Forgot your password?
typodupeerror
Privacy

How Private Are Sites' Membership Lists? 265

Posted by CmdrTaco
from the private-enough-most-of-the-time dept.
Slashdot contributor Bennett Haselton has written an essay on a subtle privacy issue affecting many websites (including Slashdot!) He says "Suppose your girlfriend called up Match.com and said, "I think my boyfriend might be cheating on me. His e-mail address is joeblow - at - aol - dot - com. Can you tell me if he's a member?" And Match.com phone support told her, "Why, yes, he is a member. You'd better have a talk with him." After you had gotten over the guilt of getting caught -- I mean, the guilt of cheating -- would you not feel like Match.com had violated your privacy by telling a third party that you were a member?" Keep reading to see what he's getting at and to decide if and when it's a problem.

Something like this is actually possible with quite a few well-known sites -- given a person's e-mail address, it is possible to find out if they have an account with Match.com, PayPal, Netflix, eBay, Amazon, and Google (and, by the way, Slashdot [CT: We'd fix it if I thought it mattered]). For some of those sites, it may even be possible to take a long list of e-mail addresses and use an automated process to find out which of those addresses have accounts with those sites (something I didn't want to risk trying myself, but as a general rule, if you can do it once, you can do it many times, at least if you do it slowly enough). It does not enable the attacker to extract addresses from a site's membership rolls, which is a much more serious type of breach -- in this case, the attacker would have to already know a list of e-mail addresses, and would only be able to find out which of those addresses have accounts with a given service. And it definitely wouldn't enable an attacker to extract more sensitive information like passwords or personal data. But the ability to get a yes/no answer for whether an e-mail address belongs to a member of a given site, should be something that the site designer should take into account. I'm not even saying that it should necessarily be considered a security hole in most cases, just that it should be something that the site designers decide whether or not they want to permit it -- not something that was left in the open accidentally. Representatives from PayPal and Netflix assured me that they knew about the possibility of this attack and had countermeasures to detect it. In the case of Match.com, on the other hand, I would argue it looks like an oversight. For other sites, whether it's a security hole or not depends on your point of view.

There are three main causes for concern with this issue. The first is simple privacy -- for a site like Match.com, a person may not want other people to be able to find out that they're a member. The second is the possibility of making phishing attacks easier. If a phisher sends spam to a huge number of recipients, hoping to trick them into entering their login details on a counterfeit site, then generally their success rate would be proportional to the number of recipients who are members of that site (of which a certain percentage will be duped into entering their login info), but the speed at which the phishing site is shut down would be proportional to the total number of recipients (since any recipient would carry the same likelihood of reporting the phishing site to an ISP and helping to get it shut down). So if the phisher could find out which addresses on their list belong to actual members of a given site, and send mail to just those people, they could get more successful attacks in proportion to the number of e-mails sent. This is especially true of "puddle phishing" attacks, where only a small percentage of recipients are likely to be members of the site being phished. The third possibility is that the data could be valuable to spammers wanting to advertise a competing site -- a spammer advertising a dating site, for example, could get more band for their buck by advertising only to Match.com members. (Maybe even try a hybrid spam-with-just-a-hint-of-phish -- spam that says "Rejected a lot on Match.com?" to make the user think at first that the e-mail really is from Match.com, but then steer them towards a competitor.)

With a build-up like this, the attack is disappointingly simple. (In fact, I listed the possible consequences of the attack first, because otherwise the attack itself is too easy to dismiss.) If you haven't already guessed at least one of these methods, the three easy ways to find out if an e-mail address is associated with an account at a given site, are:

  • Try to create a new account with that e-mail address. See if you get an error message saying the address is already associated with an account.
  • Log in under an existing account, and try to switch to another e-mail address. See if you get an error message saying the address is already associated with an account.
  • Use the forgot-your-password feature to request a password be sent to a given e-mail address. See if you get an error message saying that address is not associated with an account.
Each attack works better if you can avoid triggering an e-mail message sent to the e-mail address in question, whether in a success or failure condition. For example, if the forgot-your-password form only accepts an e-mail address as input, then if the e-mail address you enter really does belong to a member, a password reset e-mail will be sent to that member. That won't prevent you from continuing your attack, but if enough Match.com members get password reset e-mails that they didn't request, some of them will let Match.com know what is going on, and Match.com might find a way to stop the attack in progress. On the other hand, suppose the password-reset form requires an e-mail address and a birthdate, and if you enter an e-mail address without a birthdate, you get one error message telling you that the birthdate was missing, and another error message if the e-mail address you entered is not associated with an account. This avoids triggering an e-mail message to the user in either case, and increases the chance that you can carry on the attack longer without being noticed. And once you've confirmed that someone is a member, this type of password reset form would also let you use trial and error to determine their birthdate as well, something that might make identity theft easier later on. (This, by the way, is exactly how the current Match.com password reset form works. Match.com did not respond to requests for comment.)

