What to Do When Company Breaks Privacy Agreement?

Mustang Matt asks: "Earlier this month, I caught ALXNet redhanded in breaking their own agreement in their privacy disclaimer. I've started generating unique email addresses for use in signups that are formed like [domain]@mydomain.com. [ C :"mydomain.com" is just used as an example, here] I just received spam to alxnet@mydomain.com, and here's the kicker: what I received was not even from ALXNet! It was filled with forged headers regarding an online trading newsletter, and this address has never been used anywhere else other than their signup. How can I hold them accountable? All I've done so far is asked Yahoo to close the account they are using." What, if anything, can be done about companies that pay lip service to their privacy agreements? For those SPAM busters out there, an example of the SPAM's headers is included, below. SPAM with full headers:

Return-Path: directaccessus@yahoo.com

Received: from yourwebsite.com (66-108-136-65.nyc.rr.com [66.108.136.65])
by linux.thoughtprocess.net (8.11.0/8.11.2/SuSE Linux 8.11.1-0.5) with SMTP id fB7M8Dv07978
for alxnet@mydomain.com; Fri, 7 Dec 2001 16:08:13 -0600
Message-Id: 200112072208.fB7M8Dv07978@linux.thoughtprocess.net
X-Authentication-Warning: linux.thoughtprocess.net: Host 66-108-136-65.nyc.rr.com [66.108.136.65] claimed to be yourwebsite.com
Reply-To: directaccessus@yahoo.com
From: directaccessus@yahoo.com
To: alxnet@mydomain.com
Subject: Trading Newsletter
Sender: directaccessus@yahoo.com
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Date: Fri, 7 Dec 2001 17:12:38 -0500
X-UIDL: 6cadc61cbcf01cac2a66f167c5416863

Use the power of the free market

[an_mo]

I am afraid most of those privacy statement in the U.S. are unilateral, and can be revoked by anytime by the company that offers them to the customers. Read the fine print: I bet you'll find they stated that they could change their privacy policy anytime; you can argue they did it without notice but if they posted it on some page on their web site they can argue they gave it enough publicity (sure you don't want an email from them anytime they change two words of legalese contracts :-) )

Then your only weapon is to let them know you're pissed and to change company. A little sad, but hopefully if enough people care about this then you'll find a company willing to maintain its reputation.

The situation in some other countries is a little different; in some european countries you have to sign in advance a statement that says you are aware of the privacy policies. Most of the times you have to sign a statement saying you are aware you have no privacy. In the end the outcome is no better and sometimes worse than the american market solution to privacy.

Re:Use the power of the free market

[gnovos]

I'm afraid that the above poster may be right, but here is one possibility: You *generated* that id, right? So maybe that means you hold the copyright on that... So they may have violated copyright laws. It may not hold up in court, but who knows, a sympathetic judge may decide that slapping down the spammers who write fake privacy contracts is just the right thing to do.

Re:Use the power of the free market

[Alxnet]

Read our answer to the allegations further down as a reply to the main posting. Regards, Alx Grepe Alxnet.com E-mail: alexander.grepe@abc.se Phone: +46-708627783

Alxnet's employees

[p0ppe]

A picure of Alxnet's employees can be found at http://www2.alxnet.se/img/misc/press/alxnet_employ ees.jpg. It's always nice to *see* who you're dealing with.

post about it on slashdot

[Phork]

i suggest you make a post to slashdot about how the violated there privacy statement, it should generate lots of negative PR for them, and cost them some cash for the extra bandwidth for their server from the slashdotting. If you cant get the story on the main page, try submitting something about it to askSlashdot, it wont be seen by as many people, but will still be seen by a large amount.

Re:post about it on slashdot

[Alxnet]

Read our comment at the bottom of the main thread. Again, we did not send out that spam. Alx Grepe Alxnet.com E-mail: alexander.grepe@abc.se Phone: +46-708627783

what no lameness filter on the story!!

[DrSkwid]

i'm having to scroll left and right to read the comments, sheesh, don't the editors have a preview (not that it helps me !)

Re:what no lameness filter on the story!!

