Slashdot Mirror
ID Theft Made Easy
chiagoo writes "You may remember that 70% of the time, people will reveal their passwords for chocolate. Well, at this year's Infosecurity Europe, it was revealed that 92% of the 200 attendees surveyed would gladly trade enough information to steal their identities for a chance to win theater tickets. Social engineering at its best. Why spend time writing bots and rootkits when people will give you what you want for a piece of candy or a ticket to see The Pacifier?"
One man "provided all his information without question, but returned five minutes later asking for it back, as he thought that we could use it to gain access to his online bank account," Sellick recalled. "We gave him back his survey form, but did not provide any evidence of who we were. If we had been fraudsters, he would have been too late."
I refuse to do business with any Lakeville Liquor store in Lakeville, MN because they require a license swipe to verify my birthday. While they claim on a sign on the counter that they respect my privacy what does that really mean? Do the clerks know that those machines can store an XLS spreadsheet of all the information scanned? Do they know if those that own/operate the stores use that information later? Perhaps it's just to CYOA if some question arises from authorities later but how can I be so sure? I can't so I drive the two and a half miles out of my way to get my wine/beer somewhere else that doesn't scan. I make sure to tell the clerks that I buy there because they don't scan. Most don't care but perhaps someone will overhear me.
The manager at the Lakeville store sure did. I asked "are you going to scan that?" and when the clerk said she was I told her I would like my license back and that I was sorry that I couldn't do business with them. The clerk had no problems with it but the manager muttered that I was an "asshole" under his breath. Somehow I'm the asshole for protecting my privacy. If only more people would refuse to hand over their personal information. What happens if someone robbed the liquor store and stole the little scan box along with the register, would you be a bit more concerned then?
How about the gas station that writes down your license plate information when you purchase gas w/o paying at the pump. It's just for their economic safety they say. Do you know how much information you can get on the owner of a car from their license plate? What happens if I go inside, buy a few items, and pay w/my credit card? They now have my CC # and my personal information. That's enough for ID theft as well. I saw the clerk write down my license plate and I asked them for the paper when I left. They were a little confused as to how I knew they did that and they were VERY confused as to why I would want that back. I didn't feel the need to educate them on it though.
Even I am not immune to this sort of scamming for info. While out drinking with friends (drunk actually) I was approached by an attractive female working for Marlboro. She would give me cheap cigarette coupons and a free Zippo lighter if I let them give me a survey. Drunk, distracted, and clueless, I swiped my license and took the survey. I have been getting coupons and various "gifts" in the mail since. I could have been completely duped by these people and not had a single clue. Luckily they were who they said they were and I'm not seeing any miscellaneous charges being rung up by any cigarette companies trying to cover their lawsuits with my money. Anyone (no matter how careful) can be owned. By the way - I don't even smoke cigarettes.
So, just because we know a company (or its representatives) we should not trust them with our personal information and the more people that are willing to trade over their private/personal information for a bottle of wine, a 12 pack of cheap beer, or a free Zippo might want to think twice.
it was revealed that 92% of the 200 attendees surveyed would gladly trade enough information to steal their identities for a chance to win theater tickets.
Yeah it is cool to think that 92% of the people you have enough info to steal their identity. But lets put theory to practice and see how much of the 92% gave real information.
For me any form online I was born in 1900. My zip code is 12345, usually 666 Elm street, Amityville, NY. Phone number is 1-800-328-7448 and call anytime. I would make of 250,000+ or anything thing they have in the list that is higher. My occupation is the first drop down. Oh and my email address is who you are @mailinater.com. If the site looks up the information than I just go the governors web site and copy that info and use that. So I bet if you run a web site and you found that one than you probably could cross reference that info back to me and I would only say good job.
So I speculate that the 92% you have data from that you'll have 25% techices that give you 100% BS. It will occur to the general population once more and more people get burned to keep quiet.
I have absolutely no problem earning a living from recovering virused, spyware-ridden and cracked systems (or I guess in this case, "here's my password systems"). I encourage this idiot behavior :)
No matter how many privacy "protections" there are, it won't stop people from volunteering their own personal information.
For free identity theft monitoring, please send your name, social security number, birth date, credit card numbers with expiration dates, and address to protectmyidentity@gmail.com. We will take care of your credit record for you and guarantee that you will never have to worry about your good credit record ever again.
The IT Guy surely give you his boss email password if you give him a new and most wanted PSP.
http://www.michel.eti.br
Enter Credit Card number and expiration date below.
CC# _____________ Expiration Date: ______
Do the clerks know that those machines can store an XLS spreadsheet of all the information scanned? Do they know if those that own/operate the stores use that information later?
Nightclubs do that. When they scan your license, it stores your name/address/birthday for a mailing list. Big events are a mass mailing...and birthdays get you a "get in for free" pass.
"100% provided their names upon request" and "98% gave their address in order to receive a winning voucher". I don't think that's very surprising... how could you win the voucher anyway without contact information?
I entered my friend's e-mail in hotmail, and clicked the forgotten password button. It gave me his secret question, and from there I simply asked him it. Its a secret question! Ack.
Whenever I have spare time I go out of my way to answer surveys like these with bogus data. Like they say "It'll only take a couple of minutes of your time Sir!"
I consider it an important and useful civic act to poison the noosphere with false data in order to throw off the pundits, pollsters, advertisers and fraudsters.
I could see giving up the info for a good movie, but come on, the Pacifier?? :)
Personally I think that most people are not aware that the information that they are giving could be used in that way. The problem is that our personal information has become more and more frequently asked. I remember back years ago when you could actually refuse to give your SSN but now your SSN has become a more Unified Personal ID number. This in itself is a shame. People need to be educated about what information should be given. With the article there I am sure there are quite a bit of people who actually use social engeneering to gain what they seek. But there are the other ones who would rather do things anon. What have you all done/given to win things? I know that when i refure to give out my information they usually say they cant give me what I won. It really makes you question what this information they gain is being used for when you win something. I am sure it goes into some marketing DB somewhere that the company uses. But one can never be sure or safe. My X Wife one time had identity theft happen to her and it was a major hastle for us to sort it out. Though we have no idea how the information was gained. Let me tell you tracking down where the information was gained is close to impossible.
string sig = llGetSig("dimentox"); llSay(0,sig);
Being in the telemarketing industry, I can whole heartedly confirm the stupidity of most people. Hell, I can get someone's credit card, shipping address, and telephone number, and then they ask "oh, what was this product again??"
Flash some useless piece of shit on TV, get Chuck Norris to pretend like he uses it, and people will fall all over themselves to give you all their personal information. I bet I could even ask for their SSN on a Super Duper Blender call and they would cough it up.
Slashdot sucks
homer simpson
742 evergreen terrace
springfield, Shoot, i forgot my state.
end obligatory simpsons quote
Can we prove 70% of users are giving real passwords for chocolate, or just telling a stranger the name of a pet they may or may not actually own for free candy?
;)
I could see the 34% that don't need bribes as people who are just spouting out a random word so as not to be bothered by a survey taker... but if they go on to give details about how they remember their password, that gets iffy. Is the survey taker too aggressive for the respondent, or is the respondent not worried that the survey taker will be able to match the password with the userid or system.
For example, let's say my password for a certain system is 'swordfish'. Now what do you do? By the way, I want my candy before you answer that.
That Anonymous Coward dude must've really screwed up. Everybody seems to have his password.
No Nyarlathotep, No Chaos
Know Nyarlathotep, Know Chaos
Did they really give it back to the person who filled it out, or someone who asked for it?
Did they just give the individual info to a third person?
Why spend time writing bots and rootkits when people will give you what you want for a piece of candy or a ticket to see The Pacifier?
must write rootkits, to allow for future logins. don't want to be handing out candy, for each time i want to login into a system.
Consensus is good, but informed dictatorship is better
...now everyone will start asking each other what their mother's maiden name was. At my school, we still use SSN's for our student ID's, so it wouldn't be very hard to steal someone's identity here. Of course, we're all honest, 'cause of the 'honor system'.
Riiiiiight.
I'll make the obligatory comment: Biometrics! The sooner the price comes down on these and the reliability goes up, they will be much better than passwords. I think today, two factor authentication is enough of a hurdle.
I know fingerprints can be foiled with rubber or BREATHING, but if you combine that with voice print or retinal scan, it should be pretty secure, even today. Add in facial recognition, and you've got a secure environment.
All authentication mechanisms are just hurdles. You have to hope your hurdles are high enough to obstruct the level of cracker that is after your information.
I have convinced people at work that making people change their passwords every month totally backfires; it causes utter INsecurity when the people can't remember the password because they have to change it all the time. They end up putting it on post-it notes in drawers next to the desk. I understand the motive, to increase the time it takes to brute-force the password, but when the users are going to do this in reaction to this because they have so many to remember, then you have zero security.
In short, we NEED biometrics, and we need them widely available and cheap.
that these innocuous pieces of information are -sufficient- to steal one's identity, open bank accounts, etc. Too bad the banking industry has no incentive to make it harder.
On the bright side, in the US at least, I think your SSN would also be needed, and I suspect at least some Americans are bright enough to guard that.
TFA: Last year, people at a transit station gladly gave up their passwords for a chocolate Easter egg.
What passwords? Did they check them? This doesn't sound too credible.
Tsunami -- You can't bring a good wave down!
I promise to give you all my personal details :)
How about the gas station that writes down your license plate information when you purchase gas w/o paying at the pump. It's just for their economic safety they say. Do you know how much information you can get on the owner of a car from their license plate?
They can get very little, actually, without access to police computers. Even if they could, it's no different from just driving around. You proudly display your license plate to hundreds of people each day. In light of this, it's not very easy to get much information from them, and it requires police cooperation. That gas station doesn't punch in the plate and go vigilante on you, they call the police and give the plate numbers to the police.
The gas station writing down your information is totally different from someone scanning your ID. Scanning your ID is a much more private process, and it requires your cooperation. However, anyone can write down a plate number. It's not even remotely the same, and it's definately not a security risk.
Computers need to explode more often.
and other personal data, just for a bit of candy. Heck, I'd do it for free. I just wouldn't give them the correct password. I'd also make sure that the personal data I gave them was total BS.
So how do we know that the seemingly credulous participants in the survey weren't lying?
Dear Sir,
ASSISTANCE REQUIRED FOR ACQUISITION OF MASS QUANITY OF CHOCOLATE
I write to inform you of my desire to acquire large quanities of chocolate in your country on behalf of the Director of Contracts and Finance Allocations of the Federal Ministry of Works and Housing in Nigeria.
