Slashdot Mirror
Egghead Customer? Your Data Goes To Fry's
An anonymous reader says: "I bought some things from onsale.com, which then became egghead.com. Somewhere in that time, their credit card database got jacked, for which they sent me a nice e-mail saying everything was ok. Now I've got a mail that I don't like at all, with the subject 'IMPORTANT MESSAGE REGARDING THE TRANSFER OF YOUR CUSTOMER INFORMATION.' Well. that's pretty much it. egghead.com info will go to Fry's Electronics, unless the customer explicitly requests that it not. How often does it happen that when a company goes under that they just sell their customer info and just not tell anyone?"
Here are links to the Egghead info page and privacy and security policy.
So who owns Fry's? Is it Disney or MS or AOL-TW?
It seems way to often. The question is, does choosing to purchase at mean you simply choose who you hand over you right to privacy? (Don't flame me, it's a legit question.)
At least egghead is telling its customers, and giving them an opportunity to block it.
Most companies that go under just sell the information outright. At least you got an opt out. I don't agree with them selling it at all, but again, at least there is an option...
--The space between my ears was intentionally left blank--
-Legion
There was a similar case where the company went into recievership and the reciever sold off client information as an asset of the company. I can't remember the details, but it was a real big stink here on /. and elsewhere.
In this day and age of information though, information is an asset. Yours and likely an asset of any company you provide it to. Remember, you're not being made to give out your personal info, you're providing it in exchange (along with money sometimes) for a service.
Beware the Whyte Wolf.
With a gun barrel between your teeth, you speak only in vowels...
My personal info was stolen some time back and was used fraudulently to purchase some items at egghead.com
I tried the link to opt out, but you have to have a user id and password to do this! I don't have them because the criminal who stole my CC created them.
As a result, there is no way for me to get them to remove my personal info, which wasn't supposed to be in their database in the first place!
Egghead.com was also cracked about a year or so ago. They have a very poor track record of safeguarding their customers' information.
Things like this make me want stricter privacy controls for personal information.
...since privacy helps terrorists.
A.D. 1517: Martin Luther nails his 95 Theses to the church door and is promptly moderated down to (-1, Flamebait).
I used to purchase things from Onsale's auction site all of the time, including my refurbished laptop 4 years ago. They had excellent selection, and if you could find what you wanted you could usually get it cheaper than anywhere else. I also bought my new digital camera from Onsale's auction site.
Then Egghead purchased Onsale. At first Egghead did a decent job of keeping up the auctions, even imitating Onsale's not-so-hot web page design. Over the past year or two, the auctions have really fizzled - you can hardly find anything worth bidding on.
Then there was the incident where the credit card database was cracked. This did not make any Egghead customers very happy. Add to that the fact that many of their retail items were either overpriced or out of stock, the site quickly went to the bottom of the list from which I purchase computer equipment.
I am not saddened to see the company go under - they brought it upon themselves.
"The universe seems neither benign nor hostile, merely indifferent." --Carl Sagan
Customer info is one of the primary assets a business has to sell. If I were in a position to buy an existing business, I would require the customer list as part of the deal. What would be bad is if the company was just selling the info to any Tom, Dick, or Harry that wanted it.
Just having the customer info is no guarantee of customer loyalty or repeat business. As long as it's only going to the successor company, I don't have a problem with it, but they will have to work to retain my business.
"You'll get nothing, and you'll like it!"
...a company doesn't even have to "go under" for them to sell your customer information. Companies clean out the dead-beat and non-repeat customer lists by selling the information off to debt and customer information clearing houses on a regular basis.
Jesus... when are you privacy freaks going to *wake*up*and*smell*the*coffee?
The Canadians have introduced bills to prevent this from happening. The company must ask your explicit permission or else both companies will be held accountable. This also leaves the door open for the good old fashioned class action lawsuit
I'm just not sure if this was passed already or not. I guess I should find out, being Canadian and all.
Angry White Guy
--Consience is a hinderance only afforded by the common man
You think that I'm crazy, you should see this guy!
You can't stop the sale of customer data unless your a majority stock holder. Stock holders want to make their money back, and customer data is a tasty sale. To protect their butts they normally have a privacy contracts with "We reserve the right to modify or change, blah blah at any time."
We don't have as much privacy you expect, credit card companies, insurance companies, banks, etc, exchange data without your permission, due to fraud and credit reporting. Even with government databases, they love selling drivers license information to companies.
Whether the data goes to Fry's or elsewhere, most data generated by virtual processes, and all other electronic transactions, will be used in ensuring security. This is especially likely due to Tuesday's tragedy.
Information's nature will change soon.
