Slashdot Mirror
Ask Slashdot: Why Do Firms Leak Personal Details In Plain Text?
An anonymous reader writes "Having entered my personal details (full real name, home address) to websites with an 'https://' prefix in order to purchase goods, I am still being sent emails from companies (or their agents) which include, in plain text, those same details I have entered over a secure connection. These are often companies which are very keen to tell you how much they value your privacy and how they will not pass your details on to third parties. What recourse does one have to tell them to desist from such behaviour whilst still doing business with them if their products are otherwise desirable? I email the relevant IT team as a matter of course to tell them it's not appropriate (mostly to no avail), but is there any legislation — in any territory — which addresses this?"
It really comes down to what their privacy policy says, the country you are in and if they claim they do not share any information with 3rd parties and you were smart enough to use separate email addresses or unique identifying information so you can show the information had to originate with them then in many countries there definitely are legal avenues you can follow. But for the most part you are shit out of luck, find someone else to deal with. I started creating unqiue information that I can easily map to individual sites so I will know who is fucking me over whenever I register somewhere.
https is designed to prevent others from intercepting the traffic en route - it has basically nothing to do with how the data are stored. Should everything be encrypted? Yeah. Passwords should be salted+hashed+more because the company has no valid reason to know what the plaintext is. I hope that if I am buying something that they have a valid reason to know what the plaintext version of my address is - I don't think the USPS is that good (yet).
Your payment information is sacred. The other stuff, not so much.
The reason you get emails with your personal information has nothing to do with https (secure) v/s http (insecure), it has to do with the company you did business with sharing/selling your information with their 'business partners' and / or selling it to marketing companies, and the tracking cookies from other websites you've visited.
Linux is unix training wheels, while BSD *is* unix.
...that you don't seem to understand. It has nothing to do with the way they use the data. It means only that the communication is being sent encrypted, and is thus not going to be caught by a man in the middle attack. That's it, nothing more.
People are waaaaay too paranoid these days. There is nothing sacred about your name and address. No one can steal your identity with it. If the email had your SSN or DOB in it, that would be different. But your name and address? If you have a landline phone, it's probably in a phone book and on numerous telephone directory websites and has been for years. Public court records have your name and address too. Nobody cares.
You and your stupid personal details.
Since when is your name & address personal & privileged information that needs to be secured?
You're aware these things are a matter of public record, right?
So you sent your info to someone encrypted. They sent it back to you unencrypted. SSL *does* assume you trust the recipient.
...You're dealing with human beings, and human beings make mistakes.
That's why.
If the data was shared with a partner is wasn't leaked.
Before you commenced your purchase did you read their privacy policy? Most likely the privacy policy stated that they share some of your information, (name, address, e-mail) with partners. Nicer companies let you opt out during the purchase process, but it's not required.
Keep in mind that your name and address are a matter of public record.
https:// allows the transfer of your credit card information so that it can't be stolen during the transmission from your computer to their computer.
Why should they care?
There's no benefit to them keeping your information safe, it costs them time, money, and effort to do so, and there's no real consequences when they screw up. They will just put out a statement saying "all of our customer information was stolen, we recommend everyone change their password, and the hole is now patched - it can't happen again!".
Also, they can blame the thieves. "It wasn't our fault, it was that scoundrel who noticed that you can change the account number in the URL to get into someone else's account."
As to "we value your privacy", what does that actually mean? It means that companies have discovered that people trust companies that make that statement, and are more likely to purchase from such a company.
That's all it means, and no more. It doesn't mean that they care or that they abide by the statement, it means that they think they can get more business by using that phrase liberally in their public-facing documents.
You're living under the naive assumption that companies mean what they say and will do what they promise. They do what the consumer protection laws force them to do - any statement that reflects these laws is probably true, while the rest is simple puffing.
...you do business with, in the sense of providing personal details such as real name, address, and phone number.
Yeah, it's hard. For example if you want to buy tickets, then you probably will have to deal with Ticketmaster. But at least I can say that I am NEVER tempted by a one-time deal like "sign up and we'll give you 50 percent off your first order, and send you a free gizmo." Or "sign up and join the online community of citizens and professionals interested in saving mankind by exchanging views on technology X." I guess I'm a little paranoid.... maybe that's why I post here as AC.
