Page 2 of 2 FirstFirst 12
Results 41 to 72 of 72
  1. #41
    Join Date
    Sep 2003
    Posts
    3,854
    Quote Originally Posted by cd/home View Post
    I assume you think I am lying and dont know what I am talking about?
    I'm not assuming anything. I'm stating things directly from the ICO website.

    Quote Originally Posted by cd/home
    What about the "private companies" which are actually public authority
    That was already addressed in what I quoted:
    However, the Act does not necessarily cover every organisation that receives public money. For example, it does not cover some charities that receive grants and certain private sector organisations that perform public functions.
    InnoHosting, Performance Web Hosting || US: 1-888-522-INNO UK: 0800 612 8075
    Web Hosting - Virtual Servers - Managed Servers - Application Hosting
    Reseller Hosting with WHMCS & Preloaded KB | SSL | activGuard | End User Support
    LiteSpeed / CloudLinux / Idera Backups / True 24x7 Support / 10+ Years in Business

  2. #42
    Join Date
    Apr 2009
    Location
    OnTheWeb
    Posts
    2,024
    I personally like the concept but can see this getting ugly pretty fast with kiddie host who are jolted when a client decides to leave them for whatever reason. I know that the client researcher (company B) can reject claims made by company A but could you imagine a database filled to capacity with inaccurate data about clients??? That means that the database itself won't be very reliable for anything but leisure time!

    I work with databases a lot with the Ministry and part of which we have to literally purge the database of inaccurate entries made by the staff there (genuine human errors) . Now could you imagine type of "power" in the hands of a 14 year old kiddie host who got a client paying $1.50 per month for unlimited service and then suddenly left because the service was not good. Being "human" , that 14 year old can dream a good dream when profiling his "bad" client who left when he tried to solve the problem.

    Now lets reach on the topic of blackmailing which is the very extreme of this situation. Lets say the host threatens to submit his "misbehaving" client to your system to ensure he never gets his crucial business website up again. The client still leaves and the host submits the data. Client finds out and requests the information removed. How do you handle a case such as that? The reason why I asked is because this WILL affect the client's ability to be hosted by other hosts who actually use your system. Yes I know each host can take the information into consideration BUT any data can sound extremely real these days. A really good lier can fool a crowd. I'm sure you know this. That will significantly delay any client from being hosted or even taken seriously as a client by any host who uses your system.

    With that said, I'm not saying that this cannot work, all I'm saying is that proper checks and balances should be made to prevent genuine clients from feeling the force of a jealous one man host. If you think about allowing larger hosts to use this system as well, these will be major concerns they will have as well. How reliable is that data we will be using to check against our potential profitable prospects! Should we even take the database seriously without those measures in place?

    The reason why MaxMind is so popular is because it uses credible data supplied from the person ordering themselves. You have the IP address, Billing information, Phone contact and they even check to see how likely the order would be considered fraud by taking the email into consideration (a fraudster would hardly like pay for anything far less an email to sign up an account with) . This system relies on "human" imputations which can be swayed by emotion any day and any hour! It is that where the danger lays.

    This is just my 2cents
    If you're the smartest person in the room then you're in the wrong room

  3. #43
    Join Date
    Oct 2007
    Posts
    4,033
    @cd/home: No offense but the way I see it there is no need to argue on whether this complies with the UK laws. If the service is legal in countries like the US but not the UK, UK based hosting providers can choose not to use it. You are free to decide on whether or not to implement this fraud checking system in your business.
    Aspiration Hosting [US • UK • SG • AU] - Cloud Web Hosting | Managed Cloud Server
    • LiteMage / LiteSpeed Cache for Magento, WordPress, Joomla, Drupal & XenForo •

    • Web Development Support • Unmetered Bandwidth • Aspiration CDN • Magento Optimized •

  4. #44
    Quote Originally Posted by Harzem View Post
    There is a host reputation system, also every report for a client lists the reporting host, along with the description. Any company utilizing our system receives a fraud score and reliability point along with it. The system doesn't prevent signups based on score criteria, so every host that sees a match needs to inspect the reports by themselves. They can choose to ignore any report by any company. This is only an adviser, not a ruler.
    That doesn't really answer the question about accountability. Speaking as a customer here, let's say that some hosts (or even multiple brands of the same host, if you catch my meaning) post a retaliatory bad review of me for example. Other hosts won't necessarily know that these reviews are not to be trusted, and will probably deny future signups from me. They probably also won't tell me why, meaning I won't know that your site has some false information about me. The hosts I'm trying to sign up with wont bother challenging the false reports, so the shady host will probably get away with it, and will continue to enjoy the ability to slander people's reputation without recourse. What checks and balances exist to prevent this sort of behaviour?

