New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
There is no actual law, it's more or less just a liability issue. Would you rather your customer sue you and your company for something one of your employees did because that said employee isn't straightforward with their identity? Or would you rather the employee get sued and you hold no liability.
Blesta has the best track record on security and the source is almost entirely available. While there may be a bit to go to reach feature parity with our competition, Blesta is used by thousands of companies and is growing daily. So, it's 100% usable for a lot of people, and we make progress every day.
Up here in Canada, there are regulations in place yes, however, I can not speak for other locations. For more information about this, make a phone call over to City Hall for whatever region you are in.
I laughed
I love the people just spitting BS on their keyboards, without backing up their arguments.
I know you have to make your product look good, but having the 'best track record' does not mean much if you do not have equal usage and coverage of the product for it to be 'tested'. I'm not saying your software is insecure, I'm just saying that your argument doesn't work in my opinion.
Rack911, SafeorNot, and others have looked at our code and done their own testing and didn't find anything significant. While a larger user base makes for a larger target, it doesn't mean Blesta is insecure. "Equal usage and coverage" isn't something that can be tested for, so it's a gotcha argument. I can't argue against that, but if anything, our open code base has opened us up to a greater level of scrutiny. And it's that kind of transparency that is most important.
All software is likely to have security vulnerabilities, but I don't know of any security researcher who is willing to say, after comparing our code to theirs that Blesta is written in a way that is inherently less secure. If you do things right, you're going to have fewer issues.
It could have a million vulnerabilities, but still no mass client mailing..
Actually, there is a italian law that may be relevant to this matter. As most italian laws, interpretation is not clear and there may eventually be another law that says the exact opposite. I am not a lawyer so I just report what it says. It made a little stirring when it came out, because a contract between companies should not involve employee data, as you clearly stated (and this is the way most business works). According to my experience it has never been enforced (and never will be, probably), but it is still valid.
Please skip the following sentence to avoid damaging the brain with a brilliant sample of "strict italian law", It's too late for me, but save yourself :-)
The starting point is the law (Decreto legislativo) dated 30th june 2003, n. 196 published on the Gazzetta Ufficiale of the Italian republic n.174 29th july 2003 - Suppl. Ordinario n.123, usually called "Legge sulla privacy" (Privacy Law). This law basically transposes a common EU directive into the Italian legislation, with the addition of some local quirks. Article #154, section "C", says that a Italian office called "Garante della Privacy" has the power to legislate about the way certain type of sensitive data (such as some non-public personal informations about customers) are stored and managed. The Garante finally signed the law 5 years later 27th november 2008 and published it on the G.U. n. 300, 24th december 2008. It then quetly added a few, but substantial modification (25th june 2009, published on G.U. n. 149 30th june 2009). This document is easily available online. This is my free translation of section "D" of the last document: "If the system administration is outsourced to a service provider, the owner of the data OR THE EXTERNAL PROVIDER must keep a full record of the identification data of the physical peoples that have administrative roles on the system. The record must be kept for any evenience. "For any evence" is the usual clause that means "if the judge asks for it". Again: I am not a lawyer, but the wording of the law suggests that any purposefully wrong data handed over to the judge (or police) may be punished according #494 of the Italian penal code (up to 1 year in jail).
This should not be generalized, this law only regulates a very specific business case and I believe that it does not apply to the @Maounique position (again: I am not a lawyer, don't trust me about legal matters). But yes, at least in Italy there are laws about the identity of service provider's employees or contractors, and I am wondering if other countries have something like this.
I also use unique email addresses for the same reasons. However, one big problem is with those idiots from PayPal that disclose your paypal email (which is obviously different than the 'unique' one.
There is an option to change the paypal email after every payment but it's a hassle.
It certainly does not. I mean, in the sense of this argument, people say THEY must know my private data, not the police or a judge. The police or a judge can always get it, they dont even need to ask, as this data is public or in the hands of the authorities anyway.
I was disputing the right of prometeus customers to know the name of the employees of companies prometeus does business with. They quote some law without being specific, so, I ask again: please link the law.
@Maounique
You are based on an irrelevant perspective. Your internal relationship is irrelevant. The relevant factor as far as this matter here is concerned is that you interact with clients of Prometeus. Such interaction is part of the business interaction between Prometeus and the client, no matter in which form Prometeus aquired your services.