It's just like some fool sending you an encrypted archive with the password in the same email. It looks cool and they don't know how much of a useless waste of time it is. The actual gatekeepers only get the superficial cargo cult appearance of security from the people that should be the gatekeepers, but that's seen as OK since you'd need to employ somebody to do it all properly. Putting on a show is cheaper.
The companies that use https are using it for many reasons, such as to protect your credit card information to remain compliant with their card processors and by extension the credit card companies policies, as well as probably a few laws. Non-sensitive information is not protected information, so they can use that in any way allowed by their TOS that you agreed to.
Last year, I switched ISPs... My new ISP emailed me my password in plain text as a "confirmation" after signing up for my account. Needless to say, I was horribly pissed off about it.
The problem is, how do you know which companies do this, until AFTER the fact? The OP stated it came in an email, which is after the fact.
The question is, who are you worried will find this super secret sensitive information (Your name, address and fact you use the site)?
The government? They don't need to intercept the e-mail they have easier ways of knowing it?
Some criminal targeting you specifically who manged to intercept this e-mail? He already knows who you are all he learned is you use this site,
simply seeing the IP is enough?
Some random script kiddie on the internet? intercepting e-mails is not that easy, yes they are in plain text but they are not broadcast over the internet for everyone to see
you have to position yourself along the route it travels (and this route normally doesn't change much) and attack somewhere along it, not impossible but hardly effortless. and why would he?
Which only leaves corporate espionage targeted against the site you are visiting, which though more likely then any other vector still seems a bit far fetched, and in the end all they learn is your name&address.
There are plenty of serious threats out there on the internet, this doesn't seem like one of them.
focus your worrying else where.
When you want to do a search for a customer by email, you can't do that if its encrypted. We keep passwords in databases hashed, not encrypted, its not the same thing. If you want to be able to do customer support, it needs to be in a database unencrypted.
It's forbidden in Poland. Similar rules apply in many european countries
If they offer the option of encrypting the email, it's not going to work for 99.9% of people anyways.
If you have to ask about which territories...
you must be a redneck !!
Charge them money. After all, it is your unfo they are making money from.
Of course, they will NOT pay. So you start a class action lawsuit against them and every other company
doing this. You may win, you may lose.
But if you win you will stop one hell of a lot of companies from doing this as it costs them nothing now
but may cost them heaps in the future
Your name, address and phone number are published in the phone book. What's sensitive here?
On a Web site, it's done over an encrypted connection not to protect the information but to prevent a third party from sitting in the middle collecting payment information. The combination of personal information with payment information (credit card number and expiration date), that would be sensitive. On their own either set of information should be non-sensitive, but combined it's sufficient to pass the authentication checks merchants and credit-card companies do. But just personal information without any associated payment information, what's anyone going to do with that that they couldn't do by looking through your local phone directory?
I forgot to add that my life's ambition is to blow Kim-Jong Un on live TV.
-- Ethanol-fueled
See if the point of someone having your information is to, well, be able to access your information then it needs to be stored in that format. A password can be hashed, but something like name and address needs to be stored in text. Encrypting it is the kind of thing that does a limited amount of good. They may well encrypt it on disk, but the software that accesses it still needs to be able to decrypt it, wouldn't be of much use if it couldn't. So if someone busts in through a problem in the software, they can get your data.
It is easy to get mad and say companies should "do something" but ask yourself what that something is, I mean really analyze the problem, and then try and come up with a solution that works. It is harder.
We deal with that kind of thing at work. Securing data isn't just a magic switch you can flick. Like our new storage array has self-encrypting drives. Great, we can, with no performance loss, encrypt everything on it... However that only really helps against it getting stolen, or if we forgot to wipe the disks when we decommission it. Being that all data is encrypted, the unit has the password (it is a power-on kind of thing) so if you bust in over the network, well then you can get at the data unencrypted.
