Forgot your password?
typodupeerror
Privacy Spam IT Your Rights Online

Carbonite Privacy Breach Leads To Spam 134

Posted by samzenpus
from the fox-in-the-henhouse dept.
richi writes "It looks like Carbonite, Inc. has been giving out customers' personal information. The company has admitted to giving customer email addresses to a third party, in direct contravention of its privacy policy. A company statement reads: 'Carbonite has discovered an advertiser misappropriated our e-mail list during the process of one of our e-mail marketing campaigns. When Carbonite launches an e-mail marketing campaign, it provides a suppression list to e-mail advertisers so that Carbonite customers do not receive promotion emails from Carbonite (since they’re already customers) and importantly, so that people who have opted out of receiving emails from Carbonite do not receive future email from us. This list was mishandled by an advertiser and we have taken immediate remedial efforts. As an online backup company, the security and privacy of our customer data is our top priority. We take all matters related to privacy very seriously. The matter will be addressed privately with the involved third parties and we will ensure that all customer e-mail addresses are permanently removed from their database.'"
This discussion has been archived. No new comments can be posted.

Carbonite Privacy Breach Leads To Spam

Comments Filter:
  • by Anonymous Coward

    "The matter will be addressed privately with the involved third parties". That's not what "privacy policy" means, you know?

    • by Fluffeh (1273756)

      Actually, I think it does.

      Their privacy policy to their customers gives a bunch of rules that they have said they will follow. Some of those rules have been broken. I think it is actually right that they discuss this privately with the third parties to try to engage them to do the right thing. If the other parties don't come to the party, so to speak, only then should it go further.

      • Threadjacking, apologies.

        As someone who listens to a ton of talk radio and thus has been subjected to hours of Carbonite ads and in-show pitches by the hosts:

        BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!

        Mind you, Rush pimps this service hard, maybe he can turn it around as a liberal plot or something and help save their asses.

        SUCK IT, YOU GREEDY FUCKS!
  • Who was it? (Score:4, Insightful)

    by Anonymous Coward on Wednesday November 02, 2011 @04:48PM (#37925326)

    The only way to prevent this stuff is to out the culprits who did this. Why would they protect a company that screwed their reputation?

    • Re:Who was it? (Score:4, Informative)

      by Bill, Shooter of Bul (629286) on Wednesday November 02, 2011 @05:08PM (#37925616) Journal

      Carbonite, obviously. From the summary:

      The company's admitted giving customer email address to a third party, in direct contravention of its privacy policy.

      They are the ones that screwed their reputation by violating its privacy policy.

      .

      • by Fluffeh (1273756)

        They are the ones that screwed their reputation by violating its privacy policy.

        What I find most ironic is that they seem to be breaking their privacy policy in an attempt to enfore it. "Here is the big email list of people you CAN'T send emails to. We promised, so don't send stuff OK?". It's simply dripping with irony.

        • by BitZtream (692029)

          Its not irony, its intentional. Claiming this wasn't intentional or is a surprise is a flat out lie. This is a company that is SUPPOSED to KNOW how to protect your privacy since they ... claim to be safe and secure place to store your backups.

          I'll call them liars because if they aren't liars, its even worse for their reputation.

          • by Fluffeh (1273756)

            I'll call them liars because if they aren't liars, its even worse for their reputation.

            Yes, it does seem to be a choice of calling them a) incompetent or b) liars. I really don't know which is worse. Do you trust the incometent fool or do you trust the sneaky but savvy businessman?

            • by Culture20 (968837)

              Do you trust the incometent fool or do you trust the sneaky but savvy businessman?

              You can always find the fool's Peter-principle level where they can be trusted, but the sneaky guy can't be trusted with anything without hiring someone else to watch him 24/7.

          • by iiiears (987462)

            Haha - You sent that email "Reply all"

      • by lymond01 (314120)

        From the summary (I didn't RTFA), it suggests they gave out the suppression list to their marketing agents. They probably don't run their own list serve and bulk emailing in house. They send it to professionals who make a pretty email for them and bulk mail it out over a few days. The list is to ensure their own customers don't get spammed by the "BE A NEW CUSTOMER!" emails. And then the marketing agent gave the list to the wrong people.

