Interesting People mailing list archives
busted selling off email addresses to spammers
From: Dave Farber <dave () farber net>
Date: Thu, 30 Oct 2003 08:06:30 -0500
Delivered-To: dfarber+ () ux13 sp cs cmu edu Date: Thu, 30 Oct 2003 01:38:34 -0500 From: Alexandros Papadopoulos <apapadop () cmu edu> Subject: busted selling off email addresses to spammers To: Dave Farber <dave () farber net> Hi Dave! The short version ================= I have very good reason to believe that orbitz.com sold off my private information, in breach of their privacy policy. I told them about it and they ignored my complains. What can I do about it? The long version ================ Whenever I need to supply a legitimate email address to some company/ organization, I add a distinguishable comment to my email address. As you know, the address apapadop () cmu edu is exactly the same with apapadop+anicebutterfly () cmu edu - so anything after the plus sign (+) is ignored, and the message is delivered to my mailbox. This way, if I get spam that is addressed to that specific commented address, I can know who sold me out. So, I've been doing business with orbitz.com lately. They need an account with a valid email address, so I used apapadop+orbitz () cmu edu - which I obviously had never used for any other purpose before. A few days ago I received spam on that very address, with that very comment embedded. Now, CMU has generally pretty good spam filters (which I use to the furthest possible extent), so I don't know how many spam messages addressed to me I *don't* receive each day. But this one came right through and was delivered to my mailbox, HTML, offering to "increase my confidence" and all... So I sent an email to orbitz.com's customer service center, telling them what happened, reminding them of their privacy policy that states that "we will not disclose your Personal Information to third parties unless you have authorized us to do so", attaching the spam message etc. Unsurprisingly, I got a canned response that detailed how orbitz.com uses "market-leading firewall technology" and "industry-standard encryption technology", and remind me that this spam message was not sent by orbitz.com - as if I ever accused them of spamming me. "The e-mail you are referring to may have been sent to you from an alternate source who achieved (sic) your e-mail address from another website." - also sprach orbitz.com Well, I only gave this email address to *them*, and now it's in the hands of spammers. Sure, it's *possible* that some evil cracker stole my valuable email address while orbitz.com's cleartext email message was being routed from their domain to the CMU mail server, but that's a little too far fetched. The overwhelmingly probable explanation is that orbitz sold this information to a business partner, without my consent. After I sent them a reply, explaining why their initial reply to my request for information was unsatisfactory, I got no further response. What can a netizen do to protect his/her privacy when such an evident breach of contract has occurred? Cheers -A -- http://andrew.cmu.edu/~apapadop/pub_key.asc 3DAD 8435 DB52 F17B 640F D78C 8260 0CC1 0B75 8265 ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- busted selling off email addresses to spammers Dave Farber (Oct 30)