For more sensitive stuff you can take it a step further, use Sophos (ya that is what they bought, no not my choice) full disk or file container encryption. That means that if a system with it is lost, nobody can get the data. However, when that system is online and the FS mounted, again a break in can get at the data.
The only way to stop network breakins from being a possible compromise is to take the systems entirely off the Internet. Not only is that unfeasible in normal cases, but it is impossible if you are talking the system that is to handle talking to the users online.
I can't come up with a way that you can have a system where the data is secure, even if the system gets compromised. Of course you try and stop systems from getting compromised, but the idea that data should be stored somehow that even if a system gets broken in to you can't get at it is rather silly.
Generally speaking, retail sites (Ones who have the really important information, like credit card numbers and the like) also only store hashed passwords. So asking for a password will get you a temporary link e-mailed (usually requiring further security questions) to set a new password. Other personal information, your name and e-mail address, are not considered worth securing, as you automatically send them out with every message you send, and all your mail is invariably addressed to you with your full name by your other contacts.
Postal addresses are generally something of a grey area. On the whole, they're not particularly secured (Anyone who was determined to find out could find your address from the phone book, electoral roll, or other public list). Credit card numbers are typically secured by removing/obscuring all but the last 4 digits, and items ordered are again typically treated as "Better to include with a receipt, as a double-check, than to exclude".
There is, as always, a fine balance in the "Privacy is required" to "more information is better" debate, but leaving that aside, while SMTP is a plain-text transfer medium, it generally requires quite a lot of work to actually get someone's details. For instance, you have to:
This isn't easy, or practical. Sure, if you want to, you can do it, but what is the point? If you're stalking them, there's much easier methods (going through their trash, trawling public records, google searching their name). If you're selling to them, there's easier ways (Buying details lists from credit bureaus, mass mailing).
The problem of secure e-mail has been around for a long time, and many solutions have been proposed for the problem (S/MIME, PGP, Domainkeys), but it's largely a chicken-and-egg problem - Secure mail systems are not universally supported, so it's not used/Secure mail systems aren't used, so they're not supported. Solving this problem is left as an exercise for the reader. Obviously.
Whether or not the information is encrypted is not important in this case. It may be to you, but it's not to the party you are dealing with. The big deal is that you can be reasonably assured that you are in fact dealing with that party and not someone imposing as them, or someone intercepting the communications between you and them. HTTPS will always sign each data transmission, making it virtually impossible to alter the data under way or to have someone else impose you.
HTTPS is seldom about privacy, especially with all the monitoring, tracking and statistics going on. Try visiting the web without google or facebook getting cookies and tracking data on you, regardless of you visiting a site that uses HTTPS or HTTP. You can, but you'll have to go through great length to do so.
The data being sent back to you, goes to an e-mail provider you trust. If you don't trust them, you wouldn't be using them. The information you gave to the website is something that isn't that sensitive that you wouldn't want "strangers" to have. If it was, you wouldn't be handing it over to some web site. Yes, your address is in there. Very annoying that over a thousand companies and government departments (on average) have you on file. However, it's trivial to find out where people live, usually, so it's not a very big secret. The most annoying thing to me is the spam they keep mailing you even though you clearly indicated you were not interested in that. Sure, it could be handled a bit more secure than this, but in the end, you are responsible for the amount of personal data you are putting online and you know in advance that once you put it there, certain things are probably going to happen with it. If you only want to deal with companies that will default to sending you GPG encrypted e-mail, you'll not be shopping online a lot for the foreseeable future.
I was promised a flying car. Where is my flying car?
The point is, when anybody adds 'on the Internet' to a statement, it becomes hugely more critical.
"Somebody knows my mailing address."
Now, that is pretty bland. Anybody who drives by your house probably can figure that out quickly.
But change that to "Somebody on the Internet knows my mailing address" and it's time to pee down your pants leg.
It's similar in so many ways to the magic of patenting something by tacking 'on the Internet' on the end.
I've been 'online' for decades, going back to the BBS era. I was active on a local social BBS back in the late 80's. We got together on Sundays to play softball.
Everybody was so fricking scared to present themselves to the other people they were playing softball with using anything but their 'handles.'
There's something weird that happens when you allow people pretend to themselves that they have anonymity. No other explanation makes sense.
you ain't even seasoning right my nukka and you think your taste sublime
To 'encourage' the employees to leave !
Employees, other than the 'Elites' are the dregs and the scourge 'Modern' Corporations.
Your data is probably shared all over the internet anyway. Example of this is when you go to sign up for myups, they know who your parents\granparents (and their addresses. They use the info to generate questions to validate who you are, try it, it's spooky). You can't guard you info everywhere, and if someone really wants your information, they will get it. Just don't make yourself a target. I try to limit what goes where, but I don't loose sleep at night about it.
"What recourse does one have to tell them to desist from such behaviour whilst still doing business with them if their products are otherwise desirable?"
Now that you've got slashdot's attention, you could try identifying them here along with the specifics of their customer privacy issues as you have observed them for others to consider. The Internet will sometimes pick up on that sort of thing and respond in a way that can cause a company to renew its interest in the matter.
I bought a used PC once. I found some stuff on it, including customer data. I contacted the company I had bought it from with suggestions about how to go about wiping drives securely before disposing of PCs. Unsurprisingly, I got a "not that big a deal" response. Mostly for my own childish amusement, I contacted them again and attached a few things that were on the drive, assuring them that I would be happy to either not worry about it or to wipe the drive for them, whichever they wanted me to do. The data included enough to identify the drive as having belonged to a company officer, along with details about one of their clients that they invoiced over $10 million a year, customer data, and porn. I attached some examples of all but the porn, only mentioning in passing that there was also porn. Being a fiendish bastard, I knew that in that case, it would be more effective to let people's imaginations do the heavy lifting. The response that I got indicated a high degree of interest in reducing future privacy deficits.
In my experience, there are only two things that can motivate a corporation to do anything: Sufficient fear, or sufficient reward. If you want a company to change something, it may be necessary to offer them one or the other.
It is in some cases where a failure is just a counterproductive waste of time like the one mentioned above and others that even make it to the news on occasion.
No - it is completely unprotected if you have the locked thing in the same place as the key - you may as well just leave it unlocked. The danger in the case is that the sender assumed that only the intended person could get the information and they assumed that encrypting the file would magically do that even if the key was included.
I hope that was enough and didn't come off as condescending. I did not expect to have to explain it on such a site and especially didn't expect someone that had missed the point attempting to give me a flawed lecture on security trying to find a non-existent excuse for an epic failure and finishing with some very bad advice.
Oh, and you can buy that kind of information already, from his credit card company or bank (who make a very nice profit selling those details anyway) for considerably more cheaply and easily than poisoning the entire internet.
Scary. Fortunately, in my country we have banking secrecy laws. Ooops, had. Most people are concerned about the tax man, but these shenanigans are actually a much bigger threat when banking secrecy goes away.
In those places, a $100 bill would work as well or better than a passport for getting through checkpoint guards. The idea that someone would bother with your passport number in trying to forge a passport to get through there is rather laughable, since they didn't even bother to check said number to see if it was legit.
At a border with better security? Not going to work. Passports have a lot more security to them than that, particularly now.
Basically if places have weak security, the have weak security. Someone isn't going to bother to try to get a legit name and number to forge a passport. If they have tight security, then it wouldn't do any good as they check the other features, which wouldn't match.
By using HTTPS for editing personal data, the site cuts out the weakest link. Intercepting plain HTTP on an open wifi is far easier than MITM between SMTP servers. It's reassuring that most sites recognize this now - and depressing that the common geek here doesn't.
One time credit card numbers, poboxes, email accounts that include the names of the organisation who will be replying to it (so it can be cancelled and you know who is responsible for spamming) go a long way to save you from corporate culture and identity theft.
The push to mandate real names online is laughable given the attitude to privacy of the parties asking for it.
The old rouge employee \ company espionage is a bit harsh a term. But it could be just about what's going. When a company has to sift through thousands of registration requests manually and per day for approval, they'll often use minimum wagers for the task. Terrible job, crappy salary, no possibility for promotion of any kind. It's no surprise some temp agencies refuse to accept C.V.s by email...
