• Spring 2024 meetup in Calgary - tentative date Saturday, April 20/2024. Other regions are also discussing meet ups. If you want one in your area get going on organizing it! discussion
  • We are having email/registration problems again. Diagnosis is underway. New users sorry if you are having trouble getting registered. We are exploring different options to get registered. Contact the forum via another member or on facebook if you're stuck. Update -> we think it is fixed. Let us know if not.
  • Spring meet up in Ontario, April 6/2024. NEW LOCATION See Post #31 Discussion NEW LOCATION

Add your first name & picture to your profile please - what do you all think?

First name and Picture on your account - your opinion.

  • Yes, first name and picture is ok.

    Votes: 88 56.4%
  • Yes, first name but no picture

    Votes: 41 26.3%
  • Yes, picture only, no first name.

    Votes: 0 0.0%
  • No thanks. I'm just not comfortable with this.

    Votes: 25 16.0%
  • I have another idea - posting about it.

    Votes: 2 1.3%

  • Total voters
    156

Marc Moreau

Marc Moreau
I mention that on our paramotor site when you see a picture of the member when we go to a fly-in we could recognize us.
 

Perry

Ultra Member
You need to seriously think about what you post or provide anywhere. Any piece of data you provide is one piece of the puzzle that can be assembled into an amazing picture to be used in what ever way the person assembling it wants to use it.

The data you provide will never be able to be removed. As the technology moves forward the data you provide can be used in better and more creative ways.

I am against having to post a real photo or name. This should be left up to the individual to make this choice. Personally I think it is a bad choice.
 

Perry

Ultra Member
I just got back from Lee Valley. I needed to pick up some lapping compounds.


Just fill in all your details on this form. Name, address, phone number, etc. No thank you. Can't I just pay for the items?


So I resorted to what I use to do in the old days. I'd add an extra letter to my last name. Sequentially starting with the letter A. I had used the letter G at Radio Shack back in the day. It was this letter G that lead me into an interesting hobby of tracking databases and to see how they were being used. Now you have to realize this was back around 1980.


Another clerk recently asked for my details prior to paying. After a slight discussion, she said I was paranoid. I asked her for her permission to "hack" her and see what I could find. The only details I had to start with was her name on her name tag, her physical appearance, and where she worked.


The next day I started with ..."Your grandsons pet snake is named Cornelius". It was too easy. I had more on her then you could imagine. She made it far to easy. 15 minutes total time required.


My point. Be very careful on what you post or provide anywhere.
 

trlvn

Ultra Member
I just got back from Lee Valley. I needed to pick up some lapping compounds.


Just fill in all your details on this form. Name, address, phone number, etc. No thank you.

https://www.leevalley.com/en-ca/privacypolicy
Preamble:
"At Lee Valley, the information we collect is used to support our operations and help us provide you with a positive experience. Since our business began in 1978, we have never sold or rented the personal information of our customers to others, and we never will."

In general, I strongly agree with keeping personal information private. Lee Valley, however, is one of the companies that I trust. I mean, what other place can you bring a broken product back to after 20+ years and they insist on giving you a replacement or refund.

I've met Robin Lee a few times and I don't think you could find anyone more honest and straightforward. From all accounts, his dad was the same. I think the company is permeated with those values. A Canadian gem.

Craig
 

Perry

Ultra Member
Craig, I agree with you. Lee Valley is a great company. Their intentions are good.

I only used Lee Valley as an example as I had just returned from their store. The point being more and more companies are asking for data. They don't need that data to sell me an item do they? Or do they? Why ask for it?

I have been personally surprised at some of the information I have been asked for.

Now a company does not have to sell or rent your information to be used in an inappropriate way. Taking away the obvious stolen data bases or accidentally released databases, this information can still be used by creative people in creative ways.

A good example is CIBC VISA.

They recently started sending me an email to tell me that I have made a payment to my account. I'm not happy about it. First off there is no need for this email. I know I paid it. I don't think anyone else would want to pay it. Called them to explain the issues with such an email.
They didn't get it. Had to get creative to prove a point to them.

So here is their eamil.....
"
Dear XXXXX,

You've recently received a $XX.64 payment to your CIBC Classic Visa Card ending in XXXX.

Note: some payments may take up to 3 hours to be displayed on CIBC Online or Mobile Banking.

