Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Why Do Firms Leak Personal Details In Plain Text?

Posted by timothy on from the more-exciting-that-way dept.

An anonymous reader writes "Having entered my personal details (full real name, home address) to websites with an 'https://' prefix in order to purchase goods, I am still being sent emails from companies (or their agents) which include, in plain text, those same details I have entered over a secure connection. These are often companies which are very keen to tell you how much they value your privacy and how they will not pass your details on to third parties. What recourse does one have to tell them to desist from such behaviour whilst still doing business with them if their products are otherwise desirable? I email the relevant IT team as a matter of course to tell them it's not appropriate (mostly to no avail), but is there any legislation — in any territory — which addresses this?"

4 of 252 comments (clear)

  1. Re:https has no bearing by Anonymous Coward · · Score: 5, Informative

    Gibberish. It has to do with the company not realizing that email is insecure.

  2. Re:Name and address? by Anonymous Coward · · Score: 5, Informative

    The thing that gets me is that when people give social security numbers, they always give the last four digits. The problem is that those are really the most sensitive for anyone who got one before the year 2011. I met a guy in college who could construct a whole SSN using your place of birth and birth date. The reason is that the first 3 represented geographic location and the middle 2 were given out in a certain order. The last four ticked up for each person assigned and where therefore the hardest to narrow down and guess. The reason is that they were not designed to be used the way we use them, and instead the government should come up with a ground up, randomly assigned number to actually identify people with or require that the ssn not be used that way.

  3. Re:https does not mean they are stored encrypted by Anonymous Coward · · Score: 5, Informative

    He's not claiming that the data is stored encrypted. All he is saying that the data he sends encrypted shouldn't be sent back to him unencrypted later.

  4. Re:https does not mean they are stored encrypted by ArsenneLupin · · Score: 4, Informative

    No smpt doesn't support encryption between servers.

    Actually it does. But obviously both servers (sender and receiver) must be configurered to use it (which most aren't, unfortunately). And sender must be configured to check receiver's certificate (which even less are).

    It's not a protocol issue, but a configuration issue.

    And knowing this, it is indeed unwise to include such confidential info in an e-mail.