[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTimzyukNdAPXEovvHoqKQ0Z+GFEkChmk=UAMLCNM@mail.gmail.com>
Date: Fri, 4 Feb 2011 10:33:03 -0600
From: Tyler Borland <tborland1@...il.com>
To: Wesley Kerfoot <wjak56@...il.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Best Buy and Privacy?
I used to work there and I don't think I can officially say anything yet for
another month or two.
But I'll just say they have problems. I even sent some problems 'up the
chain' and didn't receive any response.
On Fri, Feb 4, 2011 at 10:24 AM, Wesley Kerfoot <wjak56@...il.com> wrote:
> I think the fact that they have that info in their systems is pretty awful.
> I wouldn't trust them with my personal information. How do you know some
> disgruntled employee won't take it all and sell it? Or that their database
> servers are insecure? BB have shown that they have incompetent employees and
> no ethics whatsoever.
>
> On Fri, Feb 4, 2011 at 11:16 AM, Thor (Hammer of God) <
> thor@...merofgod.com> wrote:
>
>> I found this interesting, so I thought I would share it.
>>
>>
>>
>> Over the last few years I had amassed quite a number of various gaming
>> system games that I never used anymore (if at all) so I decided to trade
>> them in at Best Buy (they do this for store credit). Though $3 for a $50
>> game wasn’t exactly attractive, I figured I could get a free Blue Ray out of
>> it, so why not.
>>
>>
>>
>> I showed up with a stack of games, and sat at the counter for about 30
>> minutes while the guy individually entered each title, catalog number, etc
>> for each game. After all that, he finally said that he needed to see my
>> driver’s license in order to give me my $73 credit. I always question this
>> type of thing, so asked him why. “In case these were stolen” he says, going
>> on to say it is store policy. Whatever, I think, so I give it to him. He
>> doesn’t just look at it, but starts entering my info into the system – I
>> didn’t care because it was an out-of-state license, but didn’t like that he
>> was actually entering it into the system.
>>
>>
>>
>> He then notices that my license had expired a month earlier. I actually
>> knew this, but wasn’t going to offer it up. He says he can’t take it, and I
>> give the obligatory “I’m not driving in the store, I’m just giving you
>> games” bit and the “it was me a month ago, so what difference does it make
>> now” pitch. He goes asks the manager, and sure enough, they can’t take it
>> because it is expired.
>>
>>
>>
>> So this is the point where I really start to wonder and ask more questions
>> about what difference it makes. He then tells me that the reason he has to
>> enter so much information, including each individual title and UPC, is
>> because they have to send all this information to the Seattle police in case
>> any of the titles I turned in were reported stolen by someone. I asked how
>> they expected to match up a stolen title with a redeemed one short of
>> putting 5 “Pimp My Ride” games in a line-up for identification, and of
>> course the kid didn’t know and didn’t care. I then pointed out that even if
>> I did steal it, if the cops came around looking for it, I wouldn’t have it
>> anymore anyway because it would be in the Best Buy warehouse. More not
>> caring.
>>
>>
>>
>> While the overall process of wasting police resources on tracking games
>> that might have been stolen seems like a complete waste of time and money,
>> what really concerned me is that Best Buy was going to send my personal
>> information over to the police without disclosing anything to me. There was
>> no mention of it anywhere, no fine print, nothing. Had my license not been
>> expired, that info (which they would not have had) would be put into the
>> public system, and there would be no way I could control the information or
>> what they did with it. This would have been particularly bad if I had to
>> explain why I had a copy of “Barbie’s Horse Adventure” at some point.
>>
>>
>>
>> As far as profiling is concerned, you would think they would be more
>> interested in the fact that I was going to use the $73 credit towards the
>> purchase of a couple of seasons of Dexter, but I have no way of knowing that
>> they wouldn’t have sent this information anyway. It begs the question as to
>> what other information Best Buy is sending to whom, and what kind of privacy
>> rights I am implicitly giving up by shopping there. If they can report
>> personal information to government agencies without my knowledge, approval,
>> or any sort of notification, and in this case collected the information for
>> the explicit purpose of doing so, why else are they collecting?
>>
>>
>>
>> AFAIAC, there is something seriously wrong with this. Anyway, I thought I
>> would share this in case anyone found it interesting.
>>
>>
>>
>> T
>>
>>
>>
>> *There’s no reason to think “outside the box” *
>>
>> *If you don’t think yourself into it. ***
>>
>> * *
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists