Blu-ray Update Sent To User Via Credit Card Records

← Back to Stories (view on slashdot.org)

Blu-ray Update Sent To User Via Credit Card Records

Posted by CmdrTaco on Thursday January 8, 2009 @03:07AM from the allright-that's-just-plain-scary dept.

wmoyes writes "Back in September I ran into a Best Buy store to buy a Samsung BD-P2550 Blu-ray player. I didn't give the clerk my name, telephone number, or address, just my debit card. The player has sat happily in my living room without ever being networked or registered. Today I was shocked to find a package waiting for me at home from Best Buy — inside was a firmware update CD for the player. I used to think Windows Update was scary, but Samsung's update service tracked me to my house using the mag stripe from my bank card. Has this happened to any other Blu-ray owners?" Or is there a simpler explanation?

58 of 526 comments (clear)

Customer information sharing by Ethanol-fueled · 2009-01-08 03:08 · Score: 5, Informative

From the sound of this, Samsung or Best buy are not to blame as much as your credit card issuer is for sharing your information. Choice quote:

First, the facts: The Chase policy, which is similar to those of many other credit card companies, states: "You may tell us not to share information about you with non-financial companies outside of our family of companies. Even if you do tell us not to share, we may do so as required or permitted by law..."
According to the Wikipedia article, the credit card number, expiration date, and PIN verification info. I've seen tweekers do it with stolen cards. Magstripe readers are available for 50 bucks online.
1. Re:Customer information sharing by b4upoo · 2009-01-08 03:21 · Score: 4, Insightful
  
  I tend to believe that sometime in the past you ordered something from Best Buy and perhaps gave them more information at that time. Perhaps you even had a home delivery of a bulky item.
  If they are doing data mining at the level you think that they are I tend to say congratulations to them for "going modern".
  The joy of data collection is that the general public should have the same power to collect data as companies do. Putting information in the hands of the public is sort of like putting Al Franklin in the senate. One knows that a shoe is about to drop.
2. Re:Customer information sharing by wmoyes · 2009-01-08 03:44 · Score: 4, Informative
  
  My guess is that they (Best Buy) cross referenced the name they read from my credit card to one of the bulk mail lists they purchased for marketing purposes. The letter was addressed to me 'or current resident' and inside was information about how my player with this new firmware update could download Netflix movies. The update CD itself was for my specific model (BD-P2550).
  The other possibility is that they cross-referenced my in store purchase via the card number to a previous on-line purchase from their web store (which would have included a shipping address). In either case, the mag stripe of my card (in an otherwise anonymous transaction) was used to make the connection, and four months later a package with a firmware update arrives at my house.
3. Re:Customer information sharing by should_be_linear · 2009-01-08 03:59 · Score: 3, Funny
  
  Even without credit card part, this story is quite interesting. There are annoying DRM systems. There are pain-in-the-ass DRM systems. But then, miles above all this, there is that ultimate sometimes-go-to-the-shop-and-take-firmware-update-CD-and-unbrick-your-player-again DRM that almost renders any owner of such device as total moron.
  
  --
  839*929
4. Re:Customer information sharing by ShadowBlasko · 2009-01-08 04:17 · Score: 4, Interesting
  
  I'm not so sure.
  
  I bought a Kawasaki 24 volt drill/driver at Sams club 2 years ago. (TOTAL garbage, but thats another thread)
  
  My GF used her sams club card for the member verify, and I used my cc for the purchase.
  
  About 4 months ago I got a post card, addressed to me, saying that it has been recalled for fire hazard reasons. I never filled out a warranty card or anything.
  
  Had the used the member card, it would have been sent to my gf, at her place.
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order- Ed Howdershelt Via Tass
5. Re:Customer information sharing by Score+Whore · 2009-01-08 04:36 · Score: 4, Insightful
  
  The package in the OP was from Best Buy for a Samsung player. Best odds are that Samsung knows absolutely nothing about this guy, they just told Best Buy that "hey, here's a firmware update for player model xyz."
6. Re:Customer information sharing by Shakrai · 2009-01-08 04:49 · Score: 5, Funny
  
  Oxymoron.
  That's not true. Congress does act. All the time. On really important stuff.
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
7. Re:Customer information sharing by skuzzlebutt · 2009-01-08 04:50 · Score: 5, Insightful
  
