Just for yucks, I went hunting through my spambox to find one of these so-called CAN-SPAM compliant spams.
It was sent to a variation of my address harvested off a comp.dcom.telecom post I made in August 1996, contains a phony return email address, and was sent via a box in Korea.
Dear Mr. Spammer: just because you say it's CAN-SPAM compliant, doesn't make it so.
Lucky for you, the CAN-SPAM bill prevents me from attempting legal action against you, even if I could identify you.
Gotta love Congress. Run by mostly clueless elephants and donkies.
Given the size of the files involved, iTunes for movies might be a long time coming.
Now, what I would love to see is a DiVX-like media file included on DVD's. Print registration numbers on the DVD cases, and make the media file installable only upon verification that the registation key is valid and hasn't been over-used.
Sadly, the media file would have to be DRM-protected to get the MPAA to buy-in. But frankly, I could live with that if the terms were sane (i.e., I want to be able to move the file when I replace this laptop).
Looks like I need to find something else to do this morning.
Does anyone know how to change one's poll answer? I'd go back to sleep if I weren't already awake. I guess the next best thing is alcohol and CowboyNeal!
It's a brilliant strategy, really. Local broadcast radio in my area has become almost entirely ClearChannel's prepackaged commercial crap, which is what drove me to get my XM Radio.
Actually, IIRC ClearChannel owns only a small part of XM. You can see CC's fingerprints on XM's more suckful channels, for example. It's more of a risk-hedging strategy on CC's part.
However, my commute wouldn't be the same without my Special X. I've heard Dr. Demento, polka music, Leonard Nimoy & William Shatner....shoot, their ongoing tribute to Christmas is a very refreshing change from Xmas Muzak.:)
Hmmm..if people went to jail for failing to apply security patches to their computers, maybe people would actually work at keeping their systems up-to-date (or, alternatively, have the courtesy to get off the net).
Why, I'll bet grandma and grandpa will start heeding those security patch warning emails they've been getting from Microsoft, just to avoid running afoul of the law.:)
Once upon a time, before the days of perpetual September, it was fun to participate in online discussions as yourself. With no need for munged addresses, some discussions could be taken to email, from which friendships could grow.
Now, that's all still possible, but a lot of the fun is gone given how defensive you have to be unless you want to have a mailbox full of spam.
I've had my primary email address for over 10 years now, and one of my secondary addresses is approaching 15 years old. If it werent for spamassassin and the like, those addresses would be unusable due to the sheer volume of spam I receive.
Jail's too good for these scum. Is there any way we can force them to go live in a sub-Saharan country, keeping their finances locked up in some international bank, forced to lug their 30-foot schlongs (from all that V*1*a*g*a*r*a, natch), wearing uniforms emblazoned with Official Make Money Fast logos, and riding around in little remote-controlled cars?
Welcome to Microsoft OvalOffice[TM]. Please deposit $300, enter a 32-digit authorization code, and permit us to scan your hard drive to disable non-Microsoft products if you wish to begin voting.
IANAL, but if I get a phone-spam call, I will be very tempted to pursue criminal charges.
Harassment via a telecommunications device is a crime, and I think signing my phone numbers up on federal and state do-not-call lists is a pretty explicit indication of my desire to not be phone-spammed.
Reading the article, it looks like the idea is to measure voice stress as one criterion in whether to flag a claim for review by the company's fraud investigation team.
Insurers already use scorecards to determine whether the fraud team gets brought in for a review. A simple scorecard might look like:
Send for fraud review if claim file scores more than x points:
+20 points if more than 4 claimants
+10 points if lawyer contacted within y days after first notice of loss
+7 points if claim occurred within z days of original policy effective date
-2 points per year policy has been in force if claimant is the policyholder
-5 points if your name is CowboyNeal
....etc.
A voice-stress measurement would just be one additional item to throw in the scorecard.
Insurance companies are cheap. (I know, because I work at one.) This pseudo-polygraph won't hang around if it doesn't do a better job of identifying potentially fraudulent claims. If it does do a better job, then there's a decent chance that those of us who don't commit insurance fraud will face less of a hassle when filing a claim.
Well, since linux is at least 100 times better than 'doze, and since retail prices for 'doze run (say) $200, this sounds like a bargain. SCO could charge a lot more, and we'd still get our money's worth.
Seriously, are these guys delusional, or have they just been hired by Bill Gates, under-the-table-like?
Would you have to have someone proactively build a whitelist?