With most popular sites that I tested, at least one of the above methods fail, but at least one other method succeeds. On Netflix, for example, the forgot-your-password form requires you to enter a last name and a credit card number, so that form can't be used to find out who is a member. On the new member signup page, though, you can enter an e-mail address and be told whether that e-mail address already belongs to a member. With Match.com, on the other hand, I already mentioned the weakness in the password-reset form, but if I tried to sign up for a new account but I didn't correctly pass the Turing test (reading numbers off a graphic and entering them in a text field), Match.com wouldn't tell me if the e-mail address was associated with an existing account. So that form could not be used to sift through 100,000 addresses and find which ones were Match.com members, but it could be used to find out if an individual person was a subscriber.

There are at least two simple countermeasures to this type of attack. The first is to require a Turing test when a user creates a new account, requests a password reset, or changes their e-mail address on file, and make sure that if the Turing test isn't completed correctly, then no error message is displayed about whether a given e-mail address does or does not exist in the system. This makes it hard for attackers to sift through a mountain of e-mail addresses finding out which ones already belong to accounts, but it still enables someone to check if someone is a member, one person at a time. For sites where that would be a privacy concern (again I'm thinking of Match.com), the other solution is better: send an error message to the e-mail address entered, not displayed to the user in their browser. If you try to sign up as joeblow@aol.com, and that address is already associated with an account, then display the normal message telling the user to check their inbox for confirmation -- but then send them a message saying their address is already in the system. eBay, for example, gets this right on their "forgot your userid" page -- if you enter an e-mail address not associated with an eBay account, it simply says, "eBay just sent your User ID to joeblow@aol.com. Check your email to get your User ID." (On the other hand, eBay's new user signup page lets you check if an e-mail address is assigned to an existing member, without needing to pass a Turing test.)

Netflix, eBay and PayPal also responded to say that they had monitors in place to detect "suspicious" activity, saying that even in cases where the forms did not require a Turing test, they could dynamically detect if someone were using a script to submit the form over and over to harvest data, but they declined to go into more detail. It seems to me this could work for forms that require you to be logged-in, but not for forms that don't. For example, on the Netflix new user page, how would they detect if it's the same person submitting e-mail addresses over and over again? Not by IP address -- you can use Tor and farms of open proxies scattered across the Internet to make it appear as if you're coming from lots of different IP addresses. However, consider the PayPal add-a-new-email-address form. This form does not require a Turing test, and does give you an error message if you try to add an address associated with another account. At first I thought this might be a loophole that an attacker could use to find all the PayPal users in a long list of addresses, but PayPal told me that if you do this enough times under the same account, eventually you will hit a limit where the form starts requiring a Turing test. I never got high enough to hit that limit. However, in this case the "dynamic detection" could actually work -- because you can only perform this action while logged in, and after you hit the limit, to continue testing more addresses would require another PayPal account -- and creating additional throwaway PayPal accounts does require a Turing test for each one. So I'll take their word for it that that attack is blocked, although, it seems to me it would be easier just to require a Turing test on the add-a-new-address page.

On the other hand, perhaps in the case of a site like Netflix, it's not something that users really need to worry about, if the company has no problem with it. Big deal, an attacker can find out whether you're a Netflix user -- but that's not a huge privacy violation, it's not like I shamefully hide those red envelopes under my shirt while I'm scurrying back from the mailbox. Now, a spammer can take a list of addresses and run them through the form to find out who is a Netflix customer, and then spam those users trying to lure them to a competing service -- but that's Netflix's problem, not ours, isn't it? (Well, it's our problem that we get the spam. But without using this attack, the alternative was that the spammer was just going to spam everybody on their list anyway, so by that argument, this attack actually results in less spam all around!)

Except... perhaps an attacker could try the third type of attack, a phishing attack to get people's Netflix usernames and passwords, but not in order to compromise their Netflix account, rather to see if the person has an account with the same password at eBay or PayPal. Perhaps a user would be wary of a PayPal phish since they see so many of them, but they might fall for a Netflix one -- although then the attacker's success would be limited to people who had Netflix and PayPal accounts, and were using the same password for them both...