[Phork]

i dont see what you mean, it sounds like your browser has a problem.

Re:what no lameness filter on the story!!

[DrSkwid]

hmm, i was using IE downstairs in the den

looks fine on konqueror

IE doesn't wrap the long lines

Re:what no lameness filter on the story!!

Nope...this is a little off topic, but since this is a non-main page story, I'll comment.

IE is doing what it is supposed to...its using a [PRE] statement, which should not wrap lines. Its annoying, but folks should learn how to use these things, or at least program their site so that these things don't effect the entire page. Most of this has been unreadable because of the pre.

Image if you had code you wanted to post, and it absolutely needed to be on one line, it won't get screwed this way. Yeah, their is a little used [code] tag, but I've never seen anyone use it except HTML Nazi's...never seen it in any HTML book my employees bring in either (I occasionally look, as every year, I use less and less tags...I'm down to tables, br's, and p's...other than that, its mostly css...something I avoided until I realized 95% of the browsers hitting my site were IE5+ and the others, well if they can't do css, its not like the standards haven't been around for years...the latest Moz seems to render fine though).

Kinda a shame, because I was interested in reading this story.

Its anonymous, so feel free to mark this OT if someone actually fixes the post for the majority of readers out there (hmmm...wasn't there a stats page that showed IE was the major /. reader here???)

Re:what no lameness filter on the story!!

[pen]

Just scroll up to the top of the page, leave all the select boxes the same, and just click Change. Voila! The same comments, but the story is not displayed.

Re:what no lameness filter on the story!!

[heliocentric]

Learn to hit the parent links of the main thread postings so you see all the comments and no top garbage. Like this.

Yahoo won't cut them off...

[catfood]

...because Yahoo won't cut anybody off for spamming. They're as black-hat as it gets with their own spammers.

Simple solution

[tunah]

Next time, sign up with mydomain@alxnet.com. That should sort them out.

I always sign up as

[Beowulf_Boy]

Root@wherever_im_signing_up_at.com and hope that they run a unix.

Re:I always sign up as

[velkro]

It's not usually root's fault thier marketing department is braindead, so I tend to use info@ or news@, or look at a recent press release and use the contact email address used there :)

Re:I always sign up as

[acceleriter]

If root doesn't know his employer is a criminal, he's not a very good root, anyway.

Re:I always sign up as

[p0ppe]

I tend to use i_hate_spam@wherever_im_signing_up_at.com...

Re:I always sign up as

[crtreece]

I usually use webmaster@domain.whatever, most web servers will have an account setup for this account.

Upstream ISP

[leastsquares]

I also use unique email addresses for web sign-ups. And, occasionally get spam sent to those addresses.

I forward the spam to all of the upstream servers in the form abuse@upstream.com, root@upstream.com, postmaster@upstream.com.

Nearly always, I get no response, except in one case I received an email stating that the company had been warned that if this happens ever again, their hosting contract will be cancelled. I thing this is enough justification to continue this procedure.

Send the spam to the spammers

[Allnighterking]

My attitude is this ... since most of the spam I get comes from either yahoo or hotmail. I opened an account on both of them. I alternate between them on the net. When they fill up. I open more accounts. Fake name and e-mail and I'm off and using their bandwidth for the spam they create instead of mine. Doesn't do much good. But I feel better.

Re:Send the spam to the spammers

[heliocentric]

Choose your fake e-mail id wisely. When one of those places opened up with free emails I got the account "fakeemail@yahoohotmailetc.com" and interestingly enough some decent perl coders out there have started to filter out people who use words like fake and email and I've also noticed some that prevent you from using their own domain name (as suggested in an above post).

So now I can't use that account even for legit email that maybe I wanted to get...

Re:Send the spam to the spammers

[Yottabyte84]

Use doamin names that resolve to 127.0.0.1, like porn.org or warez.slashdot.org

Re:Send the spam to the spammers

As one of those perl coders I can say we also check for abuse, root, admin, and anything that points to our domain.