Sincerely,
CIBC

CIBC is committed to protecting your privacy and personal information. We will not include your personal details in messages outside of Online or Mobile Banking because email is not a secure method of communication.
Do not respond to this email.



From this simple email I have the name of the owner of the card and 12 of the 16 digits of the card already figured out. The first eight are easy. The last eight are hard. They gave me 4 of the last 8. Only 9999 numbers to choose from. But wait it gets better......I can narrow this down very quickly to just over 100 possible valid choices. (I won't explain here how, but its simple).

So I called them back to show them how far I was able to get with this email to prove my point and....tada.....the final answer presents itself to me. When you call the Visa number it asks you to type in your Visa card number.


OK, Now I am using their database to verify the 100 possible choices to complete my card number. Type in my first number. That is not a valid card number. Please re enter your card number.
It did not take long to get my full card number.

Here I am using their own database to complete my mission. Their email says they ares committed to protecting your privacy and personal information.

Their intentions are good but dangerous. I'm still working on it but I'm sure I can get the expiry date and the secret code. Actually the expiry date will be pretty easy. Most cards will expire with in 5 years....some three. Only 60 possible dates at the max to work with here.


In their email they also state "email is not a secure". This is correct. Anyone can read your email.


Sorry for rambling , point is most companies are operating with the best intentions without realizing that there are so many holes. I'm a small guy in all of this and I can pull off magic.....what are the big players able to do?



Databases are sold , traded and bought all over the web. Some legally. Some not so legal. More and more of these contain photos, audio, and video.


I added the letter N to my last name at Lee Valley. It will be interesting to see if it makes its way back to me. :)



Have a great night.
 

trlvn

Ultra Member
@Perry As I said, in general I strongly support keeping personal information private. I spend a few years working in information security a few decades ago. I was just pointing out that, in my opinion, Lee Valley is one of the good guys.

Re your credit card example, a bit of a quibble. You say that the email tells you 12 of the 16 digits. I know that the first 6 digits identify the major credit card company (Visa, Mastercard, ...) and the issuing bank (CIBC, BMO, ...). The email displayed the last 4 digits. Since that is only 10 digits, where do the other 2 come from?

Also, you may not know the first 6--the Issuer Identification Number--with certainty. For example, I happen to have two BMO Mastercards (a "World Elite" and a "Cashback"). The first digit is "5" on each although Mastercard also issues cards starting with "2". The next 5 digits are completely different. Even though your email says "CIBC Classic Visa", I would expect that there are a few variants and they would have different Issuer Identification Numbers.

Nonetheless, your point is well taken that seemingly innocuous information can be used against us. And there are people out there working all the time trying to figure out new ways to do just that.

An anecdote, if you'll permit. I worked with a major daily newspaper back in the day. Of course, most people would suspend delivery while away on vacation. Imagine if a robbery crew had access to that info. They could pick addresses in wealthy postal codes and be quite certain that a house would be unoccupied while they pull up a moving truck and empty the contents. I'm not aware of this ever actually being exploited but...

Craig
 

Chicken lights

Forum Pony Express Driver
@Perry As I said, in general I strongly support keeping personal information private. I spend a few years working in information security a few decades ago. I was just pointing out that, in my opinion, Lee Valley is one of the good guys.

Re your credit card example, a bit of a quibble. You say that the email tells you 12 of the 16 digits. I know that the first 6 digits identify the major credit card company (Visa, Mastercard, ...) and the issuing bank (CIBC, BMO, ...). The email displayed the last 4 digits. Since that is only 10 digits, where do the other 2 come from?

Also, you may not know the first 6--the Issuer Identification Number--with certainty. For example, I happen to have two BMO Mastercards (a "World Elite" and a "Cashback"). The first digit is "5" on each although Mastercard also issues cards starting with "2". The next 5 digits are completely different. Even though your email says "CIBC Classic Visa", I would expect that there are a few variants and they would have different Issuer Identification Numbers.

Nonetheless, your point is well taken that seemingly innocuous information can be used against us. And there are people out there working all the time trying to figure out new ways to do just that.

An anecdote, if you'll permit. I worked with a major daily newspaper back in the day. Of course, most people would suspend delivery while away on vacation. Imagine if a robbery crew had access to that info. They could pick addresses in wealthy postal codes and be quite certain that a house would be unoccupied while they pull up a moving truck and empty the contents. I'm not aware of this ever actually being exploited but...

Craig
I have heard, that in today’s age, this very much does happen. An innocent FB post “going to Maui next week so excited” is an easy tip off that there’s nobody home next week.

Another one I’ve heard of is there’s a way to triangulate social media posts. So if they know where home is, and figure out where you work, and you post a location on a weekend, they can quickly figure out given those three pings you’re not home.

Does this happen every day? Probably not, but the technology is out there and it’s probably not that sophisticated

Friends of friends were stuck in Spain I think for a couple months when Covid hit. They posted that info on social media while stuck in Spain. Perfect, thanks for letting the world know your house is unoccupied for the next month.

Food for thought
 

Janger

(John)
Administrator
Vendor
Maybe we could change the system so you can only see the pictures and the first name if you are a logged in member. ? @Jwest7788 Josh what do you think? I know that's not perfect but perhaps an improvement?
 

Dabbler

ersatz engineer
No interested in doing the first name thing. I was leery about a picture.

I'm very shy about web stuff, as it is way too easy to correlate disparate data these days. I had just prevented all cookies in my browser, when I found out that my login here was also disabled. Worse, without cookies I cannot log in. sigh. I enabled cookies for this site only, but guardedly.
 

Tom O

Ultra Member
I think first name is better than the last name they can look up using your location, hell Google your last name and see what it brings up. I rarely post pics of myself being the Handsome Bas*ard that I am! :rolleyes:
 

ShawnR

Ultra Member
Premium Member
I think that what gets posted should be optional, be it name or photo. All of my user names, on many forums, include my first name. I try to not give too much other than that but, strangely, am becoming more lax with info when I know I should be getting more tight with it. A friend works in IT and has spent time in hacking courses. He came home once and I asked how it was. He said he was ready to disconnect totally..."Nothing like spending a week with hackers to make you want to quit the internet!".....this from an IT guy who looks after a network. But then 6 months later, I am at his house and he tells Siri to turn the music down! I asked how he went from disconnecting to inviting a microphone into his home. He basically said everyone is accessible so he does what he can but utilizes modern comforts when he can too.

We must be careful but I try not to get paranoid. .. except about washing hands when making dinner...never do that too much!

:eek:

Cheers,
Shawno
 

Dabbler

ersatz engineer
As you can see my profile pic doesn't allow any form of recognition or association. I used a different photo, from a different camera, taken on a different day/month/year on another forum. I used to be a very highly paid security consultant working for one for the BIG 5 consulting forms. I am aware of the risks and mitigate them as much as possible.
 

Jwest7788

Joshua West
Administrator
As you can see my profile pic doesn't allow any form of recognition or association. I used a different photo, from a different camera, taken on a different day/month/year on another forum. I used to be a very highly paid security consultant working for one for the BIG 5 consulting forms. I am aware of the risks and mitigate them as much as possible.
I am in way too deep now. haha

What risks are you mitigating specifically? I know what I perceive the risks to be, but interested in your thoughts.
 

Dabbler

ersatz engineer
There is an AI firm that has been trolling all forms of social media, linking digital identities to facial recognition. The RCMP has been illegally using this database to help them in tracking suspects for about 5 years now.

In all, protecting your digital identity is just as important as protecting your bank account # or SIN.
 

Jwest7788

Joshua West
Administrator
In all, protecting your digital identity is just as important as protecting your bank account # or SIN.
I don't dis-agree at all. Digital privacy should be protected when it can, and jokes aside, admittedly, I could take it more seriously for myself too.

Just look at China's social point system for example. It's an Orwellian dystopia coming to light across one of the most populous countries, facilitated specifically because of a lack of a line between the people's privacy and their government.
 

Chicken lights

Forum Pony Express Driver
I don't dis-agree at all. Digital privacy should be protected when it can, and jokes aside, admittedly, I could take it more seriously for myself too.

Just look at China's social point system for example. It's an Orwellian dystopia coming to light across one of the most populous countries, facilitated specifically because of a lack of a line between the people's privacy and their government.
I’ve read quite a bit on that recently and while I won’t get into it, I’ll leave it with an “I agree”
 
Top