    It's all well and good to say "you can just sign up and run your own details through the website", but if I don't know the website exists, how can I be expected to do this?

    I'm not saying this to disparage your service - far from it, something of its like is desperately necessary in an industry where chargebacks and scam accusations are the norm rather than the exception. I just think that the utmost attention needs to be paid to protecting you, the legitimate hosts, and the legitimate customers from being brought down by a few bad eggs (and we all know those bad eggs exist - from hosts that sign up customers and vanish with the money, to hosts that give themselves great reviews on biased 'review' or 'directory' sites, to hosts that provide trash service and blame the customer for everything).

    I would also encourage you to think about the possibility that someone slandered by a host with your service may target you as a result - especially in a country where truth isn't an absolute defence. You should at least be writing indemnity clauses into your terms of service for reporters.

  5. #45
    Join Date
    Feb 2006
    Location
    Kusadasi, Turkey
    Posts
    3,273
    First of all, hosts that sign up are passed through a manual verification. Querying the database is available for everyone, but submitting new reports can only be done by verified hosts. Hosting "companies" that started up one week ago obviously won't pass this manual verification.

    Secondly, there is the visible reputation points. All companies start with reputation 1 (the lowest), and work their way up to reputation 10. Reputation is calculated with the number of reports per company, how many client reports they share with other companies that have higher reputation, how many times they were challanged, etc. There are logs about query counts, report counts, report types, dates, etc, all can be used to determine a reputation point. And currently, all reputation calculations are presented to the admins automatically, but requires manual approval before they become active. Additionally, there is the multiplier. It goes along with the reputation points. If a company is involved in shady reportings, their multiplier will be reduced, and their reports will add less points to the overall score of a customer.

    I'm pretty sure this does not cover all issues about shady reports, but we have enough of those shady reports on WHT, but the other way around. If an ex-customer slanders/libels against a hosting company on forums, we ask them their domain name hosted. Once they provide a domain to us, we verify them but we cannot decide if the customer or the host was right in that particular issue. That is something that needs to sort out itself. But at the end, even if we, as a community, decide the customer was wrong, bad customers can switch companies and keep defrauding/badmouthing other companies. FraudRecord helps hosts share their side of the story without giving out sensitive information about the client.

    There are bad clients who use every chance to ruin legitimate hosting companies. It is conceivable to think that there will be bad hosts who try to ruin legitimate customers.

    Manual verification of hosts, appending reputation points, multipliers, and expecting member companies to spend a minute to check if the report seems shady is all we can do to ensure the system is working reliably.
    Fraud Record - Stop Fraud Clients, Report Abusive Customers.
    █ Combine your efforts to fight misbehaving clients.

    HarzemDesign - Highest quality, well designed and carefully coded hosting designs. Not cheap though.
    █ Large and awesome portfolio, just visit and see!

  6. #46
    Join Date
    Apr 2009
    Location
    Venice, Italy
    Posts
    208
    Just signed up, looks promising. Took me 5 minutes to signup and integrate into Whmcs.
    Nice interface and surely helpful. Let's just hope companies contribute

  7. #47
    This is an excellent idea and something we are considering implementing. The more information you have on a client the better protection you have. Multiple sources also helps so consider combining this with MaxMind...
    SmileServe | Simple Solutions Which Make You Smile
    LiteSpeed - R1Soft - FFMPEG - RVSkin - RVSiteBuilder Pro - Softaculous - CloudFare
    24/7 Support - 30 Day Money Back Guarantee - 99.99% Uptime Guarantee
    www.SmileServe.com

  8. would love to see a clientexec plugin.
    *~ Shared,Reseller, and Cloud VPS Provider ~*
    *~ Check out our site at 24Khost.com ~*
    *~ Birchtreelane Gifts, Antiques, Books, Collectibles Birchtreelane.com ~*

  9. #49
    Join Date
    Jun 2009
    Posts
    74
    Apologizes for the bump but I feel this needs to be said. That said let me also preface this with the fact that I am not an attorney and everything stated in this post is nothing more than my own personal opinion.