And it looks like I'm going to start checking for 127.0.0.1

Re:Send the spam to the spammers

[heliocentric]

but my fakeemail@theirdomain is a legitimate email address that I keep since it's funny and your code prevents me from signing up. Does your use of preveting root prevent me from signing up with root@myowndomain?

Re:Send the spam to the spammers

Will you check for 2130706433, too? All those checks accomplish is to piss off the person who doesn't want to give his email address to get the free download, driver, information, or whatever it is that your company (probably) shouldn't make giving addresses a requirement for anyway. And in my case, it'll make me think of something particularly nasty, that your script may or may not catch. And the more times I have to try, the nastier it'll be. Food for thought.

~~~

Look like terrorists

They look like terrorists. Perhaps, you can use the patriot act against them.

Re:Look like terrorists

[Alxnet]

Thank you very much for your input!

We took this shot right before we returned back to the terrorist training camp : ) ...

With best regards,
Alx Grepe (the guy at the far right with the sun blinding his eyes)
Alxnet.com

Re:Look like terrorists

Wow, not only are you morally-deficient human beings, you are also incredibly, astoundingly, mind-bogglingly unfunny. Bet you're a hit with the ladies.

Re:Look like terrorists

[Alxnet]

You bet we are, but I'm not going to brag at Slashdot about it :)

/Alx

Alxnet Responds - official commentary

[Alxnet]

Hi!

My name is Alx Grepe and I am the founder and owner of <B>Alxnet AB</B>,
owners of alxnet.com / alxbook.com.

I have come to know of this message thread thru a reader who e-mailed me for
an advice on this matter.

<B>To start off:</B> Alxnet.com does NOT promote spam. We did NOT send the
message out. We collect e-mails to use for login purposes at our services as
well as populating our news letters.

We also offer advertisers to send e-mail advertising to our users on a
<B>100% double opt-in</B> basis where the advertiser does not actually get
the e-mail but rather send it out thru our list broker, PostmasterDirect.com

We do NOT send out mailings to our users on our news letters without their
possibility to remove themselves at any time.

<B>Second:</B> We will investigate how this message was sent out to him, and
as the sender seems to be using RoadRunner services in NYC, I bet it's not
too hard to track him/them down. I've had problems with spammers using
RR.com myself before. Whoever did this has hurt our business name and will
not get a happy new year...

We do not yet know how he managed to harvest this e-mail address, but we'll continue looking at it. All we know is that it did not originate from us.

<B>Third, is Matt attempting FRAUD?</B>:
As I wrote a response to Matt I noticed something about his e-mail address
that made me recall that I did in fact remember the domain it was sent from,
mail.win.org).

I looked up my e-mail box, as I save all outgoing e-mail, I found a letter
sent from him to me that I had sent to Paypal.com:s abuse department.

The mail was sent to me from Matt thru Paypal to the address at which I
signed up for the alxbook.com domain in the whois registry:

alexander.grepe@ABC.SE

I never see mail go to that address with the abc.se in capital except when I
recieve spam harvested from Network Solution. (they seemed to upper-case
domain names in e-mails for some reason)

What's worse, the letter Suject read:

"Bill for Email Processing"

the body read, in short:

Money Request details

Ammount: $50
Event: Bill for e-mail processing
Event Date: December 13, 2001
Note:

Your company has been found in violation of your privacy agreement [...] and in
violation of Missouri Senate Bill 763.

[...]

Thank you for doing business with us, Unpaid accounts will be turned over
to the legal department.

Alx: how rude is that?

<A HREF="http://www.alxnet.com/mkaatman.txt">http: //www.alxnet.com/mkaatman.txt</A>

Is Matt trying to rip us off? This sounds like a kind of invoice scam which is a classic trick. During many years faked
invoices have sent out to companies, who afraid to get listed at authrities as non-payers or ending up with a legal situation
accepts and pays bills to FRAUDsters.

You judge if he did right or wrong, my opinion is clear.

Matt has not contacted me in any way except this, thru PayPal. I have discarded his e-mails as just another clever way to scam people off.

PayPal has been informed of this act as I hope it'll come to his attention how wrong this is.

For any further information on this event, feel free to contact me, Alx Grepe,