Considering his very strategic and influential
position, he would want the transaction to be as
strictly confidential as possible. He further wants his identity to remain undisclosed at least for now, until the completion of the transaction. Hence our desire to have an overseas agent.
I have therefore been directed to inquire if you would agree to act as our overseas agent in order to actualize this transaction.
The deal, in brief, is that the funds with which we intend to carry out our proposed investments in your country is presently in a coded account at the Nigerian Apex Bank (i.e. the Central Bank of Nigeria) and we need your assistance and password to transfer the funds to your country in a convenient bank account that will be provided by you before we can put the funds into use in your country.
Isn't there going to be a point, though, where credit card companies start losing enough money that they are required to do more defense? I mean, one looks at all the personality fraud going on, and the people who end up paying the bill for SOME (not all, but some) of it are the big corporations like Visa and AmEx. Did anyone else notice the big push of 'your credit card companies are protecting you' ads over last year? In the US at least, there's an umbrella for consumers becoming consumers unwillingly due to the companies' inability to actually do detailed checks on people. Is there less intrusive (read: Consumer Friendly) technology being developed to combat identity fraud? Why yes, yes there is.
You're forgetting that even the least clueless are subject to this crap, and since they are someone's losing money hand over fist. Someone else is trying to make the money loser happy by pushing towards him losing LESS money. Capitalism sucks a lot, but here I think it might actually work.
Meanwhile, of course, thank you for posting on Slashdot and I'm having a great time in Aruba.
My little site.
"I saw the clerk write down my license plate and I asked them for the paper when I left."
You were fine until this point. This is getting a bit anal. Now when you drive to the store, you park a few blocks away and walk? I mean, -any- store employee might get your license number so you better not take any chances. You better always pay with cash too.
Fred Flintstone is my preferred nom de plume.
Works like a charm.
We must be alert to the danger that public policy could become captive to a scientific-technological elite. - Eisenhower
It doesn't matter how well you hide things. You can burn everything, never put your details any where you can't burn afterwards. But if someone wants you, they will get you. By hook or by crook someone will get you if they truely want you..
I like muppets.
Just tell them what they can use it for. We wouldn't want the fraudsters to have to think too hard. In any case, it would have been interesting to see what he would have done had they said no.
I was at Wal-Mart late one night last week.
You know those self-checkout stations they have now? Each and every one of them was spitting out paper slips non-stop that were records of the day's transactions. My roommate snapped a photo.
Each and every slip had the full credit card number, the expiration date, and a copy of the cardholder's signature.
They were unattended, and the workers had placed plastic bags to catch the slips as they fell out of the machines.
There must have been hundreds...
At just one Wal-Mart...
Out of thousands of stores.
These people looked deep into my soul and assigned me a number based on the order in which I joined.
In this society, we use various forms of identification for various reasons. Go ahead and get mad at a gas station clerk if you want. If they arn't writing it down then your plate is on tape. Privacy is one thing, but your licence plate is there to PUBLICLY IDENTIFY you. That is its purpose. The poor guy would lose his job if you drove away without paying for your gas, not to mention that everyone would have to pay more for theirs.
A driver's license it there to privatly identify to those you show it to, a choice you make.
Your social security number should not be used for identification except to services (taxes, social security) that require it.
If you are mad that too much information is available to someone just by your license plate, fight to change what information is linked to it, don't get pissed at some schmuck for writing down a number that is plastered on both ends of the outside of your car!
to see if they gave the actual passwords. It's not much use if you ask, and they give, but then end up putting that they died in 1975 and was born in 1976.
But then again, maybe they thought they were entering an actual contest. Since this was done in the real world, there'd be a much higher chance of them entering actual information. Entering an online contest is different from answering questions for movie tickets.
Derive Politics
Never underestimate the power of social engineering. My sister's identity was recenty stolen, but thankfully they caught is idiots in the act courtesy of an alert bank teller who got suspicious. The bank (located in Ohio) called my sister and asked her where she was (California). When she told her they propmtly got the people arrested. As how it got out there, who knows.
I'm pretty anal about filling out web forms with fake info, and I also have a very assertive stance with my privacy. It's amazing the amount of flack I get from people when I tell them that I won't give them my personal information or that it's none of their business.
It's amazing how quick they change their tune when you tell them that you're taking your money elsewhere.
They can get very little, actually, without access to police computers.
You could not be more wrong. You can get a ton of information including name, address, previous addresses, DOB, etc. This isn't from some police database either. It's records that are available through individuals that have access to databases like Lexis Nexis.
Even if they could, it's no different from just driving around. You proudly display your license plate to hundreds of people each day.
But I don't display my CC # right next to it.
... and those 200 people aren't attendees of the conference. They're just sampled off the streets of London.
Even I am not immune to this sort of scamming for info. While out drinking with friends (drunk actually) I was approached by an attractive female working for Marlboro. She would give me cheap cigarette coupons and a free Zippo lighter if I let them give me a survey. Drunk, distracted, and clueless, I swiped my license and took the survey. I have been getting coupons and various "gifts" in the mail since. I could have been completely duped by these people and not had a single clue. Luckily they were who they said they were and I'm not seeing any miscellaneous charges being rung up by any cigarette companies trying to cover their lawsuits with my money. Anyone (no matter how careful) can be owned. By the way - I don't even smoke cigarettes.
Yeah, the copper zippo! I have one. And I love that they send me the coupons, decks of cards, CDs, all kinds of cool stuff. If they're going to be my choice of cancer providers, at least they can give me cool shit to get buried with.
Not necessarily divulged information. These studies are worthless because they ignore the very blatant fact that people can and most likely do give false information.
My ex-girlfriend has the same password on almost everything. I don't know if she's actually gotten around to changing them yet -- I'm not really the stalker type. :-)
Tickets for The Pacifier was NOT part of the deal. You promised me advanced tickets to Revenge of the Sith damnit! If I don't get those tickets soon, I swear I'll change my password!
If someone says he and his monkey have nothing to hide, they almost certainly do.
I'm about as close to paranoid about my personal information as anyone I know and my identity was stolen about 5 weeks ago. I give out practically nothing and it still happened. The part that drives you up the wall is how nobody seems to really give a crap about it. The police yawn, write the report, and leave. The stores all want an affidavit and then go away. Your bank gives you a new account and returns your money. Aside from the pile of paperwork I had, and am still having to deal with it doesn't seem to bother anyone that this happens. This money must have come from somewhere right?
I know I got all my cash back but I'd bring back roadside crucifixion in a heartbeat if I could get my hands on the guy who wrote $5K worth of checks using my info.
Appended to the end of comments you post. 120 chars.
Well, at this year's Infosecurity Europe, it was revealed that 92% of the 200 attendees surveyed would gladly trade enough information to steal their identities for a chance to win theater tickets.
It's 92% of a sample of 200 random Londoners, not 200 of the people who attended Infosecurity Europe.
Congratulations sir, here is your official membership pin to the Tin Foil Hat Brigade! Your address is really not all that confidential at all; anyone can get it if they want to. Your car's license plate number is by definition public information; what are you going to do, cover it up? To get the level of privacy you seem to be looking for, I recommend that you never leave your house except to purchase necessities, and then you must walk and not drive, wear a ski mask, pay with cash, and never buy anything that would require an ID. No, that doesn't sound like much fun to me either, so I'll put up with the occaisional annoyance, which is really all this stuff is.
My philosophy is, make my info a bit harder to get than the next guy's and I'm safe(er). So the fact that there are so many others out there whose info is so easy to get, just makes me feel safer. Just like putting the Club on my car. A thief can remove it w/o too much trouble, but it's still easier for him to just steal the car that doesn't have any theft-deterrent. What does worry me is companies not guarding the information that I give them for legitimate use.
Go ahead and get mad at a gas station clerk if you want.
In the instances I listed above I never made a single mention of being "mad" or "upset" with the individuals doing their job. I just asked for the slip of paper w/my license plate number on it back. Perhaps you should not assume so much and just read what's at face value.
Will you accept 500 password hashes?
This is one circumstance where the required social security number in the US actually makes us more secure. You would find it difficult to open a bank account without one in the US and people do tend to look up briefly when you ask them for it. Usually the SSN makes us less safe but in this case it would make this particular experiment fail to gather enough info to open a bank account.
The information about someone can be found out via other methods. I'm not going to go into details, but I'll say simply the Net.
Biometrics could possibly be worse for security and here is how. No matter what you request, some part of it must eventually go through a scanner. I'll take the Voice and Retinal you use since they are more or less at two different ends of the spectrum here. For voice, someone can tape record you and then play that back. Have you ever seen the movie "Sneakers"? They get around a voice pass phrase that way. For retinal, at some point your information is read by the scanner. All someone needs to do is intercept and copy that information to have you biometrics. You can only protect against this if you can watch all the terminals and make sure that no one is doing any cheating. Over the internet, you can't do this since every computer is a terminal and you can't watch them all.
The most secure method is going to remain passwords and passphrases for the forseable future.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
I've been very careful about keeping my credit card information safe, but somehow, someone got my credit card information and used it for an online spending spree for e-goods.
I then used social engineering to MY advantage to get information about the person using my credit card information. This moron did absolutely nothing to cover his tracks. After the police and Visa are through with him, maybe I'll post his information here and see if he likes being on the receiving end of this kind of theft.
.sig wanted. Inquire within.
If they give it to you is it really theft?
The last few times I've used short-term parking at the LAX airport, I've been asked to pull forward so their camera can get my license plate in view, and I notice they record it in a log. Every time this happens, I question why they do it and their response is "for security." I don't understand how their recording of my license plate increases security. Nowadays, any question you ask at an airport is answered with "it's for security purposes" or "increased security."
I understand that you can write down any license plate number in a parking lot or on the road and you can easily track people that way. I just didn't like the way they told me my plate number was logged for security. One time when I asked and pressed for a better answer I was given something more realistic. I was told that people frequently try to cheat the parking garage by getting a new ticket just before they leave. (park for a week, get a new ticket 10 minutes before you exit and pay $2.00). They occasionally run audits and record license plates during the night to track who is parked in their lot. Upon exiting, if your plate is logged in the system as "parked" and you have a 10 minute old ticket, it raises a red flag.
Of course, I'm sure there are ways that an electronic log of me being parked at the airport for a week could possibly be used against me.
While out drinking with friends (drunk actually) I was approached by an attractive female working for Marlboro. She would give me cheap cigarette coupons and a free Zippo lighter if I let them give me a survey. Drunk, distracted, and clueless, I swiped my license and took the survey.
