sure that when you have the authorities investigate your risk, they fully understand that we store data only in "salted and iterated hash" format, and we have no source data available to us. Any company that uses the system will not send the actual data, but only the secure hashes.
    Fraud Record - Stop Fraud Clients, Report Abusive Customers.
    █ Combine your efforts to fight misbehaving clients.

    HarzemDesign - Highest quality, well designed and carefully coded hosting designs. Not cheap though.
    █ Large and awesome portfolio, just visit and see!

  11. #36
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by IH-Rameen View Post
    And how do you do that? Any GeoIP tools?
    We dont use GeoIP tools.

    We dont disclose how we fraud check for obvious reasons.

    However we approach all business with the attuide of "If it looks dodgy then it most likely is" and we also limit the countrys which we do business with...

  12. #37
    Join Date
    Sep 2003
    Posts
    3,857
    Quote Originally Posted by cd/home View Post
    We dont use GeoIP tools.

    We dont disclose how we fraud check for obvious reasons.

    However we approach all business with the attuide of "If it looks dodgy then it most likely is" and we also limit the countrys which we do business with...
    Not looking for specifics. My point is, to do any level of fraud checking, you're transmitting user data apart from contacting the user directly. MaxMind works the same way. And to do comprehensive fraud checking, you need to transmit user data to some tool to retrieve further information.

    I see this service working in a similar way.

    If you let your clients know the information will be shared with 3rd party agencies for the purpose of fraud prevention, then there is no issue. But obviously, I'm no authority on the matter so taking steps for clarification as you've already done was a good idea.

    Quote Originally Posted by cd/home
    How does this comply with the Freedom of Information Act should one request which and what information you hold about them?
    Freedom of Information applies to public authorities, not private companies.
    Last edited by rv_irl; 03-03-2012 at 12:28 PM.

  13. #38
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by IH-Rameen View Post
    Freedom of Information applies to public authorities, not private companies.
    Greatly depends because I have used the DPA/FOIA on private companies in the past...

    Also refusing any such request just makes you look like you have something to hide anyway...
    Last edited by Server Management; 03-03-2012 at 12:37 PM.

  14. #39
    Join Date
    Sep 2003
    Posts
    3,857
    Quote Originally Posted by cd/home View Post
    Greatly depends because I have used the DPA/FOIA on private companies in the past...
    It doesn't depend on anything. Freedom of Information doesn't apply to private companies:

    The Act covers any recorded information that is held by a public authority in England, Wales and Northern Ireland, and by UK-wide public authorities based in Scotland. Information held by Scottish public authorities is covered by Scotland’s own Freedom of Information (Scotland) Act 2002.

    Public authorities include government departments, local authorities, the NHS, state schools and police forces. However, the Act does not necessarily cover every organisation that receives public money. For example, it does not cover some charities that receive grants and certain private sector organisations that perform public functions.
    When a Freedom of Information request, that information is not only made public to you, but made public to *everyone*. It becomes public information. So denying it has its merits.

    If you made a Freedom of Information request to a private company, they probably didn't mind giving out information that they hold on you, and that's because such a request is known as a subject access request which is much different than a Freedom of Information request as you can request information regarding anything with a Freedom of Information request.

  15. #40
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by IH-Rameen View Post
    It doesn't depend on anything. Freedom of Information doesn't apply to private companies:



    When a Freedom of Information request, that information is not only made public to you, but made public to *everyone*. It becomes public information. So denying it has its merits.

    If you made a Freedom of Information request to a private company, they probably didn't mind giving out information that they hold on you, and that's because such a request is known as a subject access request which is much different than a Freedom of Information request as you can request information regarding anything with a Freedom of Information request.
    I assume you think I am lying and dont know what I am talking about?

    What about the "private companies" which are actually public authority

    Anyhow I have contacted the ICO and we'll see what the outcome is as to see if I can use said service or not.

    Untill then I dont have anything more to add really...

  16. #41
    Join Date
    Sep 2003
    Posts
    3,857
    Quote Originally Posted by cd/home View Post
    I assume you think I am lying and dont know what I am talking about?
    I'm not assuming anything. I'm stating things directly from the ICO website.

    Quote Originally Posted by cd/home
    What about the "private companies" which are actually public authority
    That was already addressed in what I quoted:
    However, the Act does not necessarily cover every organisation that receives public money. For example, it does not cover some charities that receive grants and certain private sector organisations that perform public functions.