On NPR today, someone was explaining the use of electronic information as a possible alternative to ethnic, cultural, or social profiling of airplane passengers and other people who frequent public places.
The security officials would use credit-card data, bill and purchase data, phone records, and bank data in order to verify that you have an established address, haven't moved around too much or done anything that provokes suspicion.
In effect, we will all have different "clearance levels" in regular civilian society, which will decide for us whether we are stopped, interviewed, strip searched; what our freedom of movement and consumer activity will be; and what kinds of security-vital private sector training, such as computer or pilot skills, that we can enjoy.
Goat sex free since 2001
This is a sad, yet foreseen event. When egghead's db got cracked back around xmas, we were immediately on the phone with the cc company and to my surprize they had actually heard about it, and were able to ditch the account and send us a completely new cc while transfering the account to it at no charge. With this news (I got the email too.. onsale.com sucks, it's all about to start sucking a lot more!) I am glad I'm paranoid at times, for now we don't have to worry about getting Fry'd in that fashion.
I've been wondering if an E-mail forwarding account within the European Union would be worthwhile, so that the European Directive on Data Privacy would apply.
I haven't purchased from Egghead (formerly Onsale) in a long time. In fact, at the least, I have ordered since their "hacker breaking" a while back.
After I got the "we're selling you to Fry's" email I decided to opt-out but it wouldn't accept my username and password, nor could I recover my password (via their website). I thought maybe my username was incorrect, but as far as I can tell that is not the case.
I'm wondering if my case is unique. I'm also wondering why I need a user name to opt-out. Why isn't my email enough? If I have that email setup for multiple users, then I can opt-out of all at once. I'm going to call customer support as well, but that will have to wait until Monday (thanks for the email Saturday, so that way hopefully I'll forget to opt-out by Monday).
Of course, I'm assuming that their website is actually working properly. I have order numbers and tracking numbers for previous orders, perhaps I should just email those en masse to customer support and let them deal with it.
I too received this email, went to the page to opt out, and had trouble doing so. However, if you keep reading the page they also give a toll free number to call in case you have trouble using the web page.
The number is 1-800-EGGHEAD (Mon - Fri 7AM - 5PM PST).
Why would Fry's not have any online presence? The obvious answer is that there is nobody in the organization who has the competence to do so.
I would submit that Fry's is not only unaware of the security issues related to "personal data", but guaranteed to screw it up.
It's for this exact reason that I'm yet to purchase anything from a web site, save for my now non-existant domain name. I'm not saying that nobody should buy anything on the Internet, or that it's a bad thing to begin with.
But lets face it. Even now, after the "dot bust" or whatever it is called today, there still are sites that are getting hacked, Internet companies that are going bankrupt, etc. And everytime that happenes, my personal information is in danger of becoming public, or that it falls into the wrong hands.
I know dozens of people, some of them my friends, who have had their credit card numbers stolen. My best friend lost $400 on his VISA, and if it wouldn't have been for the fraud protection, he would be in a deep hole right now (we're students, we're not rich people). Losing money is the worst thing that can happen, but what about the little things? I'm getting 10-15 spam emails a day, and this is after some pretty drastic filters. But I know people who keep getting them in the hundreds. (I went on a trip this summer for a monts, and I had about 600 new messages). And there are many more reasons...
And to top it all off, these companies are treating the information that you give them as something to sell. WHEN IT'S NOT EVEN THEIRS TO BEGIN WITH!!!!!!!!!!!! It's MY credit card number, it's MY name, MY address, MY age that I inputed into their database. And yet they sell it off!
Don't get me wrong, I love the ideea of going on-line and shopping with GrogeryGateay.com, or buying anything, ordering any services online. But I'm definitely not going to do it untill I'm certain that my info and my money are safe. And ATM, no matter what anybody will say, they're not!
Privacy Act Statement of 1974 it is the law. Why does everyone ignore it?
I seem to remember reading a story (here on slashdot?) that Fry's was actually buying out Egghead.com not too long ago. If one company buys the assets of another, doesn't it make sense that customer data is part of that? I guess I just don't understand what all the complaining is about.
Actually i'm going to do what so many people do. I'm going to sit back and complain about my privacy until someone i'm related to is blown up. Then i will agree we must retaliate.
But they also do more respectable business. Like they used to manage Dillard's warehouse stock information. They'd kick the data around and tell them what's selling where, what to order more of, and where to ship it at what time of the year. Pretty cool stuff actually.
~LoudMusic
No sig for you. YOU GET NO SIG!
At least honesty is your one saving grace.
Angry White Guy
You think that I'm crazy, you should see this guy!
For telemarketers, finding out their company, the company they represent and the first and last name of the person you're talking to before you ask them to add you to their do-not-call list is the way to go. Log that information and sue them if they ever call you again.
For spammers your choices are more limited, especially if you don't run your own mail server. It is next to impossible to not download spam, although you can process it in such a way that you never see it. There are two solutions I like the most. The first is to keep a whitelist of people who are allowed to send you E-Mail. You can store the E-mail of anyone who has sent you mail and isn't on the list and require them to reply to a message to get added to the white list. Purge any such stored messages after a week or so. The other alternative is to reject any E-mail that's not encrypted to your obnoxiously long encryption key. A 4096 bit key takes about 30 seconds to encrypt to for a 1 page message on a P166. No spammer's going to take the time (Nor would they be capable of taking the time, if everyone did this.)
For internet banner ads and more obnoxious features of the web, I've found that disabling popups and animations in Mozilla makes things a lot less annoying. YMMV depending on your web browser.
And of course, if you know a company is likely to sell your information without your permission, don't do business with them and tell them why.
We're already constantly on the verge of information overload (or well past the verge) without some company you never heard of buying your info and jamming more advertising down your throat. Pursuing your privacy like a rabid pit-bull is the only way to avoid having this happen.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Why is that when people post to Slashdot they must be so melodramatic and sensationalistic. If you look at the facts, you'll see that they have taken the time to alert their customers and give them a chance to OPT OUT of the information transfer. Please, folks, if you're going to post a story like this, please take the time to at least get MOST of the facts right, if not all.
The smoking remains of Outpost.com (the gerbil ad guys) are also in the process of being bought up by Fry's. The same thing will happen to your personal data if you ever bought anything from Outpost.
Outpost.com - what's left of the once proud e-tailer.
And here's a story by EcommerceTimes that says that some guy at Forrester says that the only reason Fry's wants Outpost is the customer list. I believe it, there's not much else worth anything left there.
Fry's Electronics has made it a clause of the purchase that no more than 10% of Egghead.com's customers opt-out of the mailing list.
m l
Check this article about it on CNet:
http://news.cnet.com/news/0-1007-200-6962164.ht
The personal information was exchanged, with money for goods and/or services, with the condition that it may be used only by egghead.com, and that they may not sell it. It may be considered an asset, but it is an asset with encumbrances on its use and resale.
Well i got there email, asked them not to sell my info. Then i got another email saying it didnt work. Anyone else have this trouble? They submit their form to an email address which i always thought was bad practice
when I worked at eggheads in la, the manager there was a convicted pedophile. he had to check in with his parole officer every month and he was always missing work. he had this computer in the back rigged up with all sorts of images of nude and semi-nude boys aged 14 and under. well anyuways one day before work we copied all these pictures onto the demo computers that were out on the show floor, and loaded them up to display in a slideshow. needless to say when my child loving boss showed up for work he freaked out like you wouldn't believe... he was probably secretly cumming in his pants at the sight of all those child dicks that sick fucker.
anyways so we all got fired.
If they sell my data, they should send me a check!
I tried the link, but it failed.
Fight Spammers!
Citizen Foobar! What is that you're doing? You just got off that escalator! Can't you see that's an Orange escalator? You know that you only have Red clearance, and are supposed to use the Red Rope that's hanging outside the window, over the moat with the spikes in it. What if someone with Orange clearance had needed that escalator, and had to get out of your way? Report for Termination immediately (in that Blue booth right there), and have a nice day!
I don't understand, you get an e-mail saying that they're gonna transfer your information unless you state otherwise, and then you complain that you weren't told about it. Did you get the e-mail or didn't you?
If Fry's really wanted the egghead.com customer database, why didn't they just buy it from some 15 year old Russian hacker?
When it comes to credit card fraud, since the consumer is protected by the card issuer (or else why use the damn thing, should not the credit card companies (that have to eat the losses) be doing the most to limit or restrict this kind of data exchange? I am under the impression that AMEX has way more weight to throw around then lil' oh me. though this doesn't have any bearing on non credit card data exchanges/sales. which suck because i dont everyone knowing which porno DVDs i prefer...
What exactly did you expect to happen? Fry's bought Egghead's assets.
max
----- The following addresses had transient non-fatal errors -----
----- Transcript of session follows -----
... while talking to smtp02.egghead.com.:
>>> RCPT To:
... Deferred: 452 4.2.2 Mailbox full
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old
Fry's electronics bought a part of Egghead (the part that had your customer data.
The bottom line is that one company had your information in the beginning and now one company, which is a dirivative of that first company, has that same info.
And what's the worse they can do with that information? Try to give you a good deal on a product?
I just heard some fucking sad news on talk radio - Horror/Sci Fi writer Stephen fucking King was found fucking dead in his Maine home this morning. There weren't any more fucking details. I'm sure fucking everyone in the Slashdot community will miss him - even if you didn't enjoy his fucking work, there's no denying his contributions to popular fucking culture. Truly an American fucking icon.
I'm not sure they legally had to allow us this opportunity. The whole company is being sold to Fry's, and last time I checked, a company's assets include its customer database.
The goatse guy for president. Win one for the gaper!
Damn... I wish I had some Karma points so I could mod this statement up... oh well, hopefully others will do so too. :)
First they store my credit card info when I make a purchase. Next they get hacked by a russian. Then they tell me everything's okay. Then I get a $10.80 balance adjustment from Citibank for an unauthorized transaction on my credit card. Then EggHead goes bust. Then they plan to sell my personal information. Then, to top it all off, the opt-out only works if you use a mail client that the browser recognizes. ()
Sigh.
Really...What's so bad about selling customer information? It's a valid product for companies to sell to other companies. It helps target products to the people who are most likely to buy them. Which is really the whole point of this free world stuff, right?
The consumer can buy what he wants to buy, and the corporation can sell what they're trying to sell.
Personally I don't really mind this type of stuff, but that's just me. The credit card companies probably sell your info weather you buy anything or not, so as a consumer you might as well get some benefit from that sale, right?
Just my opinion, so don't mod me down just because you disagree.
Karma...what's that? I just speak my mind.
I just heard the sad news on talk radio. Business/trade center World Trade Center was found dead in it's lower manhatten home on sept 11th. Even if you didn't work their you probably commuted through or shopped there. Truly an american icon.
that some childish person still hasn't grown up.
trolls can be funny. But trolls like this only sadden me that people can act this way.
Photos.
Fry's Electronics is the worst electronics store in the world, bar none. My most recent foray was an adventure in linguistics since no one there speaks English. Their stores are poorly stocked, incompotently staffed, and customer service is atrocious. I promise you that FRY's will bungle this website and you can be damn sure your information is not safe in their hands.
onf of our competitors went pop recently,
we've bought their database (60,000 ppl)
I will be emailing them and telling them that their details are now ours and giving them the option to not get emailed by us again and a url for our ToC.
I might give them the option to have their db entry removed or I might not, I'm undecided but I'm paying good money for those details and the more entries we have the more likely someone will pay us to search it.
The worst that can happen is that person is offered a job so I don't feel guilty. I believe in our service. I would hope many businesses believe they are offering something to truly benefit the client.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Link re: CC# generator.0 05.shtml
http://it.asia1.com.sg/v2/specials/crime20010627_
Nice enough for them to give you an opportunity to opt out. However...
You have to supply your username, which I don't have (I bought something from egghead about five years ago).
There is no mechanism for retrieving said username, as far as I can tell.
There is no one at Egghead responsible for replying to the annoyed emails sent by me and people like me.
So that's not really much of an opt-out, is it?
Visit sunny Knowumsayin.com, home of the pork shirt.
I was in the same situation as the poster, having purchased from onsale.com almost five years ago. Since I didn't want my data from a five-year old purchase cycling on to Fry's, I tried to use their opt-out script this morning, but it wasn't even working properly.
How convenient.
Bob
Science, like Nature, must also be tamed, with a view turned towards its preservation.
Talk of a red clearance citizen using a blue termination booth is treasonous! You are undoubtably a mutant communist trying to undermine everything the Computer has done for us! Clear grounds for termination.
Trees can't go dancing
So do them a big favor
Pretend dancing stinks!
Fry's is the one everyone should be complaining about, not EggHead.
The few Fry's employees who do speak English are too stupid to know what to do with the information.
There is more to the story. When I followed the
link provided by e-mail to exclude my account from
those being sold. I found that they ask for your
account name and password that are sent over via email (w/o encryption). Such send will reveal the
email address to the recepient, which means that
egghead may actually stealthily creating an additional database of active email accounts for sale. I don't see why this login information has to be sent by email.
A
Is using a credit card the only way to order something by mail in the US? Thank god for "Postförskott" here in sweden :)
Try this: http://www.geocities.com/tarahertz/frys-sucks.html
My e-mails been sat on mailq for the past four hours with the egghead.com inbox being full - don't waste your time replying yet awhile....
What if instead there was a "frequent fryer program". Would people be complaining or would they be outraged because their information wasn't merged?
Sometimes when I'm in Fry's I wished there was a "gold member" short line. (especially in returns)
When it happened, it was more Onsale (flush with dot-com cash) that purchased the failing Egghead. It really just postponed the inevitable failure.