I've done the same thing before. I wanted the free Zippo to give to my brother. They were walking around with a portable device that scanned the license and accepted the signature electronically. If you read the line where you sign, it says "I CERTIFY THAT I AM A SMOKER 21 YEARS OF AGE OR OLDER". I'm not a smoker, but I signed anyway to get the freebie. I always wonder if insurance companies could get their hands on that info and use it against people. Fortunately for me, the address on my license is incorrect, so no junk mail for me.
I realize you said "like LexisNexis", but I'm not so sure about LN itself. I have access, and I gave it a quick perusal.
There are some areas where you can search for information about people, but that's just a law directory, with info about lawyers. There's also a biographical search, but that only includes politicians and business executives. I tried looking myself up, for example, and found nothing.
WeRelate.org - wiki-based genealogy
1600 Pennsylvania Avenue NW
Washington, DC 20500
Telephone: 202-456-1414
FAX: 202-456-2461
billyg@microsoft.com
sjobs@apple.com
billy@aol.com (I feel sorry for him)
I have done this for multiple administrations.
I saw the clerk write down my license plate and I asked them for the paper when I left.
Although I agree with 99.9% of everything you stated, the license plate number bit I can not. It is on the back and/or front of your car. ANYONE can write that down, not just the gas station operator. I understand the more information someone has the better the chance they can steal your identity but it would require some form of DMV/Police access to get any information from the license plate. I treat that like a house/street number. Anyone can follow you home and write that information down along with the rest of your license plate numbers as well. Think about your neighbors. You have access to all of their licence plate numbers, their full names and their house number. That is not enough to steal their identity. Hell, even if I had their CC in my hand, I could not steal their identity, I could proably use that specific card until it was cancelled but I would not be able to get more cards in their name or apply for any new credit against them with it.
Bad boys rape our young girls but Violet gives willingly.
because it's much easier to do that than have to leave my mom's basement and go talk to people, let alone give them candy. duh
vodka, straight up, thank you!
The way I see it, this is not a sign that people need to be taught not reveal details about their personal life to allow identity theft, but that the standards for allowing new/changed credit and other profitable (including non-monetary) benefits from identity theft should include identifiers that people will not normally give away without realizing it's significance.
Biometrics are a good example, but even that does not go far enough.
How about a video clip where the person says something like "I explicitly authorize the following change to my personal credit/identity profile; Please add a $2453 credit line for ABC appliances to purchase a new washer/drier". This and every other change could be stored with the credit/identity profile. It could be done with a simple mic/webcam and some database extensions.
Birth certificates could include DNA data and/or DNA hashes and new credit/identity profiles could require checking that and recording of a baseline "I Bob Jones authorize the creation of a new credit profile".
New changes to that profile could be checked against past photos / voice prints anytime a change is requested. Impersonators would have to look and sound very much the person being imitated.
This would be A very strong standard to block fraud indeed.
Legislation would be required to prevent the misuse of this kind of DNA data and the accepting of new credit/identity changes without it.
In Summary: Its not the users who are broken, its the system that does not take into account their likely behaviour and provide cost effective technical solutions to the weaknesses of that behaviour.
Its not users who are broken, it's systems not taking account their likely behaviour and fixing it technically.
Slashdot editors can't be bothered to read Slashdot (hence all the dupes), let alone the linked articles in a story submission. And as for actually, you know, editing the submissions? No chance.
If your comment title says 'Re: Foo', I'm not likely to read it.
Who needs russian identity thieves?
HA! I just wasted some of your bandwidth with a frivolous sig!
If a major big-name company that I trust offered something of value in trade for personal information, I'd be much more relaxed than if Mr. Anonymous did the same.
If I lived in a country with strong privacy laws, where I knew that if I gave my info to Big Name Company they couldn't pass it on to others, I'd be even more trusting.
Of course, that leaves me vulnerable to Mr. Crook who sets up a legitimate business, runs it for a year or two to get name recognition, then offers chocolate or movie tickets for personal information, knowing all along he's planning to sell that information to organized crime syndicates.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I personally use Todd Strahan, my childhood archenemy :)
I use his real address too!
Is this bad? I haven't seen him for...oh....15 years...I'm bad I guess
--------------------------------------------- SignalGod ---------------------------------------------
They probably make you pull forward close enough to scan your retinas. I mean, we have satellites up in the sky with enough resolution to pick up the image of a license plate, why would it be so hard to scan a license plate from a few yards away?
There are many different sections to LexisNexis and you can have access to any variety of them at a time based on your security. I know of two individuals with access to this information that have nothing to do with law enforcement.
See here for information on LexisNexis' available public records.
Hi,
We are looking for a software development manager with 5+ years experience, expecting to earn around £60,000.
All you have to do is send me your CV with details of where you went to school, what grades you left with, your date of birth, all your work history and your address and phone number.
Knowing you have a job and earn about £60k I will arrive at your house in a few days time, go through you rubbish to get bank account details.
I will then use the information you sent me to steal you identity, the amount your earning I doubt you'll even notice.
Have a nice day.
thank God the internet isn't a human right.
But I don't display my CC # right next to it.
Nor do you display your credit card number right next to it at the gas station. You'll notice that parent specified when you drive off without paying. In this case, you have given the gas station no more than you give all the people you drive past during the day. If you're going to get upset about this, then you also need to yell at everyone who uses security cameras. Given the number of times security cameras have been used to solve crimes, I'm placated.
Computers need to explode more often.
Answering surveys with bogus data doesn't work. The data is simply stored in huge data banks. Programs either now or the near future will filter out the bogus entries.
It would be a more important and civil act not to answer surveys with bogus data. The pundits, pollsters, advertisers and fraudsters are going to do what want regardless of public opinion and will manipulate the collected data to justify whatever position that they take from challengers.
Ok, I reread the parent and he did mention paying inside. Nevertheless, if you are going to complain that they now have your credit card and license plate, then you should also complain that they have you on camera from the time you pulled into the parking lot to the time you leave again, with the possible exception of any time spent in the restroom.
Computers need to explode more often.
"Ok mr. simpson, just fill out this form giving us all of your personal information and we will hand you this ICE, COLD 6-PACK of DUFF."
.......
"Laaaaaaa, beeeeeeeer. gimme gimme gimme!"
"Thank you for your information and here is your beer. Now, if you'd be so kind as to sign over your power of attorney we'll give you a SECOND 6-PACK."
People (and I am including myself in this) are idiots, we'd give up tons of our rights for a quick little gift.
The BBC has also previously covered this in April, 2004:
They reported that:
More than 70% of people would reveal their computer password in exchange for a bar of chocolate, a survey has found.
The story can be found here: http://news.bbc.co.uk/1/hi/technology/3639679.stm
Like taking candy from a baby.
Wait...
if(!toilet_paper) roll.replace(new roll);
What exactly is so terrifying about the people at that store having your license number and birth date in an XLS file? (No, your SSN is not stored on the strip, even if you opted to have it printed on your license)
A friend of mine works for a large retail chain. They just decided last week that it is NOT a good idea to throw ALL of their charge slips and former employee files into trash.
And I'm not just talking about some drone middle managers - this was a CORPORATE policy, for hundreds of stores nationwide.
They don't care, they push most of the losses onto the retailers...
No, that's a paedophile.
uce@ftc.gov
007 PT Barnum Blvd
Scamsville, CA 90125
DOB 7/4/1776
SSN 911-00-DEAD
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
Sorry for assuming anger, just my perception of the post. Would contend, however, that they do not have a right to not only record, but keep that recording, of public information?
As a poster to the BBC article said, "I'd reveal my "password" to anybody if they were offering me free chocolate! My password is "givemefreechocolatenowplease"!"
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
I sure don't want to be a victim of identity theft, but to have my DNA data encoded by the government? Sounds too much like Gattaca. Turning 250 millions of identities to the government is far worse than having a small number of crooks digging through the garbage bags.
But it's theater man! In this age of banal reality shows, surely this is worth some risk!
Seriously though, it looks like the study has revealed the 21st century equivalent of strangers offering candy to children to entice them to enter their cars. Interestingly enough, web saavy kids may well turn out to be less likely to give away vital information. Mine have told me of all sorts of schemes that people use to scam people out of id info on neopets and gaiaonline. Granted, before they went on the internet, I warned them not to give out personal info, it's still good to see that they are being smart out there!
To the making of books there is no end, so let's get started
Are you serious? Video clips every time you make a credit card transaction?
I'm one of those people who uses my credit card for everything (1% cash back, and basically a month-long interest free loan) and I don't want to have to give a speech every time I buy $25 worth of groceries or a tank of gas
Nor do I want to stand in line behind people who are.
I have blog like everyone else
Interesting you should mention the CC companies' push for fraud protection. In the last few weeks my wife has received two offers from one of her CC companies. They basically want to pay you $10 for signing up for the fraud protection. You know the deal, "cash this check and we'll activate the protection. You can cancel at any time, yadda yadda yadda"
Now here's the important part. The check is made out to "Wife's Name or Bearer". That's right. "Or Bearer" which means that anyone who happened to come upon that check could cash it, automatically starting a monthly charge on her CC without her knowledge. Yeah that's the way to protect her card from fraudulent charges. Way to go!
Needless to say, we are complaining to them and closing the account with that company.
Ender-
Nothing to see here
Sorry for assuming anger, just my perception of the post. Would contend, however, that they do not have a right to not only record, but keep that recording, of public information?
Think system wide and find the real
flaw here. Are people really stupid
to provide a handful of facts about
themselves? Or are the banks stupid
to accept a handful of facts as
evidence of authorization to access
an account?
Seems to me this whole "identity theft"
is an exercise in blaming people for the
banks' failures. I haven't had my
"identity stolen" -- whatever that's
supposed to mean. No, the bank has been
tricked, defrauded into giving up my
money to someone who happens to know my
mother's maiden name. That's the bank's
policies hurting the bank's ability to
do its job -- keep my money safe. That's
not my problem.
Calling it "identity theft" and holding
me responsible for preventing it is just
an attempt to turn the banks' problem into
my problem -- one they are happy to help
me solve for a fee of $10 a month.
No, thanks, I decline to pay a monthly
fee to do the bank's work for it.
People don't know how to properly do things we haven't practiced, or even recognize we're expected to do them, until we've "cognized" them consciously. Until we evolve a protocol, a sense of propriety, some manners, we're just babes in the woods, among the wolves.
--
make install -not war
Privacy is one thing, but your licence plate is there to PUBLICLY IDENTIFY you.
Incorrect. A licence plate identifies the vehicle, not the operator.
Would contend, however, that they do not have a right to not only record, but keep that recording, of public information?
IANAL so I couldn't answer that but I am just as much in my rights to have a reasonable expectation that the information will not be recorded and linked to my CC # (which was the original point of this discussion) for malicious use.
I have as much of a right to request that the information be given back to me (it is my information afterall) as they have to take it in the first place.