The other factor you don't (want to) understand is the fact that you having access to client information and data considerably aggravates the situation because a) you yourself (no matter the reason) demand such client information and b) the client actually gave you that information. Which constitutes the "do" part of both "do ut des" and "do et des". With you obviously refusing the "des" part.
You need to understand is that there are basic legal principles in power. One such principle is that both, legally responsible (management) and factually interacting personel must be indentifiable (which, funnily, is the very legal principle behind the laws requiring clients to provide identity information).
The other legal principle in power is that of balance and proportionality, i.e. neither laws nor contracts must be biased; if there is, for instance, a requirement for identification it is valid and applicable for both sides.
You do, for instance, not accept a company providing only its name; you also (and rightfully so) demand the name of the person in charge (which is not necessarily the managing director).
On the other hand you do not accept that same reasoning when you are concerned.
Simply speaking, you try to play a "I get everything and owe nothing" game - which by definition is legally inacceptable. To add insult to injury you at the same time clearly state that you yourself as a client used a fake name.
It hardly could get more obvious how intenable your position is.
I am still struggling to see the link to the law which upholds your claims. There must be a problem with vanilla not showing them, or my browser has an issue with your links.
Jokes aside:
1. It is the provider's duty to make reasonable effort to ensure the correctitude of the data, as required by law. The law does not expressly require it, but the ISP is liable in case it cannot provide that data when the conditions are met (warrants, probable cause, etc), so, if police comes after the tennant of a certain ip and you tell them it was George Washington or Abe Lincoln on Main Street in Kabul Afghanistan, you are in trouble. However, if you can prove you do not provide service to obviously fake profiles and anonymous payment options, this is not a problem. Actually, we even stretched in the past allowing unverified paypal accounts, in the idea that the police can follow the trace of the money by serving warrants to paypal which is in a better position to fight their abuse than us, but the recent VAT changes mean that we must be able to prove location in addition to identity, so, unverified paypal accounts are no longer an option. This means, we have to make reasonable efforts to get the customer's real data. It does not matter for people which know what they are doing or for criminals which have millions of identities at their fingertips, I know, but dont blame me, blame the law and FFS, dont vote for people which make these laws.
2. In spite of the opposite claim, nobody so far was able to quote a single law which requires a company which has contracted services pertaining private data of it's customers with another company to disclose to said customers the employees private data, regardless of being their own or third party employees.
NOTE: Nobody contests the right of authorities to know that data, especially those dealing with privacy (so called garantors), however, they can always get that info from their records, the employees list is available for every company in EU at least to the authorities which have the right by law to ask it.
3. The claim that there is no identifiable person behind the whmcs account is complete BS, unlike other companies which use one account for more people, we use a unique one, so the authorities or the company management can at any time check logs and see who did what.
Conclusion: The law DOES require customer data, but DOES NOT state the right of the customer to know the private data of employees handling it, only the authorities can ask for it and the company is required to keep records for this and other purposes. You MUST understand that is the law, we try to comply in the minimalist way, hence, do only what is absolutely required and not do what it is not. We do not volunteer your data to the authorities, but also do not volunteer ours to you, because the law does not require it.
That's something I may or may not believe. And frankly, considering that Prometeus uses fake names for their support staff isn't exactly pulling me toward trusting you.
As for the rest (incl. your "conclusion"): I'm getting seriously bored by your stubborness, so I'll just just leave it that.
In the end it's simple: Until now I was happy with Prometeus and I have no reason to believe that I will have problems with my nice Prometeus VPS. So, there is simply no need for me to be concerned.
Should that need ever arise I would a) watch very relaxed how the district attorney rips your quite exotic legal perspective apart (hint: fake name 100% is taken as clear indication of fraudulent intention) and b) whould I desire to know more about you (which I do not expect) I would quite quickly come as close as I'd like to.
But again: I'm quite happy as a customer of Prometeus, who btw. are just doing what pretty everyone else does, too, in that regard (fake support names). And you are, pardon me, just a minor nuisance at the sideline. Chances are that you'll do your job well enough and that I won't need anything from you anyway. And if I did, I would ask politely and you would do what you are payed for, simple as that.
So, as far as I'm concerned, you can use a fake name as long as you please and I wouldn't care - because when push came to shove you'd quickly learn the legal facts. Just don't insist on us believing the weird fairy tale about fake names being a wonderful and perfectly legal thing, will you.
