Online Retailers Cruising Tor To Hunt For Fraudsters 188
Daniel_Stuckey writes "This week, the verification company Service Objects announced a new tool to help websites detect 'suspicious' visitors using Tor and other anonymous proxies. Its updated DOTS IP Address Validation product identifies 'suspicious' discrepancies between the user's home location and the location of the IP address the order's coming from. It joins a handful of other tools on the market promising Tor-detection for retailers. It's a logical strategy: If you're trying to buy something with a stolen credit card, you're obviously going to want to block your real identity and location while doing it. But it also raises the question of whether targeting anonymity services to hunt out fraudsters could have chilling effects for harmless Tor users trying to protect their privacy online—particularly this year in light of the NSA-spying scandal."
Don't Go On Vacation Then (Score:4, Insightful)
That's probably the last time I'd do business with that company.
Come on... (Score:4, Insightful)
". But it also raises the question of whether targeting anonymity services to hunt out fraudsters could have chilling effects for harmless Tor users trying to protect their privacy online—particularly this year in light of the NSA-spying scandal."
Seriously?
Why would you ever need to "protect your privacy" via Tor etc, from an ONLINE SHOPPING SITE that you are GIVING YOUR CREDIT CARD AND SHIPPING INFORMATION TO?
I mean, I'm as much anti NSA crap as the next guy. but come on. That said, cool tech. It would make sense that retailers would do this. I see this is a good thing, not a reason to slam the lizards running our government.
Re:LOL wut? (Score:3, Insightful)
"But it also raises the question of whether targeting anonymity services to hunt out fraudsters could have chilling effects for harmless Tor users trying to protect their privacy online"
Umm.. the user is ordering something using their name, credit card, and address. They are not going to use Tor to protect their anonymity.
That statement was not about normal people using TOR for online purchases. It was about people using TOR to hide their identity when doing things like posting to a controversial website, or whistleblowing. If this software catches on, and websites start using it to block TOR users, then it would make TOR less useful for posting anonymously.
Re:LOL wut? (Score:3, Insightful)
So they trust nobody and in turn expect stores to trust them? I don't think so. You can't have it both ways. Either behave like a normal customer and be treated as such or behave in an erratic paranoid manner and expect to receive the same treatment from your retailer. Just for fun, walk into a department store wearing a balaclava and look around three or four times before you pick up something. See how long it takes before security takes an interest in you.
You want my money, right? (Score:4, Insightful)
Oh, you don't? Well, ok, nice not doing business with you.
NEXT!
Are you an actual moron? (Score:4, Insightful)
The parent wrote it down for you. You are placing an order with your credit card and shipping address. What MORE could they possible need in your "dossier"? Or do you think a webstores order database is magically of limits? Or that the NSA is only snooping on your internet connection and not the webstore?
If you don't want people to know your weird hobby, don't pay it online with your registered credit card and home address. The moment you do, privacy doesn't exist anymore.
And you do deserve being called a MORON because clearly you have no clue about security and/or TOR and/or anonimity.
Remember the Silk Road story? How was he caught? By sleuthing, by connection anonymous messages together through identifiers.
You want to use TOR to place an order, a MESSAGE, with in that message your CREDIT CARD and HOME ADDRESS? Why not also include that amazingly funny nick you thought of that you also use in all your "lets blow up the government" posts and make their job extra easy?
This stuff should really be obvious, if you use an anonymous message service, don't include personal identifiers. The general advice is to avoid any mention of GENDER, TIMEZONE, use of slang, catchphrases etc etc. And you think it is a good idea to include your fucking HOME ADDRESS and credit card details.
Tor has one use, to hide your IP, and you just gave them your address instead. If you don't get the stupidity of your idea, you really just shouldn't bother with TOR, you are just going to screw up anyway.
You are not alone in this, the other responder below also just doesn't get it. What does your IP have to do with your credit card? Both are registered to the same person?
Security, it is a LOT harder then people think.
Re:What's the problem? (Score:5, Insightful)
You are so wrong it's not even funny. The retailer is almost always held responsible for any fraud. If a charge is determined to be fraudulent the retailer is out the money plus a chargeback fee and on top of that, the event is kept track of so if the overall total gets too high, the merchant account gets terminated.