    The OPs assertion that no private data is stored or transmitted isn't entirely accurate. Lets take for example a client named John Doe. He buys an expensive dedicated server from Host A. After a month an a half files a chargeback. Host A hashes his information lets just say the resulting hash is 12345 (I realize the actual hash will be longer and more complex, but this is just an example). His other information also will be hash and sent to FraudRecord. John Doe signs up for Host B they hash his data including his name resulting in the same hash 12345. A match is found stating he has charged back a dedicated server with Host A. Though the name John Doe or his other information was never transmitted in of itself an identifier being the equivalent to the original information was allowing Host A to indirectly share that John Doe (his email and address and whatever else) was involved in a chargeback. The hash is both consistent anyone following FradRecords directions for hashing will get the same identifier from the name John Doe and the hash is unique (within a minor margin of error). Once could easily and I believe correctly argue this is effectively the same as if they said John Doe charged back directly.

    The other issue pertains the the United States, because FraudRecord is sharing customer reputation from previous hosts I believe they would be classified as a Consumer Reporting Agency which means there is a lot of regulation they have to follow, including the ability for the end users who find themselves in FraudRecord's systems (or well the hashes of their information) the chance to dispute the information adding huge administrative overhead to this free service. Plus any penalties for not complying with the requirements currently. Now whether or not this US law would apply I am not sure but it may just be as simple as if a US Resident is in the FraudReacord database (or their hash) they must comply.

    Let me end this by stating once again I am not an attorney and everything stated in this post is nothing more than my own personal opinion.

    That said I personally would not use FraudRecord as a host. And I would recommend any host wanting to use them carefully consider it first.

  10. #50
    Join Date
    Jun 2005
    Posts
    3,448
    Quote Originally Posted by Ryan524 View Post
    Apologizes for the bump but I feel this needs to be said. That said let me also preface this with the fact that I am not an attorney and everything stated in this post is nothing more than my own personal opinion.

    The OPs assertion that no private data is stored or transmitted isn't entirely accurate. Lets take for example a client named John Doe. He buys an expensive dedicated server from Host A. After a month an a half files a chargeback. Host A hashes his information lets just say the resulting hash is 12345 (I realize the actual hash will be longer and more complex, but this is just an example). His other information also will be hash and sent to FraudRecord. John Doe signs up for Host B they hash his data including his name resulting in the same hash 12345. A match is found stating he has charged back a dedicated server with Host A. Though the name John Doe or his other information was never transmitted in of itself an identifier being the equivalent to the original information was allowing Host A to indirectly share that John Doe (his email and address and whatever else) was involved in a chargeback. The hash is both consistent anyone following FradRecords directions for hashing will get the same identifier from the name John Doe and the hash is unique (within a minor margin of error). Once could easily and I believe correctly argue this is effectively the same as if they said John Doe charged back directly.

    The other issue pertains the the United States, because FraudRecord is sharing customer reputation from previous hosts I believe they would be classified as a Consumer Reporting Agency which means there is a lot of regulation they have to follow, including the ability for the end users who find themselves in FraudRecord's systems (or well the hashes of their information) the chance to dispute the information adding huge administrative overhead to this free service. Plus any penalties for not complying with the requirements currently. Now whether or not this US law would apply I am not sure but it may just be as simple as if a US Resident is in the FraudReacord database (or their hash) they must comply.

    Let me end this by stating once again I am not an attorney and everything stated in this post is nothing more than my own personal opinion.

    That said I personally would not use FraudRecord as a host. And I would recommend any host wanting to use them carefully consider it first.
    I donīt think you are correct here.

    Google Chrome for example also has a unique UID for each installation. The could also identify me when I log into my Google account even when they say its completely anonymous. Every single software I know, calls home when you open it on the computer, and every single one has a unique serial which possible identifies a customer as well. I know this because I donīt allow anything to the Internet unless its manually, and 90% of softwares today send data back, every single time you open them.

    Or how about internet users with a fixed IP address, if they go to website1.com and they can also be identified in website2.com by the same IP in the Apache logs.

    If what you say is true, then allot of things apply to the same legislation, basically every single software that makes any type of unique logging, even WHT forums. As far as as the hash, there is no private information of the customer, so its not possible for fraudrecord to know he is John Doe, unless one of the hosting companies tells them so, and this no different again from me telling a a website "this is my unique IP to which I access my account" so know they can also identify me the same way.

    My point is that it requires interaction of both companies to identify John Doe manually so this can be said for basically the whole Internet.

    So, no, you are incorrect here. The HASH is not private data, its a hash. Can it be used to identify someone? Yes, and so can an IP address, a GUID in a software, a serial in a software, each unique Windows Installation, every single logging to some website, etc. So every single software vendor, and even website would need to apply for the same legislation which is just ridiculous.

