If you’re not following or reading Brian Krebs, you should be. He does some of the best investigative reporting in the email, security and internet space. Today’s blog post is a disturbing look into the data selling and identity theft industries. Brian details evidence that shows Experian (yes, that Experian) has been selling consumer data to identity thieves.
Misdirected email
While this does seem to be more common with gmail addresses, it’s not solely limited to gmail. I’ve written about this frequently. Don’t leave that money sitting there. Sending mail to the wrong person, part eleventy. Email verification, what are we verifying. Recycled Yahoo addresses and PII leaks. Dr. Livingston, I presume. No, I’m really not Christine. Confirming...
Google wiretapping case, what the judge ruled
Yesterday I reported that the judge had ruled on Google’s motion to dismiss. Today I’ll take a little bit deeper look at the case and the interesting things that were in denial of the motion to dismiss. Google is being sued for violations of federal wiretapping laws, the California invasion of privacy act (CIPA) and wiretapping laws in Florida, Pennsylvania and Maryland. This lawsuit...
Judge sides with plaintiff, refuses to dismiss wiretapping suit against Google
Judge Koh published her ruling on Google’s motion to dismiss today. It’s a 43 page ruling, which I’m still digesting. But the short answer is that Google’s motion was denied almost in total. Google’s motion was granted for two of the claims: that email is confidential as defined by the California Invasion of Privacy Act (CIPA, section 632) and dismissal of a claim...
Recycled Yahoo addresses and PII leaks
Infoweek interviewed a number of people who acquired new Yahoo addresses during Yahoo’s address recycling and reuse process. It seems that at least for some small percentage of former Yahoo users, there is a major risk of information going to the wrong people. I can gain access to their Pandora account, but I won’t. I can gain access to their Facebook account, but I won’t. I...
No expectation of privacy, says Google
I spent yesterday afternoon in Judge Koh’s courtroom listening to arguments on whether or not the class action suit against Google based on their scanning of emails for advertising purposes can go forward. This is the case that made news a few weeks ago because Google stated in their brief that users have “no expectation of privacy” in using online services. That does appear to...
Gmail says no expectation of privacy, kinda.
Consumer Watch put out a press release yesterday about a court filing made by Gmail that says Gmail users have no expectation of privacy. I pulled a bunch of the docs yesterday, but have had no real time to read or digest them. For recap users everything I pulled (and stuff other people have pulled) are available at Archive.org. The initial complaint was filed under seal at the request of Google...
Sending mail to the wrong person, part eleventy
Another person has written another blog post talking about their experiences with an email address a lot of people add to mailing lists without actually owning the email address. In this case the address isn’t a person’s name, but is rather just what happens when you type across rows on they keyboard. These are similar suggestions to those I (and others) have made in the past. It all...
Spamming to hide fraud
An interesting article at NetworkWorld last month, describing spam bombs to victims of fraud and identity theft to hide the transactions and notifications from financial institutions. The targets are individuals, whose identity and personal information the thieves already have. The victims’ email inboxes suddenly get flooded with thousands upon thousands of emails — as many as 60,000...
Email verification – what are we verifying
One of the ongoing discussions in the email space is the one about address verification. Multiple companies have sprung up to do “real time” email address verification. They ensure that addresses collected at the point of sale are valid. But what does valid mean? In most of these contexts, valid means that the addresses don’t bounce and aren’t spam traps. And that is one...