In the discussion above, someone asks about the creation of an Open Source filtering tool. I was wondering that myself.
One feature of that tool could be the following feature: when a user's access to a site is blocked, the filtering software would display a form giving the user the ability to automatically request access to the site (paging the librarian or other appropriate administrator, who would have the option to grant one-session access to the site from their terminal, or to add the site to a local whitelist), and also to nominate the site for inclusion in the project's whitelist / removal from the project's blacklist.
This idea could be expanded futher, to having volunteers surfing from their home PC's unfiltered, but with a browser plug-in running, displaying the status of a given site. The volunteer surfer could then click a button to submit the site for reclassification (whitelist/blacklist/different grade in the greylist....)
I will admit that I don't like the idea of mandatory filtering, because filters don't work. However, if they're going to exist despite our best efforts, shouldn't we be looking to create a less offensive / more effective tool?
Once [TMDA] gets widescale usage, the spammers will simply start responding to the challenges (after all, it's not like that couldn't be easily automated).
There are currently three defenses to this:
Most spammers dummy up their headers. The challenge never gets delivered to them, and therefore the spam goes undelivered.
Spammers who use legit email addresses usually see their inboxes fill quickly to the point of bouncing mail. Again, they don't see the challenge, so the spam goes undelivered.
Spammers who use legit addresses and have large inboxes are likely to be trackable. If they're in your country, and if your challenge message is worded correctly, there is some legal exposure on their part.
Admittedly it's not foolproof. There is no 100% effective way to combat spam (short of abandoning SMTP). There's always going to be a risk that some spam will leak through or that some legit email will bounce.
I use TMDA to provide a challenge/response mechanism in my antispam filter.
When I first started using TMDA, I had problems with people not understanding the mechanism. My grandmother, for example, complained about "bounces" (how she interpreted the challenges).
So, to avoid those problems, I:
Actively manage my whitelist. For example, if I needed to send a resume, I would make darned sure that the prospective employer's domain was on the list.
Use challenge-response only in conjunction with other antispam tools. My system is roughly: if I know it's spam (tagged address known to be in spammers databases), it gets trashed. If spamassassin or spamoracle thing it's spam, I refer to tmda for possible challenge/response. Otherwise, the mail gets delivered.
Warn people about the system. If I know that someone new is about to send me email, I warn them: "You might get an autoresponse back. If you do, just hit 'reply'."
Use some care in writing the challenge email. Trying to craft a letter that is understandable to non-geeks wasn't that easy.
I still have the odd piece of spam leak through that process, but it's nowhere near the quantity that's actually sent to me.
The only problem with the scheme: there are some spammers who are dumb enough to not get the hint, and respond to the challenge. They don't seem to realize that their response probably constitutes harassment via 'net, which is a crime in the U.S. (Spammer go to jail. Do not pass go. Do not collect $200.)
If it weren't for what being slashdotted would do to my web traffic quota, I'd post a URL to a days worth of spam.
However, nothing says I can't post a screenshot of my spam-box as viewed via pine.
PINE 4.44 MESSAGE INDEX <Rahul>/backupspam-030305 Msg 1,278 of 1,278 NEW
N 1249 Mar 5 eznorton54998236@h (3428) RE: Protect Your Computer !!
N 1250 Mar 5 gspaMellie (6416) Adult News Letter starowl-960916a@tr
N 1251 Mar 5 ifnMaye (6461) Online Phree Slutz starowl-960922a@
N 1252 Mar 5 qxyMicheal (6320) 100% MEMBERSHIP TO PORN SITES staro
N 1253 Mar 5 ihvbLeonie (6487) 100% Freee Porn Membership starowl-
N 1254 Mar 5 golMaple (6457) Don't Buy Porn Get it Free starowl-9
N 1255 Mar 5 oeuLeonila (6436) Porn is Freee!!! Stop Getting Ripped
N 1256 Mar 5 alyMeridith (6373) Adule Newz Letter starowl-960911a@tr
N 1257 Mar 6 kxwLili (6464) re:Free Porn starowl-961017a@triskel
N 1258 Mar 5 tibsLuis (6413) Stop Paying For Porn starowl-961010a
N 1259 Mar 6 ewbMagaret (6485) Dilicious Free Girlz starowl-960928a
N 1260 Mar 5 Blake (2748) My Slumber Party
N 1261 Mar 5 Blake (2749) My Slumber Party
N 1262 Mar 5 Blake (2749) My Slumber Party
N 1263 Mar 5 Blake (2749) My Slumber Party
N 1264 Mar 5 Blake (2749) My Slumber Party
N 1265 Mar 5 Blake (2749) My Slumber Party
N 1266 Mar 5 Blake (2746) My Slumber Party
N 1267 Mar 5 Rapid Deals By Ema (6903) starowl-961213b@triskele.com, Compute
N 1268 Mar 6 jim zuccaro (8148) Re: Bigger penis in 3 minutes
N 1269 Mar 6 jim zuccaro (8148) Re: Bigger penis in 3 minutes
N 1270 Mar 6 jim zuccaro (8148) Re: Bigger penis in 3 minutes
N 1271 Mar 6 jim zuccaro (8148) Re: Bigger penis in 3 minutes
N 1272 Mar 5 Rapid Deals By Ema (6905) starowl-961229a@triskele.com, Compute
N 1273 Mar 5 venom69@earthlink. (1895) $Home Loans!... Debt Consolidation...
