New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Praised be @Maounique for his honesty.
Unfortunately that brings the Prometeus owner/management into a very difficult position.
European companies are bound to certain legal standards which Prometeus can not possibly meet with employees (with access to client data!) working under false identity. It also means that either a contract was breached or a contract has not been made in the first place.
The fact that it's outrageous for @Maounique to demand full and proper client data while himself holding and working with those very data under a fake name is more of a secondary side note considering the legal and business situation his employer is in now.
In fact there is even a funny side to it considering that Maounique and his boss happily trouble clients for really minor things like the real name of a client not being identical to the real name on a credit card (which can have completely innocent reasons) and, to make it even funnier, they then mention the strict italian laws which require full and true client id (which they happily ignore when it regards Prometeus employees).
Now, don't get me wrong, I do understand those legal requirements. And I consider Prometeus to be among the best in the business (technically, operationally), no doubt.
But I find it VERY troubling that the data and VPSs of 1000s of clients are directly accessible to an employee who is unkown even to the management (although I wouldn't suspect Maounique of doing evil things with those data).
How about other Prometeus employees? Are at least some of them known to their management? I'm worried. And so should be the Prometeus management.
@AutoSnipe that's terrible.
Maybe someone just wanted to know what the order process is like?
Or scammers testing fraud detection..
yes it is ok.. but please avoid paying using credit cards..
How about paypal?
Mostly i use fake info with vpn, client email Info etc =/ (PayPal) payment info.
But use legit PayPal acc
If provider need to match client email and PayPal email, just go away there are plenty more fish in the sea.
I still trust him/them way more than I trust a random UK LLC.
I've been one of Prometeus's biggest advocates for a long time but Mao's comments in this thread are indeed awfully worrying. I wish @prometeus was still active here to clear things up...
If you're concerned, why not raise a ticket for Sal's attention, see what he says?
yes, please use paypal. avoid buying domain/hosting/server that only accept credit cards. and you can use fake info for your account details/whois domain
Using fake info for the whois information of your domain is the worse idea ever. Unless you don't care about this particular domain.
No.
That sounds like a nice idea. Providers don't need the data to be correct from that point on. Will do that from now on. This is absolutely not to mess with providers! But come on, how many times has WHMCS been hacked?
By the way I never ever enter a phone number to order. Every provider accepted 000 so far (because most times it's a mandatory field in WHMCS). If you force me to put a real one in I'd rather not order
Just tried that for myself at the public WHMCS demo. WHMCS keeps a log for every client - so you can clearly see a record like Client Profile Modified - First Name: 'Oliver' to 'Oliver TEST', State: 'ON' to 'Manitoba', Default Payment Method: '' to ''. Probably not that efficient to keep your data safe. Also, there's an option for the hoster to get an email when a client changes his profile data.
What has this to do with anything?
I am not an employee of prometeus and i made it abundantly clear for a long time here.
Prometeus has a contract with my company, how i manage the employees here is my business, suffice it to say that we do not expand because it is hard to find trustworthy admins. Neither me nor uncle are people which trust easily, especially with other people data, not even the police, without the right papers, can get more than the time of day from us. We also talk online almost every day and know each other way of thinking, we take business decisions together, he knows my home address, company address, bank account, and the bank has also all the details about me.
Does anyone need more than that? If needed, he knows where to get me from, until then, respect privacy and don't ask, don't tell. It is very worrying that people now think like in a police state, whoever values their privacy, must have something to hide, well, some oldtimers can have a different relationship, where sharing ideas and working together is more important than having all kinds of papers proving nothing.
Dura lex, sed lex. As said, I am not Prometeus employee, maybe i need to add it to my signature, many people attack me for this. So, if the law requires something, you have to do it, unless another law can be used to avoid it, for example, registering a company and dealing legally through it with a contract and all.
Did I or anyone else post tickets here from our back-end? Did we name and shame? And, trust me, with 6000 customers of which some 4000 active, there are a lot of weird things happening, so so hilarious that i get an asthma attack laughing my ass off.