    • by Anonymous Coward

      The clear technical way to prevent it would be to give a list of cryptographic hashes to use as the email suppression list, instead of the actual list of customers itself.

      Since they did not think of this obvious and simple technical way to preserve privacy, it makes me worry about the rest of their software.

      I'm happy my data is backed up with https://spideroak.com/

      • The third-party company would still presumably be able to build at least a partial customer list by the email addresses rejected by the hash system, so it still seems like a violation of Carbonite's policy, although I agree it would have been preferable.
    • by Fluffeh (1273756)

      Why would they protect a company that screwed their reputation?

      Probably because they have a long standing business relationship with them. If the other company makes them plenty of new customers, they might be the company that helps them regain all the customers they lost from this fiasco.

      Haven't you ever had an employee, or friend for that matter that did something stupid, you took them aside, spoke with them and they ended up being a fantastic employee or amazing friend from that point onward?

      • No. I never have. Character is character. Integrity is not something people get because you spoke with them. Humans are animals and animals are motivated by greed. Integrity is when a human can use its self aware cognitive resources to make decisions contrary to what reptilian brain wants them to do, such as realize the greater good and envision long term consequences of short term actions. People gain these skills because they are smart, not because you spoke with them. If that were the case we woul
    • Re:Who was it? (Score:4, Interesting)

      by richi (74551) on Wednesday November 02, 2011 @07:28PM (#37927594) Homepage

      Richi Jennings, author of TFA here.

      I have a couple of leads on the identity of the advertiser; I plan to name&shame once I have enough evidence.

      However, as Bill rightly points out in his reply, it's Carbonite that's primarily to blame, for ignoring its own privacy policy.

  • by sethstorm (512897) on Wednesday November 02, 2011 @04:48PM (#37925332) Homepage

    Apparently they forgot the confidentiality part of security, while paying too much attention to integrity and assurance.

  • This is news? (Score:2, Interesting)

    by Anonymous Coward

    Anyone with a domain of their own knows most companies give out personal information either willingly or accidentally.

    Sign up with accounts like facebook@yourdomain.com, slashdot@yourdomain.com, twitter@yourdomain.com (to pick a few) and you'll find two thirds of those get spam directly to it.

    Sometimes it's days later, sometimes months or years, but its inevitable. Why is this news?

    • by Anonymous Coward

      I have a domain of my own and have no such problems and I've been using unique email addresses to sign-up for a decade. My guess is it's not the sites you sign up to that sell your addresses, but that your mail server or desktop are compromised.

      Keep your own house clean first.

    • by mikkelm (1000451)

      I've been doing this for years, and while I get plenty of spam to addresses used at less reputable sites, I honestly cannot recall ever receiving any spam e-mail to addresses used for legitimate services.

      • by jfengel (409917)

        That's been my experience as well. I remember only one exception: spam sent to an email address that had only ever been used at Snapfish (and for the life of me I have no idea why I did that. Somebody must have been desperate to share some photos with me in the least convenient possible way).

        I notified HP about it, accusing them of either selling their spam list or possibly a data breach. They protested that it wasn't their fault, and it wasn't repeated.

    • by Beorytis (1014777)
      I always figured those were "dictionary spam". The newly registered domain record is public information. Prepending known words as mailbox names doesn't take any special information. Sign up with an account like r1%t.y{sUy5ju@yourdomain.com (and don't ever use the address) and see if it ever gets spam.
    • by Bigbutt (65939)

      Never had that happen. I do that as a matter of habit and keep track and I've only received spam on three occasions. One when I registered with a forum and neglected to flip off the "display my e-mail address" flag on my account (Simple Machines forum). I blocked the e-mail, reregistered with a new e-mail and flipped off the bit. Second from a forum I signed up for and received one spam to the address. And the worst was from a site where I had a short subscription (3 or 4 months) and closed it but they sold

    • by izomiac (815208)
      I haven't seen those addresses spammed (I don't use Twitter), but I have gotten spammed at FAFSA@mydomain.net, which is kind of depressing. Also illegal, IIRC. I traced it down to the alumni dept at my university, but who knows how far that information has spread. Random message boards tend to be compromised frequently (or they sell the info?), so I see all kinds of spam from addresses given to them.
    • You don't even need your own domain. If you use Gmail, you can have 'yourname+facebook@gmail.com' filtered to your facebooklabel, and you'll know when you get spam to that address where it came from.You 'own' all the yourname+anything@gmail.com addresses.