  11. #51
    Join Date
    Feb 2004
    Location
    Scotland
    Posts
    2,830
    Quote Originally Posted by nibb View Post
    So, no you are incorrect here. The HASH is not private data, its a hash, can be used to identify someone? Yes, and so can an IP address, a GUID in a software, a serial in a software, each unique Windows Installation, every single logging to some website, etc.
    You completely miss the point a few of us (including the person you replied to) were making. It's not hashing the data that is the problem, it's not the company in question reading or storing the hash that's the problem, the problem is that this hash is allocated to a specific person based on their details and anyone else searching this public database can get further details about this client just by matching the hash of their data.

    This isn't a hidden method to create this hash, it's publicly shared with everyone who uses this site. It's not even close to being the same as a serial for a software. It's really no different to searching for the phrase "John Doe" and "[email protected]" and getting back that he is an abusive customer who makes chargebacks. The difference is being pointed to here as you are not searching for the name but instead a hash, but either way it is still a string that personally identifies this specific individual.

    I honestly don't know whether this would fall outside of the privacy laws of various countries or not, but most if not all of those dismissing it because it is "only a hash of data" are just using guesswork to run their businesses without actually checking with the proper people if it is allowed or not.

  12. #52
    Join Date
    Jun 2005
    Posts
    3,448
    Quote Originally Posted by Wullie View Post
    You completely miss the point a few of us (including the person you replied to) were making. It's not hashing the data that is the problem, it's not the company in question reading or storing the hash that's the problem, the problem is that this hash is allocated to a specific person based on their details and anyone else searching this public database can get further details about this client just by matching the hash of their data.

    This isn't a hidden method to create this hash, it's publicly shared with everyone who uses this site. It's not even close to being the same as a serial for a software. It's really no different to searching for the phrase "John Doe" and "[email protected]" and getting back that he is an abusive customer who makes chargebacks. The difference is being pointed to here as you are not searching for the name but instead a hash, but either way it is still a string that personally identifies this specific individual.

    I honestly don't know whether this would fall outside of the privacy laws of various countries or not, but most if not all of those dismissing it because it is "only a hash of data" are just using guesswork to run their businesses without actually checking with the proper people if it is allowed or not.
    I think they are based in Turkey, so good luck trying to apply them the US laws even if you where right. Even in the US you would have a very hard time trying to prove this is illegal, as allot of other systems can be applied to the same rules, the whole Internet almost...even companies like Apple would be sued which make allot more than just identify a customer on each device, this is only personal identification, companies like Apple not only do that, but they even go as far as tracking usage and location !!!
    Last edited by nibb; 12-03-2012 at 05:02 PM.

  13. #53
    Join Date
    Feb 2004
    Location
    Scotland
    Posts
    2,830
    Quote Originally Posted by nibb View Post
    I think they are based in Turkey, so good luck trying to apply them the US laws to them even if you where right.
    I'm not trying to apply any laws to them, but the hosts who are using them need to abide by their own local laws and I personally think the argument that "it's hashed so it's fine to share, even though others can identify and get more details about the customer" is seriously flawed and some people could be operating outwith the laws/regulations they are required to follow.

  14. #54
    Join Date
    Jun 2009
    Posts
    74
    Anycomapny using a UUID for their own purposes has nothing to do with this. For this to be the same Apple for example would have to publish something like a list of browsing history for each UUID and their algorithm for generating the UUID.

    Thats really nowhere near the same as what FraudRecord is doing because they are publishing their hashes with reputation information and including how to generate the hash to create the connection when the same information is being used.

    Like I said even if they are not based in the US, US law could still apply depending on the circumstance. For example where is their server located, do they "do business" in the US, ect.

    Regardless as a US host US law applies to me. If I decline a client because of data obtained from a Consumer Reporting Agency I am required to notify them.

  15. #55
    Join Date
    Jun 2005
    Posts
    3,448
    How is this different from Apple having your name, address, credit card, devices activated, GPS location and even usage?

    How is this different from Google having a unique installation for their products and requiring you to log into Google account where most of your data is stored to use some services?

    How is this different from Facebook sharing all your data with almost everyone that makes a plugin or app for them not to mention almost every advertiser that publishes ads on Facebook?

    If the company puts this in the TOS, that the data of the customer will be hashed and send to a third party, this is no different than what Facebook does, which does not even hash data in the first place before sharing. If the customers signs up and accepts this in the TOS I donīt see a problem with it.