by e-mail: alexander.grepe@abc.se
or phone: +46-708627783 ...

I'm playing with open cards on this to let you know we are not violating privacy rules, nor do we tolerate attempts of fraud thru e-mail...

Re:Alxnet Responds - official commentary

[nmos]

If in fact you did sell his email address to a spammer in conflict with your own privacy policy then I think he is justified in sending you a bill to cover his time, energy, and resources at a rate he considers reasonable.

Re:Alxnet Responds - official commentary

Oh, shut the fuck up. Why are you people so stupid?

Alxnet answers - we know where he got the spam

[Alxnet]

Hi again readers! It's now been confirmed - We have now found that Matt, depsite what he told the readers, did not only use that e-mail address to sign up to the services. Our services provided are guestbooks for homepages, Matt put on on his. In a message on that guestbook: http://pub.alxnet.com/guestbook?id=2249224 He has posted a message with this address in, and that's where a spam harvest bot found it. So, Alxnet has not given out the address, he did himself. Matt's false allegations has as well put us in a bad spot. Some kind of one-man warrior who in thinking he would do justice has after reading this compromised one of our testings server (let's face it, the machine has been running since '98 w/o harm and it was hacked today, we draw our conclusions).. Fortunatly, this is not a mission critical machine, but on the other hand - it's made things hard for thousands of people to send Christmas Wishes. If you who read this feel hit by this as being the one who did this, call us or e-mail us telling us you're sorry we will accept this in the spirit of christmas. LESSON LEARNT: Do not judge people without learning the whole truth. Ask both sides for their view on the story or it will make you blind... With best regards and Merry Christmas! Alx Grepe CEO & Founder Alxnet.com E-mail: alexander.grepe@abc.se Phone: +46-708627783

My apologies to ALXNET

[Mustang+Matt]

I've been conversing back and forth through email with Alx and his team discovered the root of the problem. The address was indeed posted into a guestbook. Not by myself, but that doesn't matter, I know how it got there.

All I can say is that I gave them two weeks to respond, sent them paypal bills per articles discussed here on slashdot, but in the end, this is my fault and I apologize for that.

Now they've contacted paypal, so I imagine my account will get frozen which is unfortunate due to the amount of money I have sitting there.

If they had only responded to any of my emails earlier this all could have been prevented.
It's unfortunate that only after getting publicity for what appeared to be a major flaw on their end were they willing to respond.

Again my apologies. Have a Merry Christmas.
Matt

Re:My apologies to ALXNET

[duffbeer703]

You are a real loser.

Reading of troll stories on Slashdot is a violation of my principles.

Please send me your email address so that I can bill you $15,000 under the New York Unsolicited Email and Self-Important Fucktard Enforcement act.

Re:My apologies to ALXNET

You are a stupid cunt!

Re:My apologies to ALXNET

• I've been conversing back and forth through email with Alx and his team discovered the root of the problem. The address was indeed posted into a guestbook. Not by myself, but that doesn't matter, I know how it got there.

Oh, you fuckwit, of course - you are not to blame! You stupid retard.

• All I can say is that I gave them two weeks to respond, sent them paypal bills per articles discussed here on slashdot, but in the end, this is my fault and I apologize for that.

Ah! A change of mind - yes, it is your fault, you idiot.

• Now they've contacted paypal, so I imagine my account will get frozen which is unfortunate due to the amount of money I have sitting there.

Good thing too. It might teach you a lesson in not being a loudmouth, self-important twat.

• If they had only responded to any of my emails earlier this all could have been prevented.

NO, if only you had not been a stupid dickhead, this could have all been prevented. Don't try to put the blame on to them, IT IS ENTIRELY YOUR FAULT.

• It's unfortunate that only after getting publicity for what appeared to be a major flaw on their end were they willing to respond.

You are a disgrace. This statement flies in the face of your apologies by trying to attach blame to a perfectly innocent group of people!

YOU made up all these falsehoods so it is YOUR fault!

• Again my apologies. Have a Merry Christmas.

Fuck you, moron.