I did not make the laws and I always tried to give the most liberal interpretation but when the police comes and considers you part of the investigation because the phone had digit extra, then that is not our fault, but the people which vote for their lawmakers.
The fake registration data dates from the begining, i am one of the first 300 customers, had no idea then if prometeus is a serious company or not, now, of course, if someone needs me, knows where to get me from. I also no longer have services, so changing the data is pointless.
no. but always worth masking your email just incase they get hacked or want to spam you. i use abine's service.
For domains, it's not that great to use fake info, as you could lose the domain, but I would register for most of the providers here with fake-details.
You never know what they may do with your details or if they're capable of handling your details in such a way that no third-party will get access to them.
Furthermore, I wouldn't give details to US companys, just avoid these or make sure they don't know who you really are.
@Maounique
In fact I value your and "uncles" attitude concerning privacy.
Maybe it's my fault but to me your (prior) post sounded as if the Prometeus management hardly knew who you are.
My personal main concern is that providers always insist on correct, true, full, and consistent info, yet themselves almost as a standard use fake names for support people and give hardly any guarantee to be careful with client data.
And frankly, how could they possibly give any guarantees to that effect considering that virtually all providers have client data in WHMCS, which is not exactly what I would call a data safe.
Sure, they will say that they have to use what's available. However, if anything happens the clients are profoundly f-cked. And bluntly, I'm waiting for the day when there is a really bad security problem with WHMCS (or PHP (again) or MySQL or ...). The question is not "if"; the question is "when"?
A similar attitude can often be found with down times or other problems. Sure, the better ones give you at least some compensation but there are also plenty who hardly care to at least send you an email, let alone offering some compensation.
Now turn that around. Can you imagine a provider accepting an email telling him "We are sorry but there are payment problems. We will inform you as soon as we have news for you (and the money to pay you"?
As for the widely common fake support names, pardon me, but don't you think it's outrageous to demand the full personal info of a client, yet yourself telling him a fake name? That's not merely an imbalance, that's inacceptable by any standard.
Hmm, for domains it's not that much of a problem nowadays with cover services.
I'm concerned about providers, though. There is very, very few whom I would trust any further than I can throw an elefant.
On the other hand I'm not willing to act illegally myself to protect my privacy. When I buy some service the provider gets real honest data, period.
I did however begin to create specific email addresses for each provider. So if I ever get spam I have them right at their balls and it would get very ugly for them very quickly.
Again, I did not make the law. For me, anonymous hosting is OK, as long as you know where to get your customer if needed.
We are obliged to make reasonable efforts to make sure the data is correct. Of course, this will not stop the criminals, it is intended to spy on the regular people, not stop crime.
I doubt that, if someone says chouhudary madakalandamore is way different than mike johnston. After all, you will not sue him, but the company if something goes wrong, the company needs to know whom to get, not you.
Come on @Maounique, John, you turn it around and play games.
But OK, let's go along your path. The law that you value so highly also requests you to take the necessary precautions to protect the privacy and the data of your clients.
I think you will agree that WHMCS on PHP and MySQL does certainly not match that requirement. But then, of course, there is no cheap alternative available - which, frankly, is not at all the clients problem.
And your solution? Valuing the law so highly you had a well payed team of programmers create a proper solution, reasonably matching legal requirements? I don't think so.
So, let's be honest. "The law requires" is but a comfortable excuse. We both know that about the only thing providers care about is getting their money without problems like charge backs. THAT is the reason they want full and correct client data.
In fact, I actually consider Prometeus a good provider because I'm under the impression that they are among the few out there who honestly try to provide good quality service.
But kindly don't tell me the "law" fairy tale. The law, btw, also stipulates proper conduct of business and liability, part of which is doubtlessly to get real names of persons a client interacts with.
Don't worry, I don't hold my breath for that to happen.
But (and an ugly "but"). If ever anything goes wrong, say, your nodes go down and a client suffers harm, say some lost business, then the providers are very quickly under the legal assumption of intentional and malevolent fraud. Because that's exactly what district attorneys and judges see in using false names: intention of fraud.
