Ask Slashdot: Why Do Firms Leak Personal Details In Plain Text?

An anonymous reader writes "Having entered my personal details (full real name, home address) to websites with an 'https://' prefix in order to purchase goods, I am still being sent emails from companies (or their agents) which include, in plain text, those same details I have entered over a secure connection. These are often companies which are very keen to tell you how much they value your privacy and how they will not pass your details on to third parties. What recourse does one have to tell them to desist from such behaviour whilst still doing business with them if their products are otherwise desirable? I email the relevant IT team as a matter of course to tell them it's not appropriate (mostly to no avail), but is there any legislation — in any territory — which addresses this?"

Re:HTTPS means something specific

I believe that his point was that the exact information that was sent encrypted is now being sent in plain-text over email. So, what's the point of using HTTPS to send private information if it's leaked right back through plain-text on port 25, and what can be done to tell companies to stop forwarding all those details through emails. Maybe they could email a link telling the user where to log-in to see his invoice instead of forwarding all his private information through email.

Because it's not important?

[Okian+Warrior]

Why should they care?

There's no benefit to them keeping your information safe, it costs them time, money, and effort to do so, and there's no real consequences when they screw up. They will just put out a statement saying "all of our customer information was stolen, we recommend everyone change their password, and the hole is now patched - it can't happen again!".

Also, they can blame the thieves. "It wasn't our fault, it was that scoundrel who noticed that you can change the account number in the URL to get into someone else's account."

As to "we value your privacy", what does that actually mean? It means that companies have discovered that people trust companies that make that statement, and are more likely to purchase from such a company.

That's all it means, and no more. It doesn't mean that they care or that they abide by the statement, it means that they think they can get more business by using that phrase liberally in their public-facing documents.

You're living under the naive assumption that companies mean what they say and will do what they promise. They do what the consumer protection laws force them to do - any statement that reflects these laws is probably true, while the rest is simple puffing.

Re:Name and address?

The reason is that they were not designed to be used the way we use them, and instead the government should come up with a ground up, randomly assigned number to actually identify people with or require that the ssn not be used that way.

Or we could just go with digital signatures aka RSA. It is 2013. Why the fuck are we still relying on a system that, each time you identify yourself to someone via SSN, you give them the non-revocable ability to impersonate you forever? It is earth-shatteringly stupid.

Re:depends

[symbolset]

Or explained even easier. It's profitable.