You may not be getting junk mail but you are breaking the law.
In most states, having a wrong address on your driver's license is against the law. You are supposed to get it updated within a couple of weeks of your move.
I anticipated identity theft many years before most media outlets were reporting about it. I took it upon myself the to a comprehensive plan into action more than 10 years ago. Below is my six step plan for avoiding identity theft. 1) Get a credit card when you are young and abuse the hell out of it then do not pay the bill. 2) Avoid paying your monthly utility bills on time. 3) Get a secured Visa from your bank and then do not pay those bills, finally letting the card fall into default and then the bank keeps your secured deposit. 4) Get many Cell phone plans and do not pay those bills. 5) Buy merchandise on no interest plans and then just disappear. 6) Write checks with no money in the bank. The resulting checks will bounce and cause many warrants put out for your arrest. Now following this 6 step plan will cause your credit to just basically suck and if any thief decides your identity is his next target he will have a nice little surprise when he tries to get that new credit card in your name. In fact I have found that this can lead to more arrests of the identity thieves by causing the police to come look for me for bad debt and busting the crooks red handed. If you found this to be useful information then please deposit $5 into my checking account. If you have trouble getting the deposit to go through then here is some information to help you. Mother's Maiden Name: Disney Pet's Name: Mickey Mouse D.O.B: 12/05/1901 Phone Number: (818) 460-7477
They could send you an unsolicited birthday gift! Or um, like - know my name or something.
People like garcia are just illogical. Typically they are males who have too much leisure time, no kids, etc so that they invent ways that "the man" is trying to track them. As if "the man" has any interest in a middle class geek.
You should pay with a credit card (mastercard/visa) as their rules prohibit the merchant from requiring personal information for the transaction. From the MasterCard Merchant Rules:
9.11.2 Cardholder Identification A merchant must not refuse to complete a MasterCard card transaction solely because a cardholder who has complied with the conditions for presentment of a card at the POI refuses to provide additional identification information, except as specifically permitted or required by the Standards. A merchant may require additional identification from the cardholder if the information is required to complete the transaction, such as for mail order, telephone order, or electronic commerce transactions.
For Face-to-Face transactions, they can ask to see your identification for the purposes of ensuring that you are the card holder, but they cannot record that information.
1) Get a credit card when you are young and abuse the hell out of it then do not pay the bill.
2) Avoid paying your monthly utility bills on time.
3) Get a secured Visa from your bank and then do not pay those bills, finally letting the card fall into default and then the bank keeps your secured deposit.
4) Get many Cell phone plans and do not pay those bills.
5) Buy merchandise on no interest plans and then just disappear.
6) Write checks with no money in the bank. The resulting checks will bounce and cause many warrants put out for your arrest.
Now following this 6 step plan will cause your credit to just basically suck and if any thief decides your identity is his next target he will have a nice little surprise when he tries to get that new credit card in your name. In fact I have found that this can lead to more arrests of the identity thieves by causing the police to come look for me for bad debt and busting the crooks red handed.
If you found this to be useful information then please deposit $5 into my checking account. If you have trouble getting the deposit to go through then here is some information to help you.
Mother's Maiden Name: Disney
Pet's Name: Mickey Mouse
D.O.B: 12/05/1901
Phone Number: (818) 460-7477
No wonder the imaginary guy on my old fake id still gets mail at my friend's apartment . . . .
Trade pwd 4 sex
Actually, I did that once. My girlfriend and I were having a fight because she accused me of not trusting her. As a show of trust and good faith, I told her my main password for important stuff. Shortly afterwards, we had make-up sex. After she fell asleep, I went and changed my passwords.
http://publicvoidlife.blogspot.com
U can use a photocopy of a fingerprint and the heat of your finger behind it.
AMAZING HUH!
My prefered secret question is usually "Pick a number from one to ten", although I will occasionally use the classic "Feathers or Lead?"
Either way, the secret answer is a 25 digit prime that I'm fond of for no particular reason. Good luck.
//Information does not want to be free; it wants to breed.
Birth certificates could include DNA data and/or DNA hashes
It'd need to become about a million times more accurate before anybody'd trust it for financial transactions. Houston alone fucked up a few hundred cases in the past decade, no bank would take any technology with that kind of an error rate.
"How about the gas station that writes down your license plate information when you purchase gas w/o paying at the pump. It's just for their economic safety they say. Do you know how much information you can get on the owner of a car from their license plate? What happens if I go inside, buy a few items, and pay w/my credit card? They now have my CC # and my personal information. That's enough for ID theft as well. I saw the clerk write down my license plate and I asked them for the paper when I left. They were a little confused as to how I knew they did that and they were VERY confused as to why I would want that back. I didn't feel the need to educate them on it though."
A %22drew%20Roberts%22
OK, but is the real problem that identities should not be so easy to steal. In other words, that should not be enough for identity theft?
all the best,
drew
http://www.archive.org/search.php?query=creator%3
FreeMusicPush If you want to see more Free Music made, listen to Free
The password would be 12345. That's the kind of password an idiot would use on his luggage.
I lie about age, gender, dob, country of birth, etc on every online form I've ever filled out. What makes these guys think other people don't do this too?
Also, it seems that US universities will continue to be THE hot place for ID theft. Here's an interesting page that descibes how the liberal ideology in IT management at US universities that, IMO, is the main reason they are continually and successfully hacked.
This is sorta relevant to the topic at hand... Notice when you goto the mall and you see a sign that says you can have a chance at winning a nice new shiny car parked there. All you have to do is fill out a form with your personal info and drop it in the box. You can find similar setups with other free giveaways. I'm not surprised to see the dropbox full of forms with all kinds of details that marketers love. No one hardly gives a second thought to give away where they live and how much they make just to get a few baubles and trinkets in return.
-- After all is said and done, more is said than done.
In California, when you move you must update your records with the DMV, which I did a day after I moved. Instead of wasting ink and plastic by printing a new license, they give you a little sticker to put on the back of your license that contains the updated info. The DMV knows my current updated address and any policeman or other official knows enough to flip my license over and check the back for updates.
The Marlboro chicks (and mostly anyone else who looks at your ID) don't bother to check the back.
I just received this email today:
~~~~~~~~~
Dan,
I loaded the s/w for XXXXXXXXX and tried to log on. Apparently my ID and Password is not working. I was using:
Id= ldonald
password= lad20750
... Can you please assist? Thanks
LD
~~~~~~~~
For Christ's sake, I'm speachless.
After all even if (let's assume here) 60% of people DID gave an aftertought and wanted to give something else, quite a large part of them still gave their default password because they just couldn't think of anything else.
On transactions where the person isn't present (such as grocery store transactions, etc), wouldn't this still be suceptible to Man in the Middle attacks? Let's say that, in the near future, home fingerprint scanners become popular. Think about it. I want to sign into my online banking, I have to swipe my finger. Some identity thief in Podunk, Idaho can't just log into my account. But if I'm transmitting my fingerprint, can't it be intercepted and used again later, the same as a password? You might be able to avoid dupe transactions by attaching some sort of special identifier, but you can't keep me from hacking my fingerprint-swiping machine to send Person X's fingerprint to the online banking site instead of mine. It's just a file.
I've had the same issue with signing my name on electronic signature pads (I do it, I just don't like it). Once I do that, it can't be hard to take my signature that is on file and simply move it to a different location in your database and attach it to a different transaction can it? Then you print out a copy of the receipt for that new transaction and BAM!! There's my signature. And since it's electronic, I MUST have signed for it. Why there's even a timestamp. Let's see who has electronic copies of my signature...oh, FedEx, UPS, Airborne Express, DHS, damn near every place I've ever used my debit card, and the list goes on.
Granted, a regular ink signature can be faked, but everyone accepts that. For some reason, when you tack on the word "electronic", everyone suddenly seems to drop their guard and simply accept its authenticity as the gospel even though it's usually even LESS secure. Don't even get me started on "electronic voting"
If you mod me down, I shall become less powerful than you could possibly imagine.
And you don't even have to make that second step up. What a mastermind.
Dirty, dirty tricks.
Which, BTW, they do not. CC numbers are not stored after usage locally if you use an electronic means of verifying them. (As opposed to the carbon paper machine you sometimes see when the power is down.) The store cannot get to them. They are required to not store them as part of their contract with the CC company.
Now, the cashier could obviously write them down as you use them, but most of the time, the card barely leaves your hand. They don't have time to write anything down. And they could write it down completely independent of your license plate, I have no idea what the hell that has to do with anything.
If they actually had your CC numbers, they could easily copy your name at the same time and look up your address in the phone book and drive to your damn house and get your plate.
Not that I'm entirely sure how license plates relate to identity theft, unless you're worried about people buying insurance for your car. I've written my license plates down like five times in my entire life for other people, and it was always for a parking permit or buying insurance. License plates are not secret information, and no one uses to them to keep track of who is who, they use them to keep track of what car is allowed to be where, and they do that by actually looking at the plates.
And gas stations don't 'write down' your license plate unless they don't have video cameras aimed at cars, anyway. That's the only thing they care about, that they can track you if you drive off, and the plates are the easiest way to find that out.
Frankly, I'd rather be on tape that gets erased every 12 hours through reuse and is in a locked backroom that only managers can get to than have my number written down where every goober at the front has access to it and be social-engineered into giving it out.
There are exactly two circumstances that tape will get looked at: the request of law enforment, and if I drive off without paying. I don't do the second, and as for the first...well, I don't like it, but that's the way the world is, and it's not just gas stations. Outside gas stations cameras tend to be aimed where they can pick up license plates, though, and not people's faces, although those areas obviously overlap a bit.
If corporations are people, aren't stockholders guilty of slavery?
The last few times I've used short-term parking at the LAX airport, I've been asked to pull forward so their camera can get my license plate in view, and I notice they record it in a log. Every time this happens, I question why they do it and their response is "for security." I don't understand how their recording of my license plate increases security
I suspect it's to make the forensic mop-up after an "incident" easier, rather than to actually prevent anything from happening.
The license plate is scanned and read by a computer, they can then look that license plate up to make sure it's not a stolen car.
Standard practice in many western airports now, even having a rental car makes you more suspicious.
* 100% provided their names upon request
Wow, that's bad how?
* 94% provided pet's names (common passwords) and their mother's maiden name (common second form of authentication)
That leaves the suckers with pets/maiden-names as pw's vulnerable
* 98% gave their address in order to receive a winning voucher.
An address isn't secret, all of the above info is printed in the phonebook.
* 96% divulged the name of their first school. Combined with mother's maiden name, the two are key pieces of information used by banks for verification.
So the users are to blame? I think not... maybe the banks should use some other form of identification.
