Sponsors and Our Privacy

Altheon · 2004-06-11, 03:07 PM

I was signing up for some sponsor programs last night and realized that the form is not sent via SSL. This freaked me out since some pretty sensitive info is sent stuff like: name, address, Social Security Number, Bank account #'s, etc... This seem really crazy to send such personal info with out some layer of protection.

Here is a scenario for you: You sign up by sending all your personal info plus your log-in name and password over an insecure connection. This info gets intercepted then the person waits till you make some sales. After you have a good chunk of change in your account they log-in as you, change the payee name and address and have the check sent to them. Besides how often do you log-in and see if your account info is still accurate. Better yet, when you change an item like e-mail, physical address etc...,do you get notified? My guess is that you do not. Of course you can only get hit once before you notice the theft took place but how much is your check? I bet it's not the minimum payout amount.

I see this as a scandal waiting to happen. How bad will the fallout be when a sponsor does have an incident like this one. Figure the odds of anyone trusting them again.

Hey let me know if I'm off base here but I ask that you take a look at the sponsors you are using now. Go back to that sign-up page and see if it is using SSL. Then ask yourself, if this were a brick and mortar business would you conduct this sort of transaction in a crowded room full of people? If this were Citibank would you send this info to them via an insecure connection. If you don't trust these sponsors as much as you trust your bank why would you give them the same information but in a more insecure manner?

-Altheon

2004-06-11, 03:07 PM	#1
Altheon Heh Heh Heh! Lisa! Vampires are make believe, just like elves and gremlins and eskimos! Join Date: Jan 2004 Posts: 74	Sponsors and Our Privacy I was signing up for some sponsor programs last night and realized that the form is not sent via SSL. This freaked me out since some pretty sensitive info is sent stuff like: name, address, Social Security Number, Bank account #'s, etc... This seem really crazy to send such personal info with out some layer of protection. Here is a scenario for you: You sign up by sending all your personal info plus your log-in name and password over an insecure connection. This info gets intercepted then the person waits till you make some sales. After you have a good chunk of change in your account they log-in as you, change the payee name and address and have the check sent to them. Besides how often do you log-in and see if your account info is still accurate. Better yet, when you change an item like e-mail, physical address etc...,do you get notified? My guess is that you do not. Of course you can only get hit once before you notice the theft took place but how much is your check? I bet it's not the minimum payout amount. I see this as a scandal waiting to happen. How bad will the fallout be when a sponsor does have an incident like this one. Figure the odds of anyone trusting them again. Hey let me know if I'm off base here but I ask that you take a look at the sponsors you are using now. Go back to that sign-up page and see if it is using SSL. Then ask yourself, if this were a brick and mortar business would you conduct this sort of transaction in a crowded room full of people? If this were Citibank would you send this info to them via an insecure connection. If you don't trust these sponsors as much as you trust your bank why would you give them the same information but in a more insecure manner? -Altheon