N 1274 Mar 5 Julie Rezdon (12K) re: earn money from porno
N 1275 Mar 5 Kaye (1921) A beautiful Russian
N 1276 Mar 6 tanya1963@anjungca (3739) fascinated with yourself
N 1277 Mar 6 victorcole1 (4749) Hello
N 1278 Mar 5 carla@island-mail. (4830) Are you a homeowner
For the poster who asked about the amount of spam-per-address...to be honest, I'm not sure. I didn't keep a good record of how many different tags I've used, and I'm not entirely sure how to adjust for the effects of dictionary attacks.
I'd guess that I easily somewhere between 70-100 spams per day to the address I originally used in the InterNIC record for my domain, for example, but I haven't kept stats at that level.
I'm unfortunately running a tar pit. But I've got to make up a measurable portion of submissions to uce@ftc.gov...not that that does any good.
So yeah, I get way more than my fair share of spam, because of being curious/stupid and tagging my address. I'm certainly not representative of how much spam Joe Average NetUser is getting. However, I think my spamlog may be interesting reading in the context of the overall growth of spam on the net.
I've been tracking my spam volume in the form above since 10 April 2002. One of these days I need to write up an article on how this is evidence of the expansion of spam.
One encouraging factoid: The rate of spam volume growth, at least for my little cesspool, seems to be slowing, at least as compared to what I saw during the last half of 2002. I don't know whether this is a real slowing, or just more filtering going on upstream from me, however....
P.S. -- 15 spams arrived between the time I pasted the listing from pine and my hitting preview a few seconds ago.:(
My spam counts tend to get run up because of how my eight-year-old domain is set up (all incoming mail, regardless of the to address gets directed to the same inbox) and because I've made use of tagged addresses.
Having all email routed to my inbox means that my figures above include dictionary attacks.
Using tagged addresses also runs up the total a lot. Every time I give out my email address, either on a registration form or in a public posting, I use a different tag.
I started tagging addresses in the early days of spam. Remember when we foolishly thought we could attach a disclaimer to usenet posts along the lines of "send me spam, and I'll bill you $50 under the anti-fax laws"? Well, I was dumb. I figured that in order to "prove" that unsolicited email was unsolicited, I had to have some proof of how the spammer got my email address, and that I had a clear disclaimer.
The good news: I have a pretty good idea of which of my online activities generate spam (e.g., posts to control.cancel and *.test, my NIC registrations, and usenet group-creation votes all seem to be popular for the spam-database trollers)
The bad news: I can easily get hit 30, 40, or 50 times for any one mass-spewing a spammer decides to do.
The totals above contain NO false positives -- they're all tied to tagged addresses which only produce spam. Not included are the 50 or so false negatives I get a day, which get tackled through other means.
Man, what I'd give to only have 28 pieces of spam thrown my way each day. Here's how many pieces of putrid canned ham have been spewed my way in the past few days:
I've used both SAS and R for statistical/actuarial work in the insurance industry. I've found R to be a little easier/more flexible to work with when dealing with smaller data sets, but SAS is what I turn to when I need to crunch on multi-gigabyte datasets.
I'd love SAS to death if it weren't for the licensing expense. I keep wishing for an Open Source SAS-clone....
Elsewhere in this thread, someone sings the praises of APL. APL is God, but sadly, it's a dead God whose language hardly anyone speaks anymore. I'd love to learn more APL, but I've had a horrible time finding good documentation...or even a recent set of keyboard-stickies with the fun APL character set.;)
Writing as an actuary, and writing as someone who's built one of the models being used by a large insurer...that's a little bit of an exaggeration.
Credit information is very predictive, largely because it is a tool by which an insurer can measure patterns of personal behavior in more granular detail than driving records or CLUE (industry accident/claim database) reports can provide. Because it's currently the only such behavioral measure, it looks like it works really well. If there were another behavioral measure out there (GPS tracking or black-box monitors in your car, anyone?)...well, credit probably wouldn't look so hot in comparison.
Because credit is the only detailed behavioral information an insurer usually has access to, and because it's the way in which most people will be seen as being significantly "different" from average, it's sometimes said that credit is the best single predictor of future claims.
In other words, if you're a middle-aged, married suburbanite, driving an average car about 12,000 miles a year, and haven't had any accidents or tickets recently...well, the insurance company doesn't know all that much about you, because you look "normal". However, that big mass of "normal" people can be subdivided into relatively higher or lower risk groups by adding credit information to the mix.
On the other hand, if you're an inexperienced driver (teenaged single males, in particular), or drive a Porsche, or have an "interesting" driving history...that tells the insurer quite a bit more about your expected future claims than any credit information will. Maybe there'll be some differentiation when you add credit to the mix, but by-and-large your rate will mostly depend on your inexperience, choice of vehicle, or past driving faux pas'.
I live in Connecticut, where local news media mention daily that the state government has a $650 million shortfall in this year's budget, and a $1.5 billion projected budget shortfall next year.
Many states are in a similar budget crunch.
How much do states pay Microsoft in annual licensing fees?
Shouldn't open source advocates be lobbying state legislatures to dump Microsoft as a tool for deficit reduction?
A bright ray of sunlight peeking out from the eye of the RIAA/MPAA corporate storm, yes?
However, why do I have a bad feeling that DVD's and CD's will start to come with shrink-wrap licenses: "By using this disc you agree to these terms of use.... Licensor reserves the right to resolve cases regarding those terms at a venue of its choosing."
Slashdot Mirror
Just for yucks, I went hunting through my spambox to find one of these so-called CAN-SPAM compliant spams.
It was sent to a variation of my address harvested off a comp.dcom.telecom post I made in August 1996, contains a phony return email address, and was sent via a box in Korea.
Dear Mr. Spammer: just because you say it's CAN-SPAM compliant, doesn't make it so.
Lucky for you, the CAN-SPAM bill prevents me from attempting legal action against you, even if I could identify you.
Gotta love Congress. Run by mostly clueless elephants and donkies.
Given the size of the files involved, iTunes for movies might be a long time coming.
Now, what I would love to see is a DiVX-like media file included on DVD's. Print registration numbers on the DVD cases, and make the media file installable only upon verification that the registation key is valid and hasn't been over-used.
Sadly, the media file would have to be DRM-protected to get the MPAA to buy-in. But frankly, I could live with that if the terms were sane (i.e., I want to be able to move the file when I replace this laptop).
Frack!
Looks like I need to find something else to do this morning.
Does anyone know how to change one's poll answer? I'd go back to sleep if I weren't already awake. I guess the next best thing is alcohol and CowboyNeal!
It's a brilliant strategy, really. Local broadcast radio in my area has become almost entirely ClearChannel's prepackaged commercial crap, which is what drove me to get my XM Radio.
:)
Actually, IIRC ClearChannel owns only a small part of XM. You can see CC's fingerprints on XM's more suckful channels, for example. It's more of a risk-hedging strategy on CC's part.
However, my commute wouldn't be the same without my Special X. I've heard Dr. Demento, polka music, Leonard Nimoy & William Shatner....shoot, their ongoing tribute to Christmas is a very refreshing change from Xmas Muzak.
Hmmm..if people went to jail for failing to apply security patches to their computers, maybe people would actually work at keeping their systems up-to-date (or, alternatively, have the courtesy to get off the net).
:)
Why, I'll bet grandma and grandpa will start heeding those security patch warning emails they've been getting from Microsoft, just to avoid running afoul of the law.
Once upon a time, before the days of perpetual September, it was fun to participate in online discussions as yourself. With no need for munged addresses, some discussions could be taken to email, from which friendships could grow.
Now, that's all still possible, but a lot of the fun is gone given how defensive you have to be unless you want to have a mailbox full of spam.