* 92% provided their date of birth and the same number supplied their home phone number.
Date-of-brith, if anyone uses that as identification they must be barking.
SLOGEN [ http://ungdomshus.nu : Sebastian cover music]
Has anyone notice that it seems easier to commit identity theft now than before the so-called "IT industrial revolution"?
The same kind of thinking that got us into this situation won't get us out. Technology won't solve the problem - it'll probably just make it worse. Imagine if we used DNA as the basis for identity. Then, everyone with a strand of your hair could own you. Hey - isn't that what vodoo practioners do when they get piece of something personal to you (that has your DNA) and make a vodoo doll to torment you with?
There is no substitute for getting people to think for themselves. The more 'thinking-for-themselves' people there are involved in the indentity system, and the less automated the system is, the more secure it is. It'll just be less convenient.
you know the ones on (snail)mailboxes, not only do they tell the mailman that there is stuff in your mailbox, it also tells would be theives
Checks can be bleached and new amounts & payee's info added
Account numbers can be taken out of bills
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
Name: Tim Tom
DOB: 01/01/1900
MMN: Presley
Pet: Elvis
Well Bill, let me share some facts as a former gas store employee:
1) Even at upscale, nice gas stations, hundreds of dollars of gas gets stolen every day by people who just drive off. Although it takes a while to develop an eye for the people who are going to do it, some managers just say "write down the # for all of 'em" to make sure we don't miss it. With gas as expensive as it is, we can't let people drive away with $50 worth of gas in their SUV.
2) Without a license plate, they've got nothing. The security cameras are a joke, because they don't get a good enough resoultion to get the plate number, and no one is being paid to watch them. In fact, I don't know if we can even claim it was stolen without a license plate number, which means, yup, no police report, no insurance claim, nothing, it's all out pocket for the stolen gas without the number. I laugh at the idea of a gas station NOT taking down plates: they're asking to be stolen from and not reimbursed. Your so-called privacy ('cuz your plate is sooo well hidden that I'm sure no one else could get it) isn't worth the hundreds stolen per day, nor would it be worth it once a lot of people realized they don't track plate numbers and more gas gets stolen.
I don't know what state you are from, but in New York, my license has two sets of bar codes: one with the Driver ID # on it, and the other is one of those "3-D" barcodes with every bit of information on the front encoded into it.
This includes: my license #, my full name, date of birth, address, sex, eyes, height, License class, date of issuance, expiration date, restrictions and endorsements. This is more then enough information to build a neat little sales database.
A few years ago, I picked up one of those cheapo-retail bar code scanners for something to play with. Plugged it into the keyboard and scanned my license. I was amazed, and ever since I've never let someone scan it.
The problem is that the government, the credit agencies and many businesses already have every piece of data about you necessary to completely impersonate your identity.
The 250 million identities you mention are already in their hands, I just want to make it accurate enough to protect my own interests.
Other than a complete video log of your life (or many many childhood/lifetime photos) and testimony of people who know you your whole life, using DNA or other unique biometrics is the only way to really prove that you are you.
Every other method from current birth certificates to drivers licences (which in CA now require fingerprint data) can be falsified by someone with access to current government/credit agency reports.
The risks we are talking about here also protects against identity thefts where a criminal get a drivers licence in your name, commits a fraud and an then YOU get arrested. if you cannot prove you didn't do it, you are very likely going to jail for the impersonator's crimes.
Data that others could know can never be final proof of identity. Something that can't be stolen is required, unique biometrics (DNA, fingerprints, etc.) are the only thing about you that can't be easily impersonated by somebody reading a computer screen somewhere.
Its not users who are broken, it's systems not taking account their likely behaviour and fixing it technically.
I think even asking for that slip of paper is pointless. If I was that clerk I would write it down again as soon as you left just out of spite. The ultimate problem is that banks "give credit" too easily. I guess the alternative is for consumers to be limited to only the local bank where they know you, which is likely better over all, but our fat lazy american ways demand instant gratification at the lowest price. :-(
Mine is usually "What is your password?" Its only come back to bite me in the ass once so far.
automatically starting a monthly charge on her CC without her knowledge
but at least they could show improved fraud protection numbers when she caught on!
I forgot what I wanted to say, but honestly, it was important.
I hate the standard "secret questions" where there is basically only one answer. I like putting in my own secret question, because I can make it cryptic. e.g. What did you eat on your 16th birthday? The answer could be ANYTHING.
But to be safe, it could be made more cryptic: What color food did you eat on your 16th birthday?
Answer: BlueFries16 (color, food, 16 are clues to me)
But this wouldn't be my password, it would just be another clue to my password. Maybe my password is really a German Word, French Word, English Word. Numbers are spelled out. So in this fictitious case, my password would be BlauFritesSixteen.
My passwords follow rules that I have in my head. I can remember the rules much more easily than the passwords. After a while, I morph the rules so that they only make sense to me. Like always add 3 to the number before spelling it out, and remove all e's from the word. So the above would be BlauFriesNintn.
So if your roommate followed rules like this, and you asked what color food he ate on his 16th birthday, he could say "Blue French Fries" and you would never guess his password.
My beliefs do not require that you agree with them.
From TFA:
There's always the possibility some gave bogus information. And it's promising that others did realize they gave away too much information, if belatedly.
How on earth did you write all this, and still get first post?
:-M
I'm going to try that tonight ...
After I heard that our own government agencies were selling personal information as a source of revenue, I think it's pretty much the exception that any information you provide won't be sold or somehow disseminated in ways that you might not like. Once they have it, they can pretty well do what they want with it. Best defense...simply don't give it out.
Care to share the name so the rest of /. with that company can call and complain? (hey...it's a fantasy!)
Chase keeps mailing checks that sign you up for stuff if you cash them... usually with a 30 day free trial. I got three of them... $20 for fraud monitoring, $15 for "home protection", $10 for disability insurance.... I cashed them and called a couple of weeks later and cancelled them. For three 2-minute phonecalls, it was the easiest $45 I ever made.
"Your SSN number is not required for this service (because that would land us in jail), but without it we cannot process your application (meaning you don't get the service)."
-- . . ramblin' . . .
and birthdays get you a "get in for free" pass
The $64,000 question is how do you make your license say every day is your birthday? No cover charges ever!
"No beer until you finish your tequila!" -Leela's Dad
Oh sure, my wifes name, Bday, pets name and maiden name are...
:)
Or maybe not.
Ender-
Nothing to see here
- You actually make some good points, although you're a bit overboard on your paranoia, but then you go and said this:
They were a little confused as to how I knew they did that and they were VERY confused as to why I would want that back. I didn't feel the need to educate them on it though.I have news for you, the problem of identity theft will not go away by simply ignoring it. You have to not only refuse to provide more info than is necessary, you have to explain why when it's obvious they don't know why. I've lost count of how many people at my bank have gotten the lecture as to why I refuse to identify myself over the phone by giving my social security number (it is not legal to require it as a form of identification in that manner for one thing, identity theft is the other), yet I still explain it. Will it change policies at my bank? Maybe not, but then again they do have alternate forms of identification which _aren't_ easy to find out about a person. If enough people refuse to give their SSN, AND explain why they refuse eventually they'll switch to those as the default.
BTW, as paranoid as you sound I'd recommend ditching your credit card. Go with cash and checks. Check fraud, while still around, is totally dwarved by identity theft and credit card fraud. Most places do require ID on checks so if you leave off your phone number and driver's license you can almost guarantee you'll be asked to show it. Sure you can write "Ask for ID" in the signature field on your credit card but anyone who's actually done that can tell you how well it works (not very. A few years back when I was working at a Wal-mart I had a customer show me the back of theirs which said this. I had asked for ID (since it was policy to ask for it on all credit cards & checks) and they told me I was the first person in 3 years who had actually asked to see their ID. They quite happily showed it to me.)
This is where it is quite interesting to see where laws that protect people against discrimination come into play. Licenses used to have hair-colour, eye-colour, height, weight, and other means of identifying someone that have since been deemed "unacceptable" by some states.
Perhaps I am on a high-horse about it, but I have no problem with my license or other form of photo-ID notifying the person checking it that I am black or white/blonde or brunette/blue or brown-eyed.
I fear I may have come across as off-topic, but as you said, we have "something you carry" - the "something you know" - but rarely the "something you own/are." While identifying yourself online based on easily visible characteristics is far from ideal (I'm sorry sir, can you PROVE that you're Hispanic by using our online form...), but "in-person" it would still work wonders. So someone steals your credit card numbers - or even the card itself. They fake your signature to buy something. The credit card somehow (again, I know not how) comes up on the screen saying "White Male, Age 35" to the cashier. Kind of makes them having to check your signature useless, no? If you're standing there, and don't match the description, it's far easier to see you're not the authorized person for that card, regardless of what you can "fake".
I guess I am off-topic, but I find it funny how many people are so concerned with protecting their identity, while so many others are concerned with homogenizing society such that it's "discrimination" anytime a common, easily visible fact is pointed out about someone. [/rant]
Some girls give away MUCH MORE than that!
In what I was proposing, things like DNA would only be checked in the event needing to absolutely identify somebody, not during financial transactions.
An example is if you are a victim of complete identity theft and are sitting in jail for a crime the identity stealer committed. If the stealer has all your personal data he can create, acquire and produce any identity documents you could.
You want there to be something he can't steal, and the only thing like that is your unique biometrics (DNA, fingerprints, etc). However if that data is not on file somewhere? Even if they arrest him too, as long as he claims to be you and has the documents to back it up, how do you prove yourself?
The current situation allows for this possibility, I mearly propose a fix that gives you a fail-safe proof of identity.
It doesn't even have to be encoded unless it's needed, a blood drop smeared on your original birth certificate would be enough. Most people would never need it, but if you do need it, you REALLY want it to be available.
Its not users who are broken, it's systems not taking account their likely behaviour and fixing it technically.
How about the gas station that writes down your license plate information when you purchase gas w/o paying at the pump.
...
Yeah, how about that
Maybe you should get a couple more pieces of tinfoil to cover up your plates.
And given this information, I give myself 2 years before I'm in jail, or owing a couple million dollars to all the people I've become. . .
disclaimer: I've been known to store numbers in my ass for which to dig out when quantities are required.
As Homer would say...
...simply don't give it out....
Better yet, if its not illegal such as for the tax man or drivers license etc., give out fictional information to pollute their databases.
All theory is gray
It is the system that makes ID theft possible. The system is made to be too transparent to the consumer instead of secure. Back in my home country, no bank would open and account or perform any other action or give out information simply because the person requesting it can answer couple of trivial questions such as date of birth and/or approximate account balance and with no ID checks at all. And that was long before ID theft become so big problem here in North America.