  • So it's not surprise to me these guys are unprincipled scum.

    • by ShakaUVM (157947)

      So you'd rather give your money to Mozy, that just raised their rates for average users (500GB) by 5x or so?

      I'd honestly been thinking about switching to Carbonite before this fiasco... their imagined politics had nothing to do with it.

      Besides, Glen Beck fulfills a necessary niche in our world, just like Mother Jones and Keith Olbermann on the left. It's actually a very good thing to have a diversity of viewpoints available. Having the media all talking with one voice would gatekeeper out a lot of alternati

      • Agreed about the diversity of viewpoints. We need more free speech, not less. As for backups, I'd recommend CrashPlan. Mozy's backup and restore software sucked worse than an industrial vacuum. Losing a bunch of my data from a restore failure and their rates soaring was the last straw for me. Carbonite was better, but it sucked up too much CPU and bandwidth and couldn't be configured otherwise. Crashplan just works, is very configurable, can back up to my other PCs or external harddrive (for fast restores),
  • by Jah-Wren Ryel (80510) on Wednesday November 02, 2011 @04:55PM (#37925430)

    If you give your entire customer list to a third party you are just asking for it to be abused. No matter how strict their "policies" may be with respect to handling your data, all it takes is one disgruntled employee to grab a copy on their way out the door and that's the best case. It can only get worse from there.

    There is only one way to guarantee that your data is not abused - don't give it to anyone else. All the rules and laws of man will never top the fact that fact you can't copy what you don't have.

    FWIW I've seen this happen first-hand. E*Trade farmed their mailings for options trading out to some third party, and they dutifully sent them for six months to me at "etrade@ryel-industries.com" - the address I had on file with E*Trade. I was annoyed enough that E*Trade thought spamming me was a good idea that I remembered it. But a year later I started getting spam from Ameritrade or Schwab or whatever they are called now sent to "etrade@ryel-industries.com" and when I checked the Received: headers it was the same 3rd party as E*Trade had used.

    Of course E*Trade couldn't even comprehend what I was talking about when I complained to them. I haven't really done much with my E*Trade account since. They obviously don't really give a damn about my privacy.

    • by cornface (900179)

      A word of warning.

      I used to use [companyname]@mydomain.com for everything I signed up for. It worked great for a long time. The only downside was having to use a catchall address, but not a huge deal.

      Unfortnately what will eventually happen is someone will troll through whois records or just grab random domains from existing mailing lists, and start sending out spam from random strings of letters/words @ that domain. Still, not a huge deal, except when they are sending out hundreds of thousands of emails th

      • by pavon (30274)

        Yeah, for those who want to do something similar, it is easy to setup mailhost software to redirect any mail with a certain prefix to a single account, for example traced.companyname@example.com, would all get sent to traced@example.com. You get the benefit of tracking where folks got your email from without having to have a catch-all account.

        Also some free email providers are already setup to work this way. For example mail sent to myname+slashdot@gmail.com will go to myname@gmail.com. Some poorly written

      • A word of warning.

        I used to use [companyname]@mydomain.com for everything I signed up for. It worked great for a long time. The only downside was having to use a catchall address, but not a huge deal.

        Unfortnately what will eventually happen is someone will troll through whois records or just grab random domains from existing mailing lists, and start sending out spam from random strings of letters/words @ that domain..

        The trick is to not use a catchall. Setup a redirection for every address in use. Anything not defined should bounce. With Sendmail this means a virtuser entry for each address. Admittedly, this is not as convenient as a catchall but it does provide immunity from dictionary attacks like you describe. Long on my to-do list (but never actually done) is to create a script to check From: and Reply-To: on all outgoing mail and automatically add new addresses to virtusers if they are not already present.