I've had my primary email address for over 10 years now, and one of my secondary addresses is approaching 15 years old. If it werent for spamassassin and the like, those addresses would be unusable due to the sheer volume of spam I receive.
Jail's too good for these scum. Is there any way we can force them to go live in a sub-Saharan country, keeping their finances locked up in some international bank, forced to lug their 30-foot schlongs (from all that V*1*a*g*a*r*a, natch), wearing uniforms emblazoned with Official Make Money Fast logos, and riding around in little remote-controlled cars?
Didn't I read that the reactor's dimensions are 1x4x9?
Remember folks, a self-built wooden shack does not make a good server room. (Federal motto: walk softly and carry a big flamethrower.)
Of course, proving that your address was harvested could be challenging. Address tagging, anyone?
Welcome to Microsoft OvalOffice[TM]. Please deposit $300, enter a 32-digit authorization code, and permit us to scan your hard drive to disable non-Microsoft products if you wish to begin voting.
Harassment via a telecommunications device is a crime, and I think signing my phone numbers up on federal and state do-not-call lists is a pretty explicit indication of my desire to not be phone-spammed.
I got my wish. I installed linux. :)
Insurers already use scorecards to determine whether the fraud team gets brought in for a review. A simple scorecard might look like:
Send for fraud review if claim file scores more than x points:
A voice-stress measurement would just be one additional item to throw in the scorecard.
Insurance companies are cheap. (I know, because I work at one.) This pseudo-polygraph won't hang around if it doesn't do a better job of identifying potentially fraudulent claims. If it does do a better job, then there's a decent chance that those of us who don't commit insurance fraud will face less of a hassle when filing a claim.
Seriously, are these guys delusional, or have they just been hired by Bill Gates, under-the-table-like?
But, I thought Seth Green invented Napster!
In the discussion above, someone asks about the creation of an Open Source filtering tool. I was wondering that myself.
One feature of that tool could be the following feature: when a user's access to a site is blocked, the filtering software would display a form giving the user the ability to automatically request access to the site (paging the librarian or other appropriate administrator, who would have the option to grant one-session access to the site from their terminal, or to add the site to a local whitelist), and also to nominate the site for inclusion in the project's whitelist / removal from the project's blacklist.
This idea could be expanded futher, to having volunteers surfing from their home PC's unfiltered, but with a browser plug-in running, displaying the status of a given site. The volunteer surfer could then click a button to submit the site for reclassification (whitelist/blacklist/different grade in the greylist....)
I will admit that I don't like the idea of mandatory filtering, because filters don't work. However, if they're going to exist despite our best efforts, shouldn't we be looking to create a less offensive / more effective tool?
There are currently three defenses to this:
Admittedly it's not foolproof. There is no 100% effective way to combat spam (short of abandoning SMTP). There's always going to be a risk that some spam will leak through or that some legit email will bounce.
When I first started using TMDA, I had problems with people not understanding the mechanism. My grandmother, for example, complained about "bounces" (how she interpreted the challenges).
So, to avoid those problems, I:
- Actively manage my whitelist. For example, if I needed to send a resume, I would make darned sure that the prospective employer's domain was on the list.
- Use challenge-response only in conjunction with other antispam tools. My system is roughly: if I know it's spam (tagged address known to be in spammers databases), it gets trashed. If spamassassin or spamoracle thing it's spam, I refer to tmda for possible challenge/response. Otherwise, the mail gets delivered.
- Warn people about the system. If I know that someone new is about to send me email, I warn them: "You might get an autoresponse back. If you do, just hit 'reply'."
- Use some care in writing the challenge email. Trying to craft a letter that is understandable to non-geeks wasn't that easy.
I still have the odd piece of spam leak through that process, but it's nowhere near the quantity that's actually sent to me.The only problem with the scheme: there are some spammers who are dumb enough to not get the hint, and respond to the challenge. They don't seem to realize that their response probably constitutes harassment via 'net, which is a crime in the U.S. (Spammer go to jail. Do not pass go. Do not collect $200.)
However, nothing says I can't post a screenshot of my spam-box as viewed via pine.
For the poster who asked about the amount of spam-per-address...to be honest, I'm not sure. I didn't keep a good record of how many different tags I've used, and I'm not entirely sure how to adjust for the effects of dictionary attacks.
I'd guess that I easily somewhere between 70-100 spams per day to the address I originally used in the InterNIC record for my domain, for example, but I haven't kept stats at that level.