Let's do a favour to everyone here (and to your "employer") and stop that thing, ok. As other threads here show, you and me are well capable of having constructive and reasonable discussion. In fact, I just widely agreed with you in another thread.
For me that case is closed.
AFAIK @Maounique has a registered company and he's being paid through that, so legally seen that should be sufficient.
@mpkossen
That was a misunderstandig based on a statement made by Maounique. He later clarified that point and it wasn't brought up again.
It's basically the same when you purchase outsourced support: you buy capacity and/or time from another company and you don't know which person it's going to be at the other end of the line. It's a transaction between two companies.
And we all know @Maounique is secretly the Stig.
For me it will only be closed when the law you keep invoking is finally shown to the public.
Until then, there is no fake name to the authorities or fake company name to you, so the criminal conspiration theory is also down the drain.
This thread is about being ok or not to present fake data to a provider. I say it is ok in this risky and many times incompetent market and even in other cases, whatever is on the internet, it must be treated as public, but when there will be suspicion, you take the loss and accept you lose the service with immediate effect, whether a VPS or a domain. If there will be criminal investigations, you can also expect the full cooperation, if served with the right papers, whether the data was fake or not. We will not sue anyone though, for fake data, will simply not provide service, or terminate when we see fake profiles, as I did personally when I noticed a few VPSes used to attack the same target registered under different names but logged into from the same IP, for example and which used fake phone numbers too, but that was also a breach of ToS/AUP and a criminal activity, so, I had all the rights to proceed as such. There are also other ways to determine if people have multiple accounts or fake data, I was a GM and admin for many games so I know these tricks, especially since I also use them, but with more experience than others.
For example, I have accounts with many providers here, but none has my data, it is either fake, or company data. In all cases, though, if the authorities wish to contact me, that is easy for them, provided they have the required papers. I am only shielding myself against data leaks and incompetent or criminal hosts which intent to misuse my data.
In short, I am willing to risk money paid for a terminated service when the fake profile is discovered as an insurance premium to cover the possibility of data leaks or misuse. For the same purpose I have a couple of companies, one real, in activity, paying taxes, another without much activity, but still in business.
I acknowledge there is a risk of data leak, and pay a premium to mitigate it.
If everyone knows, then, there is no "secretly" in the phrase :P
Think I like him better as The Stig.
Then you will have to discuss that with yourself.
Pardon me, but I do not trust almost any provider anyway. There have been enough cases in the past year or so where companies small and large have been helping authorities, be it willingly or be it by force - not caring sh-t about the legality. And there have been plenty cases demonstrating that most companies cite the law when it suits them and bluntly sh-t on it when it's inconvenient.
I'm in a way in a luxurious position because I don't do even grey zone things, let alone illegal things. The law - unfortunately - indeed does require clients names, so I provide it along with correct contact details. Simple.
So, cooperate as much as you like with the authorities. Just don't forget that you make your living by cooperating with clean and paying clients like myself.
huh.. I thought most hosting providers did that, especially all the cheap domain providers with presumably Indian support ("Mary", "Jon","Gregory",..). I actually found it very common for Asians to use different names in western countries, which are easier to pronounce.
Like I said on the first page, it may not even be illegal if you are not doing it for fraud.
That is their and their customer's problem, not mine. Even if you provide fake data, this will not shield you from the authorities, unless you are a criminal paying with someone else's money too. The law is not made to protect people from crime, but to make sure people cannot keep things private, whatever things, legal or illegal. Under the microscope, everyone does at least some suspicious things and today there is no evidence needed in the courts for some accusations, the records are sealed so the public cannot know what happened and the accused is spirited away and tortured to make up some fake accomplices which will go through the same ordeal in order to save a bit of the suffering. Any judge knows that and they know what they risk if they do not fully "cooperate".
But that is a completely different story, we are all doomed anyway, so either accept your fate or go down fighting, but, in this case, you are fighting the wrong person.
Yes, from what I understand he/she has formed a company in which he/she is the only member of. As such he/she only works for the company that was self-formed. That company is then hired to do work which is how he/she "doesn't" work for Prometeus, but rather for the self-formed company that is employed by Prometeus (AKA, they pay the company, not Mao).
