New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Excuse me, "it"? raises eyebrows
So to recap, there's nobody else involved with FraudRecord reviewing. So basically, you get to be "almighty" and determine who is right or wrong in your personal opinion..
Uh huh..
I'm going to start using it more. I feel it adds better fraud prevention when paired with MaxMind and manual verifications.
it, in this case, refers to the site / app.
I started the sentence with a different idea, then changed my mind while typing. "it" was an artifact of the previous version of the sentence...
Interesting to see people using a simple grammatical mistake to invalidate a whole project. If your opinion of FraudRecord wouldn't change had I used "he", don't even bother bringing it up.
No, the Swedish parliament acts as the arbitrator... They have meetings three times a year to discuss FraudRecord reports.
You had contacted me to have one of your reports removed. Now that it's happening to someone else, it's not a feasible arbitration?
I'm doing my best to help those who get reported wrongly, and those who actually deserved it. I follow public threads like on WHT or LET, I talk to the provider and the client. If you are not happy with what I'm doing, please advise a better way.
Punishing primarily North Americans by allowing cases to be arbitrated under Swedish law is not fair in any way, shape or form. It's the internet, which does not follow any set of laws. Most Americans I'm sure are not familiar with Swedish law. You're tarnishing the reputations of thousands of people over menial shit; You can't even explain anything that happened in the report that Jon wrote about the client you claim he was right about.
It seems like somebody took advantage of you, and now, you're on a killing spree. Is this what has happened?
I must have forgotten to put [sarcasm] tags around my post.
If you guys dislike fraud record point your anger at the hosts, not the guy that runs it. No one ever forced anyone to use it.
The hosts only use it, they do not control it and it is the control that is the issue. Your point is fairly moot.
No it's not. It doesn't matter who controls it if no one uses it. It's power was not created by its owner, but by the hosts who use it.
Recommend a better control system instead of just pointing out the "issue" please.
How about instead of posting pointless one line replies you make the effort to defend your service, you designs are far better than you communication skills.
Make every effort to verify a provider before allowing them to make reports.
You can’t let some random person make potentially damaging reports when you have no clue about the person making the reports. A service using Fraud Record should be a verified one, an actual business not an LET 12 year old with an allowance. Anyone writing reports need to be able to be held accountable.
To have a service where you attempt to hold the consumer responsible for their actions by accepting reports without validation from anyone, yet you make no effort to verify the person making the report is simply wrong.
Make it a requirement that use of FR is displayed on website.
Use of FR should be listed in the ToS of every provider that uses it and you should spot check that to ensure they do, preventing use of the service until its evident.
Remove as much opportunity as possible for opinion over fact in reports.
There is a very good reason why any responsible service that records information about people does not allow a box for people to type things, because its both irresponsible to do so and leads to exactly the type of thing we have seen from G*H in the misuse of the system by using the system to express personal opinion about clients. That also includes @Harzem in his comments in this thread by further commenting on an individual and further reports made.
Evidence, Evidence, Evidence.
Reports must be supported with evidence, not text with opinion and nothing else. Evidence should not be an afterthought. Certain reports should require review before being made visible.
If a client is being reported for bad behaviour, it should be a simple process of the provider selecting “Bad Behaviour” from a drop down and attaching proof, a full ticket conversation or live chat log for example.
The report that another provider sees is nothing more than the reason, they should not see any proof, they do not need to. If a client came up on Maxmind then they select “Fraud Report” and attach a screenshot of the maxmind result, again all that another provider can see is that the client has been reported for fraud, not the detail as to why.
It is up to the provider viewing the report to then make their own checks to verify the report, not for them to rely on what another provider provides or claims.
Tell the client.
When information about a client is passed to Fraud Record it should also use the email address the client used to sign up for a service to notify them that “A report regarding you account at summerhost.com has been submitted to Fraud Record, you now have the option to x or x.
If the host is willing to make a report then they should be willing to stand by it and take responsibility for it. The client can then immediately take that up with the host to resolve where possible and if not refer back to you to dispute it.
--
By at least doing the above it creates transparency and opportunity for the individual. It may well create more for you and the provider however if you want to provide a service like this you need to manage it in a way that protects the consumer and empowers them to correct or dispute the submission, it should not protect the provider and it should not allow the provider to hide behind Fraud Record.
100% agree. Except isn't it the hash of the email address that gets passed to FR? In which case it's the host that needs to implement this, and I doubt many will bother because either it's legitimate and they don't want to waste any more time on this person, or it's fake, and they don't want the person to know they're submitting fake reports.
What would be cool for FR to do is allow users to register and create watch lists. So I could register and say "alert me whenever [email protected] is reported". Would be doubly cool if the hashing happened client side, so the request to FR would actually be "alert me whenever an email with hash XYZ is reported", so then FR still wouldn't have any personally identifiable information.
The hashing thing is a dust cloud to make it look better, at the end of the day you have transferred customer data.
The option could also be to automatically create an account for the client at FR which emails the client telling them and provides the opportunity to view the report, they are more entitled than any to see it.
The other way to look at FraudRecord is just a database of information. You have to choose whether you believe the information source is valid or not.
For example, you contact Experian or one of the credit reporting agencies for a report on a company, you see a marker on there from Bank of America then you'll view that differently to a marker from JohnnyHost.
If someone told me a story they had read in a newspaper, I would ask which newspaper. If they said The Times or The Telegraph, I would believe it more than from the National Enquirer.
FraudRecord is just a database, you have to apply your own analysis of the data that comes back from it, rather than just a statistical number.
So if a response comes back from 4-5 different providers, saying the same thing and the majority of the providers are credible then you should consider it more than if you have 1-2 less credible providers.
Why not add a score card on the reports too and that helps to find reputable providers? E.g. a did this report help yes / no and that builds a reputation. Low reputation reports aren't as useful.
One hell of a good suggestion. Will work on this.
There is no way FR can alert clients. The database doesn't receive or have a way of knowing the email addresses submitted.
Hashing isn't just a dust cloud. It's a legitimate mathematical process to make sure no data can be recovered. The only way is if the client checks his information.
I'll make an opt-in based alert system that clients can use. However a constant watch & alert on data will possibly require a paid feature like $1/mo or /year, while a one-time check will be free and easy to access. Possibly without any registration.
I'd be happy with just the manual no-registration-needed lookup. I don't expect to ever be reported, but there's been some threads on here where people are added for stupid reasons so it doesn't hurt to check once in awhile.
@W1V_Lee
Great post!
Its too bad @harzem only "responded" to a really small part of your feedback and drops everything else.
I tried
Unfortunately @Harzem does that all the time, same on WHT. Not sure if it's a knowledge or confidence thing, maybe the loss of protection from being at WHT. I expected him to jump on the score card because it's easy whilst most of what I suggest would put him out of pocket and time.
Not that I don't understand cost+time however you have to commit in order to move the current half arsed service it is today to something that can be trusted by both consumer and provider.
But FraudRecord will always be about the provider that has been made abuntantly clear through @Harzem's posts.
Oh I've defended FraudRecord. I've done it a lot, over two years. It's been accused of being illegal, accused of collecting customer data. I dared those to show why it's illegal in its current state. Still waiting on that reply for two years.
I'm accused of being a single guy running it, at the same time expected to not share the data with anyone for privacy reasons. If I talk about reports on forums, I'm accused of discussing reports. If I handle arbitrations privately, I'm accused of being power hungry.
My ability to implement a "hashing" system has been questioned, by those who don't even know about my mathematical projects regarding encryption that were awarded by TUBITAK way back in 2001.
I'm accused of being biased. I don't run a hosting service, my own hosting provider doesn't use FraudRecord, I earn no money except donations, and all donators are publicly displayed on the website sorted by donation amount to make sure I'm not accused of favoring a company which may be a donator.
People expect FraudRecord module to include automated screening. People also expect the providers to manually check the reports. I've always favored the manual process and never implemented an automated one. If you are a provider, just check the reports before you decide. Don't expect me to validate all of them.
I've defended FraudRecord. A lot. I don't mind spending time to develop the system, or responding to arbitrations. But it's becoming a real chore to reply to accusations which I've already replied a dozen times in public forums.
So, sorry if I've left your questions unanswered. You can be sure I've already read them. And replied to them. Just not here, not this day.
Not using FraudRecord? Cool. Not reported yet? Cool as well. Willing to have a system to make sure if you are reported you'll know it? I'll implement that willingly. Nice idea.
Waffle, waffle and more waffle. You really are not good at setting out your stall in public are you.
I will leave it there, more important things to do.