  Yes, highly unlikely...the magstripe doesn't store that info, so they would have to get that info from the card issuer (not Visa or Mastercard, the issuing bank) recursively. The card acquirer isn't even privy to that info unless there is a chargeback case or something where the consumer needs to be contacted. Card-issuing banks are beholden to regulations that would make most industries not even want to get out of bed in the morning and turn on the cash register; and they are extremely careful with what they do with cardholder info (lest they lose their charter with Visa/MC and have to close shop).
  Also, consider it from a business standpoint: even if you can get around the regulatory stuff, the CC issuer isn't going to pass that info along for free (they would have to have frame circuits or encrypted FTP channels or some secure way to send batches of data safely from the issuer to BB and then to Samsung--and no, it's not going over the same pipes that the authorization and capture are being passed through...that's going to be a totally different environment, likely through a third party processor; then there are operational expenses, etc...nobody does this stuff for free). How much is that data really worth to Samsung? BB has to be in that loop, because the cardhlder didn't by the device from Samsung; the issuer doesn't care that it's a Samsung device, they aren't a part of that transaction chain, so the data would have to go to BB directly. And is BB going to go through the expense to do that for just Samsung? If not, are enough companies going to want this to make it worthwhile? Again, strains credulity from a business standpoint.
  And even if they did have some kind of affiliate info-sharing deal with BestBuy (which, again, is highly unlikely), they aren't going to go through he expense and trouble so that you can get firmware updates for your Blu Ray player.
  Samsung got that info some other way, like a rewards card application or rebate submission that BB was able to link to an address via one of the many data aggregators out there.
  All credit card industry stuff aside: yes, that is indeed scary as hell. I wouldn't be happy at all.
  
  --
  My debut novel AMITY now available: http://jeremydbrooks.c
8. Re:Customer information sharing by somersault · 2009-01-08 05:04 · Score: 4, Insightful
  
  There is most likely some other thing at work here.
  Maybe it was aliens? Or little toys come to life? The guy bought the player at best buy. He received a package from best buy with an update. It doesn't take that much to figure it out.
  Do best buy do anything like customer reward cards where they would have your address on file? Still, the guy says he only used his debit card. The simplest and most logical assumption would be that buying one of these players automatically puts you down to receive updates and they take the address from your debit card. Privacy nuts may hate that idea but I think it shows that Best Buy cares ;)
  
  --
  which is totally what she said
9. Re:Customer information sharing by HungSoLow · 2009-01-08 05:10 · Score: 4, Funny
  
  Yes, but the question is she your Ex? If that is the case she wouldn't have told you about the fire hazard. Think about it.
10. Re:Customer information sharing by secretcurse · 2009-01-08 05:38 · Score: 3, Informative
  
  the mag stripe of my card (in an otherwise anonymous transaction)
  That's probably the dumbest thing I've read all day. If you want an anonymous transaction, don't use a card.
  
  --
  I'm using all of my mod points to mod ancient memes down. Please join me.
11. Re:Customer information sharing by nahdude812 · 2009-01-08 05:49 · Score: 4, Interesting
  
  I've stopped shopping at stores that use my credit card as a way to get me on their mailing list.
  On vacation, we bought some chocolates at Harry & David. When we got back, there was a catalog from them in our mail with my name (not "Resident") in the address. I haven't shopped there since.
  Bought some exercise clothes from the local Nike factory outlet. A few days later I got a flier about an upcoming sale. I haven't shopped there since.
  On a related note, I use a modified version of my signature whenever I sign one of those digital signature pads they have in Home Depot, Target, and other chain stores. It's my regular signature with two lines through the first letter of my name. I started doing this when my mom had used something similar while signing up for some kind of insurance or cell phone or something. She discovered that the printed copy of the agreement that she was given - complete with her signature on it - differed from the version which had been displayed to her on the screen before she signed it.
  If my signature shows up on something and has those extra marks on it, I have at least a little better leverage to make the case that my signature was never attached to any physical agreement, and there's no way to prove that the terms with my signature were the same as the terms to which I agreed. Those marks mean they never had a physical signature attached to a document, and thus it's wholly unenforceable.
  Honestly how they think they can accomplish anything with those pads, I don't get. It's akin to asking you to sign a blank sheet of paper that they can then staple to whatever agreement they want. And the courts would probably find it carries about as much weight as that should it ever become an issue.
  