A lot of websites send you a plain text email with your information, including a password in plain text right after you created an account with them. I've wondered about the same thing. You can use https for when the user is entering his new password, and you can store a hash of the password in the database instead of the plain password.... but if then you will just email the password back as plain text, then what is the point?
If you're really that bothered, sign up here:
http://www.safe-mail.net/
And yes, you get a free S/MIME cert, and yes, even if the sender isn't secure, your emails will be; read this:
http://www.safe-mail.net/sites/safe-mail.net/WhatIsSafe-mail.html
esp. the bullets called 'Secure e-mail' and 'SafeBox'.
Nope, I don't work for 'em, I've just been using 'em for years. Accourse, if you decide that you don't trust them, then there's not much else you can do, as many here have already pointed out.
Just my tuppence.
Grammar is still important today. Even if it comes with a backhanded intelligence remark. I say give that man a red pen !
I live in a nation with fairly well thought out Data Protection laws.
By sending me a password in plaintext, they break their requirements for due care & attention, and thus are liable for a fine.
Having said that, this totally irresponsible idea of sending UID and password in an email is the default with Wordpress. I can't for the life imagine why, because it's fantastically stupid. It's really bad you have to engineer this out of the code manually after every update - it should have never been in there in the first place.
You've obviously never heard of the "Carnivore" email harvesting progrem by the US government. And it's relatively easy simple to flag email based on keywords like "login" and "password", to make the whole process much, much simpler. And stalking someone can be done much more safely, remotely, and undetected if this critical
And it's not a "chicken and egg" problem. It's a "Microsoft Outlook and Exchange refuse to support it builtin with a publicly usable technology", so major companiess are simply not going to do it by default.
With out trusted affiliates....
Why do credit card companies mass mail pre-filled card applications? (He asks rhetorically.)
Plain-text leaking of personal details calls for application of Hanlon’s Razor (attr. Richard Feynman): Never attribute to malice that which is adequately explained by stupidity.
Fake Name... Most emails I receive from such sites start with "Hello Gofuckyourself!" etc... if you want to be creative you can tailor the message to be as entertaining as you'd like. As an added benefit, if you give a different name at each site, when you get spam, you can know who sold your private data.
There's a usual mechanism for password recovery -- tell the site your email address, and it emails you your password. This personal information is sent unencrypted. It's not clear how this would work on encrypted email, because it may also be the email decryption key you've forgotten. Or your password safe's passphrase.
Any suggestions?
Another problem I'm having with companies is after I opt for electronic communications, they still send me postal mail. Ads, confirmations, account info. I try to explain that I don't want any postal mail coming to my house. I don't want all my account details going past housemates. I consider online communication to be more secure. How can I get them to stop exposing my personal information?
-- these are only opinions and they might not be mine.
I set up encrypted B2B file transfers at my job. During the go-live with an insurance company, the person on their end decrypted the file, then emailed it back to me and a bunch of other people with the question, "Is this what you sent?".
sigh.
Because they're obviously paying top-dollar for their staff and listening to their suggestions
I don't know the meaning of the word 'don't' - J
I mean, why doesnt thunderbird or iceferret or basically any client "generate a key" like ssh does when its instantiated. Why cant the clients have a button to distribute the public key whenever its appropriate? I see no reason why this level of security cannot live on top of ssl. "You have just uploaded your public key, would you like all email from us to be encrypted using this key before we send it?"
I email the relevant IT team as a matter of course to tell them it's not appropriate (mostly to no avail), but is there any legislation â" in any territory â" which addresses this?"
They might be able to sue you for spamming them, but I doubt they have a case.
Is there anyone left on the planet who does NOT have my name and address? I moved recently, and all the junk catalogs the old address had been getting were updated with my new address before stuff where I intentionally changed my address. Apparently everyone has my name and address.
not a whole lot can be done with your name and address, which is public record anyways...if you're that uptight about it, stop shopping online and only do cash transactions in person
PS => HOSTS files help prevent sublaxation.
