[66024] in Cypherpunks
Re: ANYONES CREDIT CARD # per your request.
daemon@ATHENA.MIT.EDU (Mark M.)
Fri Sep 20 17:52:04 1996
Date: Fri, 20 Sep 1996 17:30:20 -0400 (EDT)
From: "Mark M." <markm@voicenet.com>
To: cypherpunks@toad.com
In-Reply-To: <9609201825.AA18161@super.mhv.net>
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 20 Sep 1996, Lynne L. Harrison wrote:
> You can go to their web page (http://www.lexis-nexis.com), click "Just
> In" and request via email that your name be removed from their database by
> filling out the form.
> Problem, of course, is that one doesn't know if one's name and info is in
> the database unless one is a subscriber and can look it up. I, personally,
> do not feel comfortable in filling out a form with my personal info and
> sending it along - 1) for the obvious reasons; and 2) what if I'm not even
> in their nefarious database? If not, then I've just entered my personal
> info and sent it on its merry way to whomever and wherever unnecessarily -
> whether by email, fax, or snail mail.
There is an easy technical solution to this: store a one-way hash of each entry
in a database field, so if one wants to be removed, all one has to do is send
the one-way hash of their personal information. If there is a database entry
that matches the hash, then it is up to the database maintainer to remove the
entry. If there isn't a matching entry, then no personal information will have
been given out. I wonder how many "privacy conscious" database maintainers
will actually implement a scheme like this.
> I tried just entering my name, email address, and state but, as
> anticipated, received a msg that ALL info has to be supplied, so I'll chk
> with someone I know that has an account to see if my name is there.
> However, the BIGGEST problem I foresee with this database (and others
> like it) is that someone eventually is going to hack it - and then watch the
> fun and games ensue.
TRW credit databases have been broken into many times, and they have more
information then Lexis-Nexis (credit-card numbers minus the last four digits,
addresses, telephone numbers, and of course, credit histories). Nothing
really devestating has happened because of these incidents.
Mark
- --
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
iQEVAwUBMkMMxSzIPc7jvyFpAQFoiggAusskPBsG0cvMXYcCmJaJR6Rlbcny+48C
byAs3Bg4E2aMHusyll2+t7GPX897VtVGm1iBaAKZFkfFcyQcHoq+aw+hqJseG/As
Yz3x6702e6y4qOfv+JpyCJk9c19ys4XSkHqsrJl3txFvakrBP4xfstWtDKk2P1EH
4aIDvEaStdabqhMQqayKqU09tLY6A++XZ5zbzK/ovVDQIgCW2cDsmtYTo8ZVktPq
PqTnaHVY7B3oj+XEl7sfS1qKew4KEJiClmlztA7Lk7Kn6Zo6TnBPKOICFHjlnOyy
+gitMH7yYuGVo95jcRzImyDMm6z2mjcHTVlmEnxK2k85PtR9El3ZuQ==
=zaz8
-----END PGP SIGNATURE-----