Onsale's management figured Egghead had the better-known brand name, so the combined companies went ahead under the Egghead name.
That's why the auction pages looked an awful lot like Onsale's...
Whether we like it or not, customer information is a company asset - and when someone purchases a company they buy all the assets available. Including our information.
-- Josh Turiel
"2. Do not eat iPod Shuffle."
I think that they are trying to make it difficult so that nobody is able to opt out. That way they have more data to sell to Fry's, home of the 90-day free rental!
Lasers Controlled Games!
Fry's isn't JUST buying your customer info from Egghead.com. They are BUYING Egghead.com. According to a speech given by Randy Fry (President) in Austin at the Grand Opening of the first Fry's in town a couple of weeks ago.
He mentioned that while Fry's had never had an online presence, it was time to develop one. And he felt the best way to do that was to purchase Egghead rather than building from scratch.
BTW, how do I know this? I was working for Fry's at the time and was able to catch this handy little tidbit...
Credit card numbers are not as random as you might think. A good overview can be found at this site.
Best Slashdot comment ever
NO YOU CAN'T.
I tried after getting the e-mail and it didn't work for me. So erase #2 from your list. Points 1,3, and 4 are still valid. And I'll settle for just the $100, thanks.
Lasers Controlled Games!
It seems to be incompatible with my e-mail client. I can't think of any reason to have a form submit directly to an e-mail address; I mean, c'mon, how hard is it to install FormMail? ;-)
They have how many stores in silicon valley and how long did it take them to have a web presence? For the longest time any search for "Fry's Electronics" would just bring up pages flaming them. I seriously doubt that they have the know-how to make use of this data.
Lasers Controlled Games!
All your data are belong to Fry!
Cash... enjoy the retro.
"You must try to forget all you have learned. You must begin to dream." -- Sherwood Anderson
I've turned off the address spamfromegghead@mydomain long ago. As for junk snail-mail, I like it, it lets me know whether or not the mail carrier has been here yet.
The Egghead.com e-mail links to a page using an archaic "mailto:" form that is inconvenient at best and just plain won't work with many browser setups. Do a "View Source" on this page:
t _p
http://www.egghead.com/ShowPage.dll?page=b_1_op
Plenty of 12-year-olds could have set up a better system. Obviously so could Egghead, if they had wanted to.
A true cynic might accuse Egghead of using the recent tragedies as cover to sneak this anti-consumer tactic under the media radar. I say we all call 1-800-EGGHEAD on Monday morning, then follow up to the FTC and applicable state attorneys general, especially for those who live in states where Fry's has a brick-and-mortar presence.
At that point, I vowed to never buy a thing from Onsale. I've done just fine without them (their prices usually weren't all that great anyway...ditto for Egghead), and it's somewhat comforting that their "bad karma" is about to catch up with them.
(eBay long ago fixed its system to make what Onsale did nearly impossible...you can still retrieve other users' email addresses, but you have to be logged in to do that, and I suspect that all address requests are logged. A bot trawling for addresses now would stick out like a sore thumb.)
20 January 2017: the End of an Error.
Fry's OWNS Egghead.com
So how is it wrong for Fry's to see the data that they own?
I see it as a positive action that they are even saying anything at all and giving an opt-out, instead of just using the data that became theirs when they purchased Egghead.
It would be like complaining about my supervisor showing my personal information to his superior, because he didn't say "NO" to his boss.
I've never actually bought anything from the Egghead side of the store, it was always for the Onsale auctions. Over the last 6 months though the auctions have become really pathetic and only carry a tiny handful of items anymore and most of those are tagged as "buy now" rather than have bids open. Now if you go there and "list all items" for bid there are only 161. Pathetic! No wonder they're going out of business. Ah well, I guess I'll opt out of them selling my info... I doubt Frys is going to bring the auctions back and I can find things a LOT cheaper by searching on Pricewatch anyway.
My bank (Washington Mutual) issued me a new CC# after egghead was hacked even though egghead claimed no CCs were stolen. I highly suggest getting a new CC#.
it looks like something that should be on geocities. http://www.frys.com
When egghead.com went under, Fry's electronics purchased the the assets/inventory of egghead, which probably included customer information.
Fry's Electronics is one of the worst electronic stores i have ever seen. Everything has been returned. All the product are openbox. They purchase refurbished products to save a buck and mark the price up about 30-60 percent. The return policy is a joke. No proof of purchase, fine we'll take it back. Its broken, sure we can still sell it. I urge you for the love of god not to buy from Fry's. You will thank me in the long run. They don't value the customer or the employee. The care about how much money they will make. I worked security for them, i know how they work.
First off, I should have to OPT-IN for any use of MY information that doesn't specifically relate to the completion of the order(s) in question.