        It i

    • by jimicus (737525)

      If you give your entire customer list to a third party you are just asking for it to be abused. No matter how strict their "policies" may be with respect to handling your data, all it takes is one disgruntled employee to grab a copy on their way out the door and that's the best case.

      I've actually seen one rather better (worse?) than this.

      Company (A) sells an imaging-based backup solution. They sell their list of prospective customers to company (B).

      Company (B) drills through every name and telephone number on the list trying to sell them an imaging-based backup solution from company (C) - a competitor of (A). When challenged, (B) insists that there's nothing wrong with this.

      I called up (A). They weren't amused...

    • Agree completely.

      "As an online backup company, the security and privacy of our customer data is our top priority. We take all matters related to privacy very seriously."

      They take privacy "very seriously"? How? By giving your information to all their advertisers along with a nice note saying "Please do not steal"???

      Anybody who did this in the first place, despite "agreements" with those third parties, would be off my list immediately. Speaking of which: I guess Carbonite is off my list.

      I mean really. Give me a break. "Security through third-party agreement" makes "security through obscurity" look like a good bet.

  • Carbonite: endorsed by Glenn Beck and Rush Limbaugh. 'Nuff said.

    • by jon42689 (1098973)

      Carbonite: endorsed by Glenn Beck and Rush Limbaugh. 'Nuff said.

      But why? I think if either of them actually cared about rights to privacy, etc., they wouldn't be recommending this kind of shit to their listeners/viewers. We see once again that they are just puppets controlled by strings of money. It's not about actually recommending a good product to the consumer, but making sure that commission check is as large as possible.

      • by h4rr4r (612664)

        What made you think they cared about privacy or any rights?
        These are the very folks that egg on the War on Terruh, and the War on drugs. Of course not on the drugs they are addicted too. If I wanted to hear the ravings of a drug addict I could go down the local homeless shelter and see it live.

        • by rickb928 (945187)

          You're overthinking this. Rush and Beck are seeing this as sponsorship for profit. Malice is unnecessary unless you see profit as malicious.

          Leo Laporte, on the other hand, doesn't easilty fit into the category of 'evil' for me. You may have a different opinion, I know...

      • by wcrowe (94389)

        Whoosh!

    • by Beorytis (1014777)
      Also endorsed by Boba Fett.
      • *donning whoosh proof clothing*

        It should be noted that Boba Fett was initially against the freezing into carbonite "He's worth more to me alive" "You'll be suitably compensated"

        It was Vader who endorsed the product, if anyone.

    • And by Randi Rhodes and Thom Hartmann and another half-billion or so talk-/sports-radio gabbers. Basically, if it's on radio, these guys will be there. Radio is cheap (and getting cheaper each day). I doubt they actually have an ideology to push.

    • by cvtan (752695)
      As two wrongs don't make a right, two morons don't make a genius.
    • by Leebert (1694) *

      Yeah, and? They also sponsor Radio Lab, which is an NPR show.

    • And Stephanie Miller, and Bill Press, and Ed Schultz, And Leo Laporte and The TWiT network......should I keep going?

  • by jon42689 (1098973) on Wednesday November 02, 2011 @04:58PM (#37925466) Homepage
    Just solidifies my opinion that Carbonite is an irresponsible company, and I've been saying this for a while- this is just an example. You think that trusting all the data on your computer to a company who can't even keep your email address or other account information safe is a good idea? Cloud backup is irresponsible to start with. Off-site MANAGED backups are fine, but just throwing all your data out into the ether and expecting it to be safe is asinine. What will it take for people to stop *giving* away their data?
    • giving it away? my data is encrypted with AES 256 encryption.

      I also have my primary data, my backup local data on another hard Drive and for my very important stuff, I will be getting BD-R copies (family video and pictures)

      Carbonite is insurance.

      • by jon42689 (1098973)

        giving it away? my data is encrypted with AES 256 encryption.

