New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Nope. This thread was about unjustified paranoia right?
@jarland, yes and no. technically the has is generated by taking the name and whatever and md5 hashing it. so technically if you could decode the hash you would get the name. but now your talking 4 hash's
http://ctankersley.com/2009/10/14/hashing-is-not-encryption/
Hashing is not encryption. A hash is not data. This is not a matter of opinion. You can change the subject now if you like, as you did beneath that, but fact is fact and whether or not you like it is of little concern to me.
Do not tell me how to treat clients who are US citizens and break US federal law and I won't tell you how to live your life. If you feel you are at risk of this, I do not want your business.
Also, I don't care how the UK classifies anything. I run a US registered business. I also do not share client data. When their client status has been terminated and we have agreed to a deal in which the privacy policy is nullified, that statement still does not change. Your brain is on loop with this idea that there's a constant flow of information being written to FraudRecord. This is not true.
"We have some male customers". Here, i just broke our privacy terms, since i disclosed some personally identifiable information about our customers (i.e. gender). Did i?
Come on, guy. You can keep some dignity without those board nonsenses... and don't worry, I have atm. more than enough US VPSs, so you're not at risk to get my money (but I must admit that I considered your vps offer more than once).
/me sues @rds100 for releasing my private information.
As long as you are criticizing my business practices in the open and calling me out for violating my privacy policy, which I am not doing, you are trying to create bad PR for me and I will defend myself. We do not share client data with a third party. What we do after termination and (not or, think &&) after cutting a deal with that former client that involves the nullification of all previous agreements is an entirely different story and is none of your concern unless I make it your concern.
Wow...
Yes, a former client and US citizen who has violated US federal law may waive their rights to this policy in exchange for me not taking them to court. I encourage people not to screw with me. I'm not here for script kiddies, I run a legitimate business.
Sure, if you say so...
Well, if us saying so is all it takes, then we could have ended this like 90 posts ago :P
Well at least he did challenge me to do one thing. I'll soon be adding a provision that states that willful violation of the Computer Fraud & Abuse Act of 1984 will nullify any and all agreements. Then I won't be making deals anymore, it'll be agreed to from the beginning. I don't take the "rights" of DDOS script kiddies seriously and I never will. I can also prove "willful" and I have every time thus far.
@jarland congratulations. Lets make it legal and clear not as wind blows! ;-)
I don't know what that means.
Aaaaah Joan Baez, blowing in the wind.
Hmm... how to explain it in english (as you know I am not native speaker)...? Lets do it properly, make it clear and back up it legaly, not the way you personaly feel in this beautiful morning..
It's actually Bob Dylan originally, I think :-)
It's never been just how I feel. Keep in mind that I said I've only filed one report. Even if it were illegal for me to share it in that case, who cares? Let's be human here for a second and not policy robots. If you violate the Computer Fraud & Abuse Act (As a US citizen) and I can prove identity and intent beyond a reasonable doubt, you are not going to come after me for sending hashes to FraudRecord. Morally, I stand behind it. Legally, I stand behind it. I can ruin their life and they can....maybe get me fined if a judge agrees with your view.
If I understand FraudRecord correctly, then in a way @Spirit is correct when he says "anyone just by knowing a few details about me can search for details and get results, which also gives them more details about me and what I did."
Let's say I'm a habitual abuser, and have been reported by 10 different hosts. Someone knowing the email address I used can search FraudRecord and find those 10 reports.
While the records won't explicitly reveal "more details about me", it's entirely possible that when looked at as a whole they could leak some information. At the end of the day you could only make guesses about the information collected, but some could be more accurate then others (all 10 hosts are from California, so maybe I'm targeting hosts close to home and also live in California -- or all the abuse reports are entered during full moons, so maybe I'm a werewolf).
And the records will definitely reveal some information about "what I did" -- even if the host doesn't leave a comment, the reports will still identify the 10 hosts I previously abused.
Now whether or not this is what Spirit was thinking of when they made that statement, or if they really do just have a complete lack of understanding for how the system works, I don't know...
/me buys a vps from Jarland, poops a script kiddy, tells said script kiddy to ddos spirit with a DNS reflection attack, and I sit back and watch the fun
Muhahaha
I am not sure how law look at this but It's good enough for me, so lets stop it here. Peace, bro? :P
Yep
Oh, idk, maybe because you can see in the billing panel plug-in that all data is hashed before sending it off?
Read further, I already did that :P (yours is prettier though)
@joepie91 & @Damian if you use api. Some insert data directly to website form. Though not big part of them as Harzem today confirmed.
I didn't bother reading all of the thread, really. Too many posts for that, and seemingly too little substance.
The best place to report computer crimes that occur in the US is the FBI not an unregulated database run by some web designer in Turkey who registers domain names that are the same as well established financial services companies* and hosts them on the same VPS as his "fraud prevention" database.
*vecogroup.com IP address 96.30.40.236 (fraudrecord.com is 96.30.40.238), uses the same WHOIS address as Harzem's other sites like fraudrecord.com (although he listed the registrant as Veco Group). The real Veco Group is a Swiss financial services company with a website at vecogroup.ch and offices in several countries (Turkey is not one of those countries) . I'm sure that Harzem had some perfectly valid reason for registering a domain name that is the same as the name of an existing well established financial services company. Just like I'm sure there is a perfectly valid reason his database accepts submission of credit card info (oops, excuse me, hashes of credit card info) //sarcasm//
I love Joan Baez version :P
Nice to see me in the chat logs lol
chylde> is Chat6838 still typing? heh
Redwolf> Happy Earth Day and Good Morning y'all! I sure hope Bluevm is totally green and I am supporting a green vps company
Mun> lol no
chylde shuts down a vps in support of earth day
Mun> that is why we have Gorian
chylde> obviously one which serves no purpose :P
Alexander> What the hell is earth day?
chylde> no idea
Redwolf> I am heading out to Earth Day Festivities
I agree, but given that I'm referring to US citizens who actually let me catch their real identities, I find them to be naive as to the way of the world and I consider myself to be nice by letting them off easy. I don't even report to FraudRecord unless I feel that it warrants it. I won't go into every specific, explaining in public exactly how to play me best for maximum gain, but let's just say that my attitude is one of teaching a kid that the world has consequences and sending them on their way without ruining their life. Then, I keep what I need to ruin their life should they imply to me later that they don't learn lessons and they need to simply be dealt with. Agree or disagree, everyone has an opinion, this is just how I operate. There is zero risk to anyone using my services who is not willfully attacking others under my care.
I really, really, really don't like that part. Doesn't matter what you use here, both ends have to be able to generate a matching hash so doesn't that mean that a third party who has the hash could theoretically scan for a match with enough hardware and time? Credit card is the only thing I would worry is actually worth that kind of effort. I'm not the best expert here, but am I wrong in that?
Ah yes, let's ignore that:
I'd also like to know what the significance is of "[some guy] in Turkey". Surely nationality is unrelated to the trustworthiness of an individual or service, no?
Yes. And without verification code, it'd be effectively useless.