lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 4 Feb 2011 11:24:56 -0500
From: Wesley Kerfoot <wjak56@...il.com>
To: "Thor (Hammer of God)" <thor@...merofgod.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Best Buy and Privacy?

I think the fact that they have that info in their systems is pretty awful.
I wouldn't trust them with my personal information. How do you know some
disgruntled employee won't take it all and sell it? Or that their database
servers are insecure? BB have shown that they have incompetent employees and
no ethics whatsoever.

On Fri, Feb 4, 2011 at 11:16 AM, Thor (Hammer of God)
<thor@...merofgod.com>wrote:

>  I found this interesting, so I thought I would share it.
>
>
>
> Over the last few years I had amassed quite a number of various gaming
> system games that I never used anymore (if at all) so I decided to trade
> them in at Best Buy (they do this for store credit).  Though $3 for a $50
> game wasn’t exactly attractive, I figured I could get a free Blue Ray out of
> it, so why not.
>
>
>
> I showed up with a stack of games, and sat at the counter for about 30
> minutes while the guy individually entered each title, catalog number, etc
> for each game.  After all that, he finally said that he needed to see my
> driver’s license in order to give me my $73 credit.  I always question this
> type of thing, so asked him why.  “In case these were stolen” he says, going
> on to say it is store policy.  Whatever, I think, so I give it to him.  He
> doesn’t just look at it, but starts entering my info into the system – I
> didn’t care because it was an out-of-state license, but didn’t like that he
> was actually entering it into the system.
>
>
>
> He then notices that my license had expired a month earlier.  I actually
> knew this, but wasn’t going to offer it up.  He says he can’t take it, and I
> give the obligatory “I’m not driving in the store, I’m just giving you
> games” bit and the “it was me a month ago, so what difference does it make
> now” pitch.  He goes asks the manager, and sure enough, they can’t take it
> because it is expired.
>
>
>
> So this is the point where I really start to wonder and ask more questions
> about what difference it makes.  He then tells me that the reason he has to
> enter so much information, including each individual title and UPC, is
> because they have to send all this information to the Seattle police in case
> any of the titles I turned in were reported stolen by someone.  I asked how
> they expected to match up a stolen title with a redeemed one short of
> putting 5 “Pimp My Ride” games in a line-up for identification, and of
> course the kid didn’t know and didn’t care.  I then pointed out that even if
> I did steal it, if the cops came around looking for it, I wouldn’t have it
> anymore anyway because it would be in the Best Buy warehouse.  More not
> caring.
>
>
>
> While the overall process of wasting police resources on tracking games
> that might have been stolen seems like a complete waste of time and money,
> what really concerned me is that Best Buy was going to send my personal
> information over to the police without disclosing anything to me.  There was
> no mention of it anywhere, no fine print, nothing.  Had my license not been
> expired, that info (which they would not have had) would be put into the
> public system, and there would be no way I could control the information or
> what they did with it.  This would have been particularly bad if I had to
> explain why I had a copy of “Barbie’s Horse Adventure” at some point.
>
>
>
> As far as profiling is concerned, you would think they would be more
> interested in the fact that I was going to use the $73 credit towards the
> purchase of a couple of seasons of Dexter, but I have no way of knowing that
> they wouldn’t have sent this information anyway.  It begs the question as to
> what other information Best Buy is sending to whom, and what kind of privacy
> rights I am implicitly giving up by shopping there.  If they can report
> personal information to government agencies without my knowledge, approval,
> or any sort of notification, and in this case collected the information for
> the explicit purpose of doing so, why else are they collecting?
>
>
>
> AFAIAC, there is something seriously wrong with this.  Anyway, I thought I
> would share this in case anyone found it interesting.
>
>
>
> T
>
>
>
> *There’s no reason to think “outside the box” *
>
> *If you don’t think yourself into it. ***
>
> * *
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