        I also have my primary data, my backup local data on another hard Drive and for my very important stuff, I will be getting BD-R copies (family video and pictures)

        Carbonite is insurance.

        Certainly, but how many "Joe Home Users" are going to any effort to encrypt their data? Obviously, there's no excuse when we know the pitfalls, but the point is, look at how all these cloud services are marketed and see if any of these drawbacks are even mentioned. The 'cloud' is just talked up like it's the next wheel, but no one even knows what the hell they're talking about, or what the potential risks are!

  • by Anonymous Coward

    It's irresponsibility like this that keeps me from embracing the cloud like I want to. I don't trust anyone, so I'm actually thinking of building my own personal cloud infrastructure to store my stuff offsite, email, etc.

    • by jon42689 (1098973)

      It's irresponsibility like this that keeps me from embracing the cloud like I want to. I don't trust anyone, so I'm actually thinking of building my own personal cloud infrastructure to store my stuff offsite, email, etc.

      Well, according to Wikipedia, "[private clouds] ...have attracted criticism because users "still have to buy, build, and manage them" and thus do not benefit from lower up-front capital costs and less hands-on management, essentially "[lacking] the economic model that makes cloud computing such an intriguing concept" Translation: Being smart and responsible with our data costs money- how can we make it cost less money. At some point, you drop the 'smart', and 'responsibility' part in order to make room fo

      • I've done that.. Instead of using Mozy/Carbonite/AmazonS3, I signed up for two Linux virtual private servers. Both of which come with a 60GB disk allocation. Since my critical data backup needs are well below that (less than 30GB and not growing very fast), I simply created an encrypted 50GB container on both servers, set them up to rsync/mirror the contents of the master container, and then set up a daily rsync from my home server via an OpenVPN link to the master server. Even though I don't *own* the vps,

    • by BitZtream (692029)

      ...

      So you're going to run a server?

      A cloud is almost certainly retarded if thats all you're doing. Why would you run umpteen machines when one would do the work 100 times over?

      A personal cloud is a rather stupid idea, you'll spend more time fucking with 'the cloud' than any advantage you'll get from it.

  • People who believe that their "personal information" isn't being sold are just being ignorant. These are probably the same people who believe that ALL the money they deposit is sitting in the vault at the bank.

  • by Rogerborg (306625) on Wednesday November 02, 2011 @05:03PM (#37925550) Homepage

    So, they engaged an outfit of professional spammers, handed them their customer list and were surprised when the spammers did what spammers always do?

    That's like buying a shark and shoving your dick in its mouth so that it can learn not to bite off your dick.

  • The 3rd party would only ever get the intersection of "do not mail" and their own marketing list. And emails wouldn't be sitting around in clear text in a database / filesystem..

  • I created a unique email address to use with a company I ordered products from. No one else had that address. A while later I got a phishing email (pointing to http://www.official-2011-skype-upgrade.com/ [official-2...pgrade.com]) at that address. The email addressed me by my name as well as the email address ("Joe Blow <uniqueaddress@somedomain.tld>").

    Is this conclusive evidence that my private/personal information with the company has been compromised? Maybe they lost control of my credit card and address information as

    • by Lehk228 (705449)
      please do out the offending company, also do contact the AG
      • I'm in contact with the company. We'll see how they want to proceed.

        I am still going to report the incident. The NY AG is sending a complaint form for me to fill out. I had tried the DA, but I guess that's the wrong organization — they kept basically ignoring me.

    • I create unique email addresses for every company I do business with. A surprising number (I estimate @ 15%) end up getting spammed. In every case I write to the company and let them know that their email database has somehow been compromised. I have yet to get a reply to even one of those emails. That tells me that either it was deliberate or they don't give a crap. I'd say go ahead and refer your case to whatever law enforcement agency you think appropriate, but don't expect much.

  • by ArcCoyote (634356) on Wednesday November 02, 2011 @05:21PM (#37925814)

    If you RTFA, you'll quickly realize what Carbonite did was provide a 'do-not-spam' list to, well, a spammer... and then, surprise, surprise, the spammer misues or abuses it.