So it seems to me it's not obvious when this should be considered a problem. (All of the sites mentioned in this article were e-mailed about this issue months ago, and so far none of them considered it a serious enough threat to block all three of the avenues of attack listed above.) If abuse of this type becomes common, perhaps eventually these "queryable membership lists" will come to be considered in the same way as open mail relays -- which were never considered a glaring security hole, but were abused in ways that triggered a shift in people's thinking that got them to be gradually phased out, going from open relays being the default standard up to the early 90's, to the point where many ISPs today prohibit customers from running them. Maybe "queryable membership lists" will start to be abused more, if anti-spam technologies get smart enough that spammers can't send 1 million messages at a time any more and have to limit themselves to, say, 100,000 messages at a time to get through people's filters, so they have to pick which 100,000 of their addresses they could get the most value out of. Or maybe things will go in a completely different direction and this will never become a problem. I just think that, for now, we should be aware that some form of this trick works on the majority of sites that require an account, and the types of abuses described are at least possible.

This discussion has been archived. No new comments can be posted.

How Private Are Sites' Membership Lists?

Comments Filter:
  • Hmmmm (Score:2, Interesting)

    by zoomshorts (137587)
    Not in their best interests, but they ARE capitolists.
    • Not exactly (Score:2, Insightful)

      by TodMinuit (1026042)
      If people valued their privacy, it would be in a companies best interest to protect their customers privacy. If a company didn't, people wouldn't use them.
      • Re:Not exactly (Score:5, Insightful)

        by Zanth_ (157695) on Wednesday June 06, 2007 @12:11PM (#19412061)
        This is a completely invalid argument. Many companies realize their customers have no choice (save for litigation up through the supreme court via the clogged arteries of political and bureaucratic mayhem).

        Think telecoms. I sign up for a service. I have to give a certain amount of information for service to my home of course as well as billing etc. Said company gets an enticing offer by a few marketing companies for their client list and any semblance of privacy has been taken from us without our consent, or deceptively with it, as consent was granted signing the contract for the service. Said consent was buried deep in the 6pt font on the back of Form B line 492.

        How about credit card companies? Or major retail outlets? Many of these places offer reward cards or credit cards and the lists are sold off to other companies to use at their leisure. An old professor of mine used to have a Shopper's Drug Mart Optimum card. Shopper's Drug Mart is a massive chain in Canada (maybe in the US too?). Her son has a very rare disorder that requires a cocktail of drugs supplemented with high amounts of vitamin C. She started receiving snail mail spam regarding fresh fruit direct to her door as well as garbage mail from a competing pharmaceutical company regarding some meds. She only shopped at Shopper's and she always used her optimum points card. Outraged by this, she contacted the company who admitted that they do sell (or did at that time, about 10 years ago) their client lists to some "select and reputable companies."

        Yeah sure right. They sell to whoever will pay large. When it comes to customer privacy, so long as the company realizes they have a stranglehold on a market, they can do what they want because either there is no competition, therefore no alternative for the consumer, or that their market dominance is such that even if they do lose a bunch of customers or have to deal with some legal issues, the benefits/profits far outweigh these marginal hiccups.

        There are aspects of privacy one should not expect to retain (walking in public and not being noticed, or photographed etc) it is quite a different problem entirely when a company starts selling off or divulging information. Any of these releases of info should be opt-in only. Heck, in a lot of ways I believe a phone book should be the same way vs. paying to opt-out with an unlisted number.

        • No, it's not an invalid argument. If people did value their privacy enough, I could start a competitor to any business you named, offer the exact same service plus privacy, and people would instantly switch or the other business would fall in line.
          • Re:Not exactly (Score:4, Insightful)

            by Zanth_ (157695) on Wednesday June 06, 2007 @12:35PM (#19412507)
            Good Luck with that. Go out and start a telecommunications company. Go find the venture capital, drop your own copper, your own fiber. Hire the lawyers needed to get the FCC to permit you to jump state borders. Oh, you can't find the 20 billion dollars this will require? But you stated that you could start a company that could offer the exact same service with privacy. No no you can't. This is exactly why these companies continue to exist today. They have bought their security. Laws are in place to protect them.

            Now with something like a retail outlet, sure it is possible to overtake them, but if you start something in NYC and I'm in the middle of Arizona, it will take perhaps a decade or more before your mythical company can come and save me from the nasty retail overlords that dominate my realm.

            You might be able to help out a few but the many would still be suffering. It will take a massive revolt the likes of the civil war to overturn all the laws that protect these gargantuan companies. So sure, the little companies abusing their customers may fizzle out, but the real abusers, the big bullies will just buy their way out of the mess.
        • Re:Not exactly (Score:5, Insightful)

          by cayenne8 (626475) on Wednesday June 06, 2007 @02:38PM (#19414403) Homepage Journal
          "Heck, in a lot of ways I believe a phone book should be the same way vs. paying to opt-out with an unlisted number."

