New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I believe @LSN_Richard Limestone Networks got the same list as well, from what has been said by someone else receiving unsolicited sales emails that were sent to Dedipath clients.
Quadranet did this with Alexhost, too: https://lowendspirit.com/discussion/5194/quadranet-is-now-using-the-alexhost-leaked-email-list-to-send-spam
file a data privacy request if you live in Virginia or California to their legal department asking them where, how, and why they obtained your personal info.
”Sorry, we don’t speak GDPR.”
Sure I get that but in this case its US laws, not foreign. I would do it at least. I don't know about California but the Virginia government has made it pretty clear that they will target firms in different states in Virginia courts. Maybe if they don't want to have to deal with these state privacy laws they should not use leaked customer data and the like lol. I am not a fan of blasting random well meaning companies, even ones that trip up, with privacy requests to hurt them or annoy them, but if they gonna rando spam from leaked customer info than maybe yea I want to know where they got it from and why.
ColoCrossing hired Dedi's sales manager while ColoCrossing LAX = QuadraNet
Common missbelief.
GDPR generally applies to everyone, so long as you store EU citizens data.
”Unlike industry-specific US compliance regulations like HIPAA for medicine and GLBA for finance, the GDPR is a general data privacy regulation that applies to all organizations, public and private, that store or process the personal data of EU residents. That means many US companies are subject to the regulation.”
https://blog.netwrix.com/2020/03/27/gdpr-in-the-us/
Oh yea I know that, sorry maybe I phrased it badly. I mean that maybe since these laws are within the US, US companies may see them as a more serious request, even if both are valid.
Get action started in the US and in the EU.
Sue them for everything they got.
They will think twice before sending their next Viagra spam.
If any EU citizen living in the EU got the email, please do report it to your countries data protection agency. It’s really not hard and the chances that it can lead to some sort of intervention actually isn’t all that small.
It is legal to buy email list in U.S. as long as they followed CAN-SPAM act.
So long as everyone on the list is a US citizen, sure. You may be right (I have no idea).
Otherwise, if even 1 person on the list is an EU citizen, no, probably not legal.
Not surprising considering Quadranet is a spam network at this point. I wouldn't expect them to be better than their customers.
Don't forget about enforceable jurisdictions. GDPR cannot be enforced in the US unless a local law enforces it. But honestly California probably has a law to enforce GDPR in their state, they're like that.
Honestly I thought they had at least one EU location and so those assets would be on the line.
However, I still wouldn’t recommend not complying if you’re not 100 % sure you’re never ever going to do business in the EU at a later point. Very much could come bite you in the ass later on.
I’ve shared my dislike for parts of the GDPR on here priorly, but if there’s one thing that’s great with it, it’s how easy it is to take use of and report cases where you believe it’s not being followed.
And I don’t encourage people to report every little thing, but, sending spam is a dick move and so keeping them busy having to answer a bunch of questions and maybe even having to deal with penalty fines might just make them lay off the spammimg for a while… a win in my book.
Agreed. Legit California probably has a law on the books for this. They're totally of the "me too" variety anytime the EU does anything.
And QN should be held accountable by any and every law that might apply to them because fuck them and their spam. Their whole ASN should be dropped.
Great.
LET todo list:
1. Sue them in the US.
2. Report them to a european data protection agency.
3. Get their ASN dropped.
California, Virginia, and Utah all have data laws that are similar to GDPR with more states passing them that apply world wide, so those would be the states where there is probably more legal iffy than just the federal laws on sending marketing emails gotten from leaked data online.
Fully agree with you here.
I'm not a big fan of GDPR and how it is implemented but cases like this is exactly what GDPR was invented to prevent and I'm all for that idea.
You should own your data and others should not be allowed to share it or sell it unless you approve. That was originally the main idea behind GDPR, unfortunately it got lost in a bureaucratic nightmare somewhere. But it's still in there and useable, so let GDPR work for once.
You have been sold like a thing.
Okay.
John From QuadraNet, please tell me I'm more expensive than $0.42!
Or a bilateral treaty, in which case it could be enforced under US federal administrative law. But none of these things has happened.
I'm in favor of its principles, but there's been a lot of FUD about the GDPR and how it applies "worldwide." Any country can make any law and claim that it applies worldwide. Realistically, the GDPR is relevant only to businesses operating inside the EU.
Which is a lot of businesses. A lot of US corporations have EU entities so that's why people see them comply with or be punished for failing to comply with EU law, and I think that adds to the confusion.
Of course then you have the hilarious EU law followers in the US. Like a small town newspaper that has the cookie opt in stuff, that cracks me up every time.
Yep!
I still run into the occasional news site (usually small US newspapers) that can't be accessed from inside the EU. They're so terrified that they still have geoblocking in place.
I get your point, but I don't think they can do anything about it unless they do business inside the EU. Are they gonna fine a US company operating in their own region by a European law? Probably not and they'll not be able to do that in the first place. (QuadraNet has a European edge so they'll not fall into this - but if they didn't, they honestly don't have a reason to obey GDPR)
Reddit is also a huge US-owned online community, but they give zero fucks about GDPR. They have been doing that for years. Did they get fined? Of course not.
I also don't give a fuck about GDPR. I'm not gonna be coming out with a special treatment exclusively for European customers just because of a stupid law they have.
He covered that later:
Which is a fair point unless you're like me and you know, you'll make an EU corporation over your dead body.
What about US state laws that closely imitate GDPR such as Virginia/California/Utah/Colorado/Connecticut? Do you keep any assets in any financial institutions that use the United States dollar or are connected in any form with the U.S. banking sector? If so then courts in those states can fine you regardless if you answer them or not. The banks or financial firms you use will just pay them the fines out of your accounts for you at request from them. I do think it is in everyone’s best interest to at least roughly comply with the GDPR as it spreads across the world to more and more countries adopt similar laws. I understand that yes data privacy laws can be abused by some people. I also do not believe that privacy laws are going to get weaker anytime soon.
We use lead gen tools like Zoominfo, Apollo and internal developed ASN based searching tools as well. Nothing directly. If you happen to be in the list and do not want to be contacted. Simply reply to the email and we will take you off the list.
Thank you.
ZoomInfo:
The dataset ZoomInfo within iWave compiles information found on corporate websites, news articles, press releases, SEC filings, and other relevant web sources to create comprehensive profiles on a prospect and the company that they work for.
As in, scraping. No way the Dedipath client list was found on a corporate website, a news article, a press release, or in any SEC filings.
Can't find similar information for Apollo.io, but I suspect its largely the same idea.
Finally, can't see how any ASN-based searching tool would make you get the emails of end-clients. You could map IPs to Dedipaths ASN, then what? The end clients aren't listed on the ASN's.
I might have missed something obvious but this dosen't make sense to me.
Was everyone on this thread just as "lucky"?
Highly doubtful, I specifically use unique emails for all hosting providers so no one other than dedipath should have 'its' email yet I got the 'QuadraNet Solutions for Your Data Center Needs' email
Don't worry you can trust John M. He's never lied about anything.
Email zhaodong.ma@
Says a korean student with a largely empty website and afaik exactly zero products...
A small hint: EUrope has vastly more people (~ potential customers) than the USA. So telling us Europeans that you don't care a flying f#ck about our rights is, uhm, not exactly the summit of business smartness.
It's not our GDPR that is stupid here ...