Identity Angel Report
Heard a story on NPR today about the CMU project Identity Angel. Here's how it works: CMU trolls the Intarwebs for personally-identifiable information, like name/address/SS#/e-mail address, then take the said e-mail address and let the poor fellow know that his name/address/SS# is out there on the Intarweb.
I'm sure their heart is in the right place and this isn't just a Homeland Security funding boondoggle, but there are at least three problems I thought of while risking my life by listening to NPR on a motorcycle:
a) Ignored Alert: If the anti-phishing / counter-fraud people have been doing anything over the past two years, it's been instructing people to never ever ever respond in any way to any e-mail regarding your personal information. This is the best case scenario.
b) False Positives: CMU e-mails Alice, "Dear Bob, here's where we found all your information." Now Alice has a Bob ID Kit. Whoops!
c) Identity Angel scams: The domain identityangel.com is registered by some guy in New Jersey (CMU is in Pittsburgh, PA), and identity-angel.com is, as of this moment, mine. So, thanks to today's PR push, mail from these domains that make inquiries about your identity is going to carry with it the usual trust levels that the rest of phishing e-mail enjoys for those people who didn't pay attention when we were pushing (a). "This is a secure e-mail from the Identity Angel project. Click here to remove your personal information from the Internets." Etc.
And so begins my lucrative spamming (or at least domain squatting) career.
I'm sure their heart is in the right place and this isn't just a Homeland Security funding boondoggle, but there are at least three problems I thought of while risking my life by listening to NPR on a motorcycle:
a) Ignored Alert: If the anti-phishing / counter-fraud people have been doing anything over the past two years, it's been instructing people to never ever ever respond in any way to any e-mail regarding your personal information. This is the best case scenario.
b) False Positives: CMU e-mails Alice, "Dear Bob, here's where we found all your information." Now Alice has a Bob ID Kit. Whoops!
c) Identity Angel scams: The domain identityangel.com is registered by some guy in New Jersey (CMU is in Pittsburgh, PA), and identity-angel.com is, as of this moment, mine. So, thanks to today's PR push, mail from these domains that make inquiries about your identity is going to carry with it the usual trust levels that the rest of phishing e-mail enjoys for those people who didn't pay attention when we were pushing (a). "This is a secure e-mail from the Identity Angel project. Click here to remove your personal information from the Internets." Etc.
And so begins my lucrative spamming (or at least domain squatting) career.
posted by todb at 10:44 PM
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home