    If this would be illegal, even in the US, then Facebook would be the first one to go down. Any company can decline any customer if they choose so. Its done every single minute, in particular with hosting companies. Using information to decide if yes or no, is no different than using your own internal fraud methods.
    Last edited by nibb; 12-03-2012 at 05:38 PM.

  16. #56
    Join Date
    Jun 2009
    Posts
    74
    Quote Originally Posted by nibb View Post
    How is this different from Apple having your name, address, credit card, devices activated, GPS location and even usage?

    How is this different from Google having a unique installation for their products and requiring you to log into Google account where most of your data is stored to use some services?

    How is this different from Facebook sharing all your data with almost everyone that makes a plugin or app for them not to mention almost every advertiser that publishes ads on Facebook?
    In the case of Apple and Google that's all internal use, nowhere does it talk about sharing.

    In the case of Facebook you are opting in to the sharing by using the app and I am sure it says something to that effect in their privacy policy.

    The deal with FraudRecord is it is sharing information that may be regulated. In the case of being designated a Consumer Reporting Agency that's because the information they share is about someones reputation if US law would in fact apply which I stated in my first post I am not sure if it would, that was mentioned for completeness.

  17. #57
    Join Date
    Feb 2004
    Location
    Scotland
    Posts
    2,830
    Quote Originally Posted by nibb View Post
    How is this different from Apple having your name, address, credit card, devices activated, GPS location and even usage?

    How is this different from Google having a unique installation for their products and requiring you to log into Google account where most of your data is stored?
    You are comparing apples to oranges. (or googles )

    1) A public database where anyone just by knowing a few details about me can search for details and get results, which also gives them more details about me and what I did.

    2) A database that is not publicly shared, at least not in any way that can be tied to an actual individual. It doesn't matter if I know your details, I can't get your UUID or match anything else to you as an individual.

    If this record simply said "someone performed a chargeback" and wasn't tied to a specific person using their details then that is one thing, but this is basically taking details of a person and then coming back saying "This person performed a chargeback". That is specific to that individual, on a publicly accessible database which nobody verifies the authenticity of the submissions.

    How can you compare the 2?

  18. #58
    Join Date
    Jun 2005
    Posts
    3,448
    Quote Originally Posted by Ryan524 View Post
    In the case of Apple and Google that's all internal use, nowhere does it talk about sharing.

    In the case of Facebook you are opting in to the sharing by using the app and I am sure it says something to that effect in their privacy policy.

    The deal with FraudRecord is it is sharing information that may be regulated. In the case of being designated a Consumer Reporting Agency that's because the information they share is about someones reputation if US law would in fact apply which I stated in my first post I am not sure if it would, that was mentioned for completeness.
    Sure, but if the customers accept this info to be shared in the TOS, just like you do with Facebook, what defines what data is regulated and what no?

    As far as I see, Facebook data is not regulated either and they share it for "financial" reasons.

    This service shares it for screening purposes, or anti fraud.

  19. #59
    Join Date
    Jun 2005
    Posts
    3,448
    Quote Originally Posted by Wullie View Post
    You are comparing apples to oranges. (or googles )

    1) A public database where anyone just by knowing a few details about me can search for details and get results, which also gives them more details about me and what I did.

    2) A database that is not publicly shared, at least not in any way that can be tied to an actual individual. It doesn't matter if I know your details, I can't get your UUID or match anything else to you as an individual.

    If this record simply said "someone performed a chargeback" and wasn't tied to a specific person using their details then that is one thing, but this is basically taking details of a person and then coming back saying "This person performed a chargeback". That is specific to that individual, on a publicly accessible database which nobody verifies the authenticity of the submissions.

    How can you compare the 2?
    How exactly would you do the search if the data is hashed? You need something to match against it, which means you already know the customer data in the first place. Its not a public database where you search a name and get back results. You need the data in the fist place to try to match it to a specific hash.

  20. #60
    Join Date
    Sep 2012
    Location
    Switzerland
    Posts
    156
    Quote Originally Posted by nibb View Post
    How exactly would you do the search if the data is hashed? You need something to match against it, which means you already know the customer data in the first place. Its not a public database where you search a name and get back results. You need the data in the fist place to try to match it to a specific hash.
    They use salted hashes so even public name database would be of no use.
    INCLOUDIBLY.NET
    DDoS protected dedicated servers and VPS in Zurich, Switzerland. Setup assistance, high privacy and mitigation guarantee.