          Well, there is one way to almost get an unlisted number for free. You CAN tell them how you want your number listed. Say your name is Joe Franklin Sixpack. You can tell them you want it listed as J. F. or you can actually slide weird names by them occasionally (they do like to keep in similar to real name). Maybe do your name as J. Franklin, or F.Sixpack, or try to slip one like Francis S.....anyway, you can get away with this...they started doing it I think so single women wouldn't stand out so much in the phone books...but, you can pretty much choose what name is displayed with your name.

          When I had a landline, and when I got a call asking for the 'weird name' I had listed in the phone book, I knew immediately that it was a marketer...and just told them wrong number, or that person had died or something....

  • Answer (Score:5, Insightful)

    by MyLongNickName (822545) on Wednesday June 06, 2007 @11:21AM (#19411205) Journal
    If you are doing something you don't want to get caught for, use a throwaway email address. If you trust a web site to keep your information private, you need a reality check. You can fight the windmills all you want, but they will keep spinning away and ignore you.

    Problem solved.
    • Re:Answer (Score:5, Insightful)

      by fohat (168135) on Wednesday June 06, 2007 @11:35AM (#19411425) Homepage
      Exactly. Even better, If you have your own domain name where all email gets delivered to one "catch all" makes it even easier. My friend uses a different email address for each site he signs up for to see who spams him or sells his email out. It's also a good way to know if a site is being honest with any policy where they state they won't do anything with your email address.

      Additionally, it is a good idea to not use the exact same username for each site you have to "sign up" for, especially if you are unsure of the sites policies. The main problem for most folks is trying to remember all of this information when they want to log in. I've heard of devices that will help with this but have never tried them.
      • Re: (Score:2, Interesting)

        by inkedgeek (1067346)
        Yeah the device that keeps track of all them is called a paper and pencil.
        • by Pope (17780)
          Nah, Stickies.app works just as well and used recycled electrons!

      • by Abcd1234 (188840)
        Exactly. Even better, If you have your own domain name where all email gets delivered to one "catch all" makes it even easier.

        Actually, anyone can do this if they have a gmail account. Any address of the form "myaddress+suffix@gmail.com" will be sent to "myaddress@gmail.com". So if you want to see who's sending you spam, just create a new address of that form for each site you register to.
        • Which is cool till you want to dump +suffix. I mean it's better than nothing for sure but I have a mailserver host with unlimited forwarders and a boatload of real boxes (to a max of a gig of mail). Thus I register sitename(+seq#)@networkboy.net (i.e. slashdot01@networkboy.net) I point the address to my root account (random numbers and letters@networboy.net). If an account goes bad and spammy, and I don't want the service I forward to :blackhole:. if OTOH I think the address is compromised but still wan
          • by Abcd1234 (188840)
            If an account goes bad and spammy, and I don't want the service I forward to :blackhole:

            You can do the same with gmail. Just create a mail filter on the To: line and instruct it to delete the emails. Easy peasy. And works for those who don't maintain their own email infrastructure.
            • by beckerist (985855)
              I do something similar, I use Gmail as my "spam filter." Since they allow forwarding, I use email address A to sign up for all my online crap. I then forward from address A to address B, and change both the "from" and "reply-to" boxes to reflect address A (again, you can do this all in gmail!) I check my email at A once in a while, but mostly it's to delete the hundreds of spam a day I get. If anything sneaks through the filter, I go to address A, find it, tell google it's spam and I won't get another one!
      • by Skye16 (685048)
        I did that for a very long time, and I stopped purchasing from more than a few sites as a result. However, after a year or two of use, I started to get a handle on who the good guys were, and who the bad guys were. And I started getting those pesky "try everything on a domain" spam sessions where everything from asweriyuherkij2350892wer@domain.tld got through to cxeryhwq3583adf23@domain.tld. Needless to say, that broke my catch all method, which was somewhat similar to a honeypot, but by then i already h
      • Re:Answer (Score:4, Interesting)

        by dgatwood (11270) on Wednesday June 06, 2007 @02:18PM (#19414071) Journal

        Better yet, give such an email address to your girlfriend. This serves three purposes:

        1. It's an email that only she uses, so you can sort it at top priority in your mail queue.
        2. It's an email that only she uses, so she can't use it to find out if you are on any service.
        3. It's an email that only she uses, so when you break up, you can delete the email address.

        :-D

        Besides, this whole question strikes of a very paranoid, insecure girlfriend. Maybe it's a sign that she's not worth holding onto. If I got caught with an account on match.com by a girl who were my girlfriend at the time, my gut reaction would be to ask "What kind of psycho nutjob are you?" followed by "Get the [expletive deleted] out of my house."

        Also, an account on Match.com is a really bad example. Having an account doesn't tell you anything except that the person did at one time use said service. Asking if the guy created the account since [date relationship began] would be a more telling sign that the guy was unhappy in the relationship, but still would not be evidence of cheating. Evidence of cheating is... oh, I don't know, some other woman's undergarments under the couch cushion, another woman's hair in the shower drain, another woman's personal articles in the back seat of the car, etc., and even then, those can all be explained in other ways---a prior relationship, a next door neighbor doing bathroom remodeling, and taking your friend's daughter home from school because your friend was too busy/sick/abducted by aliens....

        Short of catching the guy out with another woman, all you have is reasonable cause for suspicion, and girls, if you don't trust the guy you're with, you should break up with him. It really doesn't matter if your suspicions are confirmed or not unless you were friends before the relationship and hope to still be afterwards, but in that case, you wouldn't distrust the guy, would you? All that continuing a relationship built upon a lack of trust is going to do is eventually end in a divorce when that lack of trust turns into something nasty, either because you find out the guy really is cheating or because the guy finally gets sick of being treated like a criminal in his own home. Either way, it isn't a healthy relationship, and it is better to just get out the first time you think something might be wrong rather than going around acting like a psycho stalker. Here's a hint: normal guys really DON'T like that.... It's creepy.

        The sites where membership would potentially be embarrassing (e.g. Playboy.com) would be expected to have much tighter limits on that sort of information, and would not be expected to give it out without significant proof that you are the account holder. I could be wrong, though. Might be worth testing just to find out. Volunteers?

    • Re: (Score:2, Informative)

      by nametaken (610866)
      This essay seems to be largely about phishing attacks, etc.

      What worries me more, is that my mother, who is not my guardian anymore (by a longshot) can still call educational institutions that I attend and get information about my enrollment with nothing more than my name and social security number. She's hardly what anyone would call an expert in social engineering.

      Or how about banking? Many banks use your ssn as an identity verification. Both stupid AND dangerous! Somewhere along the line someone decid
      • Re:Answer (Score:4, Funny)

        by Richthofen80 (412488) on Wednesday June 06, 2007 @12:54PM (#19412781) Homepage
        What worries me more, is that my mother, who is not my guardian anymore (by a longshot) can still call educational institutions that I attend and get information about my enrollment with nothing more than my name and social security number. She's hardly what anyone would call an expert in social engineering.

        Even worse, places of prospective employment can call universities and get information about my enrollment as well (oftentimes without my social security number)! How many times have I lost a potential job from an employer who called a University to find out I never graduated. What a load! they should obviously by law only be allowed to take what I say about it.

        Give me a break.
        • Re: (Score:3, Funny)

          by coinreturn (617535)
          Even worse, places of prospective employment can call universities and get information about my enrollment as well (oftentimes without my social security number)! How many times have I lost a potential job from an employer who called a University to find out I never graduated. What a load! they should obviously by law only be allowed to take what I say about it.

          OTOH, I know someone who got a college degree by calling colleges until he found someone with the same name who graduated at a time when he was of
          • Must have been tricky getting the matching social security number...

            Seriously, I think this would only work for the dumbest employers. But for those employers who are likely to check at all, they'll do something more than just give the name and date of graduation. There were a half-dozen students with my name at the same time I was enrolled.
            • Most large employers include it as part of their background check. Once an offer, contingent on verification, is presented, the employer runs a background check via a third party. The third party reports all sorts of info. Sometimes the third party cannot obtain the proper education verification. Happened to me. On my first day of work I had to bring in my Diploma.
    • by AVee (557523)
      Indeed, and while you're at it, only use this email address outside of your house. Like in internet cafe's and such. You girlfriend might just poke around on your computer. Als make sure she does not follow you when you are going out. Tell you're colleages not to let here in, since she might sneak up on you at work. Or perhaps it's best to just tie her up in the basement, that will solve the issue.

      Or maybe, just maybe, we are solving the wrong problem here. Do i really need to explain something is wrong w
      • by mcpkaaos (449561)
        Nope, so solve that problem, make sure that people/organisations that cannot be trusted with you email address will not get it.

        While I'm at it, I'll solve world hunger by just making sure people have enough to eat.
    • by Trillan (597339)
      I think the reality is that if you are doing something you don't want your spouse to catch you at, it will affect your relationship in other ways. You'll be too tired when she wants attention, or you'll be angry when she asks an innocent question that you perceive as loaded.

      Eventually, she's going to find out anyway. Maybe not today, maybe not tomorrow, but one day.

      Better not to keep secrets.

      But for general privacy concerns, I think throw-away email addresses are good advice.
      • by Kozz (7764)

        I've got to plug SpamGourmet.com. It's perfect for temporary throw-away addresses, like "slashdot.5.myalias@spamgourmet.com" which is my way of saying, "I've given my email address to a site called slashdot. They're only allowed to send mail to this address 5 times. After that, they bounce. The first five that make it through will be forwarded to an email address of my specification."