The law always has two sides. And there is a reason most providers only see the one that nicely matches their interests.
(Disclaimer: My aim is _ not _an attack on Maounique but a discussion on the matter)
And where exactly is the fault? There is no secure setup these days. Banks are hacked, chain stores are hacked, hotels are hacked, governments are hacked and highly sensitive spy data leaked, even diplomatic cables, the most secure data in the world, systems designed to be secure with billions spent on.
Do you really, honestly, believe there can be any kind of solution which will be 100% secure, even on proprietary unix systems, much more secure than linux or freebsd, for example, because are not free or cheap? Or ASP because php is insecure? Java? Plain HTML?
And, admitting there are 100% secure systems, there can never be human error, social engineering, spies, saboteurs, people going mad, etc?
Why do you give your data to the bank?
Disclaimer: This IS an attack on the people which still believe any data available to them or anyone else over the internet can be considered even remotely secure, in the hope they will wake up one day.
in event of validation of domain name (Namecheap does occasionally) it will be impossible to validate it with fake details, this is a reason why, you don't need to be stupid to use a fake details!
Example, please? As I never heard and I never seen in newspapers that bank has been hacked and all customer data gone... conclusion is lies
I heard only Indian call centers are sharing the customer details, what do you expect? if they work for 50 cents per day.
http://krebsonsecurity.com/2014/12/gang-hacked-atms-from-inside-banks/
http://www.bloomberg.com/news/articles/2014-12-30/fbi-probes-if-banks-hacked-back-as-firms-mull-offensives
http://money.cnn.com/2014/11/18/technology/security/congress-bank-hack/
You are living under a rock, it seems...
@Maounique
I would have expected better and smarter from you.
Your attempt is very simple trickery and grossly flawed. What you try to pull off is the line "there is no perfect security, hence you (me) may not request any security. If you do anyway, you are a dreamer or an idiot".
That is plain and simple bullshit.
Fact is that security, at least to quite some degree is possible. That's why you for instance use SSH.
My demand was not perfect security. My demand was that you do better than playing lottery with my personal data by using what is known to be a collection of flaws.
Which nicely matches the legal requirement to undertake adequate efforts to protect client data using the best available current technology.
Concerning your arrogant attitude: Don't you forget to whom you talk! You are working for the company whose clients many of us here are. You get paid to provide good service to us, not to arrogantly teach and belittle us, "John".
The linux kernel is known to be a collection of flaws, windows is known to be a collection of flaws, anything made by humans is likely to have flaws, yet, critical systems, even nuclear defense systems and nuclear power plants.
No, I do not say publish the databases on the internet, nor remove ssl, but, if someone is after you, will likely, with a low budget, much lower than your overall costs, get you. NO MATTER WHAT YOU DO.
A complex enough system will fail sooner or later, if not technically, due to the weakest link, between the chair and monitor.
We should not relinquish our defenses, of course, but there is no guarantee in any situation, from a humble family business, to the mightiest government in the world.
Linode uses custom panel and it was hacked.
OVH uses custom panel and was hacked.
Hetzner uses custom panel and was hacked.
So using a custom panel is not the magic solution for unhackable.
Sizzurp through a straw
There is no magic solution, it depends on attacker and defenses. Some defenses can keep away many attackers, but not all, never.
@Maounique
You may repeat that as much as you like and it still isn't addressing the problem.
Let me help you with a comparison: The law requires people to use their real names and data when doing business. So you must (as required by law) use your real name when acting as a support person.
You must not provide proof, you must not publish your DNA, nor pictures of yourself in underwear or even just of your face.
Now your argument would be like "There is no perfect authentication in business communication, so I may as well use a fake name" (and you actually do that)
So, please stop that "there is no 100% hence we do not care about 80% or even 50%".
Can you verify client data 100%? No? So, according to your logic, one may as well lie and betray - which, however, you do not at all like or accept.
The truth is quite simple. You require something that you yourself don't do. You refer to law where it's convenient but you ignore it (using a lousy non-argument) where it's inconvenient.