  21. #61
    Join Date
    Jun 2009
    Posts
    74
    Well that's something you should consult with an attorney with as to what can be shared and when, and if the user has to opt in to letting it be shared. I am simply making the point that hashing IMO still constitutes share information and explained why. And yes they do hash it, with the same publicly known value, which means I can generate a table of equivalents or just do a live brute force if I want to. Regardless both hosts the reporting host and requesting host can know with a level of certainty they are talking about the same original value thus how is that different as if they shared the original value directly other than the middle man (Fraud Record) doesn't know the original value.

    When it comes to the internet and the fact that international boundaries are crossed things can get complicated quick. I am simply saying that since hashes are designed to to always result int he same hash from the same initial value and rarely (if ever) generate the same hashed value from different initial values is effectively the equivalent of the original data and likely to be subject to the same regulations again in my opinion.

    I am just stating you should consider it carefully before sharing information with such a service or even using information from such a service before just doing so because it MAY cause legal problems if you violate applicable regulations. The line the OP keeps using that says no information is being shared in in my opinion inaccurate because of the consistency of hashing, actually if hashing wasn't consistent you would keep getting false positives and negatives and such a service would be useless.

    And yes this would apply to use of a service like maxmind too. I personally authorize the charge only but don't complete the transaction until I have manually reviewed the signup and in many cases have even spoken with the customer on the phone.
    Last edited by Ryan524; 12-03-2012 at 05:56 PM.

  22. #62
    Join Date
    Feb 2004
    Location
    Scotland
    Posts
    2,830
    Quote Originally Posted by nibb View Post
    How exactly would you do the search if the data is hashed? You need something to match against it, which means you already know the customer data in the first place. Its not a public database where you search a name and get back results. You need the data in the fist place to try to match it to a specific hash.
    Just because you put something in your TOS does not mean you can do it legally.

    As for your need something to match it to comment, take the following:

    Company 1 phones company 2 and says:

    Look, we just had a signup from Joe Bloggs who lives down at 123 whatever street, know anything about them?

    Company 2 replies with "Yeah, terrible customer, charged back on their service with us and can you believe they even contacted our support? The cheek!"

    Now, by your reasoning the above is ok because Company 1 already knows the person's details so it can't be a breach of data regulations, even though personal data is being shared between 2 companies, right?

  23. #63
    Join Date
    Jun 2005
    Posts
    3,448
    Quote Originally Posted by incloudibly View Post
    They use salted hashes so even public name database would be of no use.
    Which was exactly my point.

  24. #64
    Join Date
    Jun 2005
    Posts
    3,448
    Quote Originally Posted by Wullie View Post
    Just because you put something in your TOS does not mean you can do it legally.

    As for your need something to match it to comment, take the following:

    Company 1 phones company 2 and says:

    Look, we just had a signup from Joe Bloggs who lives down at 123 whatever street, know anything about them?

    Company 2 replies with "Yeah, terrible customer, charged back on their service with us and can you believe they even contacted our support? The cheek!"

    Now, by your reasoning the above is ok because Company 1 already knows the person's details so it can't be a breach of data regulations, even though personal data is being shared between 2 companies, right?
    You are completely going off track with this... which is not fair for their service either. You are making up situations exactly where they break regulations on your "personal opinion" and this is not how the service works either in real life.

    But anyway I will try to reply to this anyway:

    Putting something in the TOS does not make it legal. But putting a clause that data will be hashed and send encrypted to a third party is by no way more illegal (in your sense of opinion) or in moral than what some companies are doing right now in their TOS while sharing data with third parties as well. Facebook does the same and does not even hash the data, actually its PUBLIC and everyone can access them, all they need is the customer to say "yes, we accept this". So how can you even consider sharing hashed data to be different than this....

    Someone mentioned, sure Google, Apple uses it for their own, use, Facebook does not. It shares them with anyone and thousands of companies. And that data is plain text, not even hashed...

    Also, your imaginary story of both companies talking in the phone and sharing data would be no different than Apple doing the same with Google, or Microsoft with Google, or anyone else in the planet earth.

    How is this fault of the service? Its the companies that are breaching the regulations and sharing data and you donīt even need a service like Fraudrecord for this either. I can also share or send customer data by email or via phone, in plain text or how I like. How exactly is this the fault of FraudRecord which is not even involved?

    How is this different from Hosting company 1, sending a private message here on WHT to company 2 about some customer as well? Its not. They are breaching the regulations by their own.

    You are really trying to prove such service is illegal while someone could argue what Facebook does is 1000 times more illegal and guess what? So far its not, because all they need is the customer to be informed in the TOS about this which they did.