That said, when I first heard about the potential sale of Egghead.morons.com to Frys I hit the Egghead site and looked for the way to make certain that my information was not going to be transferred...
Years before, OnSale screwed me on an auction win by trying to jack up the shipping charges, and I chose to be removed from their DB's... They said at that time, that I was removed...
When I called Egghead a few months ago, I was still in their DB!!!!! But after a brief chat, the customer svc rep said she'd remove me from the list of customers being Xfered to Frys...
Today I get that wonderfully useless email saying that I have to opt-out! Huh? I thought I was removed already (twice). But given that most cust service reps are complete and utter imbeciles (YMMV), I hit the link and entered my info again...
But it didn't appear to do anything... Disable WebWasher, reload page, try again... Same response (just like the times I called!).
Dig into the source and find an email address that the form is submitted to:
option2@smtp02.egghead.com
Dig out the field names, etc. and concoct a message to the geniuses at Egghead to OPT OUT of this crap for oh, I don't know, the FIFTH time?
Try calling them, but they don't work on saturdays (another wonder why they haven't gone out of business long before now...)
This situation is precisely the reason why I ought to have to OPT-IN for these transfers... I wouldn't have had to do a damn thing. Let them work if they want to make money off of my name!
I don't ever recall giving them any permission for anything other than sending me some auction item I bid on...
These companies have got to learn that they need to ASK first.
Anyhow, next day I got a call from them. I asked the dude how long I waited at the register and he said he just watched it, 34 minutes. I made them call me back a few times but in the end I agreed to let thier drones come to my house and give me a gift certificate in exchange for a new check. When the drones got here I made them wait about 20 minutes while I called thier bosses and made sure who they were and got some other people on the phone to describe them. I always pay by check at fry's now...
so... egghead sends email to the email address
:)
on file offering an opt-out.
but, your email-on-file happened to have change
(is no longer valid). you don't get it, you
don't opt-out.
egghead goes ahead and sells that info to Fryes...
i wonder if Fryes has any idea of the *quality*
of info they are buying?
i kinda like this possibility
When a company merges or forms a partnership with another company, customer info is usually shared. There is nothing illegal or wrong with this practice. You should actually be happy that they are informing you and giving you the chance to opt-out.
We'll never sell your account inf. at ScaredCity, plus you could acquire this flashy URL from us, & we'll STILL never tell who you are.
in the fall of 2000, toysmart, an online toy retailer partly owned by the walt disney corporation, filed for chapter 11 bankruptcy, and announced that it was including its customer data base as one of the assets to be liquidated. disney had injected $45 million into toysmart but finally pulled the plug in may 2000, and shortly after toysmart filed for bankruptcy.
it then emerged that toysmart considered its database of customer information to be a liquidisable asset, that it would sell, in effect, to the highest 'trustworthy' bidder.
the federal trade commission disagreed with toysmart, and for a while considered blocking the sale, before finally allowing it to proceed under restricted conditions. notably, these conditions did not include any obligation on the part of toysmart's creditors to either inform or obtain permission from toysmart's customers. in the end, the data did not provoke a bidding frenzy: the highest offer had come from disney itself ($50,000), with the next highest offer being $15,000 from a market research firm in maine.
for more info search google, cnet, etc., with relevant terms.
I got the e-mail, followed the link, entered my user name and password (fortunately written down a while ago, since I've not bought anything from them in tears) and they claim I've been removed.
All of this in Konqueror, so not even a hassle that I don't have one of the "big two" browsers.
Of course, if you're paranoid, there is the question of whether they will honor it...
It's quite funny (or sad, really) that most developers seem to think that just because information is encrypted or delivered through SSL that it's actually secure.
This is simply not the case.
What a LOT of people fail to understand is that in an automated process (such as an on-line transaction) where that sensitive information, such as a credit card number, is required to complete that transaction, there will more than likely be some automated process for getting that information from the database.
I've worked with developers that have utilized encrypted storage for credit card numbers, passwords, etc., and they seem really surprised when I hack into it. When asked how I did it, I said, "why waste your time on breaking the encryption when all you have to do is find the function you guys call that does just that?".
It comes down to the fact that it isn't the technology, it's the implementation.
In short, it could be summed up to say that most "secure" sites lock the front door, but leave the key under the mat.
$0.02 (CDN)
This is the real question. If not explicitly defined in a company's privacy policy, such as Amazon.com did (saying their customer records were a business asset to be sold), do companies have the right to treat it as such? Apatently they can, although it hasn't been tested in court - but then, why did Amazon.com eplicitly state it if it were the default treatment.
As a corolary, are companies who aquire assets of another company, bound by the agreements made by that other company? I believe as a general matter of law, this is dependant on the contract in question, but with respect to customer information, is there not a defacto contract in place, governed by the terms of the company's (the company being aquired) privacy policy? Are privacy policies transferable such that they continue to be in force with respect to the data over which they originally had effect?
Since I am not a lawyer, I don't have the answers to these questions but I believe my understanding is sufficient to have properly posed them with respect to the legal status in question.
--CTH
--Got Lists? | Top 95 Star Wars Line
I apparently have THREE accounts with them, two through jobs and one personal... and i have to be able to magically match up "user names" that I no longer know, with each of the e-mail addresses.
There is no way to get out of it otherwise.
Dammit to hell.
Wow, that takes me back.
Happiness is mandatory. Are You Happy?
WWJD? JWRTFM!!!
So the wuck fhat.
For many companies their mailing list is the most valuable asset they have. I hate to admit to being a marketing slime in my past, but I was. One of the companies I was with had a up and coming product, but little cash in the bank for advertising. We traded our mailing list for ad's in magazines. We would also rent the mailing list of the magazines and other software companies and visa versa. Nowadays with scanners and "discount cards", and on and on not only your idenity is being swap, but your buying habits. An that's all legit. Now with phreaks sniffing phone systems. At most stores when you swipe your credit card to pay for something unless a major chain your info is going out in clear text over modem lines. You info belongs to the world.
I received a copy of the email from Egghead. When I went to the site to have my personal information removed, I received a notice from internet explorer (I know...) that the form was composing a message on my behalf. I checked the content of the message being sent to smtp-02.egghead.com and noticed that it included my Egghead.com username and password in unencrypted form. As SMTP traffice is not encrypted, this is VERY, VERY bad!!!!
FUKK frys -- i want a blowjob and $100 too
This is from the above-referenced article about Fry's requiring that no more than 10% of Egghead's customer's opt out:
"As part of the proposed $10 million sale, Fry's is requiring that no more than 10 percent of active customers--anyone who bought something at Egghead in the last two years--can "opt out" of a plan to transfer their information over to Fry's Electronics, according to a bankruptcy filing at U.S. Bankruptcy Court for the Northern District of California."
Well, I have NEVER purchased anything from Egghead.com. I purchased a single printer from Onsale back in 1997. The part about "two years" is a lie. I would imagine that when Egghead and Onsale "merged", all of the accounts were "reset".
Does anyone really believe they'd voluntarily drop your name after two years?
if i understand you correctly, then what you're saying is not entirely true. the graham-leach-bliley act provides that the consumer must be allowed to opt out (of having private data sold to third-parties and non-affiliates) at any time. they are required to notify you of your rights regarding your privacy (and they do so...usually in fine print somewhere). unfortunately, the GLB doesn't allow you the option to opt out for affiliates, but it probably wouldn't hurt to ask.
when the act was still in congress, consumer advocates requested an opt-in procedure, meaning that consumers would have to expressly request that their information be shared, but it was turned down.
you, as the consumer have the burden of protecting your own information by conatacting all of your financial institutions, and telling them to opt you out. when you do so, make sure that you tell them to opt you out of everything, including telemarketing calls, mail inserts, direct mail, etc.
if you want to learn more, go read up on the fair credit reporting act and the graham-leach-bliley act.
of course, much of your "private" information is publicly available through government agencies (DMV), unless you live in virginia california....because they had some trouble with a stalker getting the residence information of actress rebecca schaeffer (from my sister sam), and he subsequently murdered her, but that's a different matter.
If you trusted Egghead with your personal data, there's little reason to argue against Fry's (or whomever) ownership of your data -- they have to follow Egghead's privacy policy unless they give you an "opportunity to consent to any changes".
I registered a domain name at register.com. One year later I received a notification to my hotmail account that they would renew my registration and charge me money from my credit card unless i replied to a specific address. I got really mad, especially since I had left these mails for a copule of weeks since I thought it was spam. How can it be legal to do this?
Yes, the combinations are enormous, but parts if not all of the algoritm is known, a few years back I saw a simplification of the algoritm that allowed a person to generate a valid number with a few simple calculations. You could actualy generate a valid card just using your head...
Of couse all you got was a subset of the dominion of valid cards.
In Portugal(where I live) a company has to register its database (of personal information) with the state, and has to allow persons they have in the database to view, correct and delete data about them...
So if you don't like a company I can make them delete your file... ( the fines are very hard, and the state can actualy close a company that doesn't follow this).
Companies should not be allowed to sell or share customers' personal information unless the customer explicitly says they can.
Repeal the DMCA!