  --
  Slay a dragon... over lunch!
12. Re:Customer information sharing by pdabbadabba · 2009-01-08 06:16 · Score: 4, Informative
  
  "Those marks mean they never had a physical signature attached to a document, and thus it's wholly unenforceable."
  Totally wrong. The validity of those signatures have been upheld countless times in court. Generally, an electronic signature pad is backed by a surprisingly sophisticated system for tracking when you signed, how you signed, and what you signed, generally storing screenshots of each step of the process including the agreement for each unique signature.
  Does it prove conclusively that you signed the document that they say you signed? No. but, then again, neither does your signature on a paper contract (Think about it. Do you sign every page or just the last one? ). The signature is good unless you dispute that you made it in court (and just not being sure if that is the document you signed doesn't cut it. You are expected to have a reasonable belief that it isn't).
  
  --
  caritj.org
13. Re:Customer information sharing by db32 · 2009-01-08 06:20 · Score: 4, Interesting
  
  This I must say is a bit dense. Not that I don't agree with you that they do face "tough regulation" or whatnot, but let us speak of their actual behavior for a moment.
  
  They send out piles of "you are pre approved!" nonsense and then pretty much hand out a card with precious little verification. My personal favorite was the story where the guy took one, tore it into little bits, then taped it all back together and filled it out with slightly screwy info to make it look as suspicious as possible...and then he got his card in the mail. I have personally seen them send out blank checks with your account information already on them. Now, of course the fine print of this "check" is that the check being cashed or used actually adds that to your account under some strange special offer loan thing. Oh yes..these fuckers are SO scared to get out of bed in the morning...
  
  You can face the toughest regulations in the world, but if the enforcement end of it comes down to "Well, we didn't see anything" then the point is moot. I mean for christs sake these assholes default opt in on all the private data sharing programs and then send you a tinly little brochure with 3pt font explaining what to do to opt out. Then you call the stupid number and follow the prompts and they ask strange double negative questions to trick you into pushing the wrong answer to opt out.
  
  Now...in all likelyhood you are probably right about how they got the info in question, however, that certainly doesn't eliminate the possibilty of sheisty CC company dealings making it happen.
  
  --
  The only change I can believe in is what I find in my couch cushions.
14. Re:Customer information sharing by Fizzog · 2009-01-08 06:25 · Score: 5, Informative
  
  "they would have to get that info from the card issuer"
  No, not really.
  I worked for a telephone services company some years ago and developed their customer information system. We would only get one of two possible pieces of information from a transaction: the telephone number they called a 1-900 number from, or the Credit card number they used if they called a 1-800 number.
  We wanted to get the customer information so we could send them related advertising.
  There are vendors out there that will supply all available subscriber information for a telephone number, and others that will provide all available information given a Credit Card number.
  Telephone numbers are not super reliable as they can be re-used, but for 5 cents we would (about 60% of the time) get a result which would give us the subscriber name and address. For 20 cents we would get about a 90% match. We sent all phone numbers to the 5 cent vendor and for those that didn't get a result we would send them to the 20 cent vendor.
  Credit Card numbers are quite reliable and for 1 dollar we would get *all* of the information on the card holder. This included name, address, age, spouse's name and age, children's names and ages, your income, and various demographic information for your neighbourhood.
  Given that big box stores likely get thousands of 'Card only' purchases a day I am sure they also have similar agreements with vendors, or contract with 3rd parties to do it for them.
15. Re:Customer information sharing by DamnStupidElf · 2009-01-08 07:11 · Score: 4, Insightful
  
  Credit Card numbers are quite reliable and for 1 dollar we would get *all* of the information on the card holder. This included name, address, age, spouse's name and age, children's names and ages, your income, and various demographic information for your neighbourhood.
  So, uh, basically everything you'd need to impersonate the person whose card number you have? No wonder credit card companies are so eager to do chargebacks and eat the loss on fraud... There's actually negative personal security by having a credit card.
  Just how choosy was the company you were doing lookups with? Can any cheapo web store get an account with them?
16. Re:Customer information sharing by WhatAmIDoingHere · 2009-01-08 07:43 · Score: 3, Insightful
  
  " Today I was shocked to find a package waiting for me at home from Best Buy"
  
  Looks like Best Buy didn't share the information with anyone. Looks to me like Samsung asked BB to send out the updates to everyone who bought the player, and they did so without sharing that information with anyone else.
  
  --
  Not a Twitter sockpuppet... but I wish I was.
17. Re:Customer information sharing by stephanruby · 2009-01-08 07:58 · Score: 5, Interesting
  
  I have personally seen them send out blank checks with your account information already on them. Now, of course the fine print of this "check" is that the check being cashed or used actually adds that to your account under some strange special offer loan thing.
  Actually, there is nothing special about checks, anyone can print them up as long as they have the right account and routing information (no special printer is necessary or anything). Quicken can print them. Excel can print them. Technically, you could write your own software for it too.
  In France, when the banks started increasing their fees for getting your checks printed, there was an annoyed silent protest. We would fold the checks so that they couldn't go through the machines. We would write checks using plain notepad paper writing everything by hand (including the bank information and routing number, no bar code necessary). The merchants and the banks had to accept those checks. There was a law that said that as long as all the information was correct, it was valid as any other check. So the banks accepted the checks, thereby increasing their manual processing costs, and eventually they reduced the fees for printing checks (because having cheap printed checks was as much for *their* convenience as it was for ours). Now, I'm not saying an handwritten would work in the US, the Federal Reserve in the US probably has its own rules for clearing checks, but at least, if you open Quicken or any financial software, you should see how easy it is to print your own checks from your own bank.
  If anything is a problem, it's actually those special anti-counterfeiting checks. Those give the consumer a false sense of security. And they're only as marginally useful as separating the checks that must be checked more thoroughly from the checks that "look" normal, so they're still useful and every little bit helps where it comes to security I assume -- but it's at the expense of keeping the average consumer in the dark.
18. Re:Customer information sharing by Myopic · 2009-01-08 08:05 · Score: 4, Informative
  
  Yes! Same here. And that site is
  www.optoutprescreen.com
  I share everyone's frustration that you have to opt out of a process by which another entity can expose you to the risk of identify theft, but I can personally attest that this site is effective. I have even moved a few times since I signed up, and still remain opted-out.
19. Re:Customer information sharing by msoftsucks · 2009-01-08 08:13 · Score: 3, Interesting
  
  I do this all the time, and I have never been refused. Usually the POS doesn't display the signature to the cashier for validation, just that you've entered something and clicked OK. I've actually stopped using credit cards as much as posible (only for web purchases, and big ticket items). For those companies that ask for a phone number,I don't argue with them. I just give them a fake number (usually a porn site etc). Bad data is more expensive than no data. If everyone would do this, it would reduce the incentive for companies to do this. I then stop shopping at these stores. I haven't bought anything from a Radio Shack in over a decade.
  
  --
  Quit playing Monopoly with Bill.
  Linux - of the people, by the people, and for the people.
20. Re:Customer information sharing by Sancho · 2009-01-08 08:29 · Score: 4, Interesting
  
  No joke.
  I'm routinely asked for a picture ID when I use my card. Strictly speaking, that's the store's prerogative. But per the merchant's agreement, they cannot require a picture ID to complete a credit card purchase. The cashiers aren't taught this, and even the managers either don't seem to know or care.
  It's a minor thing, but at the movie theater, I tend to buy my tickets at the automatic kiosk (~$10) and then buy a drink (~$3). The automatic kiosk never asks for my ID, but they always ask for the lower-priced charge. And they give me hell if I've forgotten my ID.
21. Re:Customer information sharing by Evets · 2009-01-08 10:31 · Score: 3, Funny
  
  Getting around that security problem is easy. Just don't show your driver's license to people with eyeballs.
22. Re:Customer information sharing by salesgeek · 2009-01-08 10:38 · Score: 3, Informative
  
  No wonder credit card companies are so eager to do chargebacks and eat the loss on fraud...
  Actually, the seller gets hit with the chargeback. Hence the back in chargeback. The CC companies have no skin in the game. The people that eat it on fraud are the people that are selling. CC fraud is VERY bad.
  
  --
  -- $G
23. Re:Customer information sharing by Sancho · 2009-01-09 01:44 · Score: 3, Funny
  
  Wow. That's pretty sad.
Do you see the black car parked outside? by GPLDAN · 2009-01-08 03:09 · Score: 5, Funny

The midget in the back seat of the Lincoln crawls in your basement window at night, and takes inventory of your firmware revisions on all your hardware.

He then runs to the forest to find out what updates you might need.

Don't talk to him, it sounds like he's talking backwards.
We know where you are. by SrWebDeveloper · 2009-01-08 03:10 · Score: 4, Funny

BTW, you need to replace that printer cartridge in the computer room on the first floor, and we have photographs of your youngest daughter going to school. Have a nice day, we'll be in touch.
1. Re:We know where you are. by dgatwood · 2009-01-08 04:02 · Score: 3, Informative
  
  Yes, you should. It is combining two complete clauses. If both clauses were short, it would be optional, but it is always correct to use a comma in this case.
  If you want to complain about something, complain about the comma splice in the last sentence. It should either be a period (followed by a capital letter) or a semicolon.
  --David the Grammarian
  P.S. Just to bring this back on topic, if you want to make it a lot harder for this to happen, use a prepaid credit card and pay with cash.
  Note: there are two short clauses in that last sentence. :-)
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
Cash by Anonymous Coward · 2009-01-08 03:10 · Score: 4, Insightful

This is why I use federal reserve notes for everything I can. I bought my Wii with federal reserve notes. I bought my PS3 with federal reserve notes.
--
End The Fed
1. Re:Cash by wamerocity · 2009-01-08 03:18 · Score: 4, Funny
  
  That's funny, whenever I give people cash for presents, I refer to it as a "federal reserve gift card". The best part is, it never expires! Though I recommend spending it quick because it seems to lose its value over time....
  
  --
  "Thank you for using Stop-n-Drop, America's favorite suicide booth since 2008"
2. Re:Cash by SQLGuru · 2009-01-08 03:18 · Score: 4, Funny
  
  You should switch to Liberty Dollar's (http://www.libertydollar.org/) to show your contempt for the government as well.
3. Re:Cash by AKAImBatman · 2009-01-08 03:19 · Score: 5, Interesting
  
  This is why I use federal reserve notes for everything I can.
  That might not be as sure-fire as you think...
  http://newsmine.org/content.php?ol=security/police-militarization/bestbuy-shopper-arrested-for-two-dollar-bills.txt
  
  --
  Javascript + Nintendo DSi = DSiCade
4. Re:Cash by hansamurai · 2009-01-08 03:43 · Score: 4, Interesting
  
  What a sad, sad story. Check out Woz's site for more $2 idiocracy.
  http://www.woz.org/letters/general/78.html
  
  --
  Reviewing just the first hour of video games.
5. Re:Cash by ultranova · 2009-01-08 04:24 · Score: 4, Insightful
  
  You should switch to Liberty Dollar's (http://www.libertydollar.org/) to show your contempt for the government as well.
  
  No, you shouldn't. They aren't money until they're accepted by Wal-Mart because that's what money is: a medium of exchange. So either get stocks, which are backed by the manufacturing/service capacity of the company issuing them, or if you want to hold wealth in silver, just buy silver bards directly. Why bother with a private currency, which inevitably has overhead costs ? What's the benefit ?
  
  --
  Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
6. Re:Cash by NiceGeek · 2009-01-08 04:27 · Score: 4, Funny
  
  Let me guess, Ron Paul supporter?
7. Re:Cash by Garabito · 2009-01-08 04:38 · Score: 4, Funny
  
  The best part is, it never expires!
  And it can be exchanged for items not available with other gift cards, like recreational drugs and sex with prostitutes.
8. Re:Cash by Chaos+Incarnate · 2009-01-08 05:00 · Score: 3, Insightful
  
  As quoted, that just says that Congress can coin money, but doesn't restrain others from doing so.
  
  --
  Benford's Corollary to Clarke's Law: "Any technology distinguishable from magic is insufficiently advanced."
9. Re:Cash by Rastl · 2009-01-08 05:11 · Score: 5, Insightful
  
  Did you forget that the Constitution is there to specifically state the rights granted to the federal government? So if it wasn't there they wouldn't have the right to coin money?
  Banks and states printed their own money for a lot of years. There's nothing illegal about it unless you're trying to counterfeit existing currency.
  Currency is just convenient bartering, if you look at it objectively. "This wooden token is worth three chickens" is perfectly valid currency if it is accepted to have value.
  Back on topic.
  I'm not surprised that vendors and manufacturers are digging into the credit/debit card records for purchase histories. They're desperate since no one fills out their marketing, err, warranty cards. They need some way to track a customer base for stockholder reports. Sales histories aren't enough any more. They want to find out how to sell you more of their crap.
  I hope the OP filed an official complaint with the bank and his state. Privacy laws may be in effect here since there was no legal reason for them to mine that data.
10. Re:Cash by monoqlith · 2009-01-08 05:35 · Score: 3, Insightful
  
  What's comical is not that you're so paranoid that you'll only use Federal Reserve notes to complete purchases. Well, that's pretty amusing, but what's even more amusing is that your sig contains a link to a site dedicated to ending the Federal Reserve.
11. Re:Cash by RJFerret · 2009-01-08 08:53 · Score: 5, Informative
  
  Except it's not cheaper, what you interpret as cash back is actually compensation for providing your personal information and you having paid extra for the "convenience".
  It's sharing a percentage of the charge the vendor has to pay for processing a credit card, ever wonder why some places (commonly gas stations) have different prices for cash/credit? Prices overall could be a few percent cheaper if nobody used credit cards and that "cash back" could be accruing interest in YOUR bank account instead of theirs!
  I'll take the 2% in my savings account rather than the 1% you get back after a month (interest free) any day (and Discover doesn't give it back anymore until you've accrued a big chunk).
  Also, I use credit cards for business expenses, and the transactions take longer than cash (which I use for all personal expenses). Ironically, it used to be you'd look for the line where people were paying cash as it was faster, and now the credit card payment systems have gotten more convoluted and time consuming than when we signed paper slips, never mind waiting for a slow network day or waiting for the clerk to explain which buttons to press to each person in line. (Although I love self checkouts, then there's nobody there to explain to people how to process their plastic.)
  Credit cards have their place (paper trail, online ordering), but they do enable others to profit from you and your information (while you pay them for the privilege).
  (And yes, of course pay them off completely every month, anything else and you should use cash simply to not spend beyond what you have!)
  PS: Ever wonder why credit companies can afford such lavish advertising, promotions, sponsorships, cash back programs, technical infrastructure all while being subject to so much fraud and theft? It's because they profit so much from each of "your" transactions. Sure you can minimize the extra costs to you, but they have perfected their revenue stream and made it appear inexpensive/painless.
You've been pirated by Atreide · 2009-01-08 03:12 · Score: 4, Interesting

That is great news
if someone ever use your credit card number,
YOU receive the driver upgrade.
then you know something wrong happened

--
The world belongs to those who get up early. - I'm far from being the king of Earth then :-(
Prior use? by Iphtashu+Fitz · 2009-01-08 03:14 · Score: 4, Insightful

Have you EVER used that debit card at the same store and provided your address or phone number? If you've ever done that then they have that information readily available.
It wasn't from your debit card by Anonymous Coward · 2009-01-08 03:15 · Score: 4, Funny

The blueray player used the nearest WiFi access point (it can hack into secured ones). It sent its GPS position, which was cross referenced to your address at the server. It has also been sending information about all the discs you have put in it, whether you played them or not. You haven't put any pirate stuff in there, have you?
In addition, on the HDMI back channel it has been gathering information about what you watch on TV, and reporting that as well. The company sells this information to Nielson.
And you wondered why that player was so expensive.
it's the credit report agencies by Anonymous Coward · 2009-01-08 03:15 · Score: 3, Informative

This is not unusual. I have benefited from several class action suits where they have somehow tracked me down years after the fact, which is particularly impressive because as a student/young professional/grad student, I moved almost every year.
What probably happens is they give the debit card number (which is unique and remains unique long after you cancel/close the account) to a credit reporting agency (e.g. Equifax), and the credit agency has a record of your most recent address, which they got when you changed your address at your bank or any of your other credit cards.
Don't panic. by cliffiecee · 2009-01-08 03:16 · Score: 5, Interesting

The 'update' DVD came from Best Buy, not the manufacturer- of course Best Buy has access to your home address, via your credit card. Samsung probably just shipped a bunch of discs to Best Buy, asking them to mail them out to owners of the player. No big conspiracy or identity theft going on, so relax.
1. Re:Don't panic. by wmoyes · 2009-01-08 03:24 · Score: 3, Insightful
  
  Yes, it was Best Buy who shipped the update DVD, not Samsung. But still... an update service who ships updates to you based on your mag stripe. Scary.
2. Re:Don't panic. by Speare · 2009-01-08 03:25 · Score: 4, Insightful
  
  But even that's wrong. There's no reason for Best Buy to know your address. They know the creditor's address, and the creditor has certified the transaction. If there's a problem with the funds, that's between the creditor and you. Best Buy is out of that loop.
  
  --
  [ .sig file not found ]
3. Re:Don't panic. by tsstahl · 2009-01-08 03:31 · Score: 4, Funny
  
  Scary?
  
  Not really. What if that player had a tendency to explode after 25 hours of use. Would you want to be notified of the recall?
  
  Basic customer data mining has been around for ages. Pretty much ever since Mr. Drucker asked after your health and crop prospects in the general store. :)
  
  Or pillow talk after the very first prostitution transaction...depends how far back you want to go.
  
  Note, I'm not defending intrusive data mining.
4. Re:Don't panic. by houghi · 2009-01-08 03:41 · Score: 5, Informative
  
  of course Best Buy has access to your home address, via your credit card.
  This would not be the case in Belgium. In fact it is even illegal to do it that way. If I give only my credit card details, all they will have is the following information:
  Last 4 numbers of the credit card (We are not allowed to keep the credit card number anywhere)
  The name of the credit card holder and the expiration date.
  From the transaction itself the time, amount, item and card. (e.g. visa)
  Some extra information related to the payment itself an the communication concerning the payment.
  No link there with the users address. So unless we link it elsewhere with the address, we would have no idea what that would be. Calling the company will result in nothing but wasted time for both as they are not allowed by law to tell us the address.
  
  --
  Don't fight for your country, if your country does not fight for you.
So... by nizo · 2009-01-08 03:30 · Score: 4, Interesting

Once people get used to this, what keeps naughty people from sending out legitimate looking upgrade disks that scramble your player or install software that lets them use your network connected player as a spam server? Urgh, basically virus laden spam for snail mail.

--
I Am My Own Worst Enemy
Re:Personal Information and Tracking you down by LMacG · 2009-01-08 03:31 · Score: 3, Informative

As they say on Wikipedia, "citation needed". I've bought a hundreds of things at BB, and even worked there for a spell when I was between real jobs; never once was I asked for my phone number during a purchase.

--
Slightly disreputable, albeit gregarious
And what is wrong with this? by $1uck · 2009-01-08 03:33 · Score: 4, Informative

You purchase an item on Credit you're entering into an agreement to pay for something they are going to want to know your billing address so that they can verify payment. If you're that concerned about your privacy you need to not enter into such agreements and pay for everything with cash (which protects both sides). As a side note isn't this potentially a good thing that they sent you an update? You can decide not to use it if you fear its updating drm as opposed to improving the product.
These updates are scary! by Cathoderoytube · 2009-01-08 03:41 · Score: 5, Funny

A similar thing happened to me. I bought a blu-ray player, then one day I came home and found my house ransacked and my blu-ray player was gone. I'm still waiting for Samsung to send my blu-ray player back with the updates. I don't have any problems with these companies being vigilant about their update services. I just really wish they wouldn't spraypaint swastikas on my furniture.

--
I have nothing compelling to say
1. Re:These updates are scary! by Shakrai · 2009-01-08 05:02 · Score: 4, Funny
  
  I just really wish they wouldn't spraypaint swastikas on my furniture.
  That rug really tied the room together.....
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
Check you card for any bill BB wants $30 to do thi by Joe+The+Dragon · 2009-01-08 03:47 · Score: 4, Informative

Check you card for any bill BB wants $30 to do this.
http://consumerist.com/5122504/watch-out-for-firmware-shenanigans-at-best-buy
I had a similiar incident with Circuit City by BLKMGK · 2009-01-08 03:56 · Score: 5, Interesting

A few years ago there was an interesting device being sold that acted as an email dumb terminal. The device was sold sans any real license but the expectation by the vendor was that you would sign up for their service since otherwise the hardware was "useless". Except that folks figured out how to hack it and turn it into a remote terminal for various OS. I was interested....
I trotted down to my local Circuit City only to find that many others were also interested and that they were sold out. No worries, they let me go ahead and buy one and would let me know when stock arrived so that I could pick it up.
Meanwhile the company figured out what was going on and began trying to stop efforts to repurpose their hardware - unsuccessfully. I got a letter in the mail from the company a few weeks after I had made my purchase at CircuitCity. The letter was informing me that they had decided to change the license terms on their hardware - after my purchase, that signing up for their service was "mandatory", and that if I did not do so within X number of days or receiving my device they would CHARGE MY CREDIT CARD.
Now, I had never contacted this company, I had no intentions of ever dealing with them or of buying their service, and I had not shared my contact information with them. CircuitCity however HAD shared my name and home address with them and if the letter was to be believed was also willing to share my credit card account information to facilitate a charge! I trotted back down to the CircuitCity, canceled my order, and demanded an explanation - naturally they had NO clue.
I was beyond angry to say the least and fired off a letter to CircuitCity HQ. Their response was that no way did they share my CC information with this 3rd party but they said nothing about having shared my HOME ADDRESS! I let them know that I would never shop in their stores again and have told this story more times than I can count - it's been YEARS and I have held true to my promise not to give them a cent. Seeing them go under warms my heart - the jerks. The sad thing is that I nearly made this purchase with cash, I wish I had!
As a side note, the CircuitCity I went into was one I'd never visited as it was closer to work and not my home. When I gave them my phone number they had my complete address on file! Turns out that my girlfriend's daughter had shopped there about 3 years prior and made a single purchase. They STILL had our address on file tied to that phone number when I made my purchase. So yeah, these companies do cough up data and they also hold onto it a REALLY long time - thank you TJMax!

--
Build it, Drive it, Improve it! Hybridz.org
Re:Do you see the black car parked outside? by beef+curtains · 2009-01-08 04:35 · Score: 4, Funny

Clearly you need help...but as long as you keep cranking out creepy, funny posts like this one, I'm certainly not going to give it to you.

--
Just once I'd like someone to call me 'Sir' without adding 'You're making a scene.'
Re:you know who your customers are by internewt · 2009-01-08 05:36 · Score: 4, Interesting

I have a merchant credit card account for V,MC,D, you know the telephone swipe box that sits on the store counter.
It's pretty easy for the merchant, BestBuy whoever, to get your name and address from it.

And this is one of the reasons I always use cash. I do have a debit card, but it'll only get used in an emergency. Even then I'll probably claim I don't know the PIN so that I can sign instead.

Samsung asked BestBuy to pass on the update to whoever purchased the SKU. It's a tremendous courtesy, actually.
Well, yes you could see it as a courtesy, but it won't be. A business never ever does anything unless it thinks it will be benefitting from the action. This includes charitable contributions - the cost there will be seen as buying good will, or some other BS.
There was probably some kind of contractual obligation to send out these disks, but why the keenness to make sure the user's players were up to date? I can't imagine that Bestbuy or Samsung want to add features to the players, as if the players are lacking the user might buy a new one instead. I am guessing that the update is DRM updates... something like the ability for the player to identify copied disks, or maybe blacklisted keys or something.

There is no privacy. Get over it.
Well, there are various laws in various countries that try and give people rights to privacy, but like all rights they have to be continually defended. It doesn't help that penises like you make statements like that.... you might not care about your privacy and are willing to give it away, but when you do that you are often giving away others' privacy too.

--
Car analogies break down.
CC Info Cross Reference by sjbe · 2009-01-08 06:30 · Score: 3, Informative

I've stopped shopping at stores that use my credit card as a way to get me on their mailing list. On vacation, we bought some chocolates at Harry & David. When we got back, there was a catalog from them in our mail with my name (not "Resident") in the address.

I'm not saying you're wrong but you do realize it is far more likely that they got your name and address from a local mailing list vendor than from your credit card? Especially around the holidays. There are countless services available that can target promotional mailings for a fee. There are all sorts of public sources for this information including housing records. (seriously - buy a house and you will get spammed with more refinancing offers than you can imagine)
I get Harry & David catalogs too (no I don't want them), with my name on them and I've never purchased anything from H&D. They also will send you catalogs if someone else buys you a gift from H&D.
That's not to say they don't use credit card into. I never give a zip code, phone number or any other info when checking out because it can be cross referenced. I nearly called the cops on the guys at Jiffy Lube once because they drained the oil in my car and then insisted they needed my address to put oil back in. They do have a legal right to ask and can refuse service if I don't provide the information but then I have a legal right to shop elsewhere as well.