I'm unfortunately running a tar pit. But I've got to make up a measurable portion of submissions to uce@ftc.gov...not that that does any good.
So yeah, I get way more than my fair share of spam, because of being curious/stupid and tagging my address. I'm certainly not representative of how much spam Joe Average NetUser is getting. However, I think my spamlog may be interesting reading in the context of the overall growth of spam on the net.
I've been tracking my spam volume in the form above since 10 April 2002. One of these days I need to write up an article on how this is evidence of the expansion of spam.
One encouraging factoid: The rate of spam volume growth, at least for my little cesspool, seems to be slowing, at least as compared to what I saw during the last half of 2002. I don't know whether this is a real slowing, or just more filtering going on upstream from me, however....
P.S. -- 15 spams arrived between the time I pasted the listing from pine and my hitting preview a few seconds ago. :(
Having all email routed to my inbox means that my figures above include dictionary attacks.
Using tagged addresses also runs up the total a lot. Every time I give out my email address, either on a registration form or in a public posting, I use a different tag.
I started tagging addresses in the early days of spam. Remember when we foolishly thought we could attach a disclaimer to usenet posts along the lines of "send me spam, and I'll bill you $50 under the anti-fax laws"? Well, I was dumb. I figured that in order to "prove" that unsolicited email was unsolicited, I had to have some proof of how the spammer got my email address, and that I had a clear disclaimer.
The good news: I have a pretty good idea of which of my online activities generate spam (e.g., posts to control.cancel and *.test, my NIC registrations, and usenet group-creation votes all seem to be popular for the spam-database trollers)
The bad news: I can easily get hit 30, 40, or 50 times for any one mass-spewing a spammer decides to do.
The totals above contain NO false positives -- they're all tied to tagged addresses which only produce spam. Not included are the 50 or so false negatives I get a day, which get tackled through other means.
23 February: 1095 spams, 7,821,318 bytes
24 February: 1320 spams, 6,581,776 bytes
25 February: 1700 spams, 6,875,706 bytes
26 February: 1598 spams, 7,910,568 bytes
27 February: 2659 spams, 13,183,247 bytes
28 February: 1436 spams, 6,280,790 bytes
1 March: 1492 spams, 6,917,835 bytes
2 March: 1274 spams, 5,805,475 bytes
3 March: 1488 spams, 6,196,761 bytes
4 March: 1626 spams, 9,023,298 bytes
Thank Ghu for tools like procmail, tmda, and spamoracle.
I'd love SAS to death if it weren't for the licensing expense. I keep wishing for an Open Source SAS-clone....
Elsewhere in this thread, someone sings the praises of APL. APL is God, but sadly, it's a dead God whose language hardly anyone speaks anymore. I'd love to learn more APL, but I've had a horrible time finding good documentation...or even a recent set of keyboard-stickies with the fun APL character set. ;)
Credit information is very predictive, largely because it is a tool by which an insurer can measure patterns of personal behavior in more granular detail than driving records or CLUE (industry accident/claim database) reports can provide. Because it's currently the only such behavioral measure, it looks like it works really well. If there were another behavioral measure out there (GPS tracking or black-box monitors in your car, anyone?)...well, credit probably wouldn't look so hot in comparison.
Because credit is the only detailed behavioral information an insurer usually has access to, and because it's the way in which most people will be seen as being significantly "different" from average, it's sometimes said that credit is the best single predictor of future claims.
In other words, if you're a middle-aged, married suburbanite, driving an average car about 12,000 miles a year, and haven't had any accidents or tickets recently...well, the insurance company doesn't know all that much about you, because you look "normal". However, that big mass of "normal" people can be subdivided into relatively higher or lower risk groups by adding credit information to the mix.
On the other hand, if you're an inexperienced driver (teenaged single males, in particular), or drive a Porsche, or have an "interesting" driving history...that tells the insurer quite a bit more about your expected future claims than any credit information will. Maybe there'll be some differentiation when you add credit to the mix, but by-and-large your rate will mostly depend on your inexperience, choice of vehicle, or past driving faux pas'.
Many states are in a similar budget crunch.
How much do states pay Microsoft in annual licensing fees?
Shouldn't open source advocates be lobbying state legislatures to dump Microsoft as a tool for deficit reduction?
However, why do I have a bad feeling that DVD's and CD's will start to come with shrink-wrap licenses: "By using this disc you agree to these terms of use.... Licensor reserves the right to resolve cases regarding those terms at a venue of its choosing."