I've been waiting 3 weeks for items I won at auction. According to their policy, if they don't ship me my items within another week, they will be nice enough to "cancel my order for me". That kinda sucks because I got a great price on some drives. I wish they'd put things back the way they were before this whole egghead mess happened at all. I prefered www.onsale.com because I figured it was more reliable than Ebay. Now years later, I have more faith in 'joe ebay user' than I do in egghead. And Fry's can just light themselves on fire and throw themselves down a flight of stairs. I've never had anything but complete hell getting anything resembling service from them.
The most important thing any republican needs to know.
Tried to opt out, got this:
----- Transcript of session follows -----
... while talking to smtp02.egghead.com.:
>>> RCPT To:
452 4.2.2 Mailbox full
ugh.
Just got my attempt to opt-out declined. Seems their web page has the wrong email address or something is a bit flaky in their processing of these messages.
Not knowing diddly about Fry's (they are a West Coast company, we're on the bombed side) I don't want them to have my info and the potential to abuse it.
It's worth their while to have "Administrative Problems" with requests not to sell data... Too many requests would queer the deal.
Who did what now?
Taken as a whole, this is quite troubling.
jm
Oink, Oink!!
excuse me for asking, but what's the problem of having your 'personal info' go to someone else?
Are you going to have your bank accounts raided? No.
Are you going to be shot in the street? No.
Is it going to have ANY NEGATIVE AFFECT ON YOUR LIFE WHATSOEVER? NO.
Please shut the hell up about this crap.
When one company buys another, one certainly expects to get their customer database; this is no different in the online world than it is in the physical world.
I received the email from egghead.com informing me of the issue and the opportunity to opt out of having my info sold over to Fry's... THE OPT OUT DID NOT WORK, I received email notification that the opt out email failed to reach its specified destination, and therefore my choice to opt out was not registered. There is an 800 number that may or may not work, it was listed at egghead's opt out webpage...
dude, here's the URL for the opt-out page:
t _p
http://www.egghead.com/ShowPage.dll?page=b_1_op
... and you don't need a password, it asks for your username and email address. Plus, it's just a mailto form anyway, so compose a message to the address and ask to be opt-ed out.
Furthermore, call 1-800-EGG HEAD to get a customer service representative for help if the above process doesn't seem to work.
Try the proceedure before you panic and say they're screwing you over! Remember, egg head no longer has anything to lose by 5% of their customers opting out this way.
And no, thet don't have to tell you about it.
Why?
You don't have a de-facto right to control your information in the US, that's why. The database of information the company lawfully collected in their business dealings is THEIR asset to do what they want with (within the law, of course).
The individual records, they aren't that valuable. You don't 'own' all information about you in the world. The database as a whole has value.
As for them getting hacked, and losing their credit card info.. why do you feel so personally burned? The credit card belongs to the issuer, not you, and it's not YOUR problem if it's abused, it's the issuers. Yes, it may be slightly inconvenient to you to get it replaced.. though they informed you. Even though they said 'everything is okay', you can still call your credit card company up and request a new card because you suspect your current one has been compromised. They will send you a new one immediately at no charge.
I don't see what the big deal is.
Look, if there were a long-standing tradition of selling customers' computers in for repairs, that still wouldn't make it legal. Regardless of the context of the sale of the company, the company can't sell something it doesn't own, or that it has contractually agreed not to sell.
I checked my credit card contract.
And as I though...
I am liable for up to $50 of fraudulent charges if they are a result of my *card being stolen*, and I haven't reported it.
The language is quite explicitly clear. I am only liable if my card is physically stolen (lost, etc..).
The $50 limit you specify is a legal one; credit card issuers cannot produce, say, a cardholder agreemnet that makes you responsible for, say, $200 if the card is used incorrectly.. becauset the law says so.
If I were to post my card number to every BBS, the card company could hold me as being negligent; the cardholder agreement does discuss responsible use of the card. And responsible use includes letting them know when it's being used fraudulently.
Now.. maybe, just maybe, my cardholder agreement for my generic classic Visa from the Royal Bank of Canada is better than every other credit card agreement out there... but I doubt it.
I am only resonsible for (potentially) up to $50 in fraudulent charges resulting from the theft of my CARD.
I'm 99% sure anything other than the credit card number itself is 'voluntarily' checked. All the equipment I've seen in Canada only requires a CC number - this can be typed manually, swiped, etc.
But there IS incentive for a business to do some checking - CC companies recommend it, and if someone uses a fake card, CC companies have some options in getting the money back. Or never dispursing it to retail company X in the first place.
Their opt-out process was very quick and painless for me after I received the e-mail notice. I only bothered to opt-out because I had no intention of doing business with them in the near future.