Full Disclosure mailing list archives
Re: Please help me update my address book on Ringo
From: James Tucker <jftucker () gmail com>
Date: Thu, 24 Feb 2005 12:58:12 +0000
I find it most amusing to read why they claim to be able to justify making the service free: "Free? Yes, Ringo is a free service. The costs of running it are pretty low, actually. We have no plans to charge our users for this service. We plan to pay for the costs of operating the service by putting ads on some parts of the site, although we haven't done it yet." These days there is little of real concern with a site like this anyway. I use e-mail for communication (E-MAIL IS NOT AN FTP(tm)). For communication to work, people need to know how to contact me, and that requires that they KNOW MY ADDRESS. Because this is the case, my e-mail address must get exposed on a not infrequent basis. This means that over a longer period of time, I will get spam. So, should I still worry about it? <rant> The more spam you receive the more it is a problem. The more it is a problem the better the solution you need. After a short time of this balancing (say, about 3 years ago) the spam problem is very much resolved by adding filtering systems. Now, as for preventing spam by the rule "don't give out your e-mail address" or "use a separate address". Well the prior leads to an inability to communicate, thus making the medium largely useless. This method will also put significant restriction on sites which un-necessarily ask for e-mail addresses and often other registration details. The latter solution is really no solution at all. Apart from reducing exposure on your main e-mail account, anything that actually gets past your filters will have to be manually filtered anyway, and moving it to a separate account ONLY MEANS MORE WORK period. Spam cannot be 'solved' by these methods, it can merely be delayed. Frankly, I can see no good reason to bother. If you really want to slow some spammers down, why not buy yourself a shotgun and cull the populous that actually generate these company's profits? Some of you speak so passionately but of course realise that such actions are simply ridiculous. Can't you make the same realisation about your other actions? </rant> What I am far far more concerned with is the fact that unsuspecting customers are giving these companies their hotmail and yahoo mail account passwords. This is also common on SMS.AC, hi5, etc. How many people read their privacy policy? How many people are qualified to _understand_ the full extent of the lawful meaning of that policy given it's position of statement and method of agreement; are there loopholes? The normal user can't tell, IANAL, I often have to look really carefully. The fact that passwords are exchanged means that the site will receive a higher target profile from attackers. Even if it's intentions are genuine. Right now, the pages that request hotmail and yahoo passwords are completely un-encrypted. Without breaking their privacy policy they could easily have a router somewhere along the path reporting address password pairs to lists anywhere else in the world. There would be no illegal interaction here, and that is what is most important. Users need to be informed of _that_. Most people know spam is bad. Telling them again isn't going to stop the idiots who won't listen. The issue here is different though, it's account disclosure. They are giving away the works. Many people will also have been using their hotmail accounts for years, and will have an account full of user names and passwords which are commonly stupidly paired in mails from the numerous sites that un-necessarily request that you sign up to view the next page for thirty seconds and in the process send you your login details so you don't forget them in future. It's a pathetic state of affairs. Next, the agreement. I can't be bothered to tear this apart completely so I'll just do one section: "These Terms & Conditions were last modified on January 25, 2005. At any time and without prior notice, Ringo shall have the right, in its sole discretion, to modify, add or remove terms of these Terms & Conditions, without notifying our customers of such modifications, additions or removals, and all such changes shall be effective immediately. Your continued participation and use of this website and/or the Ringo services following our posting of any such change on our site will constitute binding acceptance of such change. You agree that Ringo shall not be liable to you or to any third party for any modification, suspension or discontinuance of the service." This means, they could change the agreement to $1000 a month. They don't have to notify you. You don't _have_ to return to the site and see it. You can, and would, incur those charges for the monthly update mails they send you. This is just one poor example of how dangerous it really is to just 'accept' any old disclaimer or term of service on the Internet. It comes down to trust, as many people have said correctly before. As for ownership, they are part of Monster Worldwide.
Ahmad: Nobody gives a shit. Fully Disclosing that you are dumb enough to let an untrusted third party have full control over private and personal information serves only to disclose that you shouldn't be hanging around lists where concepts like privacy are given serious discussion.
Well, I laughed quite hard when I read this, not because I thought it was funny how Ahmad has decided to trust this company. Not that Mr Terranson has once again made a totally blown out of proportion statement of 'the worlds going to end for you because your more stupid than me'. Because all of these people are bold enough to make direct and totally unjustified judgements about other people and other peoples hard work. This goes for both people, and shows a poor trust policy on both sides. Frankly the error you both made is the same, only in different directions. Shut up and observe a little longer in future. Specifically, third parties have access to most of my information if they try hard enough to get it, and the same goes for most of the people on this list. Whilst you may be anonymous behind an e-mail address on the Internet, your interactions in the physical world very quickly lead to great amounts of information disclosure. You trust all of your Internet data to your ISP and yet no one complains about that on a regular basis. I don't trust my ISP, but at the same time, if they really want to read my information, I know they can, and I am prepared for the repercussions of that. That way I don't have to devote my life to sensational paranoia. I have fraud insurance, and pay a reasonable amount of attention to what I disclose where, that way I can make physical threats to the people who rip me off, which tend to be far more effective ;-) Making rash judgements and un-founded cynical comments on this list is simply shitting in your own back yard. By making such judgements you simply de-value the opinion held by the collective contributors. Of course for someone to trust a comment from this list completely is also bad practice, I hope you know what I mean. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Please help me update my address book on Ringo Ahmad Naazir (Feb 23)
- Re: Please help me update my address book on Ringo J.A. Terranson (Feb 23)
- Re: Please help me update my address book on Ringo Valdis . Kletnieks (Feb 23)
- Re: Please help me update my address book on Ringo Micheal Espinola Jr (Feb 24)
- Re: Please help me update my address book on Ringo Duncan Hill (Feb 24)
- Re: Please help me update my address book on Ringo James Tucker (Feb 24)
- <Possible follow-ups>
- RE: Please help me update my address book on Ringo Michael Scheidell (Feb 25)
- Re: Please help me update my address book on Ringo J.A. Terranson (Feb 23)