    Find a lawyer that is willing to say this is breaching regulations and who is willing to say almost what every single major Internet company did or is doing is as we speak is also illegal. Sure anyone can, but they will ever win? Dream on.

    I just took Facebook as one example, I can probably put 1000 more examples of data sharing which is worst than this and done by major fortune companies worldwide.
    Last edited by nibb; 12-03-2012 at 06:16 PM.

  25. #65
    Join Date
    Feb 2004
    Location
    Scotland
    Posts
    2,830
    Quote Originally Posted by nibb View Post
    How is this different from Hosting company 1, sending a private message here on WHT to company 2 about some customer as well? Its not. They are breaching the regulations by their own.
    Just because it may happen does not mean it isn't a breach of data regulations or that somehow "well other do it, so it's ok".

    Quote Originally Posted by nibb View Post
    You are really trying to prove such a service is illegal while someone could argue what Facebook does is 1000 times more illegal and guess what? So far its not, because all they need is the customer to be informed in the TOS about this which they did.
    I never said it was illegal, at least not intentionally. I said it may not be allowed under certain laws and dismissing these claims on the basis that it's a hash so it's not personal details is pretty stupid without actual clarification of that.

    The problem I personally have was never the database in itself, it was the other things that go with it:

    1) Anyone can submit to it or read from it.

    2) Taking (1) into account, there is no sure fire way to remove yourself if you are wrongly listed. (It may be possible to argue your case, but like you said they are not required under our law to do anything. This in itself could potentially make it unusable in the UK for example)

    3) A lot of the hosts who I see claiming to use this do not list anywhere about sharing data with this company. Like I said previously, the argument being that it's a hash, so it's not data.

    4) There are no retention details published. If I commit a wrong, am I still going to be punished 20 years into the future? Even most criminal records are considered spent after a period of time and blips in my credit are only recorded for 6 years, so why should this be any different?

    5) How many people who get listed on this are actually innocent people? Got a chargeback? Report it to the database but oops, you just reported an innocent party who got their card stolen, not the offender.

    There are other potential problems I thought of previously, but this is all I can think of just now. Once again I am not saying nobody should use this or the database itself is a problem, it's all about how people use it and whether they are actually checking whether they are allowed to use it or not.

  26. #66
    Join Date
    Jun 2009
    Posts
    74
    You are getting into legalities of sharing data which is something an attorney should be consulted about.

    I am simple refuting the point the OP has made multiple times about it not sharing data because it uses hashes. I demonstrated that because of how hashes work they are virtually equivalant to the original data and then therefore (in my option) covered under the same laws and if they transmitted non hashed data.

    The OP has stated in this thread his option is that it is not the same, i am simply refuting that point. Again consult an attorney if you want a legally binding answer, I am simply refuting it so that people just don't blindly think the OP is right to to find out that maybe he is wrong and then find themselves in legal trouble.

  27. #67
    Join Date
    Jun 2005
    Posts
    3,448
    Quote Originally Posted by Ryan524 View Post
    You are getting into legalities of sharing data which is something an attorney should be consulted about.

    I am simple refuting the point the OP has made multiple times about it not sharing data because it uses hashes. I demonstrated that because of how hashes work they are virtually equivalant to the original data and then therefore (in my option) covered under the same laws and if they transmitted non hashed data.

    The OP has stated in this thread his option is that it is not the same, i am simply refuting that point. Again consult an attorney if you want a legally binding answer, I am simply refuting it so that people just don't blindly think the OP is right to to find out that maybe he is wrong and then find themselves in legal trouble.
    And so would SSL traffic, IPsec and VPN traffic. It DOES share data. The question is what data? Hashes, it can be considered anonymous data like GUID, not personal data.

    If we want to go the route that you can match this with personal data, like I said before, you could also do this with a unique identifier in the iPhone and Google Chrome and every other product out... If you have someone that works with you to match the data of have something to compare it, so this is true for every other anonymous data as well.

    The data shared is not personal. If you all here want to argue it is, because you can match it with personal information, so it can be done in iPad, Windows and every other identifier.
    Last edited by nibb; 12-03-2012 at 06:50 PM.

  28. #68
    Join Date
    Jun 2005
    Posts
    3,448
    Quote Originally Posted by Wullie View Post
    Just because it may happen does not mean it isn't a breach of data regulations or that somehow "well other do it, so it's ok".



    I never said it was illegal, at least not intentionally. I said it may not be allowed under certain laws and dismissing these claims on the basis that it's a hash so it's not personal details is pretty stupid without actual clarification of that.