..apk
-- Ethanol-fueled
APK
PPS ==> Your mum is a HOSTS file.
Just stating what looks obvious even to an idiot, this leak in plain text is a teaser for enticing the sale of the MOTHERLODE of helpless, trusting customers' information, submitted data..
And it's not a "chicken and egg" problem. It's a "Microsoft Outlook and Exchange refuse to support it builtin with a publicly usable technology", so major companiess are simply not going to do it by default.
Microsoft Outlook and Exchange have supported S/MIME (Publicly-usable technology) out-of-the-box since at least Outlook 2000. So please stop trying to Microsoft-bash here.
Oh, and I have heard of "Carnivore". I've also heard of ECHELON and the Illuminati. If the government wants my address, there are a LOT easier ways of getting hold of it. The IRS, for example (as you seem to be using the US government), or the census bureau. Please adjust your tin-foil hat, or better yet, remove it completely, as it only helps the mind-control rays work.
So they should just send you correspondence encrypted, and you can uh um so something with it, I suppose.
I used to be
The data is usless unless it is in a form that is human readable at at least some point in the future. Therefore its possible to get the data in plain text.
If you expected your data to be encrypted and the key thrown away, I'm sorry but nobody does that.
If that description includes a person who has recently tasted success from two or more distant shores, and while dictating to his/her assistant who's writing feverishly on a napkin at a boorish luncheon, the company's next new policy agenda.. I believe this calls for a toast as well!
Maybe in Petoria, but other than that, I don't know.
Ask Peter, he runs the place. Or ran it, before the Yankee invasion.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
When the alternative is no security and false security.
1. I am not saying use any key server. I am saying that it would be a simple matter to transfer a public key to a website like amazon so that when they email you information it is encrypted with your key.
2. The incentive is that no one but their customers should know what you bought. Heck, if google can scan my emails for order history, then they can SELL that information to people. Even people I might not want to have it. And the vendor that sold it would have to compete against targeted marketing.
3. The email can be forwarded infinetely. Point to point security is the goal.
4. Lets just keep this about orders right now and not general email. Think of this as an "overlay" on top of general email. One that does more to protect customers of sites. Lets even say its to protect customers from mail SERVER intrusion or scanning.
If you make laws against ignorance and stupidity you'll get into a IV reich eventually. The best way is not to use companies that do this an let them know.
Even person-to-person emails could benefit. The email clients could include taglines or header information that say "Send me your pub key". A button
could popup on your email client, "sender would like your pub key for future emails, would you like to send it?". You press yes, and its emailed to them.
All future comms are point-to-point encrypted .
SMTP can use TLS encrypted transport, just as HTTP can use TLS encrypted transport (called HTTPS).
It merely has to be enabled.
Of course, in order to work BOTH ENDS of the connection have to support TLS. That means that if your freemail provider doesn't do TLS, then even if the sending MTA does, it will not be used.
Or the other - third party gets the document and the key and does whatever they want with it - which is exactly why I put it forward as an example of being nothing but security theatre and utterly useless.
If you can trust the communications channel to be certain that no third party is going to get it then there's no point encrypting something that is just going to end up as plain text on the recipient's machine anyway.
Lock + key delivered together = plaintext + stupid waste of time + wondering what sort of idiot you are dealing with.
Encryption like PGP should be mandated if the consumer asks for it.
Mundus Vult Decipi
The big problem is we need a way to identify you John Smith from the 50 zillion other John Smith people in the world, but for some reason just knowing your identity number (SSN) is enough to allow all access to your financial world!
If you saw user details being spit out that were encrypted, would you know?
I.e. it's only in the case of user-details being spit out without encryption, that you would know they were your user-details. At some point, if you entered your details in plain text, or if the site allows you display some of your user details, those details could easily be seen pre- or post- encryption.
Especially if you are seeing your own details, I would say that doesn't tell you "much"... OTOH, seeing everyone's details ... that 's a different matter.
is what made you pose your question here?
See http://slashdot.org/submission/2680763/ask-slashdot-what-can-i-do-about-a-medical-website-emailing-my-password .