Well, I had Robin pay my subscription, and there is definitely an anonymity problem with having someone else pay it.
The person you’re paying for will receive a confirmation e-mail with your name, address, last 4 numbers of your card, and expiration date.
So, here’s the deal. It’s not like I’m anonymous or anything, and just to be sure: My name is Dave Cartwright, and I live in Carlisle Pennsylvania. Now that that’s out of the way, I’ll be glad to help people out with paying, but here’s the catch: I am not made of money, so I can front a few people to begin with, but ultimately if I get a boatload of people coming to me because some of the others who offered their services back out for fear of losing anonymity, I’m going to need some checks, money orders, etc. up front before I can do too many. Nothing personal, guys, just trying to help out as best as I can.
So, the info and the offer are out there. E-mail me if you need help.
Person B will get a confirmation email from the SDMB containing Person A’s real name, address, type of credit card, last 4 digits of the credit card, and the cards expiration date.
Hmmm. UncleBeer’s response does make me feel a little better about not going to someone else to pay for this (although I always have the option of begging a non-Doper friend to help, an option which many seem to have forgotten). Though it does bring up a question: how does Verisign deal with its clients (the payees) in terms of the names that it gets from the payers? Does it hand over all of them somehow during the payment process? If so, would those names necessarily be directly associated with our nicks here? What sort of list, in terms of names, #'s, and association with our nicks here, will the CR end up having, if any?
I went to Verisign’s website to try to figure some of this out, but it’s too complex and oriented towards its direct clients (the payees). Any knowledge that would help me decide what to do would be appreciated!
Well, personally, i really have no problem if people can identify me as a real life individual. I make a point of posting here nothing that i wouldn’t be willing to stand up and defend in public. Sure, i’ve probably made some jackass posts in my time here, but there’s nothing that i’m not willing to take my licks for, nothing that i would feel mortified to have known to the general public.
I’m sure that anyone with a modicum of search skills and about ten minutes to waste could probably find out my real identity by reading through my posts on this message board and putting the various clues together. Hell, one Doper even said once that he thought he knew what block i lived on from a picture that i had posted on the web.
I realize that some people might have safety concerns about others knowing who they are and where they live, and i’m not ridiculing those concerns. But, on the general issue of anonymity, i’m not too worried. I like to think that i come to this board for the fun discussions, and that it’s just another meeting place. I’m not here simply to hide behind an anonymous username and construct a fake character; if people know (or even care) who i really am, big deal.
I’m not giving out any guarantee, but I believe if Person A pays through PayPal instead of the credit card option they can avoid Person B getting any kind of confirmation e-mail with personal information.
I’m basing this on the fact that I paid for myself with Paypay and they (PP) sent me an e-mail to the e-mail address they have on record as a receipt, but I haven’t received anything from the SDMB with any kind of personal information.
I’m afraid I will need a little substantiation for this claim.
It was my understanding that the lock on the screen implied that nobody between the sender and the recipient can look at the information contained in the message.
In other words although Verisign implies that your credit card number will be encrypted, ChiReader (for example) will still possess it at the end of the transaction. (Actually, I think the lock indicates encryptation and the Verisign logo indicates that “the site is legitimate, rather than a clone of the legitimate company set up to collect your personal and financial information.”)
But I may be wrong. At any rate, Ed Zotti’s post didn’t clarify this issue for me (but thanks anyway: it was on page 6 of the thread, after all).
…most of which don’t handle detailed user opinions.
More generally, I understand that the SDMB community will possess a range of preferences regarding privacy. For myself, having been a victim of credit fraud in the past (and having logged perhaps 20 hours fixing the problem), I may have a tendancy to err on the side of caution.
Regardless, I hope that SDMB sees it fit to implement BitPass, or a similarly anonymous payment process system. More generally, this issue of anonymity on the web isn’t going to go away: I urge payment pioneers such as the SDMB to address it in some fashion that does not depend upon ad hoc methods.
This was brought up in an ATMB thread and Ed posted that he would have the address suppressed in the confirmation email. He must have been able to do more than just the address, because when I paid my subscription, the confirmation email just said:
That’s it…no name, no address, no credit card info.