At least that is what I gathered. Could be wrong. (Wouldn't be the first time)
I take it that Mao wouldn't want to reveal the name of the self-formed company either... which is fine, there is no need. But it's a lot of trouble to go through for seemingly no real benefit. My main gripe is that the double standard is ridiculous and that some people people believe that their private information and identity is more valuable than others. Stating that they use fake details all day long and working hard to defend it because "its not illegal" and that no one knows who they are (heh) and then doesn't allow others to do the same when doing business with them (err, doing business with a business that does business with them...) just seems... hypocritical.
"Trust me even though you do not know who I am, but I will not extend that trust to you unless you provide me real details."
See the issue?
I'm not saying everyone should use their first/last name on the internet everywhere, but in the business world people should be able to be held accountable for their actions in my opinion. Fake names and hidden aliases is GVH level shit and more commonly used for bad than good, hence the reason most people are uncomfortable with it.
I don't even like giving outsourced reps Americanized names. It's very degrading to that worker as you're essentially saying that you are ashamed of having hired someone with a foreign name and when "Billy" who is answering the tickets responds with a very poor understanding of the English language it's very obvious that they're unlikely a native speaker and are likely outsourced...
For what it's worth, I don't care who Mao is. It's just that this industry is awful enough as is with the lack of accountability for certain things people do and get away with and advocating the use of fake names everywhere doesn't help.
For business, you should have to use a real identity. That's all I'm getting at. Both as the customer and the provider. People need to be held accountable for their actions and this industry as a whole would be much better and less of a joke if that was the case. There are way too many horrible clients/customers out there and a handful of awful hosts who use fake details too... Most businesses aren't ran properly in accordance to their local laws, nothing that is required after data leaks are ever performed (or enforced) and it's just a giant untrustworthy shit-show and there needs to be more accountability.
To watch porn, share your political opinion on the web, to read about radical ideals... whatever.. sure, hide behind Tor, a VPN, whatever and comment under an alias if you want to add to the conversation. That's fine and encouraged and expected.
/coffee fueled rant.
@MannDude
"working through a company for another company" is also illegal in many legislations if the final company (e.g. Prometeus) is the only or clearly the major client of persons company (e.g. Maouniques company), particularly when person again derives the major part of his income from his person company (P & Mao just being theoretical examples for the purpose of explanation, of course).
Considering the very different levels of income, of taxes, and of taxes for company profits vs. personal income, such constructs can quickly add up to 5-digit numbers/year for a single de-facto employee.
While such a construct is very attractive, of course, for both parties involved it also brings with it a certain urge for, uhm, "privacy" and discretion.
There is something some people should learn from certain smart and experienced businessmen. An attitude, for example, to not unecessarily provoke other people but to rather diplomatically settle issues and to always keep a friendly tone.
At least, as a very minimum, one shouldn't talk publicly about ones fake identities.
Well, whatever, that was all just theory. We do not actually know people playing such games, right
No it is not.
I know of a few companys that do this legally to "guard" investments or employees.
The size of the company or how they do business (as long as it is legal) has nothing to do with it.
Funny thread, I have never given fake details. If I don't trust your company enough to give my actual info, I don't order from you, simple as that. Why in the hell would you order service from a company you don't trust? A few companies added to my "never" list after reading this thread.
@mikho
Kindly note the "in many legislations" in my post.
Trust me, it is illegal in many legislations, but probably more so in europe than in north-america.
Aren't we entitled to know who The Stig is? @JeremyClarkson?
No, it's not ok. Moreover, in case of any dispute you are starting on a lost position.
Hence I never dispute anything, nor ask money back, etc. I know it is costly and cumbersome, but it is my choice.
@bsdguy I read again illegal from you, yet, no link with the laws I am supposedly breaking. Caring is sharing, mon, please dont keep your legislation private, there are many people which could benefit from knowing them, @Zen also asked for your sources, I know protecting the source is standard in investigative journalism, but, hey, this is supposed to be a public law...
So far we agreed the customer is required by law to give correct and complete details, under the penalty of denial of service or termination (void contract).
On the other hand, we did not agree because you did not show your cards (laws), if the customer is entitled to know the private details of employees of the provider. I do admit, though, that the law does require the company to keep correct and accurate data about their employees and also make it available on simple inquiries by the authorities.
working in a Swedish company, we have 2 "sister" companies that basicly has only 1 client each.
One is the owner of the property where the company I work for "rent" the office space == one client.
The other company owns the DC where we host our servers == one client.
A friend of mine runs his own business, works 100% for Ericsson ST as a consultant == one client.
as requested before when you throw these kind of arguments, show the legal documents that support your claims.