  17. #42
    Join Date
    Apr 2009
    Location
    OnTheWeb
    Posts
    2,397
    I personally like the concept but can see this getting ugly pretty fast with kiddie host who are jolted when a client decides to leave them for whatever reason. I know that the client researcher (company B) can reject claims made by company A but could you imagine a database filled to capacity with inaccurate data about clients??? That means that the database itself won't be very reliable for anything but leisure time!

    I work with databases a lot with the Ministry and part of which we have to literally purge the database of inaccurate entries made by the staff there (genuine human errors) . Now could you imagine type of "power" in the hands of a 14 year old kiddie host who got a client paying $1.50 per month for unlimited service and then suddenly left because the service was not good. Being "human" , that 14 year old can dream a good dream when profiling his "bad" client who left when he tried to solve the problem.

    Now lets reach on the topic of blackmailing which is the very extreme of this situation. Lets say the host threatens to submit his "misbehaving" client to your system to ensure he never gets his crucial business website up again. The client still leaves and the host submits the data. Client finds out and requests the information removed. How do you handle a case such as that? The reason why I asked is because this WILL affect the client's ability to be hosted by other hosts who actually use your system. Yes I know each host can take the information into consideration BUT any data can sound extremely real these days. A really good lier can fool a crowd. I'm sure you know this. That will significantly delay any client from being hosted or even taken seriously as a client by any host who uses your system.

    With that said, I'm not saying that this cannot work, all I'm saying is that proper checks and balances should be made to prevent genuine clients from feeling the force of a jealous one man host. If you think about allowing larger hosts to use this system as well, these will be major concerns they will have as well. How reliable is that data we will be using to check against our potential profitable prospects! Should we even take the database seriously without those measures in place?

    The reason why MaxMind is so popular is because it uses credible data supplied from the person ordering themselves. You have the IP address, Billing information, Phone contact and they even check to see how likely the order would be considered fraud by taking the email into consideration (a fraudster would hardly like pay for anything far less an email to sign up an account with) . This system relies on "human" imputations which can be swayed by emotion any day and any hour! It is that where the danger lays.

    This is just my 2cents
    If you're the smartest person in the room then you're in the wrong room

  18. #43
    Join Date
    Oct 2007
    Posts
    4,332
    @cd/home: No offense but the way I see it there is no need to argue on whether this complies with the UK laws. If the service is legal in countries like the US but not the UK, UK based hosting providers can choose not to use it. You are free to decide on whether or not to implement this fraud checking system in your business.
    [ James Lee - Cloud & Web Hosting Specialist • 10+ Years WHT Veteran]

    [ Magento Performance Consultation by Magento Master ]

  19. #44
    Quote Originally Posted by Harzem View Post
    There is a host reputation system, also every report for a client lists the reporting host, along with the description. Any company utilizing our system receives a fraud score and reliability point along with it. The system doesn't prevent signups based on score criteria, so every host that sees a match needs to inspect the reports by themselves. They can choose to ignore any report by any company. This is only an adviser, not a ruler.
    That doesn't really answer the question about accountability. Speaking as a customer here, let's say that some hosts (or even multiple brands of the same host, if you catch my meaning) post a retaliatory bad review of me for example. Other hosts won't necessarily know that these reviews are not to be trusted, and will probably deny future signups from me. They probably also won't tell me why, meaning I won't know that your site has some false information about me. The hosts I'm trying to sign up with wont bother challenging the false reports, so the shady host will probably get away with it, and will continue to enjoy the ability to slander people's reputation without recourse. What checks and balances exist to prevent this sort of behaviour?

    It's all well and good to say "you can just sign up and run your own details through the website", but if I don't know the website exists, how can I be expected to do this?

    I'm not saying this to disparage your service - far from it, something of its like is desperately necessary in an industry where chargebacks and scam accusations are the norm rather than the exception. I just think that the utmost attention needs to be paid to protecting you, the legitimate hosts, and the legitimate customers from being brought down by a few bad eggs (and we all know those bad eggs exist - from hosts that sign up customers and vanish with the money, to hosts that give themselves great reviews on biased 'review' or 'directory' sites, to hosts that provide trash service and blame the customer for everything).

    I would also encourage you to think about the possibility that someone slandered by a host with your service may target you as a result - especially in a country where truth isn't an absolute defence. You should at least be writing indemnity clauses into your terms of service for reporters.