    The problem I personally have was never the database in itself, it was the other things that go with it:

    1) Anyone can submit to it or read from it.

    2) Taking (1) into account, there is no sure fire way to remove yourself if you are wrongly listed. (It may be possible to argue your case, but like you said they are not required under our law to do anything. This in itself could potentially make it unusable in the UK for example)

    3) A lot of the hosts who I see claiming to use this do not list anywhere about sharing data with this company. Like I said previously, the argument being that it's a hash, so it's not data.

    4) There are no retention details published. If I commit a wrong, am I still going to be punished 20 years into the future? Even most criminal records are considered spent after a period of time and blips in my credit are only recorded for 6 years, so why should this be any different?

    5) How many people who get listed on this are actually innocent people? Got a chargeback? Report it to the database but oops, you just reported an innocent party who got their card stolen, not the offender.

    There are other potential problems I thought of previously, but this is all I can think of just now. Once again I am not saying nobody should use this or the database itself is a problem, it's all about how people use it and whether they are actually checking whether they are allowed to use it or not.
    1) Same today with Facebook

    2) Same with Facebook, you cannot remove your data or account, you delete it, log in and all the data is there again

    3) Allot of websites donīt claim either they send data to Facebook, just by having the like button on the website, facebook is actually tracking. Same again the same here is true for half of the internet.

    4) Not sure about that.

    5) Not sure, but is not a blacklisting site. Its a screeening site, the hosting and company can still decide to provide the service or not. Its no different than Maxmind saying your customers is logged from Chine, but his CC card is from the US. Its the host that decides if its fraud or not.

  29. #69
    Join Date
    Jun 2009
    Posts
    74
    Quote Originally Posted by nibb View Post
    And so would SSL traffic, IPsec and VPN traffic.
    If those technologies are being used to transmit data to third parties covered under applicable laws and regulations then I would say yes.

  30. #70
    Join Date
    Jun 2005
    Posts
    3,448
    Quote Originally Posted by Ryan524 View Post
    If those technologies are being used to transmit data to third parties covered under applicable laws and regulations then I would say yes.
    So what is your point, based on this the whole Internet should be regulated, as Internet is sharing data.

    Again, its sharing hashes, this is no different than any other data. Can you match it with personal information of a specific individual? Yes, and so you can with other data.

  31. #71
    Join Date
    Jun 2009
    Posts
    74
    Some data sharing is regulated. As I already mentioned I was refuting the OPs point that since the data is hashed it is not covered by regulation.

    I'm sorry but I don't know how to make that any clearer for you.

  32. #72
    Join Date
    Feb 2004
    Location
    Scotland
    Posts
    2,830
    Quote Originally Posted by nibb View Post
    1) Same today with Facebook

    2) Same with Facebook, you cannot remove your data or account, you delete it, log in and all the data is there again

    3) Allot of websites donīt claim either they send data to Facebook, just by having the like button on the website, facebook is actually tracking. Same again the same here is true for half of the internet.

    4) Not sure about that.

    5) Not sure, but is not a blacklisting site. Its a screeening site, the hosting and company can still decide to provide the service or not. Its no different than Maxmind saying your customers is logged from Chine, but his CC card is from the US. Its the host that decides if its fraud or not.
    You keep using Facebook or UUIDs as a comparison and they really aren't even similar.

    My details get on Facebook because I provide them to Facebook, they don't appear on Facebook because I signup with Google for a mail account. In this case, the details are going to a third party to be read by other third parties without my specific consent in a lot of cases.

    As for SSL etc, those again are not being passed to third parties. You really need to make the distinction here between sharing data between you and the client and sharing data between you, the client and a third party who then makes it available publicly to others.
    Last edited by Wullie; 12-03-2012 at 08:01 PM.

Page 2 of 2 FirstFirst 12

Similar Threads

  1. About 30% done -- thoughts?
    By David in forum Web Site Reviews
    Replies: 19
    Last Post: 09-10-2011, 04:28 PM
  2. Im having second thoughts lately ....
    By unity100 in forum Running a Web Hosting Business
    Replies: 20
    Last Post: 12-05-2009, 08:47 PM
  3. Your thoughts
    By freshjada in forum Ecommerce Hosting & Discussion
    Replies: 2
    Last Post: 12-19-2005, 02:28 PM
  4. Your thoughts please
    By JMD in forum Web Site Reviews
    Replies: 3
    Last Post: 07-08-2002, 09:39 PM
  5. Your thoughts please
    By JMD in forum Web Site Reviews
    Replies: 0
    Last Post: 07-07-2002, 02:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •