Blippy Exposes Credit Card Numbers Through Simple Google Search

← Back to Stories (view on slashdot.org)

Blippy Exposes Credit Card Numbers Through Simple Google Search

Posted by Soulskill on Friday April 23, 2010 @07:25AM from the making-it-easy-on-the-scammers dept.

An anonymous reader writes "In an unfortunate data breach, social media site Blippy has left credit card numbers in clear text, searchable via a simple Google query. The results show the amount spent on a transaction, the location, and the full card number. As of this submission, the issue still hasn't been resolved." The company's co-founder, Philip Kaplan, told the NY Times, "... when people link their credit cards to Blippy, merchants pass along their raw transaction data – including some credit card numbers – and the site scrubs that information to present just the merchant and the dollar amount spent. But several months ago, when Blippy was being publicly tested, that raw transaction data was present in the site's HTML code, where it was retrieved by Google. Mr. Kaplan said that early on, Blippy started disguising the raw transaction data behind the scenes, but it did not know about the breach until today."

95 comments

Min score:

Reason:

Sort:

Looks bad... for 4 people by alain94040 · 2010-04-23 07:25 · Score: 5, Informative

As of this submission, the issue still hasn't been resolved
Not true. If I read the explanation carefully, what really happened is that some credit card companies sometimes add the CC number to the description of the purchased item. Bad! Which also means that on your printed statement for instance, your full CC number will appear. During beta testing of Blippy, they were not aware of that "feature", so they let through the full CC number of 4 beta testers. Once they figured it out, they easily added a filter.
If you were a beta tester for a service like Blippy, you can't be too shocked that this might happen. A better discussion would be what is Blippy really good for? I can see why I might like to browse other people's purchases once in a while, but why would I want to broadcast mine?
--
better than an internship in a startup: become a founder!
1. Re:Looks bad... for 4 people by boneclinkz · 2010-04-23 07:27 · Score: 3, Funny
  
  *browses to google, searches for full credit card number* No results. Whew!
2. Re:Looks bad... for 4 people by mr_stinky_britches · 2010-04-23 07:28 · Score: 0, Offtopic
  
  Wow, talk about a misleading story. Oh well, it's hard to be surprised with /. anymore.
  Offtopic, I know, but do any of you know of any sites better than slashdot? Or does (mostly) intelligent discussion just not exist on the internet..
  
  --
  Censorship is obscene. Patriotism is bigotry. Faith is a vice. Slashdot 2.0 sucks.
3. Re:Looks bad... for 4 people by Anonymous Coward · 2010-04-23 07:30 · Score: 5, Funny
  
  Offtopic, I know, but do any of you know of any sites better than slashdot? Or does (mostly) intelligent discussion just not exist on the internet..
  You might try here
4. Re:Looks bad... for 4 people by Monkeedude1212 · 2010-04-23 07:33 · Score: 1
  
  You might want to go swing by Youtube, pretty much all the people who post comments there are so intelligent they are never wrong.
5. Re:Looks bad... for 4 people by Anonymous Coward · 2010-04-23 07:39 · Score: 0
  
  My search returns 152,00 result!
6. Re:Looks bad... for 4 people by mwvdlee · 2010-04-23 07:44 · Score: 1
  
  Intelligent discussion does exist. You just have this repulsion field around you that ensures you are never involved when intelligent discussion takes place.
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
7. Re:Looks bad... for 4 people by blair1q · 2010-04-23 07:45 · Score: 3, Interesting
  
  Which CC companies do this, so we can avoid them and let them rot?
8. Re:Looks bad... for 4 people by FrankSchwab · 2010-04-23 07:51 · Score: 4, Insightful
  
  So Google, who probably knows your name, your IP address, your Email address, all of your friends and family, all of the search terms you've ever used under any alias, and by pwning your wireless at home knows your street address and your MAC address, now knows your credit card number.
  Funny, perhaps, but in a bit of a horrifying way.
  
  --
  And the worms ate into his brain.
9. Re:Looks bad... for 4 people by travdaddy · 2010-04-23 07:52 · Score: 1, Offtopic
  
  Yeah, check out the comments at CNN.com and Yahoo.com.
  
  It's not intelligent discussion but it will make you appreciate Slashdot more.
  
  --
  Adidas To Bring Back Sneakernet
10. Re:Looks bad... for 4 people by maxume · 2010-04-23 07:57 · Score: 3, Funny
  
  Google Checkout seems to have a few users...
  
  --
  Nerd rage is the funniest rage.
11. Re:Looks bad... for 4 people by drachenstern · 2010-04-23 07:58 · Score: 1
  
  Was that 152,00 Euro?
  
  --
  2^3 * 31 * 647
12. Re:Looks bad... for 4 people by WrongSizeGlass · 2010-04-23 08:03 · Score: 1
  
  Offtopic, I know, but do any of you know of any sites better than slashdot? Or does (mostly) intelligent discussion just not exist on the internet..
  I'd have to say that intelligent discussion doesn't exist on the internet ... at least not anywhere I post. Hmm ...
13. Re:Looks bad... for 4 people by Anonymous Coward · 2010-04-23 08:05 · Score: 0, Flamebait
  
  you should really try /b/ instead of /g/ :P
  oops I just broke rule #1 and rule #2
14. Re:Looks bad... for 4 people by Anonymous Coward · 2010-04-23 08:18 · Score: 0
  
  yes but now if I manage to figure out the first few numbers of your card and input them into google your number may show up in their "recent search suggestions"
15. Re:Looks bad... for 4 people by The+MAZZTer · 2010-04-23 08:26 · Score: 1
  
  You DO know Google keeps a scrolling ticker of the latest Google queries in their offices, right?
16. Re:Looks bad... for 4 people by natehoy · 2010-04-23 08:40 · Score: 2, Informative
  
  There are two pieces of good news here.
  1) Credit card companies only do this for "disposable" credit card numbers, which are usually only used for one transaction. No credit card company I've ever done business puts the full CC# of your master account on every line of your statement,
  2) The REALLY good news is that such numbers only appear on your credit card statement,
  So this information is relatively harmless, since most credit cards revealed this way would be invalid by the time they were revealed. Plus, of paramount importance here, the only way this information could possibly get out is if you gave your credit card account username and password to some strange website or something so they could see your credit card statement. And no one would be dumb enough to do that, right? I mean, that's insanity, giving out the username and password to your credit card accounts. Right? ummm, right?
  Number of beta users: More than 5,000
  Source: http://www.netbanker.com/2010/01/blippy_demonstrates_the_power_of_real-time_streaming_of_financial_transaction_data.html
  Oh. Never mind. Some people are that stupid.
  
  --
  "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
17. Re:Looks bad... for 4 people by MaWeiTao · 2010-04-23 08:40 · Score: 1
  
  A better discussion would be what is Blippy really good for? I can see why I might like to browse other people's purchases once in a while, but why would I want to broadcast mine?
  I know someone working at a company developing something very similar to this. To this day I'm having trouble figuring out where the value in this is. Why would people want to share what they're buying? And why would anyone else care?
  I suppose there's value in this when shopping for deals or encouraging someone to get something. But that can already be accomplished a million other ways, the most basic being personally talking to the individual and actually showing them the product in question. As for shopping for deals, that's a very fluid thing and something I can better accomplish by just going on Amazon or Google and finding the deals for myself.
  I personally think we're seeing the beginnings of another dot.com bubble. The prospect of making a lot of money for minimal up front investment is just too appealing. The big difference is that this time around the development is usually outsourced and often managed by people who don't really understand the technology. So it's not surprising that the people running Blippy would not have noticed such a glaring problem.
18. Re:Looks bad... for 4 people by Anonymous Coward · 2010-04-23 08:43 · Score: 0
  
  Ummm... yeah, but I'm not telling you about them. 1st rule and all.
  Seriously, forums dedicated to specific devices, programs, whatever frequently have intelligent discussion in their "off-topic" boards, and tend to do pretty well at covering topics of interest to "typical" members. Find one where you fit in...
19. Re:Looks bad... for 4 people by Dashiva+Dan · 2010-04-23 08:56 · Score: 1
  
  You mean you sent your full CC number out to the internet on an unsecure connection (google.com is not https,) to a service that makes search terms used viewable (well, not sure how they'd manage to pick your search term out, but it's probably possible)
  
  --
  "lt;dr" is the correct response to most of my posts.
20. Re:Looks bad... for 4 people by rliden · 2010-04-23 09:02 · Score: 1
  
  Google doesn't share the full CC number with retailers, from the Google Checkout Help page.
  
  --
  Don't think of it as a flame, more like an argument that does 3d6 fire damage.
21. Re:Looks bad... for 4 people by rliden · 2010-04-23 09:05 · Score: 2, Funny
  
  -- Off Topic --
  Uh oh, I replied in the same topic (posted just above) as the person I stole the sig from. I didn't see your post until I had hit the submit button. That has to be like crossing the streams.
  
  --
  Don't think of it as a flame, more like an argument that does 3d6 fire damage.
22. Re:Looks bad... for 4 people by maxume · 2010-04-23 09:26 · Score: 1
  
  I don't see how it makes me any less original.
  
  --
  Nerd rage is the funniest rage.
23. Re:Looks bad... for 4 people by rliden · 2010-04-23 09:35 · Score: 1
  
  It doesn't.
  
  --
  Don't think of it as a flame, more like an argument that does 3d6 fire damage.
24. Re:Looks bad... for 4 people by SnEptUne · 2010-04-24 01:15 · Score: 2, Insightful
  
  Wow, I didn't realize 4chan has a tech section. Thanks.
Clearly Google is to blame! by Kenja · 2010-04-23 07:32 · Score: 1

Or does the "normal" logic not get applied this time?

--

"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
1. Re:Clearly Google is to blame! by Intron · 2010-04-23 07:44 · Score: 1
  
  Normal logic? You mean "shoot the messenger"?
  
  --
  Intron: the portion of DNA which expresses nothing useful.
2. Re:Clearly Google is to blame! by natehoy · 2010-04-23 08:00 · Score: 2, Funny
  
  Well, duh! He's right there when I got the news! What in the hell would you expect me to do? Go out and find who actually did it and shoot THEM?
  Geez, if I had that kind of patience I'd probably lose my American citizenship. Plus then I probably wouldn't be allowed to have a gun so I could shoot someone.
  
  --
  "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
3. Re:Clearly Google is to blame! by WrongSizeGlass · 2010-04-23 08:05 · Score: 2, Funny
  
  Normal logic? You mean "shoot the messenger"?
  Google doesn't have a "messenger", that's MS & Yahoo you're thinking of. You must mean "shoot the search engine" ;-)
4. Re:Clearly Google is to blame! by Anonymous Coward · 2010-04-23 08:09 · Score: 0
  
  Google doesn't have a "messenger", that's MS & Yahoo you're thinking of. You must mean "shoot the search engine" ;-)
  Yes it does.
5. Re:Clearly Google is to blame! by Anonymous Coward · 2010-04-23 08:37 · Score: 0
  
  [Foghorn Leghorn] 'Whoosh', I say 'Whoosh'. That thar's a joke, son. [/Foghorn Leghorn]
6. Re:Clearly Google is to blame! by Anonymous Coward · 2010-04-23 17:19 · Score: 0
  
  "thar" is ignorant Tennessee rural. Foghorn is patrician Georgia Southern gentleman.
  "Ah say there, son, that would be Whoosh! Whoosh, I say."
  Hear the difference?
Already Resolved, people should think next time... by ProdigyPuNk · 2010-04-23 07:37 · Score: 2, Insightful

This issue seems to be resolved already. Maybe this incident was a Good Think (TM). People need to be aware that what they put on social media sites can come back to bite them. Most people shouldn't be putting near the amount of information on the sites as they already do, without even mentioning credit card numbers and recent purchases. If it takes a few people's credit history to make the point to a wider audience, maybe this sort of thing should happen more often...
In other news by Anonymous Coward · 2010-04-23 07:37 · Score: 0

Everyone should have single sign on!
Nothing to hide by Sir+Holo · 2010-04-23 07:40 · Score: 5, Funny

If you have nothing to hide, then why not?

/sarcasm (see NYT article)
1. Re:Nothing to hide by MBCook · 2010-04-23 08:08 · Score: 1
  
  Glenn Beck posts on Slashdot?
  
  --
  Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Don't test with customer data by mwvdlee · 2010-04-23 07:40 · Score: 2, Insightful

Every idiot knows this; you don't test with customer private data.
You may randomize/one-way-scramble the real data to anonimize it, but you never, ever use the actual data for tests.

--
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
1. Re:Don't test with customer data by AcousticYorick · 2010-04-23 07:55 · Score: 1
  
  ...real data to anonimize it...
  There is a similar word in the English language: Anonymize.
  "Repulsion field," indeed.
2. Re:Don't test with customer data by Anonymous Coward · 2010-04-23 07:56 · Score: 0
  
  Of course you test with real data. How else can you be sure that your system works correctly in a real-world environment? You just do it in a closed off environment that is identical or near-identical to real-world conditions. Which is sort of (but not entirely) what they did, apparently, since only beta testers were affected.
3. Re:Don't test with customer data by mweather · 2010-04-23 08:04 · Score: 1
  
  Why not test with data that is identical or near-identical to read-world data?
4. Re:Don't test with customer data by Anonymous Coward · 2010-04-23 08:43 · Score: 1, Informative
  
  Actually you do NOT test with real data. I work in the processing industry. Card issuing companies have designated card numbers for testing. They are not generally published but even if they were used they would not work on a production system.
  Additionally, all processors we have worked with have production and testing systems so when you test, not only are you using a test card number, you are also using a test processing system.
  Beta testing in this case should NOT have included this problem. The card processing should have been tested apart from whatever a client "beta-tester" would need to play with. This is either the result of someone who is lazy or incompetent, period.
5. Re:Don't test with customer data by coolgeek · 2010-04-23 09:03 · Score: 1
  
  You're missing the point altogether. Any entrepreneur with any reasonable experience knows that retention of anything but the last 4 digits of a card number puts you on the wrong side of PCI compliance. These guys are obviously a bunch of amateurs and should not be trusted.
  
  --
  
  cat /dev/null >sig
6. Re:Don't test with customer data by Anonymous Coward · 2010-04-23 17:56 · Score: 1, Informative
  
  This is, quite simply, not true. If you doubt me, please check http://www.pcicomplianceguide.org/pcifaqs.php#19. Retention of the full credit card number is allowed so long as certain safeguards are in place. The rule about last four is primarily guidance about what should be printed on a receipt.
7. Re:Don't test with customer data by Anonymous Coward · 2010-04-23 21:38 · Score: 0
  
  I'm certain they did that for the technical testing but when you offer a social service and want to see how people use it you have to use real data, otherwise what's the benefit to sign up as a beta tester? It's also really annoying to see a comment like "every idiot knows this" followed by a flawed argument...
FAIL!!! by oldhack · 2010-04-23 07:42 · Score: 1, Funny

God, this twit talk is growing on me. Cracks me up.

--
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
In even more shocking news... by Anonymous Coward · 2010-04-23 07:47 · Score: 2, Interesting

Blippy exposed as existing.
Are these guys f-cked? by Anonymous Coward · 2010-04-23 07:49 · Score: 3, Funny

I wonder if this company is F-cked. If there was only a web site that would tell me that...
1. Re:Are these guys f-cked? by jonbryce · 2010-04-23 08:09 · Score: 4, Informative
  
  And for those who don't get the joke, Philip Kaplan, the founder of this site, previously had a site called fuckedcompany.com which charted the demise of dot.com and other companies following the collapse of the internet bubble at the beginning of the century. A f*ckup of this proportion would have probably earned about 60 points out of a total of 100. You get 100 points for bankruptcy proceedings.
Why would I WANT this? by nweaver · 2010-04-23 07:50 · Score: 4, Insightful

Who cares about revealing credit card numbers. The bigger question is, why would I want to deal with a business or "social media" site which snitches all my transactions from the businesses, and (i'm presuming) somehow makes them public?
And WTF are the businesses giving the full credit card number to the social media site at all? That just seems, umm, stupid?

--
Test your net with Netalyzr
1. Re:Why would I WANT this? by natehoy · 2010-04-23 08:16 · Score: 4, Insightful
  
  Some people are just exhibitionists. "Oooh! Look at me! I just bought a new XYZ phone!" and having that information fed to a social media site automatically means they have more time to, you know, buy more crap.
  As far as the credit card information, it all depends on who is feeding it. According to several articles on the subject, users give Blippy access to their credit card accounts (as in, access to log in to their credit card web site), and Blippy extracts the data it wants from your actual credit card transactions. If you use "temporary" credit card numbers like I do, then quite often the transaction will show up as (for example) "AMAZON.COM CARD#9999-9999-9999-9999". If Blippy is actually getting that data, then it's your credit card company that's revealing the data, not Blippy. If you signed up with Amazon, then you'll probably just get a list of items and it's unlikely a credit card will show through.
  So, the actual credit cards revealed were probably "disposable" numbers that were likely useless by the time they were revealed. However, that does lead to a different point. Who in the hell is giving Blippy their logins for their credit card accounts, or their merchant accounts? I mean, c'mon, really, we're well into April, it's nowhere near the first. Is this some form of sick stupid joke?
  Of course, if one were to, say, GIVE THEIR GODDAMNED CREDIT CARD OR MERCHANT LOGIN INFORMATION TO A GODDAMNED BUNCH OF STRANGERS, then their concept of "security" differs too greatly from mine for us to have a coherent conversation on the matter.
  
  --
  "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
2. Re:Why would I WANT this? by fm6 · 2010-04-23 08:21 · Score: 1
  
  Somebody had the bright idea that people would want every purchase they ever made available to their friends. Like you, I consider this idea demented, though it wouldn't surprise me if there were a lot of people who would find it kind of cool. Consider some of the other stuff you see online that once would have been totally private.
  As for your WTF: this sort of thing has been going on for years. They do it because it's an extra revenue stream.
3. Re:Why would I WANT this? by Anonymous Coward · 2010-04-23 08:28 · Score: 0
  
  Strangers? You mean like the guys at Paypal, or Amazon.com, or the random waitress at your local restaurant, the cashier at your grocery store? Or do you know all these people intimately?
4. Re:Why would I WANT this? by maken · 2010-04-23 08:34 · Score: 2, Insightful
  
  If you dont give your CC# "TO A GODDAMNED BUNCH OF STRANGERS" then how do you buy anything?
5. Re:Why would I WANT this? by Anonymous Coward · 2010-04-23 08:35 · Score: 0
  
  I want to know if I buy that Sex Toy I've been eying for some time, weather I can share that purchase with everybody online ? I will need someone to come along and sterilize my "post"ing before I comment on it.
6. Re:Why would I WANT this? by natehoy · 2010-04-23 08:42 · Score: 1
  
  Sorry, bad wording, allow me to clarify.
  "GIVE THEIR GODDAMNED CREDIT CARD LOGIN INFORMATION OR THEIR GODDAMNED MERCHANT LOGIN INFORMATION."
  I'll gladly hand you my credit card to buy something from you, but I will not write down the credentials to log in to my credit card company's website and administer my card. Yet, that's what Blippy asks people to do, and that's what they do.
  
  --
  "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
7. Re:Why would I WANT this? by rudy_wayne · 2010-04-23 08:44 · Score: 2, Interesting
  
  Somebody had the bright idea that people would want every purchase they ever made available to their friends. Like you, I consider this idea demented, though it wouldn't surprise me if there were a lot of people who would find it kind of cool.
  The idea behind Blippy, as best as I can figure, is that your friends can see all the cool stuff you buy and then leave comments telling you how cool you are. However, if you look at Blippy, what you actually see is an endless list of Taco Bell, Wendys, Exxon, Trader Joes and other mundane purchases. The truth is, the average person doesn't buy a lot of cool stuff.
  
  What is more amazing than the existence of Blippy, is the fact that Blippy has obtained more than $12 million in VC money, despite the fact that they currently have no way of generating any revenue. It's almost like the dotcom bust of 10 years ago never happened.
8. Re:Why would I WANT this? by Jawn98685 · 2010-04-23 08:52 · Score: 1
  
  Dude! Because it's so kewl, and besides, all your friends are there too.
  /lawn
9. Re:Why would I WANT this? by Fnkmaster · 2010-04-23 09:12 · Score: 1
  
  I mean, either you buy a lot of boring shit, in which case nobody cares. Or you spend lots of fucking money on cool shit, in which case sharing it with the world is utterly obnoxious - nobody wants you to rub their face in how rich you are.
  I don't get it. Then again, I'm one of those people who never really got the point of Twitter either.
10. Re:Why would I WANT this? by Coopjust · 2010-04-23 09:38 · Score: 1
  
  You'd have to be insane to give money to this site. They are holding back account logins so they can scrape the transactions on debit cards. They have no income.
  
  High libaility - any way of making money = VC Gold, apparently.
  
  My guess is they're pitching something like the sponsored tweets. Where vendors can make their store or brands can make their brand/product purchases have some extra notice.
11. Re:Why would I WANT this? by radish · 2010-04-23 12:01 · Score: 1
  
  Sure they have a way of generating revenue - they have all their user's CC and bank login details!
  
  --
  ---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
12. Re:Why would I WANT this? by Firehed · 2010-04-23 14:11 · Score: 1
  
  Blippy has tons of ways of generating revenue - they're just (consciously) not using them yet. When you have $12mm of runway to work with, you're better off building new features and getting more customers instead of spending your limited engineering resources on generating revenue. That's not universally the case, but when your revenue streams are going to rely on having a massive customer base, it makes sense to spend your VC money on getting customers for as long as that's sustainable.
  
  --
  How are sites slashdotted when nobody reads TFAs?
13. Re:Why would I WANT this? by Lord+Maud'Dib · 2010-04-23 18:00 · Score: 1
  
  You may have heard of this item called cash. Yeah, it works a bit like credit cards.
If you use any of those "Disposable" card # by ub3r+n3u7r4l1st · 2010-04-23 07:54 · Score: 2, Informative

Most bank offer single-use or single-merchant "virtual" card number, which allow for only single use or for use within the same merchant. In the statement, it will show the name of the merchant, along with which "virtual" card number you used.
Even if you picked up one of these numbers, there is no use.

--
New Economic Perspectives
1. Re:If you use any of those "Disposable" card # by blair1q · 2010-04-23 08:17 · Score: 1
  
  Well, sure, then. The number is good for one transaction. Exposing it is no problem at all. In fact, it's entirely the point of a one-time-use identifier. You can tattoo your old ones down your arm like Angelina Jolie's spawning coordinates.
Virtual Credit Card Numbers by hedley · 2010-04-23 07:56 · Score: 2, Informative

Use them. Don't *ever* use a 2yr+ plastic #!
Citibank has this feature, other cards must nowadays also.
1. Re:Virtual Credit Card Numbers by NerdyLove · 2010-04-23 08:06 · Score: 2, Informative
  
  Anybody with a paypal account can do this as well. It is in the Paypal Toolbar section, but you don't actually need the toolbar to be installed to generate them.
2. Re:Virtual Credit Card Numbers by Anonymous Coward · 2010-04-26 04:51 · Score: 0
  
  Ironically, as other people have noted, this is probably what caused the credit card number leak in the first place. When you use these one-time credit card numbers, your statement has the full number on the service line with the merchant name, which Blippy was unaware of.
Philip Kaplan? by rekoil · 2010-04-23 08:02 · Score: 2, Informative

The same Philip Kaplan that ran F*ckedcompany.com?
1. Re:Philip Kaplan? by drewzhrodague · 2010-04-23 08:06 · Score: 1
  
  That was my thoughts. And mobog, and a few other experiments. Glad to see the guy still kicking, if it is the same Phil.
  
  --
  Zhrodague.net - I do projects and stuff too.
2. Re:Philip Kaplan? by Anonymous Coward · 2010-04-23 09:37 · Score: 0
  
  yep - same guy, you'll find him here on FB http://www.facebook.com/pud
3. Re:Philip Kaplan? by Anonymous Coward · 2010-04-23 10:34 · Score: 0
  
  I'm thinking it's not Philip J. Kaplan. Just a suspicion, given how a project like this could go paws up over something... like this. Doesn't really seem like his style, given his previous body of work.
4. Re:Philip Kaplan? by Sparky+McGruff · 2010-04-24 09:11 · Score: 1
  
  No, it's "Pud" from F-d company. Pull the wiki page on Blippy, and it points to Pud's page, complete with a photo with him wearing a "I'd rather be masturbating" t-shirt. Sure, I'll trust my credit card numbers to Pud. No problem.
Blippy? by Anonymous Coward · 2010-04-23 08:04 · Score: 0

Is he related to Clippy, the paper clip we all know and love? Hey, what are you doing %^$%^$%^$% NO CARRIER
Tying your credit card # to a social media site... by edelbrp · 2010-04-23 08:06 · Score: 1

sounds like a real baaad idea to me.
Blippy and social media by wsuschmitt · 2010-04-23 08:10 · Score: 2, Interesting

Users of Blippy want people to know about what they are buying... one more step towards having your entire life open to the world.
This brings up a point that needs to be looked in to a bit further as our personal information becomes digitized: at what point do you just let go of trying to hide personal numbers (such as credit card and social security) and make them as public as possible and force the system to make sure that YOUR numbers are really your numbers? Honestly, if the banking systems that we use for credit transactions notified me EVERY TIME that my SS# went through their systems , then I would know when it is being used and wouldn't worry so much about someone "stealing" my identity. It's a 9 digit number that will NEVER be reissued as long as I live; credit card numbers are 16 digits long and are 'throw-away'. As soon as the systems are in place that link me directly to my SS, I won't be worrying about trying to hide these numbers.
I'll be worrying about Big Brother watching my every move...
That's the nature of the internet by HalAtWork · 2010-04-23 08:10 · Score: 2, Insightful

It just goes to show that if you put information somewhere online, anywhere, it's as good as writing it on bits of confetti and throwing it to the wind. Some will land in mud or in the grass, bushes and trees and be obscured, others may land in the garbage and be ignored or thrown out, but if anyone wants to look hard enough, they'll be able to find it, and some may even come across it without any pretense or forethought. Computers can help people, especially by aggregating large amounts of data, and the more data you put in, the greater the benefit can be to streamlining things for you and helping you discover the best opportunities. But that can also be turned against them since the data is somehow somewhere available.

--
Twinstiq, game news
Google has censored results by Anonymous Coward · 2010-04-23 08:14 · Score: 0

Now google has censored the results but you can still find more data by using a slightly different search term.
site:blippy.com +"CARD#"
Google, if you got nothing to hide, why hide it, right?
Blippy article on NY Times by yuna49 · 2010-04-23 08:15 · Score: 4, Informative

Coincidentally, the Times is running a a story today about this new generation of "social" media sites like Blippy. Not only does Blippy want to compile a list of your purchases, they'd like to read your e-mail, too, if you don't mind. From the article:

The spirit of sharing has already run into some roadblocks. Amazon.com was so wary of the security ramifications of Blippy's idea of letting consumers post everything they bought that, for several months, it blocked the site from allowing people to publish their Amazon purchases.
In March, Blippy sidestepped Amazon by asking its customers for access to their Gmail accounts, and then took the purchase data from the receipts Amazon had e-mailed them. Blippy says thousands of its users have supplied the keys to their e-mail accounts; Amazon declined to comment.
Sigh....
1. Re:Blippy article on NY Times by TooMuchToDo · 2010-04-23 08:26 · Score: 3, Insightful
  
  You can't fix stupid. +1 to Amazon for trying though.
2. Re:Blippy article on NY Times by Coopjust · 2010-04-23 09:40 · Score: 1
  
  Blippy: Give your bank, credit card, and email logins to us, and we'll tell your friends what you bought. Hopefully we don't lose any of that info! Seriously, I wouldn't touch the site with a ten foot pole.
Bloopsy Daisy by Bob_Who · 2010-04-23 08:25 · Score: 1

Blippy blew big bloopers before the bankruptcy blues...
1. Re:Bloopsy Daisy by Anonymous Coward · 2010-04-23 08:34 · Score: 0
  
  Bob Basler?
  http://blogs.reuters.com/oddly-enough/
  Your comment read just about as clever as stuff he posts.
2. Re:Bloopsy Daisy by Bob_Who · 2010-04-23 22:04 · Score: 1
  
  ....depends on a credit score and cash limit. I mean, er, um, Bob O Matic.
Why to broadcast your purchases: Reputation by tlambert · 2010-04-23 08:44 · Score: 1

Why to broadcast your purchases: Reputation
I'm not going to defend this as a good or a bad idea, but by having a separate authoritative channel, they've basically made it possible to verify that someone who posts a review of a product actually owns the product, rather than just being a troll or a shill.
This effectively addresses head on the recent issues that "Yelp" has had in terms of offering paid advertising, using predatory or unethical sales practices, and so on. This is akin to using the getpeername/gethostbyaddr/gethostbyname verification that most SMTP servers do these days to verify that the ARIN IP address delegation agrees with the DNS delegation. By having two independent authorities to provide a countercheck, spoofing your gethostbyaddr doesn't get you anywhere because they can verify that you are really coming from one of the machines you say you are coming from.
Like I said, I don't know if it's a good idea. It's probably not even technically social networking. But it could have a useful application.
-- Terry
1. Re:Why to broadcast your purchases: Reputation by KDR_11k · 2010-04-23 21:37 · Score: 1
  
  I'm not going to defend this as a good or a bad idea, but by having a separate authoritative channel, they've basically made it possible to verify that someone who posts a review of a product actually owns the product, rather than just being a troll or a shill.
  Could work in the other direction too, making people think you didn't buy something just because you paid in cash.
  
  --
  Justice is the sheep getting arrested while an impartial judge declares the vote void.
Why do I need to be private anyway? by GovCheese · 2010-04-23 08:46 · Score: 1

There's an incoming generation (and here I'm thinking of kids just entering their teens) who may not buy into the same privacy fears you and I might share. "Why bother with privacy," they think. "Why do I need to be private?" I'm not sure if the change in philosophy is a generational shift to accomodate a wholly different social culture, or if, darkly, it represents an entire generation mindswiped by consumer overlords. Either way, it's troubling.

--
"He's using a quantum encryption scheme! That'll take hours to break!"
1. Re:Why do I need to be private anyway? by turbotroll · 2010-04-24 05:09 · Score: 1
  
  There's an incoming generation (and here I'm thinking of kids just entering their teens) who may not buy into the same privacy fears you and I might share. "Why bother with privacy," they think. "Why do I need to be private?" I'm not sure if the change in philosophy is a generational shift to accomodate a wholly different social culture, or if, darkly, it represents an entire generation mindswiped by consumer overlords.
  Probably the latter.
  
  Either way, it's troubling.
  Indeed so.
What a bright future! by OrwellianLurker · 2010-04-23 09:13 · Score: 1

Can't wait until I am treated with suspicion for wanting to protect my privacy. I hate my generation.

--
'Political power grows out of the barrel of a gun.' - Mao Tse-tung
Re:http://www.facebook.com/pud by Anonymous Coward · 2010-04-23 09:50 · Score: 0

Do you want me to click that link? Or pull it?
Not just blippy by ZeBam.com · 2010-04-23 10:35 · Score: 1

Try this:

1) Pull a credit card out of your wallet and look at the 16 digit number with format "wwww xxxx yyyy zzzz"
2) Google the first two groups together in double quotes like this "wwww xxxx"
3) ???
4) Profit!

--
CG Pin-Ups?
1. Re:Not just blippy by ZeBam.com · 2010-04-23 10:37 · Score: 1
  
  Actually, it should be:
  
  "wwww xxxx" "card#"
  
  --
  CG Pin-Ups?
2. Re:Not just blippy by Firehed · 2010-04-23 14:17 · Score: 1
  
  Or just write a loop that runs a Luhn check against a sequence of numbers. About one in eight or so numbers in the sequence will pass as being a "valid" card number - but to run charges against it, you still need some additional data like a billing ZIP code at the very least
  
  --
  How are sites slashdotted when nobody reads TFAs?
Blippy Idea? Market Research. by Anonymous Coward · 2010-04-23 12:04 · Score: 0

That's the idea that's sold to the public.
Blippy's real idea? Direct marketing tied to an individual.
"We may engage certain trusted third parties to perform functions and provide services to us, including, without limitation, hosting and maintenance, customer relationship, database storage and management, and direct marketing campaigns. We will share your personally identifiable information with these third parties, but only to the extent necessary to perform these functions and provide such services, and only pursuant to binding contractual obligations requiring such third parties to maintain the privacy and security of your data."
Yeah, that's right, that cool new "social networking" bullshit is the same thing as signing up to receive a f*cking catalog only with a more personal twist. It's the same as when Radio Shack, etc. asked you for your phone number and home address, just a little more detailed.
God knows, I'm not being sold to enough, sign me up for more!
Re:Already Resolved, people should think next time by em0te · 2010-04-23 17:24 · Score: 1

Google still has the cache of them as of 1:24 AM "card site:google.com"
Why doesn't Google apply a global filter for CC#s? by Xoc-S · 2010-04-23 22:26 · Score: 2, Interesting

All CC numbers have a particular pattern, and there is even a check digit. Why doesn't Google provide a global filter in their search index so that any keyword that matches a credit card number is not indexed? And pages with CC numbers not cached, or blanked in the cache?
Sites such as bulletin boards frequently get somebody being stupid and posting their credit card number. The mods fix it, but the Google spider gets there first.