I feel so damn boring. I don’t have the slightest problem with those who want to remain anonymous, I am just intrigued by the need for cloak and dagger maneuvers. I have never read anything on this board that would interest any federal, state or local authority. The worst I’ve seen is things you wouldn’t want your mom to know. Unless Ma works for the Reader you are probably in the clear.
Unless someone is gearing up to admit to kitten felching I’m not sure what the big deal is.
I think for me it’s just that I have this online person that isn’t entirely me and so I feel more free to say what I think here than I would if my actual name was attached to it.
Oh yeah, and before I was so ‘paranoid’, I had some guy show up at my door at 2:30 a.m. because he flew 3000 miles just to ‘say hi’. I hadn’t hidden my real name. He got my home address by looking me up in the phone directory.
In some sense, I don’t see it as a big deal. I guess I’m just asking the Powers-That-Be to sign up with a service that makes a point of being user-friendly to both “Earner” and “Spender”.
If they can’t do that (or provide a decent explanation) why should I trust their security procedures? I figure if Diebold, NASA and Chase can be hacked, so can the Chicago Reader.
Members say plenty of things on this board that, taken out of context, they may not want their friends, neighbors, employers, stalkers, spammers, telemarketers or Joe-Jobbers to learn about. I am not so concerned about Ashcroft: presumably he could supenea the IP address and identity of anybody posing an immediate threat to whatever, regardless of the payment method that ChiReader chooses. This is really a marketer/hacker issue.
More generally, it is also desirable to establish sound procedures with a technology that is still rather young.
I can appreciate Measure for Measure’s point. I can doubly appreciate Berkut’s point.
There’s two issues to worry about here.
Firstly, it’s all very well saying that you’d be happy to stand up in real life and defend everything you’ve ever written on this board. I like to think I’d do the same. But there are times and places where what you have to say may not go down too well. The situations where you’d usually decide that it wasn’t the time or place to bring the matter up.
Well the internet means that everywhere is right next door to that place and every time can be that time. You have no control over who gets to listen, share and turn nasty about stuff. People who may well be completely unreasonable and anonymous, unlike yourself. I’ve been in that situation, and it wasn’t pleasant, at all.
Secondly, companies, as a whole, have a record for dipping into any data they can lay their hands on. As long as they can justify it as ‘improving our service to you’, (weasel-speak for ‘maximizing our revenue’). The day I get any contact from my credit card company, or indeed anyone, based on my membership here and trying to push some sale on me will be the day I will post a mightily pissed-off thread in the BBQ pit. The idea that they could fish through my postings here in order to fine tune their pitch, no matter how unlikely it may currently sound, just doesn’t bear thinking about.
With this concern we really only have the Chicago Reader’s current assurances and goodwill. Today I’m happy to accept that. But will the situation be the same in 3 year’s time?
As much as I encourage the Reader to establish anonymity-friendly policies, I should nonetheless note that the Bitpass solution falls short of perfection.
Oddly for a financial intermediary, Bitpass has chosen a second-tier certificate authority, Entrust (not Verisign). According to a lengthy and archived discussion at Slashdot, the Entrust product is flimsier than Verisign’s weakest certificate.
When I made a 2nd purchase via Bitpass, my browser (Firebird 0.8) delivered the following message:
“Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.”
This message may or may not be accurate: I speculate that it might reflect unencrypted data that is being sent to me, as opposed to the password that I was attempting to send to Bitpass.
Or perhaps they figure that everybody keeps a small account with them anyway. Hm, I wonder about their business plan.
Bitpass charges the Earner 15% for transactions under $5. That sounds ok to me: it may not sound ok to ChiReader.
If I establish a PayPal account using a credit card (as opposed to using the CC directly), will the CR know or have on record the name on that credit card at all?
Of course, if this drags on for too long, I may just end up biting the bullet and using direct CC payment, but we’ll see.
Well, I think Bitpass is an ok solution, caveats notwithstanding. Gotta admit though, I suspect that the ChiReader won’t bother with them.
I noted in the OP that PayPal reveals, “…your name, e-mail address, date of sign-up, and whether you have verified control of a bank account are displayed to other PayPal customers whom you have paid or who are attempting to pay you through PayPal.”
I suppose the best current option is to use a friend’s PayPal account or, barring that, a friend’s credit card number. Doing this every fricken year could get awkward though.
