Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Carbonite Privacy Breach Leads To Spam

samzenpus posted more than 2 years ago | from the fox-in-the-henhouse dept.

Privacy 134

richi writes "It looks like Carbonite, Inc. has been giving out customers' personal information. The company has admitted to giving customer email addresses to a third party, in direct contravention of its privacy policy. A company statement reads: 'Carbonite has discovered an advertiser misappropriated our e-mail list during the process of one of our e-mail marketing campaigns. When Carbonite launches an e-mail marketing campaign, it provides a suppression list to e-mail advertisers so that Carbonite customers do not receive promotion emails from Carbonite (since they’re already customers) and importantly, so that people who have opted out of receiving emails from Carbonite do not receive future email from us. This list was mishandled by an advertiser and we have taken immediate remedial efforts. As an online backup company, the security and privacy of our customer data is our top priority. We take all matters related to privacy very seriously. The matter will be addressed privately with the involved third parties and we will ensure that all customer e-mail addresses are permanently removed from their database.'"

cancel ×

134 comments

Sorry! There are no comments related to the filter you selected.

Misunderstanding (1)

Anonymous Coward | more than 2 years ago | (#37925312)

"The matter will be addressed privately with the involved third parties". That's not what "privacy policy" means, you know?

Re:Misunderstanding (1)

Fluffeh (1273756) | more than 2 years ago | (#37926096)

Actually, I think it does.

Their privacy policy to their customers gives a bunch of rules that they have said they will follow. Some of those rules have been broken. I think it is actually right that they discuss this privately with the third parties to try to engage them to do the right thing. If the other parties don't come to the party, so to speak, only then should it go further.

Re:Misunderstanding (1)

Captain Splendid (673276) | more than 2 years ago | (#37927166)

Threadjacking, apologies.

As someone who listens to a ton of talk radio and thus has been subjected to hours of Carbonite ads and in-show pitches by the hosts:

BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!

Mind you, Rush pimps this service hard, maybe he can turn it around as a liberal plot or something and help save their asses.

SUCK IT, YOU GREEDY FUCKS!

Re:Misunderstanding (1)

reboot246 (623534) | more than 2 years ago | (#37927930)

Do you feel the same way about Leo Laporte pushing it on all of his shows? Just curious.

Re:Misunderstanding (1)

Captain Splendid (673276) | more than 2 years ago | (#37928062)

Nah, Rush is way bigger than Leo. I mean, I love the guy, but you really can't compare the two.

Who was it? (4, Insightful)

Anonymous Coward | more than 2 years ago | (#37925326)

The only way to prevent this stuff is to out the culprits who did this. Why would they protect a company that screwed their reputation?

Re:Who was it? (3, Informative)

Bill, Shooter of Bul (629286) | more than 2 years ago | (#37925616)

Carbonite, obviously. From the summary:

The company's admitted giving customer email address to a third party, in direct contravention of its privacy policy.

They are the ones that screwed their reputation by violating its privacy policy.

.

Re:Who was it? (2)

Fluffeh (1273756) | more than 2 years ago | (#37926202)

They are the ones that screwed their reputation by violating its privacy policy.

What I find most ironic is that they seem to be breaking their privacy policy in an attempt to enfore it. "Here is the big email list of people you CAN'T send emails to. We promised, so don't send stuff OK?". It's simply dripping with irony.

Re:Who was it? (2)

BitZtream (692029) | more than 2 years ago | (#37926672)

Its not irony, its intentional. Claiming this wasn't intentional or is a surprise is a flat out lie. This is a company that is SUPPOSED to KNOW how to protect your privacy since they ... claim to be safe and secure place to store your backups.

I'll call them liars because if they aren't liars, its even worse for their reputation.

Re:Who was it? (1)

Fluffeh (1273756) | more than 2 years ago | (#37926728)

I'll call them liars because if they aren't liars, its even worse for their reputation.

Yes, it does seem to be a choice of calling them a) incompetent or b) liars. I really don't know which is worse. Do you trust the incometent fool or do you trust the sneaky but savvy businessman?

Re:Who was it? (1)

Culture20 (968837) | more than 2 years ago | (#37927088)

Do you trust the incometent fool or do you trust the sneaky but savvy businessman?

You can always find the fool's Peter-principle level where they can be trusted, but the sneaky guy can't be trusted with anything without hiring someone else to watch him 24/7.

Re:Who was it? (1)

lymond01 (314120) | more than 2 years ago | (#37927126)

From the summary (I didn't RTFA), it suggests they gave out the suppression list to their marketing agents. They probably don't run their own list serve and bulk emailing in house. They send it to professionals who make a pretty email for them and bulk mail it out over a few days. The list is to ensure their own customers don't get spammed by the "BE A NEW CUSTOMER!" emails. And then the marketing agent gave the list to the wrong people.

Re:Who was it? (1)

richi (74551) | more than 2 years ago | (#37927626)

Shame on you for not RingTFA. How am I supposed to eat? ;-)

They could have used hash digests. (1)

Anonymous Coward | more than 2 years ago | (#37925978)

The clear technical way to prevent it would be to give a list of cryptographic hashes to use as the email suppression list, instead of the actual list of customers itself.

