From: “Mark M.” <markm@voicenet.com>
To: cypherpunks@toad.com
Message Hash: 4e275a22b8cf48b253a81ed9057ab759ed891384e84f3562929948014c3533a5
Message ID: <Pine.LNX.3.95.960920171802.1143A-100000@gak>
Reply To: <9609201825.AA18161@super.mhv.net>
UTC Datetime: 1996-09-21 00:22:04 UTC
Raw Date: Sat, 21 Sep 1996 08:22:04 +0800
From: "Mark M." <markm@voicenet.com>
Date: Sat, 21 Sep 1996 08:22:04 +0800
To: cypherpunks@toad.com
Subject: Re: ANYONES CREDIT CARD # per your request.
In-Reply-To: <9609201825.AA18161@super.mhv.net>
Message-ID: <Pine.LNX.3.95.960920171802.1143A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 20 Sep 1996, Lynne L. Harrison wrote:
> You can go to their web page (http://www.lexis-nexis.com), click "Just
> In" and request via email that your name be removed from their database by
> filling out the form.
> Problem, of course, is that one doesn't know if one's name and info is in
> the database unless one is a subscriber and can look it up. I, personally,
> do not feel comfortable in filling out a form with my personal info and
> sending it along - 1) for the obvious reasons; and 2) what if I'm not even
> in their nefarious database? If not, then I've just entered my personal
> info and sent it on its merry way to whomever and wherever unnecessarily -
> whether by email, fax, or snail mail.
There is an easy technical solution to this: store a one-way hash of each entry
in a database field, so if one wants to be removed, all one has to do is send
the one-way hash of their personal information. If there is a database entry
that matches the hash, then it is up to the database maintainer to remove the
entry. If there isn't a matching entry, then no personal information will have
been given out. I wonder how many "privacy conscious" database maintainers
will actually implement a scheme like this.
> I tried just entering my name, email address, and state but, as
> anticipated, received a msg that ALL info has to be supplied, so I'll chk
> with someone I know that has an account to see if my name is there.
> However, the BIGGEST problem I foresee with this database (and others
> like it) is that someone eventually is going to hack it - and then watch the
> fun and games ensue.
TRW credit databases have been broken into many times, and they have more
information then Lexis-Nexis (credit-card numbers minus the last four digits,
addresses, telephone numbers, and of course, credit histories). Nothing
really devestating has happened because of these incidents.
Mark
- --
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
iQEVAwUBMkMMxSzIPc7jvyFpAQFoiggAusskPBsG0cvMXYcCmJaJR6Rlbcny+48C
byAs3Bg4E2aMHusyll2+t7GPX897VtVGm1iBaAKZFkfFcyQcHoq+aw+hqJseG/As
Yz3x6702e6y4qOfv+JpyCJk9c19ys4XSkHqsrJl3txFvakrBP4xfstWtDKk2P1EH
4aIDvEaStdabqhMQqayKqU09tLY6A++XZ5zbzK/ovVDQIgCW2cDsmtYTo8ZVktPq
PqTnaHVY7B3oj+XEl7sfS1qKew4KEJiClmlztA7Lk7Kn6Zo6TnBPKOICFHjlnOyy
+gitMH7yYuGVo95jcRzImyDMm6z2mjcHTVlmEnxK2k85PtR9El3ZuQ==
=zaz8
-----END PGP SIGNATURE-----
Return to September 1996
Return to ““Mark M.” <markm@voicenet.com>”