    The list was Carbonite customers AND people who previously clicked the opt-out link in past Carbonite spam... So strictly speaking, this wasn't a straight list of Carbonite customers. Spam might be annoying, but there is a bigger issue here: If you wanted to phish Carbonite logins, you'd have a pretty good start.

    Scrubbing the list in-house won't happen... Carbonite doesn't have huge lists, the spammers do. And the spammers are not going to give Carbonite their whole list to scrub, those things are money. So Carbonite has to give an opt-out list to the spammers and trust them not to spam it. Sure...

    The article's suggestion of address hashes is kinda bogus, and especially dangerous if the hashed addresses are known to be customers. Assuming a spammer/phisher already has eleventy billion addresses, this is a hash collision attack. All the spammer has to do is hash their list and look for matches. Instant customer list.

    • by Wyzard (110714)

      The article's suggestion of address hashes is kinda bogus, and especially dangerous if the hashed addresses are known to be customers. Assuming a spammer/phisher already has eleventy billion addresses, this is a hash collision attack. All the spammer has to do is hash their list and look for matches. Instant customer list.

      That's the intended usage of the list of hashes: for each address that the marketer already has, they can determine whether it's the address of an existing customer so they can exclude i

  • by rickb928 (945187) on Wednesday November 02, 2011 @05:25PM (#37925872) Homepage Journal

    You have lost control of it. You can make any claims you want, but if your agreement with users permits you to share the data, you should be legally bound to state that you cannot guarantee privacy. In essence, you have ended your agreement with your users at that point.

    Since asking users in advance if you can share their data with a third party is both impractical and likely to cause outrage and refusal, no company is going to do this willingly. So we are back to square one.

    If you share user data with a third party, you have lost control. Any claims to privacy are deceptive at best, outright fraudulent at worst.

    Even if you claim to compel the third parties to abide by agreements, there is no guarantee unless you own them and/or control the data. That would not be 'giving'.

  • by JohnnyBGod (1088549) on Wednesday November 02, 2011 @05:33PM (#37925972)

    <insert Han Solo joke here>

    There, I did it.

  • Personally, If you too stupid or lazy to backup your personal, important, and private data yourself (It's really not that hard), including off location backups -
    Then you deserve what you get.. Im suprized they don't try to root through their customers backups and sell that off.
    Why in the world would you trust an outside party with your data is beyond me.. Stupid is as stupid does..
  • Are you kidding me? A marketing company selling "online backup" on the Rush Limbaugh show? This is slashdot worthy? Stay tuned for a metallurgical analysis of the QVC ninja swords...
  • Asking on /. because I haven't found anything myself yet: Is there any such thing as an online backup service that:

    1. Is either EU-based or is a signatory to the EU-US Safe Harbor scheme.
    2. Has a reasonably good reputation - and doesn't consider customer data disposable.
    3. Appreciates that we don't necessarily have unlimited bandwidth so offers a media-shipping option for data restores.
    4. Operates a reseller program.
    5. Supports OS X and Windows.
    6. Isn't in some sort of crazed rush to the bottom that will ul

    • Carsh Plan provides the shipping option as well as a few other back up options that it will manage for free (local backups, off site to a friend's computer)

    • by sl3xd (111641)

      CrashPlan suits my needs pretty well.

      Crashplan does have a good reputation, media-shipping options, supports OS X, Windows, Linux, Solaris, iOS, and others, and isn't a fly-by night operation.

      The biggest problem I see is the "operates a reseller program" - I don't know of anybody that does that.

  • information ...

    I'm not sure about you, but anyone with half a clue realizes that if they were actually in the business of protecting your data, they wouldn't be giving email addresses to anyone. Whats better is that they give out their ENTIRE FUCKING LIST, and then give another list of 'don't email these guys' ... seriously? How about you just NOT INCLUDE THOSE PEOPLE TO BEGIN WITH?

    They are double dipping. Charging for service, then selling your info. And this is a company thats supposed to be backing u

    • Whats better is that they give out their ENTIRE FUCKING LIST, and then give another list of 'don't email these guys' ...

      I don't think so. I think they paid the spammer to spam his list with their ad and gave him their customer list so that he would delete those addresses from his list and so not spam them.

      Charging for service, then selling your info.

      Not selling your info. Hiring a spammer and then giving him your address expecting him to use it only for the intended purpose of washing his list. Incom

  • This isn't quite as bad as most of the comments make it sound. They are using the email addresses of their customers as a suppression file. This is not the same as renting out the names.

    They mention two cases:

    1. They are sending out an email advertising campaign, and use the file of customer's email addresses to delete customers off the file, so existing customers don't get an email advertising their service. I can understand with the irritation at a company sending unsolicited email, but the supp
  • My question is, where does Carbonite get their marketing list of emails? Are they sucking down all the email of their customers and puling email addresses out of their backed up documents? To me this seems like an obvious possibility - they simply grep all the documents they have for valid email addresses and send it away to the spammers they have contracted.

    Then a day later you get an email saying "Wouldn't you love to become protected like your pal bob@super.com? His data is backed up, why isn't yours

    • No. The spammers have the lists with the emailadresses. Carbonite paid them to send spam and gave them a list of emailadresses they shouldn't send to (their customers and the people who have opted-out).
      This doesn't mean they have opened any documents on the customers' accounts, but they have done something else that's inexcusable: they gave a verified list of emailadresses to spammers and they paid spammers.
      • I don't buy this. I think it's quite probable that Carbonite has been rooting around through its customers' data and picking out email addresses. If this is the case, then the idea of handing out a list of "don't mail" addresses for the spammers to subtract from Carbonite's theoretical list of emails sucked out of their customers' files makes sense.

        If they didn't hoover out a bunch of emails addresses from their customers' files, why bother sending the additional addresses? No spam house has every addres

  • Your data is only as secure as your backup service provider. Make sure your data is encrypted fromt he second it leaves your possession. Check Dynamic Vault Dynamic Vault [dynamicvault.com]. They offer encrypted remote backup with multiple key, full turn-key DR services and even offer the option for them not to know the key (you're on your own if you lose it).
  • David Friend, the CEO of Carbonite, has commented [carbonite.com] on this event. Interestingly, his take on what happened differs from what was posted in the linked article from CW. According to Mr. Friend, they use an email forwarding agency/company for communications to their customers. He claims that this company misappropriated their customer email list for their own purposes. I'm not sure who I trust less; the CEO of the company that had the problem or the CW author who is apparently afraid no one else would find
  • I wrote them last week and told them that the email account I set up specifically for their company was getting spammed, and that their customer email list must have been compromised. They wrote back the following:

    Hello XXXXX and thank you for contacting Carbonite Customer Support.

    We have received your email regarding your account. We would be happy to assist you.

    Carbonite will not sell your personal information to third parties. Carbonite may, from time to time, share with you information about other produ

  • The "cloud" hides those pesky & boring details of where your data is stored, and how it is backed up, and who has access. Super convenient!

    Oh, and your identity is just a bit more data whose location(s), access, and use are all hidden from you. Super convenient!

    Love the cloud.

  • I am so glad I recommended Crashplan instead of Carbonite to my Mom. I got Crashplan too.

    The good thing about Crashplan being that it also gives you a free client to duplicate backup to a hard disk you have networked somewhere or a friend's computer. Oh and they are "unlimited backup".

    From what I can tell of their character, I doubt Crashplan would ever, ever do what Carbonite did.

  • I'm impressed by your approach to protecting your email address. How do you track the alias to the form you filled out? Great idea for a privacy protecting app right there! Craig www.newtechobserver.com
  • Only provide a list of HASHES of email addresses you don't want to send to. And don't store a list of addresses to suppress yourself. Store a list of hashes. It is the only way to guarantee those people will never be emailed again. I've worked with companies who had emailing operations for their customers and on at least two occasions they accidentally emailed the "do not email" list. Had they been only storing hashes this would have been impossible.

Never try to teach a pig to sing. It wastes your time and annoys the pig. -- Lazarus Long, "Time Enough for Love"

Working...