Since they did not think of this obvious and simple technical way to preserve privacy, it makes me worry about the rest of their software.

I'm happy my data is backed up with https://spideroak.com/

Re:They could have used hash digests. (1)

Wandering Idiot (563842) | more than 2 years ago | (#37926600)

The third-party company would still presumably be able to build at least a partial customer list by the email addresses rejected by the hash system, so it still seems like a violation of Carbonite's policy, although I agree it would have been preferable.

Re:Who was it? (1)

Fluffeh (1273756) | more than 2 years ago | (#37926156)

Why would they protect a company that screwed their reputation?

Probably because they have a long standing business relationship with them. If the other company makes them plenty of new customers, they might be the company that helps them regain all the customers they lost from this fiasco.

Haven't you ever had an employee, or friend for that matter that did something stupid, you took them aside, spoke with them and they ended up being a fantastic employee or amazing friend from that point onward?

Re:Who was it? (0)

Anonymous Coward | more than 2 years ago | (#37926632)

Your presume that we have "friends" is false. You assume too much.

Re:Who was it? (1)

networkzombie (921324) | more than 2 years ago | (#37926760)

No. I never have. Character is character. Integrity is not something people get because you spoke with them. Humans are animals and animals are motivated by greed. Integrity is when a human can use its self aware cognitive resources to make decisions contrary to what reptilian brain wants them to do, such as realize the greater good and envision long term consequences of short term actions. People gain these skills because they are smart, not because you spoke with them. If that were the case we would all be carrying smart sticks so we could have a talkin with all the spammers, just like the company that Carbonite won't throw under the bus.

Re:Who was it? (0)

Anonymous Coward | more than 2 years ago | (#37927664)

"Haven't you ever had an employee, or friend for that matter that did something stupid, you took them aside, spoke with them and they ended up being a fantastic employee or amazing friend from that point onward?"

No.

Re:Who was it? (3, Interesting)

richi (74551) | more than 2 years ago | (#37927594)

Richi Jennings, author of TFA here.

I have a couple of leads on the identity of the advertiser; I plan to name&shame once I have enough evidence.

However, as Bill rightly points out in his reply, it's Carbonite that's primarily to blame, for ignoring its own privacy policy.

Your information is safe to be spammed with them? (2)

sethstorm (512897) | more than 2 years ago | (#37925332)

Apparently they forgot the confidentiality part of security, while paying too much attention to integrity and assurance.

Re:Your information is safe to be spammed with the (0)

Anonymous Coward | more than 2 years ago | (#37926568)

Of course this is after they told their customers that "the security and privacy of our customer data is our top priority."

Clearly this shows that something else has a higher priority...

This is news? (2, Interesting)

Anonymous Coward | more than 2 years ago | (#37925396)

Anyone with a domain of their own knows most companies give out personal information either willingly or accidentally.

Sign up with accounts like facebook@yourdomain.com, slashdot@yourdomain.com, twitter@yourdomain.com (to pick a few) and you'll find two thirds of those get spam directly to it.

Sometimes it's days later, sometimes months or years, but its inevitable. Why is this news?

Re:This is news? (1)

Anonymous Coward | more than 2 years ago | (#37925626)

I have a domain of my own and have no such problems and I've been using unique email addresses to sign-up for a decade. My guess is it's not the sites you sign up to that sell your addresses, but that your mail server or desktop are compromised.

Keep your own house clean first.

Re:This is news? (2)

mikkelm (1000451) | more than 2 years ago | (#37925636)

I've been doing this for years, and while I get plenty of spam to addresses used at less reputable sites, I honestly cannot recall ever receiving any spam e-mail to addresses used for legitimate services.

Re:This is news? (1)

jfengel (409917) | more than 2 years ago | (#37926324)

That's been my experience as well. I remember only one exception: spam sent to an email address that had only ever been used at Snapfish (and for the life of me I have no idea why I did that. Somebody must have been desperate to share some photos with me in the least convenient possible way).

I notified HP about it, accusing them of either selling their spam list or possibly a data breach. They protested that it wasn't their fault, and it wasn't repeated.

Re:This is news? (1)

Beorytis (1014777) | more than 2 years ago | (#37925684)

I always figured those were "dictionary spam". The newly registered domain record is public information. Prepending known words as mailbox names doesn't take any special information. Sign up with an account like r1%t.y{sUy5ju@yourdomain.com (and don't ever use the address) and see if it ever gets spam.

Re:This is news? (0)

Anonymous Coward | more than 2 years ago | (#37925828)

Have been doing this for many years. I find about 5-10% of companies give out their customer email addresses to 3rd parties (and these then subsequently abuse that information). The vast majority of that is ticket-related stuff. ticketmaster.co.uk, I am looking at you. wankers. Also quite amusing if a company decides to start sending me newsletters, many years after I used their services.

Re:This is news? (1)

Bigbutt (65939) | more than 2 years ago | (#37925932)

Never had that happen. I do that as a matter of habit and keep track and I've only received spam on three occasions. One when I registered with a forum and neglected to flip off the "display my e-mail address" flag on my account (Simple Machines forum). I blocked the e-mail, reregistered with a new e-mail and flipped off the bit. Second from a forum I signed up for and received one spam to the address. And the worst was from a site where I had a short subscription (3 or 4 months) and closed it but they sold the list and that e-mail gets no end of spam. It's blocked but I still see hundreds of attempts a day for that address.