Does this cripples things such as telephone banking? Sure it does, if for anything non-trivial you need to show in person at counter with government issued photo-ID. But at least your money isn't going to end up in Nigeria overnight.
I was shoked after I moved to North America and found out that I can get credit card by simply making a phone call and simply telling the service representative on the other side my date of birth and answers to couple of other trivialities... Shees. Wake up folks. The system that is currently in place is a paradise for criminals.
first time i actually laughed out loud on /.
you go
-- Avishalom is usually vish
care to post your license plate number? someone will tell you the name of the street you live on...
I'd contend that your comings and goings should NOT be public record. It really isn't anybody's business.
Before you responds with 'so what, what is the harm,' please tell my why not recording this data is harmful or necessary.
I don't know what's worse: That she thinks you don't trust her, that you gave her your **REAL** password to your stuff, or that you then went and changed it afterwards?!
Get your own free personal location tracker
CC numbers are not stored after usage locally if you use an electronic means of verifying them. (As opposed to the carbon paper machine you sometimes see when the power is down.) The store cannot get to them. They are required to not store them as part of their contract with the CC company.
Bull.
I work for a major retailer, and I have seen the Electronic Journal files from the registers. They contain the whole Credit Card number.
Crobar, a giant club in Manhattan, does this. While I normally wouldn't have gone to a place like that, I was on the guest-list (read: free admission), and so I wasn't concerned at all when I handed them my license. Since then I've received numerous mailings from them. I wonder what else they're doing with my personal information.
What I've also heard since then, though I've not been able to confirm it, is that they use this information to keep track of you. If you start a problem and are kicked out of the club, it's an effective lifetime ban (though I'm not sure how they'll be able to scan your ID as they're kicking you out). Furthermore, they share this information with other clubs, so that if you start a problem in one place, you're essentially banned from every club in the area.
Never again will I allow my license to be electronically scanned. If every bar and club in town adopts this technology, I'll have to go back to drinking 40's on the stoop.
An effective signature identifies a particular user amongst a base of thousands.
With gas as expensive as it is, we can't let people drive away with $50 worth of gas in their SUV
"Pay before you pump" solves that problem.
We should be able to move to a challenge/response scheme on a smart cards. The other parties still have the ability to authenticate its user, but will lose the ability to impersonate him/her once the user takes back the key. All it needs is a central database to blacklist lost/stolen cards.
We could even pass a law to ban local storage of anything other the public key and require all information retrieved in real time. This gives a user the added ability to allow/disallow the release of any information any company sending unwanted mail to your address by just adding a company to his/her blacklist.
...just to meet a girl and hopefully be able to say Hi
an attractive female working for Marlboro... By the way - I don't even smoke cigarettes.
Guess what? According to the insurance companies across America, you are now a smoker. Did you read the fine print on the clipboard underneath the license scanner? It clearly stated that by accepting their cheap free gifts, you were claiming that you are a smoker. This survey wasn't just sold to some sleazy marketers, but was created by a company selling the data to insurance companies.
Next time you try to get a job, or the next time your employer tries to negotiate health insurance for its workforce, this little "fact" will come up. With companies in the U.S. now legally allowed to discriminate based on health claims, you will never be offered that perfect job you were the most qualified for. Your current employer will be faced with much larger insurance bill if they keep smokers on the payroll. You sold away your employability for a packet of smokes and a cheap lighter.
Recently on a trip to the U.S. with some tobacco-addicted cow-orkers, they were approached by a girl giving away a packet of smokes. Since she required a U.S. driving permit she could swipe through her machine, she wouldn't let them take her survey. She did admit that is was just to generate marketing leads, but she was supposed to target obvious smokers. She even admitted that the packets she gave away each day were different brands, purchased on an Indian Reservation, so it wasn't just a single tobacco company marketing their products. She did tell them where to find the closest Indian Reservation for tax free smokes, and they were way over the limit on the return journey.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Actually... in Colorado, anyone can by filling out a form with either a VIN or a license plate number, paying a small (~$10) fee and signing on the dotted line. How do I know? Personal experience. A private individual apparently saw a vehicle that I had traded in about 5 years ago, and wanted to purchase it. I received a letter in the mail from this person. He had written down the VIN, filled out a form, and received the title history - complete with names and addresses. (Sidebar - apparently the dealer never re-registered it and sold it at auction so I was the "last known owner"). Appalled, I called the DMV to find out how this happened! Indeed I found out that you too, for $10, a form and your signature can get all that info too.
But the airport I use goes round and records all plates and where they are parked. I know this because once I forgot where I had parked and when I went up to the gate and said "I can't find my car" they were able to find it based on the license plate.
Squirrel!
The other day I went to see the movie and there was that stand in the middle of theater offering some credit card (I think citibank). 2-3 young females were approaching people asking to write an application where you should fill in your SSN. When I refused to give them my ssn and asked for some credentials other then name tags they were literally shocked. So was I...
On any given day most people probably provide their credit cards to 2 or 3 other people/companies/machines.
Think Deeply.
Static electricity?
Sorry, recently finished reading a rant on the misuse of the word "literally". This one goes out to you Deni!
Ben Hocking
Need a professional organizer?
Have you considered the startling possibility that you don't exist? Maybe you're merely an imagination of yourself. Maybe once you are aware of this, you'll start to disappear, like Michael J. Fox in Back to the Future.
I am just as much in my rights to have a reasonable expectation that the information will not be recorded and linked to my CC # (which was the original point of this discussion) for malicious use.
Absolutely. It is, however, a giant leap to assume that a clerk writing your license plate number will link that to your credit card.
Even in the event that a gas station would want to keep records about your activities as a customer, you do have a choice, stop going to that gas station. Or, pay cash.
If the clerk does it on his own, and you can prove that, then sue him and his employer.
tell my why not recording this data is harmful or necessary
$2.35 per gallon
I have worked in a gas station before. People steal lots of gas every day in this country. That costs you and I every time we fill up. License plates are also used to identify people useing stolen credit cards and forged checks.
your comings and goings should NOT be public record. Your coming and goings in and out of my establishment should be my business. But as I have stated, feel free to go to another gas station (where they will do the same thing). Don't use a credit card. Fill up portable tanks and carry them to your car.
Yup. Been there. Done that. Me too.
What can ya say, it's the story of the techy's sex life.
I'll give you that, but it doesn't change the fact that it is a public identification.
According to an article in yesterdays New York Times they are becoming on in the same.
Shit, I bribed the firewall admin at work with a 5 pound bar of Heresy's chocolate to open up the ports needed for me to manage my personal website.
(it was a win-win. i got thru the firewall and did not gain weight)
By starting the article summery off with "You may remember that 70% of the time, people will reveal their passwords for chocolate", you make it hard to take anything else seriously.
/something/like that, but what I actually remember is that no one had actually verifed any of the data. It could just as easily been "70% of people are willing to lie and give a fake password to the person asking, then laugh as the sucker actually believed them as they walk away eating their chocolate."
I do remember
Such statements in either direction are 100% speculative, inflammatory rubbish and hardly worth even discussing further...
Contrary to popular belief, coding is not all free blow-jobs and beer. Those things cost MONEY!
This year's Infosecurity Europe isn't until the end of April. Hey I want to be able to see into the future and come up with stats like that!
This man is a genius!
I was in a local bar. There were 2 girls claiming to be from RJ Reynolds. They had handheld computers. They would give you a lighter if you let them take a digital photo of your drivers license, scan the magnetic strip and sign a digital signature capture on the handheld screen. I saw at over 20 people do this and that was just in the half of the bar I was in and I only started watching after I figured out what they were doing.
Who is John Galt?
Maybe it works on a click-to-find search. Your info didn't pop up the first time because no one has searched for it before. Try again.
From TFA:
100% provided their names upon request
Just because someone gives you their name doesn't mean it's their real or correct name. Starbucks has started this stupid thing where they ask you your name when you order, then yell it to the barista with your drink order.
"I need an iced, venti latte, for James."
I don't want them knowing my name, much less having it blurted out and having the whole shop hear it. I'm not sure why they're doing it either. Maybe there was an issue with people picking up the wrong drink. Maybe they think it feels more personal. How much more impersonal can you get?
So some days I'm James, some days I'm Joe, and some days I'm "Jhon, and yes, it's spelled J-H-O-N."
They get a name, but they don't get my name.
I'm against picketing, but I don't know how to show it.
Im sure I cant be the first, but Infosec Europe is April 28th to 28th isnt it? IE, its in the future. Am I missing something?
The General Electric Main Plant in Schenectady, NY - if you ever need to match the town tot he zip code. (some of them check online)
The zip code for the Genreal LEectric Main plant in Schenectady, NY
Been there, know it well.
Our local DMV had a break-in. Thieves drove a car through the back wall of the building and took blank licenses, the license printing computer, camera, printer, etc.
After it broke on the news the DMV reported that nothing could be gained from the computer as it was all "encrypted". A week or so later they finally came forward and reported that some 9,000 people had information stored on the computer that was easily accessable (the drivers license picture, SSN, etc.) and that they were sending out new licenses and letters of apology to those people.
It's an outrage in this day and age that even our government officials are so careless with our information. Why was this information kept on the local drive of this computer? What good is a letter of apology and a new license going to do for you when people are applying for new ID's, Credit Cards, etc. using your valid social and name.
Go to any file sharing client and search for "Taxes", it is unbelievable that people are sharing out their entire hard drives, SSN and all. Give it a try!
Where do ya'll live where they swipe your drivers license? I've never lived anywhere where they do this...liquor stores? Nightclubs?
I'd never heard of this practice till I started reading /. Where I've lived, they only look at the license to visually read the birthdate to verify age.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
471-ROI
Now, tell me where I live.
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
7-11 once attempted to swipe my driver's license to buy cigarettes a few years ago.
I refused and purchased my cigarettes elsewhere, and wrote (and sent!) a letter to their corporate headquarters explaining why.
What would happen if you purposely demagnetized your driver's license?
Though interesting, I believe they will need a state to find you. I'm fairly sure there's at least 4 states that have the same plate number.
"I'm not talking to myself, I'm just the only one who's listening." - Jimmies Chicken Shack
It helps, and we have some pumps where I work that are pre-pay only, but man, you should see the fits people throw over being forced to walk all the way over to the counter twenty feet from the pump. It's not even as if they have to come back into the store, either... so it's the same trip they would have made one way or another.
01101001 01100001 01101101 01101110 01101111 01110100 01100001 01101100 01100001 01110111 01111001 01100101 01110010
I don't really get... Why in the name of $DEITY they need to scan it? Isn't your birthdate printed somewhere in your driver license? Isn't that enough for age-check purposes? btw: I'm not american. In my country the birthdate is printed on your driver license. And having a driver license is enough to pass an age-check, since only 18+ ppl can drive here.
And their latest giveaway (with rules and regulations) even includes terms which say that you will never sue them. Ever.
http://moo.plaidcow.net/archives/000173.html
Everybody has Bruce Schneier's Password Safe right? Far from from a cure-all but at least you have to remember only one really high-entropy password.
Now can anyone tell me the best way to keep my password out of my Windows swap file (other than switching to another OS)?
Insert witty sig here.
Sera
Slashdot, where armchair scientists get shouted down and armchair theologians get modded up.
I used Westlaw (a competitor of LexisNexis) last night to track down a family member's mailing address. I tried the company he owns in part first, but he wasn't one of their registered agents. Then I remembered that he has a private pilots' license and got him through the FAA database.
Now, I'm a law student. I have my free subscription just for having been accepted to law school, which in many places is not hard to achieve. I can't say I've ever used the FAA pilots database for any educational purpose. But I can go there and download the names and licensing status of thousands of people, searching by geographic area and more. I'm not the only one; there are tens of thousands of students like me with access to that information. Nobody's ever asked me how I feel about Al Qaeda. Nobody's asked me if I've been indicted for fraud since I got accepted to law school. And, as far as I know, there's absolutely nothing my uncle and those like him could have done to keep me away from that information.
John Hancock wuz here.
Actually, I have a good story about that.
A few months ago, a friend of mine got a parking ticket while I was with him. As he was about to take a trip out of the country, I agreed to pay it for him while he was gone.
I promptly lost it. It turned out that in order to pay it, I had to get the license place number of the vehicle.
After calling the local police, the state patrol, the department of licensing, and the department of motor vehicles - who all told me it was illegal to tell me the license plate of a vehicle owned by someone I knew the name of (I know, reversed situation) - I finally called the Dept of Transportation, who promptly gave me the license plate. It turns out that with a plate number, the DMV would have told me the name, as well.
Moral of the story: If you're going to piss someone off with your plates visible, make sure they're too stupid to call around for your info.
www.ussearch.com and you'll be surprised how much of your private data is available for a few bucks..
;-)
American privacy laws and system to secure it, is a big joke.. they invented big brother.. and now they are using their diplomatic pressures (economic, political) to make us (in Europe) give up ours.. so that US government can have access to more info more easily than even our own government can on their own citizens, without proven suspicion.
See, our drivers licenses can't be scanned.. they contain no scannable info, and all info is stored seperately.
Infact, any company here that wishes to store private information (Such as a website even), must get a license, justifying the information they store and why they need it.. if they wish to store more information than they strictly need for their business, they are not allowed to..
And information is stored as distributed and as little central as possible..
Unfortunately, under pressure of the US, and lobbies in favor of them, I think we have come to the end of such protection. I believe privacy protection is actually a constitutional right here. Or was. And definitely should be.
We should always be in charge of our own information.. meaning, no company should be allowed to have information on us, without our permission, definitely not without us knowing it.
Law enforcement should, but their access to it should be protected in such manner that they can only access it when they can justify you're suspect.
Yes, it would make their work alot easier if they could track every single person and know everything about a person. But the price we have to pay for it is so huge, that privacy protection should way very very heavily in that trade off.
I mean, I much rather risk being killed in an unlikely terrorist attack, then to have a future where no man can have any privacy.. and for that reason, a career in politics or anything.. because no man is perfect, it gets easier all the time to dig up rare faults, to use against you.. for example if you were to run for president.
If you stole candy when you were 12, had a speeding ticket, or a fight.. and 30 years later, that will be used against you.. legally they will have nothing on you.. since you already paid for it, but in public opinion, you'll be doomed for life.
Grocery stores keep track of what you eat.. they can sell this to life insurance companies who may refuse you life insurance (over the phone) because they see you have an unhealthy diet..
Health care institutions may collect and sell your information to insurance companies who may deny you life insurance because they found that too many people in your family have died an eaerly death because of genetic illnesses. You may never know why they denied it.
The more they know about you, the weaker you are.. knowledge is power, and they know it, and most of us don't.. when they have more power, you are weaker in your position, as a consumer, as a citizen, as a competitor.
I really think by the time the public wakes up and realized this, it's too late.. it is important that alot of information never gets stored and fall in the hands of those who shouldn't have access to it.. to protect citizens and consumers. Your private information should be your property and you should have 'copyright' on it with a non-exclusive and limited right to government. We shouldn't become prisoners and cattle in some regime or industry. Digital information is very hard to get rid of.. easy to backup, leak, steal, transfer, copy, etc. it leaves trails everywhere.
Companies should not have the right to store private info on you without your permission or knowledge. Period.
Power to the people..
That's bogus. Many CC agencies don't care - they store the CC numbers in the machine, and it's printed out on the journal tape at the end of the day, right next to the expiry dates. I think you should try working in retail.
Yeah. New York State licenses, at least, also have "UNDER 21" in bold red letters if you're um, under 21.
LOAD "SIG",8,1
I don't know what's worse: That she thinks you don't trust her, that you gave her your **REAL** password to your stuff, or that you then went and changed it afterwards?!
All three are bad, yes, but none are the worst.
The worst is that he posted the whole affair on Slashdot, was modded +5 Funny, and no one has karma-whored with the obligatory "at least you HAVE a girlfriend, you insensitive clod overlord that owes me a new keyboard" reply.
It's records that are available through individuals that have access to databases like Lexis Nexis.
That shouldn't be too difficult.
What?
BULLSHIT. It is a DRIVER'S *LICENSE*, not a national ID card. If you're going to use it as one, then stop lying and calling it something else.
When I'm not driving (such as when I ride my bicycle to and from work), I don't carry my driver's license, because I don't need it, and neither does anyone else.
Nathan's blog
CC numbers are not stored after usage locally if you use an electronic means of verifying them. (As opposed to the carbon paper machine you sometimes see when the power is down.) The store cannot get to them. They are required to not store them as part of their contract with the CC company.
Some states require that only the last 4 digits show up on the receipt and a lot of merchants only print them. But they are there - even if you think they aren't they are. When a cardholder refutes a charge with Amex (for example) Amex asks for the entire, unobfuscated card number to verify that you charged the right person.
You must have your station ina really bad part of town, if each and every one of your customers drives off.
I know where the 'bad' part of town is..maybe we should just get the police to lock them all up.. wouldn't that be easier?
Better yet, since everyone according to you is a criminal, maybe we should just all jail ourselves, and eliminate crime.
Your coming and goings in and out of my establishment should be my business. But as I have stated, feel free to go to another gas station (where they will do the same thing). Don't use a credit card. Fill up portable tanks and carry them to your car.
Once I leave and you can clearly see i haven't stolen anything you should no longer care. And no, not all gas stations record plates...not all of them assume everyone is a criminal.
What keeps us from using 911-1111 inhere?
Why would he have endangered a life with it? It seems to be 911-5555 is a perfect valid number even
I know if I dial 100 and I add 1111; the emergency services here will not be dialed
Which bot would anyway be that stupid to catch numbers like that?
550 results
Which bot would be even stupid to get (911) 1111 or (911) 5555 or 911 5555 ?
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
I don't know what's more unbelievable: you giving her your passwords or a slash-dotter having a girlfriend.
Mac OS also keeps information like your password in the swap file. If a box is rooted, it's rooted. Swap is not encrypted.
/var/vm/swapfile0 |grep -A 4 -i longname
This is not a windows problem.
sudo strings -8
Reference this o'reilly article
Its trivial to get detailed information on the person who registered a car given just their license plate. Know anyone who works at an insurance company? They can get it. Bank? Yup, them too. There are also pleanty of companies you can get the information from for $10 to $20, if you don't.
It doesn't require access to "police computers" or "police cooperation". They'll call the police because thats how laws are enforced. But if you piss the wrong person off on the highway, you may find out the hard way how easy it is to get the information.
There's no way around it. Apperently there is a system call in Windows that application can use to request a memory page not to be swapped out, however it doesn't guarantee that the page will not be swapped out (unlike Unix memory lock, that actually locks the page into the memory). For more details, check discussions about it in GnuPG documentation/archives. Even if there was a way to prevent a memory page (containing your password) to be locked into the memory this way, obviously it would be application's responsibility to use it. I'm not aware of any web browser on Unix that actually use memory locking for memory pages that contain passwords (if there were, they would need to be setuid root in order to use the feature, which might be even worse scenario).
I don't know of any easy way of encrypting Windows swap file. The only system I used that has out of box, easy to use encryption of swap was OpenBSD (and probably other similar *BSD variants).
Overwriting swap file with zeros on reboots isn't going to save you either. Depending on how determined and resourcefull attacker is, information from "overwritten" disk blocks can be more or less easily retrieved (probably almost any university has equipment needed for that handy, and apperently it isn't that expensive either nowdays). Overwriting with several "special" patterns might help, but if NSA doesn't trust that method, why should you.
And we didn't assume everyone was a theif. No one did anything with the numbers. They just stayed on a sheet on a clipboard. Would you rather we just handed someone a sheet with the last 100 customer's license plates because they wanted it? The numbers were crossed off after the customer paid, and it would take a lot of effort to go back and associate each plate with a credit card.
People complain about this little stuff and then get mad when cities insist on stations requiring all customersto prepay because of all the police reports. Make up your mind people.
Do you have some evidence that this data is being sold to insurance companies? I would think, at the very least, that fact would be required to be disclosed. In any case, that form is not binding in any way. Not like you're swearing under penalty of perjury. If your insurance company was trying to use this against you, claiming that you lied to get some free smokes would be a perfectly legitimate defense, since there would then be no evidence of you being a smoker. As for you lying to the tobacco company for a free gift, I can't think of any law that would violate. It was free, afterall.
Liquor stores and clubs have been sold a bunch of snake oil in the form of "fake ID checkers". Anyone making a fake ID that has any clue what they're doing will make sure it is scannable and appears valid, and this would be easier than making the thing look legitimate with all the holigrams and stuff. Few bars check both appearance and scan it; most employees assume it's good if the machine says so. A staff with brains in their heads will always be more effective than some overpriced barcode/stripe reader. As for bars sharing information on customers to blacklist, I wouldn't count on it. Bars compete with each other, as opposed to helping out. New ones come and go all the time, so I can't imagine they will all ever be able to share information. If several places are owned by the same person, sure, but otherwise I doubt it.
Wow! I didn't send in the additional miles and such to reload that card, but I did get it and spend the original $10 (I think it was 10).
Anyway, I doubt this would apply in any court to lawsuits not relating to the "Rewards Program" itself. At least, I hope not.
Even us smokers hope those fuckers get nailed at every turn.
Oh, so YOU'RE the SlashDot reader who've had sex?? ;-)
Anyway, it says that 94% of all people questioned gave their pet's name. I'm sorry, I don't buy that 94% of the population have a pet. They didn't sell THAT well:
http://oldcomputers.net/pet2001.html
This is why I don't have a State ID or Driver's License. You don't need to know who I am. I think that driver's licenses should have two pieces of information on it: your photo and an expiration date. If you're pictured on the front, it means you can drive a car. I suppose they can do the same for being able to buy liquor: if your picture is on the card then you can buy it. They don't need to know my age, only that I am over 21 (actually I'm 20, so I have to have other people buy me beer. aren't laws helpful.)
I've been denied a student discount at Apple numerous times because I refuse to show my State ID (that doesn't exist). And I always get a terrible cold stare for refusing... it really upsets me to the point that I'm not going to buy from Apple anymore. When I bought my $2000 Powerbook I didn't even use my name or my own credit card but they still gave me almost $500 off (the PB and iPod). When I bought replacement headphones they required two forms of ID to give me $2 off. Stupid, stupid, stupid. (My friend, having never shopped at the Apple store, bought an iPod mini. On his receipt was his gmail address, name, address, and cell phone number. Apple has none of that from me; although Worst Buy has my cell number because they pilfered it from my credit card!)
I am required by school regulations to carry a school ID at all times. I fixed the privacy issue by stickering a big "Thank you for shopping at WALTS" across my name and ID number. There's only my picture and the "i-card" logo visible now. I've gotten a few weird looks, but nobody has said anything.
You don't need to know my name, ID number, or library card number to let me use my meal plan. If the card scans and my photo is there everything is OK. Why do people so willingly give out personal information?
My other car is first.
The reality is once you have a few bits of information on people, you can continue to delve up more bits of information. The amount of information I can dredge up on prospective employees is frightening and legal (so is the prospect of hiring some of the ones who lie on their resume/application). The informaiton held on individuals is incredibly invasive and almost completely unregulated. It is a good thing that most identity theft is commited by two bit thieves who are not smart enough to do it right.
It is just like virus writers. The good ones write viri you never notice. The talented thieves steal identities in such a way that it might be a decade before you know it has happened.
InnerWeb
Freud might say that Intelligent Design is religion's ID.
Photographing your license plate is for security. You're just upset that it isn't for your security. It's for the security of the parking garage's revenue stream.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
You should hold out for a better offer. $5 isn't enough.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
I HATE doing this because if you're paying with credit card at one of those (now rare) pumps you can't pay at, you have hand over the card and half to walk back to sign it. Or, I'm paying with cash... I typically fill up my tank completely. I don't know how much that's going to cost until it's filled up. I either half to go back and get my change or go back and hand them a couple bucks more because I underestimated (and the pump shut off, not allowing me to fill it up and walk back and pay the difference). I just don't like pre-paying in any situation other than pay-at-the-pump. It's not only a hassle, but such an inherent distrust of the customer. I know they can only trust people so much, but if it gets to where it feel adversarial with the customer, it's not good.
That's not true in a lot of states though. Washington, for example, requires the purchase of a whole new license. Note the key word there... purchase. There's no waste of ink and plastic if you are paying for it directly instead of taxmonies.
And in some very limited cases, gained employability.
How?
Some cigarette companies require anyone dealing with 'sensitive' information (mailing lists, internal memos, etc) to actually -be- smokers. After all of the espionage that occurs from health-conscious political groups, the smoking requirement is a security measure.
You're in the very small minority as far as filling the tank goes. We have CRIND (Card Reader In Dispenser).
As far as being advesarial seems, it's unfortunate, but drive-offs happen enough that it's an unfortunat necessity. The stupid part of it, though, is the insanely small amounts people will drive off with. I've seen someone drive off with less than a dollar worth of gas. Doesn't seem worth the risk to me. To their credit, anything over 20 dollars I write down the plate number for, unless I'm otherwise occupied.
01101001 01100001 01101101 01101110 01101111 01110100 01100001 01101100 01100001 01110111 01111001 01100101 01110010
However, anyone can write down a plate number. It's not even remotely the same, and it's definately not a security risk.
:S
Here in Canada, with only a license plate number and $12 I can get your name, address, and driver's license number from any kiosk in most malls. Then, I can pull a driver's abstract for another $12, and get your driving record. Oh, and did I mention it can be done online, too? And they will deliver the info to any address I want.
$24 ownage. And there is no way to protect against it.
Bienvue Information Age.
Inject.
Actually, I worked in quite a nice part of town. Soccer moms and 60+'ers were the most common theifs of gas. Do you realise how much one of those SUVs and big ass Oldsmobiles can hold?
Yes I do, which is why i don't own one. At any rate, its nice to know that those groups of people are as hipocritcal as i suspected they were. (Although the older people might honestly be forgetting to pay..)
Actually, I worked in quite a nice part of town. Soccer moms and 60+'ers were the most common theifs of gas. Do you realise how much one of those SUVs and big ass Oldsmobiles can hold?
If you're not assuming everyone is a thief, why write down thier plate number? You are assuming they are a thief and you're attempting to gather 'evidence' before a crime is even committed. If you didn't think they'd steal your gas, you wouldn't write down thier plate would you?
Would you rather we just handed someone a sheet with the last 100 customer's license plates because they wanted it?
I'd rather you not write down any plates at all.
The numbers were crossed off after the customer paid, and it would take a lot of effort to go back and associate each plate with a credit card.
Putting a single line through an entry doesn't make it unreadable. The fact is that you could look at those lists and see approximately how many times someone goes to the gas station. If other stores keep such list its possible to establish a route.
The numbers were crossed off after the customer paid, and it would take a lot of effort to go back and associate each plate with a credit card.
Obviously you can figure it if you know which plate to cross off. Isn't it possible a dishonest employee could take the time to write the CC # next to the plate, or at least a portion of it? It seems to me your store decided to collect more customer data without even thinking about potential abuses by your own employees. That's irresponsible if you ask me.
People complain about this little stuff and then get mad when cities insist on stations requiring all customersto prepay because of all the police reports. Make up your mind people.
Now you're making sweeping statements, and just making yourself look stupid.
Did you even read the articles you linked? The title of the first one is "Prepay law won't faze central city residents". There's also this nice line toward the end: "Stower's station is not located in the best of areas, but surprisingly she said gas drive-offs have seldom been a problem."
Doesn't sound like the drive offs are even a problem, and most people don't care about prepaying at all.
The second link is a 'fact sheet' made by convience store owners; of course they're going to say its a huge problem to them. I notice a lack of any references to back up their claims either.
I think you should stop making sweeping generalizations; I've not seen one message on this thread complaining about prepay, but i've seen plenty on the collection of plate numbers.
simple answer: magnet, they can't scan it if you erase the mag strip. force them do do the math in their heads, or look at the stupid calendar on their counter. Then you can be sure they aren't swiping your personal info, unless they have a photographic memory and enter it in a computer at the end of the day ;-)
The simple fact is, I can not remember 15 license plates at a time. The police will not even take a report if you do not have a plate number. There is nothing stopping a dishonest employee from stealing your credit card number. You, as a customer, are allowing them to take possession of it. Thats a choice you make.
The links where just to show that cities are starting to legislate this. It doesn't bother customers in urban centers because they are used to it, but out in the suburbs they get offended. If you don't mind prepaying, do so and the clerk will have no need to write down your plate. Same if you pay at the pump. Either uses these solutions available to you, or expect to see them forced upon you by lawmakers.
The simple fact is, I can not remember 15 license plates at a time.
Totally understandable, but you wouldn't have to if you didn't assume your customers were thieves.
The police will not even take a report if you do not have a plate number.
Talk to them about that. Somehow I doubt they get very far with just your word and the plate number. You didn't mention that there was video to back up your claims, so I won't assume it.
There is nothing stopping a dishonest employee from stealing your credit card number.
Fair enough, but that doesn't mean I want said dishonest employee to use my plate to show up and steal my mail before i get home (a common ID theft tactic).
You, as a customer, are allowing them to take possession of it. Thats a choice you make.
Just like you're making a choice to sell a product at barely a profit which has a moderate risk associated with it.
The links where just to show that cities are starting to legislate this.
A city does not mean all cities. I also re-read the links...no where does it say anything about the feelings of suburban people. Again, you seem to be making things up.
expect to see them forced upon you by lawmakers.
Oh of course, because YAL will solve the problem, it will just vanish.
I'll just state my position one last time and let it die. I was a clerk, these things were not my idea, just following procedures. Saying that this is an attempt to steal your identity is insulting because there are (at least quazi)legitimate reasons to write down your information.
Honestly, the police in this area will take no action without a plate number, and they get upset when you call. If you have a plate number, they contact the person for the store and give them 24hrs to pay up. If they refuse, then the license plate can be suspended and a fine assessed. Yes, on the word of a gas station clerk. If the clerk wanted to be an asshole, they could quite easily.
When I was a clerk, I had this exact same conversation with customers. They would get upset about us writing down their plates. We would explain why, and they would get offended, swearing never to return. We would explain that if we didn't do things this way they would be inconvienenced when the local city passed a prepay only law. They got enraged about that. This is from personal experience. YMMV. And by the way, they always came back the next day.
I agree, having YAL sucks. However, this is one situation where having a law would solve the problem. If everyone had to prepay, then it would be damn hard to steal gas. They would have to break into the tanks. More and more cities will make this law. It sucks but thats the way it is.
I never assumed all the customers were theives. Please don't assume all gas station clerks are out to steal your identity. This was the one way that I could help reduce the losses to the store that paid my wages (and gave me a damn nice profit sharing check for Christmas, a whole month's pay). If you are so paranoid about the clerk stealing your info off of a PUBLICLY VIEWABLE license plate and matching to your credit card that you hand to them, then use alterative methods to prevent this from happening.
Many websites keep logs of all the PUBLICALY VIEWABLE IP addresses that access them, for limited periods of time. Your IP is logged when you make a purchase online. This is for your protection, as well as the website. It keeps costs down for you by preventing abuse. Same thing with license plates at a gas station.
Keeping your personal information personal is YOUR RESPONSIBILITY. There are easy steps (it is easier to pay at the pump then it is to walk in to pay!) that you can take to keep this information private. If you don't want to do those things, then you need to exchange privacy for service. Thats the way the world works.
At which point I'm assuming she went and changed boyfriends?
No trespassing. Violators will be shot. Survivors will be shot again.