        Of course there's the risk that a spammer would learn about spamgourmet and decide to exploit it by sending 115ASG123.2

    • Re:Answer (Score:4, Funny)

      by Mozk (844858) on Wednesday June 06, 2007 @02:51PM (#19414617)
      Well I WAS using joeblow@aol.com, but fuck if I won't get spam now... Thanks a lot Slashdot!
  • Doh! (Score:2, Funny)

    by ReidMaynard (161608) *
    Sounds like Bennett's wife discovered his match.com account.
    • I have a match.com account from more than 10 years ago when I was single, back when they offered free service. That email address (which is no longer valid) is still "claimed".

      Wish I remembered the password, apparently the free account is still active, and can be sold to slackers on EBay for $$. Since the email is no longer valid (the domain name is long gone) I can't reset the password.
    • Re:Doh! (Score:5, Funny)

      by snowgirl (978879) on Wednesday June 06, 2007 @12:53PM (#19412769) Journal
      Actually, I got all confused from the title, because I'm like, ok, yeah I would feel guilty for invading his privacy.... wait, cheating? How would I be cheating for invading his privacy? AHH!!!!

      Then I realized it's a slashdot article, and thus ignores my gender's existence.
      • Re:Doh! (Score:5, Funny)

        by NiteShaed (315799) on Wednesday June 06, 2007 @02:19PM (#19414083)

        Then I realized it's a slashdot article, and thus ignores my gender's existence

        Ignore it? Hardly. We obsess over the existence of you gender endlessly. Problem is that we obsess over it in much the way we obsess over dragons, Bigfoot, UFOs, The Loch Ness Monster and other mythical creatures.
  • by Mockylock (1087585) on Wednesday June 06, 2007 @11:23AM (#19411233) Homepage
    Fuck.

    If most spouses were savvy enough to call up sites and ask for information on their significant other, they probably would have caught them previously in some way, shape or form.

    Chat logs, history and everything else, show quite a bit of information for any computer-literate person to evaluate.

    Not only that, but I'm sure that anyone smart enough to hide everything and cover their trail, wouldn't leave personal information for their spouse to find.
    • Re: (Score:2, Troll)

      by Shakrai (717556)

      Not only that, but I'm sure that anyone smart enough to hide everything and cover their trail, wouldn't leave personal information for their spouse to find.

      Yeah, there's this really advanced technology, called hotmail, that can be used to obtain an e-mail address your spouse doesn't know about ;)

    • Re: (Score:3, Insightful)

      by Nephilium (684559)

      Of course... if the relationship is already at the point where they're attempting to secretly investigate each other, it's a dead relationship anyways...

      Nephilium

  • by iteyoidar (972700) on Wednesday June 06, 2007 @11:25AM (#19411267)
    I hope you can get the registration date too, what if this person's girlfriend had a match.com account before he met her.

    what if they met on match.com. but then she figured out he had two match.com accounts, like a secret one. then he would be cheating on her.

  • Seems to me... (Score:5, Insightful)

    by catbutt (469582) on Wednesday June 06, 2007 @11:26AM (#19411291)
    ...that if you are that paranoid, you should just use a different email address than the one known to your girlfriend. I just don't see this as a problem.
    • Re:Seems to me... (Score:5, Insightful)

      by Qzukk (229616) on Wednesday June 06, 2007 @11:31AM (#19411347) Journal
      that if you are that paranoid, you should just use a different email address

      Seems to me that if a society decides that paranoia is required in order to "earn" privacy, it should quit being surprised when it creates paranoid people.
      • Re: (Score:2, Insightful)

        Seems to me if society creates people who can't be honest with each other, it should quit being surprised when people in relationships distrust their significant other.
      • Re: (Score:2, Insightful)

        by bcharr2 (1046322)

        Seems to me that if a society decides that paranoia is required in order to "earn" privacy...

        Except in this case, it is the individual themselves who is the custodian of their own privacy. If they have something to hide, they should use a email account that no one else is aware of.

        Not that I sympathize with the original poster, who is arguing for privacy rights simply as an avenue of deceiving someone who is in a close, personal relationship with them. I believe the founding fathers concept of privacy

        • Re: (Score:3, Insightful)

          by GryMor (88799)
          Is having a match.com account evidence of infidelity? I mean, she didn't even check when it was last used. I've got accounts on several dating sites, but for the most part, I haven't touched them in years. If I actually had a girlfriend, I don't see how the sites would know to close my accounts, and I certainly don't think it would occur to me to do so.

          The issue here isn't inherently privacy related, the problem only exists because people presume that your email address having an account indicates something
    • by LighterShadeOfBlack (1011407) on Wednesday June 06, 2007 @11:42AM (#19411563) Homepage
      Seems to me you should never give out your emmail address to your girlfriend, period. And why take any risks, don't even give them your number, or your real name for that matter. Personally I prefer to be extra careful about giving out personal information, I don't let them see my face or even let them know that we're dating.

      It's going pretty well with my latest one I think. She's a bit shy though. Every time I call her it's nothing but awkward silences. Plus she's started closed the curtains :(
    • by vux984 (928602)
      Seems to me that if you want to cheat on your girlfriend, your not with the right woman, and should probably just do the honest thing and tell her that.
  • by Radon360 (951529) on Wednesday June 06, 2007 @11:29AM (#19411337)

    CT: We'd fix it if I CT: We'd fix it if I thought it mattered]]

    Thought it mattered?!? I don't want people being able to find out that I'm a nerd!

    ...oh wait.

  • by Billosaur (927319) * <wgrother@NOsPAm.optonline.net> on Wednesday June 06, 2007 @11:30AM (#19411341) Journal

    Harold, I know... you've been on that Slashdot site again haven't you? Haven't you? Admit it!!!! You're fooling around with Ubuntu... behind my back!!!

  • by rob1980 (941751) on Wednesday June 06, 2007 @11:30AM (#19411345)
    Think about the purpose of that site for a second: the whole idea of match.com is you post a picture and a profile so you can meet new people. You're already spilling a ton of personally-identifiable information about yourself, and presumably someone is going to be able to search for you - so why get pissy about someone being able to determine that your e-mail address is registered there?

    And while I'm thinking about it, if you're using match.com while you're already in a relationship with somebody then maybe you need to have a talk with that person and let them know things aren't working out.
    • Re: (Score:3, Interesting)

      by smellsofbikes (890263)
      >if you're using match.com while you're already in a relationship with somebody then maybe you need to have a talk with that person and let them know things aren't working out.

      Kind of like how if you start looking for a new job, you invariably let your boss and coworkers know that with any luck you're going to be leaving soon, right?

      I'm not saying it's *right* to be looking around when you're in a relationship, unless you're one of those godforsaken poly people, but there are lots of people who do exactl
  • So many sites out there tell you if you have got your email address or password wrong when you log in, when what it should do is tell you that your email OR password are incorrent. By entering someone elses email address (if used for login) into one of these sites, you can tell if they have registered or not.
  • But if you're NOT "open", then think about your other half/significant other/whatever. If you're mutually apart for a period of time (a day, a week, whatever) then you've got a limited window. If you violate your other half, then you should have IN ADVANCE considered and expected to accept the consequences.

    If Joe Blow gets caught, tough. If his girlfriend KNEW he was logging in to such sites, then she could live with it or walk away on her own. IF she finds out by other means, whatever they may be aside fro
  • I don't know, but I'll be sure to let everyone know when I finish page 467 of the book you just wrote.
  • Many (most) email systems now will allow suffixed addresses, typically using "+" as the separator. Chances are that most of the services that use email address as a username or have the features that allow a third party to detect whether a particular email address is registered will treat "foo@domain.example" as entirely distinct from "foo+bar@domain.example". So most people have easy access to throw away addresses. Unfortunately this doesn't fully solve the problem. Sites use email addresses as identif

  • by AVee (557523)
    Big deal, an attacker can find out whether you're a Netflix user -- but that's not a huge privacy violation, it's not like I shamefully hide those red envelopes under my shirt while I'm scurrying back from the mailbox.

    So here you are, making a big fuss about some perceived privacy problem. Yet appearantly privacy mainly means being able to hide the thing you are ashamed of. If that is all you are concerned with your privacy is not the problem.
  • You want to be able to go get all the services you want while maintaining total privacy, huh? Well, if you want privacy, I have a 100% guaranteed-to-work solution for you. Don't give your email address out. Don't sign up for stuff on the web. If you're going to go in 'public', you're going to lose 'privacy', see, because they're opposites. That's how it works. You can go as emo about it as you want. It won't change the fact that in public, there is no expectation of privacy. (excepting that of your person,
  • Okcupid is free and has some geek cred, it uses a least squares regression to match people.

    And why would you use your regular email address? There is no anonymity on the Internet.

     
    • by gdr (107158)

      Okcupid is free and has some geek cred, it uses a least squares regression to match people.
      But what if I want to meet more squares?
  • As a practical matter, I have always assumed that anything that I submitted to a Web site was public, or close to being so. At most, it might be secured with what my grandfather called "the kind of locks that keep honest people out." After all, I chose to submit the information -- and if I were really paranoid, nothing forced me to tell the truth. The one obvious exception is payment data for E-commerce transactions, which I do think reputable sites (e.g., Amazon) take care over, despite a few highly-publi
  • by gsslay (807818) on Wednesday June 06, 2007 @11:59AM (#19411889)
    It's simple really. Maintain 3 email addresses.

    The first is your personal email address you give to friends and people who you actually want to communicate with.

    The second is your 'account' address you give to companies, organisations, websites that you either have a financial arrangement with or some other connection that you actually care about.

    The third is your 'trash & spam' address you give to websites/organisations that demand it, but you don't care about and never read.

    I do this, and no person or organisation knows of the other. Not because it's a massive secret, but simply because they've no need to know. So in the scenario given here; my signup at Match would either be on my 'account' or 'trash & spam' email address and my girlfriend would only know my personal address.

    Anyways, if I was the lying, cheating type, all I'd need to do would be tell the girlfriend that it was a ancient account I signed up to years ago and never use now.
  • "Suppose your girlfriend"....you can stop right there, buddy, this is slashdot!
  • I use an even simpler solution to the problem than any Mr. Hasselton suggests. Each site I sign up with where I care about this gets a unique e-mail address dedicated to them, one that isn't my regular e-mail address. I don't bother telling anyone else what these site-specific addresses are because nobody but that site should be sending mail to them anyway. Anyone checking my regular e-mail addresses would get back "not a member", since that address isn't a member. They can try and guess what different addr

  • "I think my boyfriend might be cheating on me. His e-mail address is joeblow - at - aol - dot - com. Can you tell me if he's a member?"
    Was the submitter really worried about poor joeblow@aol.com being hounded by a spambot? I mean, his email address is joeblow@aol.com for Christ's sake...
    • this is a thing called not spider baitng if you always mung addresses when using them in a posting then you won't attract spiders looking for addresses (at least ones simple enough to use a subset of the whichever RFC only)

      Would you swim in shark infested waters with a gash in your leg?? same kind of thing

      me i happen to have a full domain (with 350 gigs of space) so i don't really care if i get spam on that domain (but i don't have a catchall)
  • by GBC (981160) * on Wednesday June 06, 2007 @12:15PM (#19412181)
    It is necessary to have a girlfriend (whatever that is) for this to be a problem, so I guess we are all safe...
  • His argument that the requests would only be suspicious if the attacker is logged in misses some of the point. Let's say that Match.com usually gets 10 password requests per second, now they're suddenly getting an average of 15. That's a significant increase, so then they'll do some data mining or start requiring a Turing test. Also, his argument depends on not having to reuse any IP addresses, since the same IP address checking 3 email addresses that correspond to 3 unrelated accounts would be suspicious.
  • by martin (1336) <maxsec.gmail@com> on Wednesday June 06, 2007 @12:38PM (#19412531) Journal
    This is big problem with data protection laws in the US. There's lots of complaints about this sort of thing from the EU, and some slow moves to sort it out.

    But until you get decent DP laws there's little you can do...
  • by halcyon1234 (834388) <halcyon1234@hotmail.com> on Wednesday June 06, 2007 @12:57PM (#19412829) Journal
    I'm more concerned about a snot-nosed script-kiddie exploiting this. It's very easy:

    1) Do as the poster suggests, and harvest a list of valid email addresses

    2) Attempt to log on as those users (either by guessing that their username is probably the same as the username in their email address).

    3) Repeat step 2 until the user account hits the "too many invalid login attempts" theshold, and gets locked out.

    4) Repeat step 2 for every email address you have.

    Voila. Service = denied. That user now has to go through the "reactivate my account" procedure, which probably involves several minutes of effort and possibly a Security Question that they might not remember. And if the script kiddie is doing his "job" right, that person will be locked out again by the next time they try to log in.

    This can get annoying very quickly, especially on a time-sensitive site like eBay (where you are trying to win an auction), or even a stock-trading site.

    • by tedgyz (515156) *
      Crap! I messed it up. Yeah, yeah - preview. It should say:

      All your logins are belong to us

      Blush.
  • by prgrmr (568806) on Wednesday June 06, 2007 @02:40PM (#19414437) Journal
    [CT: We'd fix it if I thought it mattered]

    This is a perfect example of the heart of the privacy issue: who gets to decide what is and what is not a matter of privacy, what information is "worth" privacy protection, what circumstances warrant privacy, and what does not.

    You can bet that the answer the vast majority of corporate America is going to respond with is "we do".

It is the quality rather than the quantity that matters. - Lucius Annaeus Seneca (4 B.C. - A.D. 65)

Working...