But the other 150 or so addresses have never been spammed. Not once. I have received spam on my whois e-mail of record though ("want to buy the 'same domain' that matches your .us/.org domain?").

And my primary e-mail gets a crapload of spam of which I spamassassin a majority of into a spam folder.

[John]

Carbonite is a Glenn Beck sponsor (0)

nysus (162232) | more than 2 years ago | (#37925418)

So it's not surprise to me these guys are unprincipled scum.

Re:Carbonite is a Glenn Beck sponsor (0)

Anonymous Coward | more than 2 years ago | (#37925882)

Politicizing this just makes you look like an idiot. Do you really think Beck or Limbaugh knew or cared about their email marketing practices?

Re:Carbonite is a Glenn Beck sponsor (1)

DogDude (805747) | more than 2 years ago | (#37926060)

Politics has nothing to do with it. Where a company chooses to spend their money is something that I consider where to spend my money. I would never use Carbonite because they fund these insane radio shows. If everybody cared where they spent their money, crazies like Beck and Limbaugh wouldn't have any advertisers at all.

Re:Carbonite is a Glenn Beck sponsor (1)

Calos (2281322) | more than 2 years ago | (#37926214)

...yeah, if you ignore that whole being hugely popular thing.

Re:Carbonite is a Glenn Beck sponsor (1)

ShakaUVM (157947) | more than 2 years ago | (#37926452)

So you'd rather give your money to Mozy, that just raised their rates for average users (500GB) by 5x or so?

I'd honestly been thinking about switching to Carbonite before this fiasco... their imagined politics had nothing to do with it.

Besides, Glen Beck fulfills a necessary niche in our world, just like Mother Jones and Keith Olbermann on the left. It's actually a very good thing to have a diversity of viewpoints available. Having the media all talking with one voice would gatekeeper out a lot of alternative viewpoints.

I read both sides, and even engage in a bit of science literacy outreach for the noggins on The Blaze.

Re:Carbonite is a Glenn Beck sponsor (1)

FutureDomain (1073116) | more than 2 years ago | (#37927602)

Agreed about the diversity of viewpoints. We need more free speech, not less. As for backups, I'd recommend CrashPlan. Mozy's backup and restore software sucked worse than an industrial vacuum. Losing a bunch of my data from a restore failure and their rates soaring was the last straw for me. Carbonite was better, but it sucked up too much CPU and bandwidth and couldn't be configured otherwise. Crashplan just works, is very configurable, can back up to my other PCs or external harddrive (for fast restores), and is cheaper than the others. You can get the software for free and pay $5 month (or less for longer periods) to store it encrypted on their servers.

Don't Use 3rd Mailers, Duh! (2)

Jah-Wren Ryel (80510) | more than 2 years ago | (#37925430)

If you give your entire customer list to a third party you are just asking for it to be abused. No matter how strict their "policies" may be with respect to handling your data, all it takes is one disgruntled employee to grab a copy on their way out the door and that's the best case. It can only get worse from there.

There is only one way to guarantee that your data is not abused - don't give it to anyone else. All the rules and laws of man will never top the fact that fact you can't copy what you don't have.

FWIW I've seen this happen first-hand. E*Trade farmed their mailings for options trading out to some third party, and they dutifully sent them for six months to me at "etrade@ryel-industries.com" - the address I had on file with E*Trade. I was annoyed enough that E*Trade thought spamming me was a good idea that I remembered it. But a year later I started getting spam from Ameritrade or Schwab or whatever they are called now sent to "etrade@ryel-industries.com" and when I checked the Received: headers it was the same 3rd party as E*Trade had used.

Of course E*Trade couldn't even comprehend what I was talking about when I complained to them. I haven't really done much with my E*Trade account since. They obviously don't really give a damn about my privacy.

Re:Don't Use 3rd Mailers, Duh! (0)

Anonymous Coward | more than 2 years ago | (#37925818)

I'm sorry, but your advice is not appropriate. Anything you do in the real world requires trust in your fellow human being -- you can use your judgment, but from time to time you will be burned. They're doing the right thing here, in my opinion; but disclaimer on this particular point: I know these guys and think they go above and beyond to do the right thing). My point stands in general, however. (not just here).

Re:Don't Use 3rd Mailers, Duh! (1)

cornface (900179) | more than 2 years ago | (#37925878)

A word of warning.

I used to use [companyname]@mydomain.com for everything I signed up for. It worked great for a long time. The only downside was having to use a catchall address, but not a huge deal.

Unfortnately what will eventually happen is someone will troll through whois records or just grab random domains from existing mailing lists, and start sending out spam from random strings of letters/words @ that domain. Still, not a huge deal, except when they are sending out hundreds of thousands of emails that appear to originate with a domain you have a catchall account on, two things happen.

1) A good number of the addresses they have on their mailing lists are themselves email address harvesters which means you now get spam to hundreds of new email addresses.

2) Thousands of those messages will either bounce or generate auto replies, which are now in your inbox.

I've had the same email address for 14 years so it has gotten slightly out of hand. My procmail filters will blot out the sun, but unfortunately, only a medium sized chunk of this garbage.

Re:Don't Use 3rd Mailers, Duh! (1)

pavon (30274) | more than 2 years ago | (#37926748)

Yeah, for those who want to do something similar, it is easy to setup mailhost software to redirect any mail with a certain prefix to a single account, for example traced.companyname@example.com, would all get sent to traced@example.com. You get the benefit of tracking where folks got your email from without having to have a catch-all account.

Also some free email providers are already setup to work this way. For example mail sent to myname+slashdot@gmail.com will go to myname@gmail.com. Some poorly written sites don't allow +'s in email addresses, though, so if you are configuring your own server, you may want to use period or underscore instead.

Use explicit redirection, not catchalls (1)

erice (13380) | more than 2 years ago | (#37928040)

A word of warning.

I used to use [companyname]@mydomain.com for everything I signed up for. It worked great for a long time. The only downside was having to use a catchall address, but not a huge deal.

Unfortnately what will eventually happen is someone will troll through whois records or just grab random domains from existing mailing lists, and start sending out spam from random strings of letters/words @ that domain..

The trick is to not use a catchall. Setup a redirection for every address in use. Anything not defined should bounce. With Sendmail this means a virtuser entry for each address. Admittedly, this is not as convenient as a catchall but it does provide immunity from dictionary attacks like you describe. Long on my to-do list (but never actually done) is to create a script to check From: and Reply-To: on all outgoing mail and automatically add new addresses to virtusers if they are not already present.

It is even possible to retrofit this method if you have previously been using a catchall, as I did. All it takes is basic shell text processing and access to all the old mail. If anyone hasn't sent me any email is, say, three years then they probably are never going to.

Re:Don't Use 3rd Mailers, Duh! (1)

jimicus (737525) | more than 2 years ago | (#37926068)

If you give your entire customer list to a third party you are just asking for it to be abused. No matter how strict their "policies" may be with respect to handling your data, all it takes is one disgruntled employee to grab a copy on their way out the door and that's the best case.

I've actually seen one rather better (worse?) than this.

Company (A) sells an imaging-based backup solution. They sell their list of prospective customers to company (B).

Company (B) drills through every name and telephone number on the list trying to sell them an imaging-based backup solution from company (C) - a competitor of (A). When challenged, (B) insists that there's nothing wrong with this.

I called up (A). They weren't amused...

Re:Don't Use 3rd Mailers, Duh! (1)

Jane Q. Public (1010737) | more than 2 years ago | (#37926288)

Agree completely.

"As an online backup company, the security and privacy of our customer data is our top priority. We take all matters related to privacy very seriously."

They take privacy "very seriously"? How? By giving your information to all their advertisers along with a nice note saying "Please do not steal"???

Anybody who did this in the first place, despite "agreements" with those third parties, would be off my list immediately. Speaking of which: I guess Carbonite is off my list.

I mean really. Give me a break. "Security through third-party agreement" makes "security through obscurity" look like a good bet.

Re:Don't Use 3rd Mailers, Duh! (0)

Anonymous Coward | more than 2 years ago | (#37926910)

It's like whack-a-mole trying to track where your email address goes. I go an emailed school notice the other week, I now have the email address for every family at the school because some dumb-ass forgot to BCC instead of CC! The only defence against spam is a good filter, and Gmails is usually pretty good, very little gets falsely categorised or let through inappropriately. I cant remember the last time my email AV scanner actually found anything actually getting to me.
I occasionally get some good phishing attempts, but those are worth the read to see if they have gotten any more creative or at least a spell checker.
However I still get less junk in my mail than I do through my physical mailbox.

Endorsed by Glenn Beck (1)

wcrowe (94389) | more than 2 years ago | (#37925448)

Carbonite: endorsed by Glenn Beck and Rush Limbaugh. 'Nuff said.

Re:Endorsed by Glenn Beck (0)

Anonymous Coward | more than 2 years ago | (#37925512)

...and Leo Laporte with his growing TWIT network

Re:Endorsed by Glenn Beck (2)

jon42689 (1098973) | more than 2 years ago | (#37925528)

Carbonite: endorsed by Glenn Beck and Rush Limbaugh. 'Nuff said.

But why? I think if either of them actually cared about rights to privacy, etc., they wouldn't be recommending this kind of shit to their listeners/viewers. We see once again that they are just puppets controlled by strings of money. It's not about actually recommending a good product to the consumer, but making sure that commission check is as large as possible.

Re:Endorsed by Glenn Beck (1)

h4rr4r (612664) | more than 2 years ago | (#37925660)

What made you think they cared about privacy or any rights?
These are the very folks that egg on the War on Terruh, and the War on drugs. Of course not on the drugs they are addicted too. If I wanted to hear the ravings of a drug addict I could go down the local homeless shelter and see it live.

Re:Endorsed by Glenn Beck (1)

rickb928 (945187) | more than 2 years ago | (#37925792)

You're overthinking this. Rush and Beck are seeing this as sponsorship for profit. Malice is unnecessary unless you see profit as malicious.

Leo Laporte, on the other hand, doesn't easilty fit into the category of 'evil' for me. You may have a different opinion, I know...

Re:Endorsed by Glenn Beck (2)

Beorytis (1014777) | more than 2 years ago | (#37925622)

Also endorsed by Boba Fett.

Re:Endorsed by Glenn Beck (0)

Anonymous Coward | more than 2 years ago | (#37925770)

certified by Han!

Re:Endorsed by Glenn Beck (1)

frank_adrian314159 (469671) | more than 2 years ago | (#37925812)

And by Randi Rhodes and Thom Hartmann and another half-billion or so talk-/sports-radio gabbers. Basically, if it's on radio, these guys will be there. Radio is cheap (and getting cheaper each day). I doubt they actually have an ideology to push.

Re:Endorsed by Glenn Beck (1)

cvtan (752695) | more than 2 years ago | (#37925862)

As two wrongs don't make a right, two morons don't make a genius.

Re:Endorsed by Glenn Beck (0)

Anonymous Coward | more than 2 years ago | (#37926112)

Glen Beck nailed the gold price this summer though. I saw that as the sign of a top--when idiots look like geniuses, that's a classic sign. I didn't have the bawlz to go short though.

Re:Endorsed by Glenn Beck (1)

Leebert (1694) | more than 2 years ago | (#37926832)

Yeah, and? They also sponsor Radio Lab, which is an NPR show.

Re:Endorsed by Glenn Beck (1)

modmans2ndcoming (929661) | more than 2 years ago | (#37926886)

And Stephanie Miller, and Bill Press, and Ed Schultz, And Leo Laporte and The TWiT network......should I keep going?

Never liked Carbonite (4, Insightful)

jon42689 (1098973) | more than 2 years ago | (#37925466)

Just solidifies my opinion that Carbonite is an irresponsible company, and I've been saying this for a while- this is just an example. You think that trusting all the data on your computer to a company who can't even keep your email address or other account information safe is a good idea? Cloud backup is irresponsible to start with. Off-site MANAGED backups are fine, but just throwing all your data out into the ether and expecting it to be safe is asinine. What will it take for people to stop *giving* away their data?

Re:Never liked Carbonite (0)

Anonymous Coward | more than 2 years ago | (#37926552)

I share your low opinion of Carbonite, but I simply don't follow the distinction you're drawing here between managed and cloud backups. If we go by what Wikipedia says about it [wikipedia.org] , the characteristics of a managed backup are:

- Assistance configuring the initial backup
- Continuous monitoring of the backup processes on the client machines to ensure that backups actually happen
- Proactive alerting in the event that any backups fail
- Assistance in restoring and recovering data

Carbonite does all of those. I get e-mails if they haven't seen backups in a few days or if they failed for some reason, they come with an initial set of common files preselected for backup, though the user can configure it however they want, and my few experiences with customer support have been quite excellent. There's really no functional difference between managed and cloud in this day and age, since the whole point of the cloud is that it gets managed by someone else and just disappears into the aether.

Even so, I'm stuck with Carbonite on my Mac for the next year or so, since I paid for three years up front after researching around to find the best service for personal off-site backup. At the time, it had the best reviews, but I've been less than impressed. While their customer service has always been excellent, the quality of their Mac client leaves quite a bit to be desired. Just a few weeks ago, I wrote this about it:

For some actual examples I've personally seen while using it on my machine, it's created a 7GB log file overnight, consumed all of my available RAM on a regular basis for hours at a time (we're talking a few times a month that I catch it doing it), gotten "stuck" backing up some files for days at a time, not been updated in time for major OS releases, regularly activated while I'm actively doing a processor-intensive activity even though it's supposed to activate when I'm idle, fails to back up files I tell it to, tells me it's backed up folders that have un-backed up items in them, doesn't visually update to reflect changes I've made until I close and re-open it at times, and the list goes on.

So while I take issue with the distinction you tried to draw, as well as with your recriminations aimed at users of such services, I certainly agree that Carbonite sucks.

Re:Never liked Carbonite (1)

modmans2ndcoming (929661) | more than 2 years ago | (#37926868)

giving it away? my data is encrypted with AES 256 encryption.

I also have my primary data, my backup local data on another hard Drive and for my very important stuff, I will be getting BD-R copies (family video and pictures)

Carbonite is insurance.

Re:Never liked Carbonite (1)

jon42689 (1098973) | more than 2 years ago | (#37927080)

giving it away? my data is encrypted with AES 256 encryption.

I also have my primary data, my backup local data on another hard Drive and for my very important stuff, I will be getting BD-R copies (family video and pictures)

Carbonite is insurance.

Certainly, but how many "Joe Home Users" are going to any effort to encrypt their data? Obviously, there's no excuse when we know the pitfalls, but the point is, look at how all these cloud services are marketed and see if any of these drawbacks are even mentioned. The 'cloud' is just talked up like it's the next wheel, but no one even knows what the hell they're talking about, or what the potential risks are!

Perfect Example (1)

Anonymous Coward | more than 2 years ago | (#37925490)

It's irresponsibility like this that keeps me from embracing the cloud like I want to. I don't trust anyone, so I'm actually thinking of building my own personal cloud infrastructure to store my stuff offsite, email, etc.

Re:Perfect Example (0)

Anonymous Coward | more than 2 years ago | (#37925628)

IP Logged

Re:Perfect Example (1)

jon42689 (1098973) | more than 2 years ago | (#37925640)

It's irresponsibility like this that keeps me from embracing the cloud like I want to. I don't trust anyone, so I'm actually thinking of building my own personal cloud infrastructure to store my stuff offsite, email, etc.

Well, according to Wikipedia, "[private clouds] ...have attracted criticism because users "still have to buy, build, and manage them" and thus do not benefit from lower up-front capital costs and less hands-on management, essentially "[lacking] the economic model that makes cloud computing such an intriguing concept" Translation: Being smart and responsible with our data costs money- how can we make it cost less money. At some point, you drop the 'smart', and 'responsibility' part in order to make room for the 'cost less money' part. If someone's moving to the cloud is driven by nothing but trying to cut costs, they're already in the soup. I personally have found the idea of a private cloud to be a winner, and a number of organizations have joined up to create their own cloud. I'm currently working on a project called the "Metronet" in South Bend, IN http://www.metronetzing.org/ [metronetzing.org] which does exactly this. I recommend you keep looking into the idea. There are some really cool opportunities out there.

Re:Perfect Example (1)

LVSlushdat (854194) | more than 2 years ago | (#37926412)

I've done that.. Instead of using Mozy/Carbonite/AmazonS3, I signed up for two Linux virtual private servers. Both of which come with a 60GB disk allocation. Since my critical data backup needs are well below that (less than 30GB and not growing very fast), I simply created an encrypted 50GB container on both servers, set them up to rsync/mirror the contents of the master container, and then set up a daily rsync from my home server via an OpenVPN link to the master server. Even though I don't *own* the vps, its gonna be a cold day in hell before the actual owners of the vps can have my data (in a usable form). Since both vps are geographically separate (one's in Dallas, and the other in the UK) the odds of both being hit by whatever is pretty small..This costs me a whole whopping $25/mo..

Re:Perfect Example (0)

Anonymous Coward | more than 2 years ago | (#37925650)

Are you sure you need a whole cloud? A small patch of fog might be more your size.

This was easier to discuss when we talked in terms of number of rack units rather than atmospheric phenomenon.

Re:Perfect Example (1)

BitZtream (692029) | more than 2 years ago | (#37926454)

...

So you're going to run a server?

A cloud is almost certainly retarded if thats all you're doing. Why would you run umpteen machines when one would do the work 100 times over?

A personal cloud is a rather stupid idea, you'll spend more time fucking with 'the cloud' than any advantage you'll get from it.

your privacy (0)

Anonymous Coward | more than 2 years ago | (#37925516)

When Carbonite lost client data, customers had to sue to get reimbursed. It wasn't a free refund. By the time they collected their lawsuit winnings, most of the companies lost too many clients. How long do you think it will take to get back your entitled winnings when your email is given to an advertiser? Less than a decade I am sure. But then again...

Seriously? (1)

WndrBr3d (219963) | more than 2 years ago | (#37925544)

People who believe that their "personal information" isn't being sold are just being ignorant. These are probably the same people who believe that ALL the money they deposit is sitting in the vault at the bank.

Re:Seriously? (1)

nysus (162232) | more than 2 years ago | (#37925656)

At least with the bank you are insured against the bank's failure.

Re:Seriously? (1)

modmans2ndcoming (929661) | more than 2 years ago | (#37926930)

not really... the Government just promises to print enough money to cover your loss.... they are giving you back inflated dollars.

By "advertiser", they mean "spammer" (3, Insightful)

Rogerborg (306625) | more than 2 years ago | (#37925550)

So, they engaged an outfit of professional spammers, handed them their customer list and were surprised when the spammers did what spammers always do?

That's like buying a shark and shoving your dick in its mouth so that it can learn not to bite off your dick.

Why not send a hash of the email addresses (1)

Monkier (607445) | more than 2 years ago | (#37925576)

The 3rd party would only ever get the intersection of "do not mail" and their own marketing list. And emails wouldn't be sitting around in clear text in a database / filesystem..

advice on a similar, but more sinister situation? (1)

Onymous Coward (97719) | more than 2 years ago | (#37925578)

I created a unique email address to use with a company I ordered products from. No one else had that address. A while later I got a phishing email (pointing to http://www.official-2011-skype-upgrade.com/ [official-2...pgrade.com] ) at that address. The email addressed me by my name as well as the email address ("Joe Blow <uniqueaddress@somedomain.tld>").

Is this conclusive evidence that my private/personal information with the company has been compromised? Maybe they lost control of my credit card and address information as well? Is this worth reporting to the district attorney in their state (NY — they have privacy breach reporting laws).

Re:advice on a similar, but more sinister situatio (1)

Lehk228 (705449) | more than 2 years ago | (#37926220)

please do out the offending company, also do contact the AG

do77 (-1)

Anonymous Coward | more than 2 years ago | (#37925672)

committerbase and May disturb other be3ome an unwanted lizard - In other they are Come and abroad for and suggesting

More proof opt-in is the ONLY way to do it right. (3, Insightful)

ArcCoyote (634356) | more than 2 years ago | (#37925814)

If you RTFA, you'll quickly realize what Carbonite did was provide a 'do-not-spam' list to, well, a spammer... and then, surprise, surprise, the spammer misues or abuses it.

The list was Carbonite customers AND people who previously clicked the opt-out link in past Carbonite spam... So strictly speaking, this wasn't a straight list of Carbonite customers. Spam might be annoying, but there is a bigger issue here: If you wanted to phish Carbonite logins, you'd have a pretty good start.

Scrubbing the list in-house won't happen... Carbonite doesn't have huge lists, the spammers do. And the spammers are not going to give Carbonite their whole list to scrub, those things are money. So Carbonite has to give an opt-out list to the spammers and trust them not to spam it. Sure...

The article's suggestion of address hashes is kinda bogus, and especially dangerous if the hashed addresses are known to be customers. Assuming a spammer/phisher already has eleventy billion addresses, this is a hash collision attack. All the spammer has to do is hash their list and look for matches. Instant customer list.

When you give the data to some other party, (2)

rickb928 (945187) | more than 2 years ago | (#37925872)

You have lost control of it. You can make any claims you want, but if your agreement with users permits you to share the data, you should be legally bound to state that you cannot guarantee privacy. In essence, you have ended your agreement with your users at that point.

Since asking users in advance if you can share their data with a third party is both impractical and likely to cause outrage and refusal, no company is going to do this willingly. So we are back to square one.

If you share user data with a third party, you have lost control. Any claims to privacy are deceptive at best, outright fraudulent at worst.

Even if you claim to compel the third parties to abide by agreements, there is no guarantee unless you own them and/or control the data. That would not be 'giving'.

Ha ha Han Solo (2)

JohnnyBGod (1088549) | more than 2 years ago | (#37925972)

<insert Han Solo joke here>

There, I did it.

Re:Ha ha Han Solo (1)

Spykk (823586) | more than 2 years ago | (#37926002)

Ha ha Han Solo

A good speech therapist could probably help you with that stammer.

Stupid is as Stupid Does (1)

SuperTechnoNerd (964528) | more than 2 years ago | (#37925988)

Personally, If you too stupid or lazy to backup your personal, important, and private data yourself (It's really not that hard), including off location backups -
Then you deserve what you get.. Im suprized they don't try to root through their customers backups and sell that off.
Why in the world would you trust an outside party with your data is beyond me.. Stupid is as stupid does..

Really, slashdot? (1)

Drunkulus (920976) | more than 2 years ago | (#37926056)

Are you kidding me? A marketing company selling "online backup" on the Rush Limbaugh show? This is slashdot worthy? Stay tuned for a metallurgical analysis of the QVC ninja swords...

Re:Really, slashdot? (1)

modmans2ndcoming (929661) | more than 2 years ago | (#37926984)

you call yourself a Geek? I had heard about Carbonite for 2 years before on Leo Laporte's Weekend tech guy show before it even hit popular radio hosts' shows.

Re:Really, slashdot? (1)

Drunkulus (920976) | more than 2 years ago | (#37927206)

Leo Laporte, Rush Limbaugh, what's the difference? Technology for grandparents.

Re:Really, slashdot? (0)

modmans2ndcoming (929661) | more than 2 years ago | (#37927430)

seriously?

Your geek card and slashdot membership are revoked.

Re:Really, slashdot? (2)

Drunkulus (920976) | more than 2 years ago | (#37927808)

Oh my. Quaking in my boots over here. Holy mother of Jesus where's my martini? I'm being threatened by a Windows 7 power user. Please Hammer don't hurt me.

Re:Really, slashdot? (0)

modmans2ndcoming (929661) | more than 2 years ago | (#37927950)

Fuck you...Windows 8 user.

OK, serious question here (1)

jimicus (737525) | more than 2 years ago | (#37926174)

Asking on /. because I haven't found anything myself yet: Is there any such thing as an online backup service that:

1. Is either EU-based or is a signatory to the EU-US Safe Harbor scheme.
2. Has a reasonably good reputation - and doesn't consider customer data disposable.
3. Appreciates that we don't necessarily have unlimited bandwidth so offers a media-shipping option for data restores.
4. Operates a reseller program.
5. Supports OS X and Windows.
6. Isn't in some sort of crazed rush to the bottom that will ultimately guarantee any reputation they have right now evaporates over the next 18-24 months.

I've looked around and I don't think there's any such thing. Every major company I've found appears to have a bit of a blind spot when it comes to restoring data with any degree of reliability.

Re:OK, serious question here (0)

Anonymous Coward | more than 2 years ago | (#37926472)

Asking on /. because I haven't found anything myself yet: Is there any such thing as an online backup service that:

1. Is either EU-based or is a signatory to the EU-US Safe Harbor scheme.
2. Has a reasonably good reputation - and doesn't consider customer data disposable.
3. Appreciates that we don't necessarily have unlimited bandwidth so offers a media-shipping option for data restores.
4. Operates a reseller program.
5. Supports OS X and Windows.
6. Isn't in some sort of crazed rush to the bottom that will ultimately guarantee any reputation they have right now evaporates over the next 18-24 months.

I've looked around and I don't think there's any such thing. Every major company I've found appears to have a bit of a blind spot when it comes to restoring data with any degree of reliability.

There are many who do this that are not major company. I own a company that has been offering this service for over 10 years with the best software avaliable. Our product makes Carbonite look like a minor player. Our customers expect privicy and the restore is what our service is based around. Our product also handles most every OS onthe market. We can do everything from A/S 400 to Lynx and all the rest. We keep thier data in a private cloud so it is not floating around from data center to data center. We are not based in the EU but we do handle the servie liek professional would want. Our customers are companies liek Hositals and banks that can not afford some company like Carbonite.

Re:OK, serious question here (1)

modmans2ndcoming (929661) | more than 2 years ago | (#37927034)

you are really good at advertising... I am going to head over and buy your product.... oh....wait....

Re:OK, serious question here (1)

modmans2ndcoming (929661) | more than 2 years ago | (#37927008)

Carsh Plan provides the shipping option as well as a few other back up options that it will manage for free (local backups, off site to a friend's computer)

Re:OK, serious question here (1)

sl3xd (111641) | more than 2 years ago | (#37927344)

CrashPlan suits my needs pretty well.

Crashplan does have a good reputation, media-shipping options, supports OS X, Windows, Linux, Solaris, iOS, and others, and isn't a fly-by night operation.

The biggest problem I see is the "operates a reseller program" - I don't know of anybody that does that.

Security/Privacy companies giving out your private (1)

BitZtream (692029) | more than 2 years ago | (#37926356)

information ...

I'm not sure about you, but anyone with half a clue realizes that if they were actually in the business of protecting your data, they wouldn't be giving email addresses to anyone. Whats better is that they give out their ENTIRE FUCKING LIST, and then give another list of 'don't email these guys' ... seriously? How about you just NOT INCLUDE THOSE PEOPLE TO BEGIN WITH?

They are double dipping. Charging for service, then selling your info. And this is a company thats supposed to be backing up ALL of your personal data and keeping it safe?

Anyone who continues to use Carbonite is an idiot, they are not a good company to do business with, just another facebook.

Carbonite spam (0)

Anonymous Coward | more than 2 years ago | (#37926374)

Made from Ham Solo.

How's that Cloudy security thingy workin' for ya? (1)

couchslug (175151) | more than 2 years ago | (#37926474)

Apparently, not so good.

Backups? (0)

Anonymous Coward | more than 2 years ago | (#37926566)

"we will ensure that all customer e-mail addresses are permanently removed from their database"

Carbonite... what is it they do again? Oh that's right backups....

Interesting that a company who specializes in backup technology mentions having the addresses permenantly removed from the vendor's database... but no mention of it being removed from all of the backups that the vendor might have.

They didn't sell the names (1)

Toonol (1057698) | more than 2 years ago | (#37926940)

This isn't quite as bad as most of the comments make it sound. They are using the email addresses of their customers as a suppression file. This is not the same as renting out the names.

They mention two cases:

1. They are sending out an email advertising campaign, and use the file of customer's email addresses to delete customers off the file, so existing customers don't get an email advertising their service. I can understand with the irritation at a company sending unsolicited email, but the suppression of customers isn't a bad thing.

2. They are sending an email to their own customers, but use the list of customers that requested no emails be sent to prune those names out of the file. That is certainly a good thing.

Both of those tasks can't be done by a vendor without providing a list of email addresses, and this is nearly always done by an outside vendor. The problem is the email vendor broke the privacy agreement, or somebody stole the names, or whatever. How can they honor a request to not email a certain customer without matching that customer's email up against their mail file?

whitelist? blacklist? (1)

Eponymous Hero (2090636) | more than 2 years ago | (#37927056)

so carbonite gave the 3rd party a blacklist of email addresses who had opted out...

why not only provide a whitelist of email addresses who had opted in? security through obscurity, anyone?

Where did they get the list of non-customers? (1)

RocketRabbit (830691) | more than 2 years ago | (#37927112)

My question is, where does Carbonite get their marketing list of emails? Are they sucking down all the email of their customers and puling email addresses out of their backed up documents? To me this seems like an obvious possibility - they simply grep all the documents they have for valid email addresses and send it away to the spammers they have contracted.

Then a day later you get an email saying "Wouldn't you love to become protected like your pal bob@super.com? His data is backed up, why isn't yours?"

Backup Service Provider Security (1)

tokencode (1952944) | more than 2 years ago | (#37927202)

Your data is only as secure as your backup service provider. Make sure your data is encrypted fromt he second it leaves your possession. Check Dynamic Vault Dynamic Vault [dynamicvault.com] . They offer encrypted remote backup with multiple key, full turn-key DR services and even offer the option for them not to know the key (you're on your own if you lose it).

I don't have to worry about that. (0)

Anonymous Coward | more than 2 years ago | (#37927308)

Since I don't use Carbonite. I have my own form of Carbonite, it's called an external HDD and CD-R's. :) Also, unless I absolutely must, I don't give out my personal info to sites that ask for it, or I make some up. Very few things out there on the internet that I deal with on a regular basis actually know ME.

I don't look at this as lying, I look at this as "you don't have a need to know". My personal information is patented, copyright, trade and service marked - ME. Also, it's classified. I could tell you, but... you know the rest. :^)

Duh (0)

Anonymous Coward | more than 2 years ago | (#37927476)

They use spamvertisers.. and you expect them to respect privacy.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>