  20. #45
    Join Date
    Feb 2006
    Location
    Kusadasi, Turkey
    Posts
    3,379
    First of all, hosts that sign up are passed through a manual verification. Querying the database is available for everyone, but submitting new reports can only be done by verified hosts. Hosting "companies" that started up one week ago obviously won't pass this manual verification.

    Secondly, there is the visible reputation points. All companies start with reputation 1 (the lowest), and work their way up to reputation 10. Reputation is calculated with the number of reports per company, how many client reports they share with other companies that have higher reputation, how many times they were challanged, etc. There are logs about query counts, report counts, report types, dates, etc, all can be used to determine a reputation point. And currently, all reputation calculations are presented to the admins automatically, but requires manual approval before they become active. Additionally, there is the multiplier. It goes along with the reputation points. If a company is involved in shady reportings, their multiplier will be reduced, and their reports will add less points to the overall score of a customer.

    I'm pretty sure this does not cover all issues about shady reports, but we have enough of those shady reports on WHT, but the other way around. If an ex-customer slanders/libels against a hosting company on forums, we ask them their domain name hosted. Once they provide a domain to us, we verify them but we cannot decide if the customer or the host was right in that particular issue. That is something that needs to sort out itself. But at the end, even if we, as a community, decide the customer was wrong, bad customers can switch companies and keep defrauding/badmouthing other companies. FraudRecord helps hosts share their side of the story without giving out sensitive information about the client.

    There are bad clients who use every chance to ruin legitimate hosting companies. It is conceivable to think that there will be bad hosts who try to ruin legitimate customers.

    Manual verification of hosts, appending reputation points, multipliers, and expecting member companies to spend a minute to check if the report seems shady is all we can do to ensure the system is working reliably.
    Fraud Record - Stop Fraud Clients, Report Abusive Customers.
    █ Combine your efforts to fight misbehaving clients.

    HarzemDesign - Highest quality, well designed and carefully coded hosting designs. Not cheap though.
    █ Large and awesome portfolio, just visit and see!

  21. #46
    Join Date
    Apr 2009
    Location
    Venice, Italy
    Posts
    224
    Just signed up, looks promising. Took me 5 minutes to signup and integrate into Whmcs.
    Nice interface and surely helpful. Let's just hope companies contribute
    -> Bibihost.com <-> Since 2010 Professional Hosting in EU and USA <-
    -> No cheap stuff, we provide only professional hosting on powerful machines <-> Speed and responsiveness are first priority! <-

  22. #47
    This is an excellent idea and something we are considering implementing. The more information you have on a client the better protection you have. Multiple sources also helps so consider combining this with MaxMind...

  23. #48
    would love to see a clientexec plugin.
    *~ Shared,Reseller, and Cloud VPS Provider ~*
    *~ Check out our site at 24Khost.com ~*
    *~ Birchtreelane Gifts, Antiques, Books, Collectibles Birchtreelane.com ~*

  24. #49
    Join Date
    Jun 2009
    Posts
    74
    Apologizes for the bump but I feel this needs to be said. That said let me also preface this with the fact that I am not an attorney and everything stated in this post is nothing more than my own personal opinion.

    The OPs assertion that no private data is stored or transmitted isn't entirely accurate. Lets take for example a client named John Doe. He buys an expensive dedicated server from Host A. After a month an a half files a chargeback. Host A hashes his information lets just say the resulting hash is 12345 (I realize the actual hash will be longer and more complex, but this is just an example). His other information also will be hash and sent to FraudRecord. John Doe signs up for Host B they hash his data including his name resulting in the same hash 12345. A match is found stating he has charged back a dedicated server with Host A. Though the name John Doe or his other information was never transmitted in of itself an identifier being the equivalent to the original information was allowing Host A to indirectly share that John Doe (his email and address and whatever else) was involved in a chargeback. The hash is both consistent anyone following FradRecords directions for hashing will get the same identifier from the name John Doe and the hash is unique (within a minor margin of error). Once could easily and I believe correctly argue this is effectively the same as if they said John Doe charged back directly.

    The other issue pertains the the United States, because FraudRecord is sharing customer reputation from previous hosts I believe they would be classified as a Consumer Reporting Agency which means there is a lot of regulation they have to follow, including the ability for the end users who find themselves in FraudRecord's systems (or well the hashes of their information) the chance to dispute the information adding huge administrative overhead to this free service. Plus any penalties for not complying with the requirements currently. Now whether or not this US law would apply I am not sure but it may just be as simple as if a US Resident is in the FraudReacord database (or their hash) they must comply.

    Let me end this by stating once again I am not an attorney and everything stated in this post is nothing more than my own personal opinion.

    That said I personally would not use FraudRecord as a host. And I would recommend any host wanting to use them carefully consider it first.

  25. #50
    Join Date
    Jun 2005
    Posts
    3,455
    Quote Originally Posted by Ryan524 View Post
    Apologizes for the bump but I feel this needs to be said. That said let me also preface this with the fact that I am not an attorney and everything stated in this post is nothing more than my own personal opinion.

    The OPs assertion that no private data is stored or transmitted isn't entirely accurate. Lets take for example a client named John Doe. He buys an expensive dedicated server from Host A. After a month an a half files a chargeback. Host A hashes his information lets just say the resulting hash is 12345 (I realize the actual hash will be longer and more complex, but this is just an example). His other information also will be hash and sent to FraudRecord. John Doe signs up for Host B they hash his data including his name resulting in the same hash 12345. A match is found stating he has charged back a dedicated server with Host A. Though the name John Doe or his other information was never transmitted in of itself an identifier being the equivalent to the original information was allowing Host A to indirectly share that John Doe (his email and address and whatever else) was involved in a chargeback. The hash is both consistent anyone following FradRecords directions for hashing will get the same identifier from the name John Doe and the hash is unique (within a minor margin of error). Once could easily and I believe correctly argue this is effectively the same as if they said John Doe charged back directly.

    The other issue pertains the the United States, because FraudRecord is sharing customer reputation from previous hosts I believe they would be classified as a Consumer Reporting Agency which means there is a lot of regulation they have to follow, including the ability for the end users who find themselves in FraudRecord's systems (or well the hashes of their information) the chance to dispute the information adding huge administrative overhead to this free service. Plus any penalties for not complying with the requirements currently. Now whether or not this US law would apply I am not sure but it may just be as simple as if a US Resident is in the FraudReacord database (or their hash) they must comply.

    Let me end this by stating once again I am not an attorney and everything stated in this post is nothing more than my own personal opinion.

    That said I personally would not use FraudRecord as a host. And I would recommend any host wanting to use them carefully consider it first.
    I donīt think you are correct here.

    Google Chrome for example also has a unique UID for each installation. The could also identify me when I log into my Google account even when they say its completely anonymous. Every single software I know, calls home when you open it on the computer, and every single one has a unique serial which possible identifies a customer as well. I know this because I donīt allow anything to the Internet unless its manually, and 90% of softwares today send data back, every single time you open them.

    Or how about internet users with a fixed IP address, if they go to website1.com and they can also be identified in website2.com by the same IP in the Apache logs.

    If what you say is true, then allot of things apply to the same legislation, basically every single software that makes any type of unique logging, even WHT forums. As far as as the hash, there is no private information of the customer, so its not possible for fraudrecord to know he is John Doe, unless one of the hosting companies tells them so, and this no different again from me telling a a website "this is my unique IP to which I access my account" so know they can also identify me the same way.

    My point is that it requires interaction of both companies to identify John Doe manually so this can be said for basically the whole Internet.

    So, no, you are incorrect here. The HASH is not private data, its a hash. Can it be used to identify someone? Yes, and so can an IP address, a GUID in a software, a serial in a software, each unique Windows Installation, every single logging to some website, etc. So every single software vendor, and even website would need to apply for the same legislation which is just ridiculous.

Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. About 30% done -- thoughts?
    By David in forum Web Site Reviews
    Replies: 19
    Last Post: 09-10-2011, 04:28 PM
  2. Im having second thoughts lately ....
    By unity100 in forum Running a Web Hosting Business
    Replies: 20
    Last Post: 12-05-2009, 08:47 PM
  3. Your thoughts
    By freshjada in forum Ecommerce Hosting & Discussion
    Replies: 2
    Last Post: 12-19-2005, 02:28 PM
  4. Your thoughts please
    By JMD in forum Web Site Reviews
    Replies: 3
    Last Post: 07-08-2002, 09:39 PM
  5. Your thoughts please
    By JMD in forum Web Site Reviews
    Replies: 0
    Last Post: 07-07-2002, 02:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •