| Pagine: < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] > | Illegal use of data from ProZ.com profile Iniziatore argomento: RoxanaTrad (X)
|
|---|
Marijke Mayer 
Paesi Bassi
Local time: 04:32
Da Olandese a Inglese
+ ...
| I can help if asked | Aug 7, 2009 |
Hey folks,
I did not specify earlier today how to go about removing the account as I thought it was pretty obvious. I see that in the meantime somebody has taken great pains to explain in detail how to go about it, but again, I can help if asked. As pointed out, it does require you to use some password, obviously not one you would regularly use, I used something to the tune of 'thisisbullshit' and then I removed 'my account.'
In the meantime, I hope everyone will get o... See more Hey folks,
I did not specify earlier today how to go about removing the account as I thought it was pretty obvious. I see that in the meantime somebody has taken great pains to explain in detail how to go about it, but again, I can help if asked. As pointed out, it does require you to use some password, obviously not one you would regularly use, I used something to the tune of 'thisisbullshit' and then I removed 'my account.'
In the meantime, I hope everyone will get over it; please use your energy to remove ' your account' from the loser site and get back to everyday business.
Nothing has been taken from me that cannot be readily accessed online anyhow. I
don't like it any more than you do, but Henry has profusely apologized and that is good enough for me. Think of the good things this site has done for you!
Good luck,
Marijke ▲ Collapse
| | | | MariusV
Lituania
Local time: 05:32
Da Inglese a Lituano
+ ...
| from the legal point of view | Aug 7, 2009 |
First of all, sorry folks, if I might go a little offtopic in some sense (as I have not read all recent posts in a great detail). I promised to offer something instead of pure criticizing. So, my view of the situation:
1) Proz.com as our personal data manager and Proz.com content copyright owner (incl. all our data) shall implement all the requirements of the USA data protection legislation in this area, in other words - Proz.com shall make all possible to ensure safety of our perso... See more First of all, sorry folks, if I might go a little offtopic in some sense (as I have not read all recent posts in a great detail). I promised to offer something instead of pure criticizing. So, my view of the situation:
1) Proz.com as our personal data manager and Proz.com content copyright owner (incl. all our data) shall implement all the requirements of the USA data protection legislation in this area, in other words - Proz.com shall make all possible to ensure safety of our personal data and protect us from illegal use of it from third parties; I think that shall not be very complicated because "bicycle is invented" and there are MANY websites, portals, etc. which are implementing these mandatory requirements set by the laws; in such a case, Proz.com would attain a full legal right to "chase" those data harvesters for "Proz.com copyright breach" (instead of individual members "chasing" these unknown websites and asking to delete profiles posted without even knowing)...
2) In addition to that:
2.1) Our profile system/templates shall be "updated" enabling/asking Proz.com members to post only relevant info which cannot be treated as "sensitive personal information"...E.g. the requirement for third party downloadable CVs to be posted on profiles shall be eliminated because users can send their CVs to interested parties directly (and be responsible for that themselves without involving Proz.com), and also CVs already contain sensitive personal information, moreover, this "sensitive personal information" is not very much related to the expertise of the member (who cares about the place of birth of the member if the Proz.com visitor is interested in the services)?
2.2) There shall be a clear disclaimer in relation to posting other sensitive personal information (i.e. the user shall be solely responsible for what he/she posts)...
2.3) Members profile shall be made in such a way, as to be impossible to copy-paste the texts...The only possibility there, for these data harvesters, shall be re-typing all info of the member by hand...
[Edited at 2009-08-07 22:31 GMT] ▲ Collapse
| | | | | Please enter a support ticket, RoxanaTrad | Aug 7, 2009 |
RoxanaTrad wrote:
As for what concerns me, I still have a profile there I can't delete. And, again, my Proz.com CV is visible on Google, even though I chose to make it visible to logged-in users only. WHY IS THAT???
... What should I do? Remove my CV? Although I do have regular outsourcers and direct clients I wouldn't mind new ones (and I think we all agree here), still, I would like to be able to control whom to allow access to personal info and who not to.
Would you mind entering a support ticket on that one? I think we have a way of requesting that Google take it out of the index.
| | |
|
|
|
David Russi
Stati Uniti
Local time: 20:32
Da Inglese a Spagnolo
+ ...
[quote]Henry D wrote:
That is not accurate. We said what we were going to do in the forum and then we set about doing it. During the entire period, anyone who asked for specific information via a support ticket -- which was the method we kept emphasizing, and people who were very concerned used -- got it. (To the extent we had it, of course.)
I am sorry Henry, and I know you know how I feel about this, but POSTING TO A FORUM IS NOT TRANSPARENT!!! Saying what you are going to do in a forum limits the audience to the people in the forum, probably a SMALL pecentage of membership.
You can fool yourself or some of the people some of the tijme... but not everyone.
Added on further thought... I do know you care and want to make this right, but I still believe that you have lost a lot of credibility by not posting this up front in big, bold letters. Plus, you are pushing a lot of the onus on US. Why can't ProZ simply ask for all illegally obtained profiles to be removed, instead of forcing us to do it? They seem pretty responsive (my profile was removed in a matter of hours).
[Edited at 2009-08-08 02:26 GMT]
| | | | Ralf Lemster
Germania
Local time: 04:32
Da Inglese a Tedesco
+ ...
| That 's what ProZ.com have done | Aug 8, 2009 |
David,
Why can't ProZ simply ask for all illegally obtained profiles to be removed, instead of forcing us to do it?
That's what Henry & Co. have done, as indicated on the Security Notification page:
Could you be more specific? What attempts have been made to get the information removed from the Internet?
ProZ.com staff members consider it the responsibility of the site to do everything within reason to have the private content that was improperly accessed removed from the web. To this end, as a first step a request for removal was sent to those operating outsourcingroom.com. There was no response and attempts to establish contact were not successful. A "cease and desist" letter and DMCA filings were then prepared. Legal options have been investigated but no action has yet been initiated. A report has been given to appropriate law enforcement bodies, ISPs hosting the site have been notified, and other steps have been taken. Unfortunately, there is no guarantee that any of these efforts will be successful in the near term, if at all. However, the process will be pursued to the extent possible.
The problem with this page is that it is rather hard to find; there's a link on the home page (shown in very small font, though), but it's not even shown on the "About" main menu item.
HTH, Ralf
[Edited at 2009-08-08 12:47 GMT]
| | | | William Pairman
Spagna
Local time: 04:32
Membro (2005)
Da Spagnolo a Inglese
| Maybe I'm missing a number of points here but... | Aug 8, 2009 |
I'm lucky enought to feature twice on the site in question - Go Me!
Anyway, my two cents worth
a) Doesnt emailing the site in question from your "ProZ registered" email account put your head above the parapet so to speak? It's sort of like replying to spam, it "lets them know you're there" and actually makes things worse. As someone has said earlier, they may remove your name from the site but you be sure its still in some archive which will undoubtedly be passed on to ... See more I'm lucky enought to feature twice on the site in question - Go Me!
Anyway, my two cents worth
a) Doesnt emailing the site in question from your "ProZ registered" email account put your head above the parapet so to speak? It's sort of like replying to spam, it "lets them know you're there" and actually makes things worse. As someone has said earlier, they may remove your name from the site but you be sure its still in some archive which will undoubtedly be passed on to some other such shady organisation
and connected to this point
b) Isn't the greatest danger that we are facing that of receiving Spam? Yes its annoying and yes I guess there are site security issues which I imagine are being sorted, but given the fact our credit card details haven't been compromised then the worst that can happen is we get a few more emails along the lines of "New ideas for mydomain.com" or "Career opportunities!" and the like. You add the offending terms to your spam filters and job done. When all's said and done the vast majority of us already feature in god knows how many lists and the worst that happens is exposure to email scams which are patently visible a mile off ▲ Collapse
| | | | Ralf Lemster
Germania
Local time: 04:32
Da Inglese a Tedesco
+ ...
| That's why I didn't contact them | Aug 8, 2009 |
Hi William,
a) Doesnt emailing the site in question from your "ProZ registered" email account put your head above the parapet so to speak?
That's exactly why I did not contact them.
b) Isn't the greatest danger that we are facing that of receiving Spam?
Probably, but that's not all. From my perspective as an outsourcer, there's a risk that someone could seize "my" profile there, to outsource jobs under my name (or using my company's details).
We've seen several such cases in the past; of course, the companies affected were able to prove that they had not placed such assignments - but it took them considerable effort to clear their name.
Best, Ralf
| | |
|
|
|
| Data accessed in this incident is not the sort associated with identity theft | Aug 8, 2009 |
Ralf Lemster wrote:
Probably, but that's not all. From my perspective as an outsourcer, there's a risk that someone could seize "my" profile there, to outsource jobs under my name (or using my company's details).
Hang on there, Ralf. Yes, someone could take control of the outsourcingroom profile - but they could just as easily create one in your name there or anywhere - so this incident does not change that. (And lest anyone misinterpret, the incident did not involve disclosure of private 'company details'.)
To be clear, the data accessed in this incident does not include the types of data normally required to assume an identity, ie. credit card, bank info, national identity numbers, etc.
Spam is the worst that anyone has reported so far as a direct result of this incident. We are monitoring the situation closely, and will let you know if there are any other negative effects reported.
Note that Roxana's experience with someone using her CV did not involve the data accessed in this incident.
| | | | | Please use the support system. If you must post, please do so carefully! | Aug 8, 2009 |
As you may know, site staff members and moderators have been encouraging those with information, suggestions or questions related to the security incident to communicate directly with staff members via the support system.
The overwhelming majority of site users have complied with this request. Thank you! As you have provided information, staff mem... See more As you may know, site staff members and moderators have been encouraging those with information, suggestions or questions related to the security incident to communicate directly with staff members via the support system.
The overwhelming majority of site users have complied with this request. Thank you! As you have provided information, staff members have added it to the security page. As you have asked questions, staff members have answered them and added them to that page. In this way, it has been possible to make sure that the information going out is accurate. The feedback loop provided by support has made it possible to adapt texts to clarify in cases where information has been misunderstood.
In short, this approach appears to be working well. Therefore, I would once again ask that if you have something to say concerning this incident, you do so via support. This will help us to best address the current situation.
If you must continue to post, please, do so carefully, and with consideration for the fact that some people are still very much on edge about this. I understand Ralf's concern, but in the current environment, there are a few people who might read that sort of speculation and be pushed into undo panic.
In short: support.
And if for some reason you must post: facts.
Thanks! ▲ Collapse
| | | | Neil Coffey
Regno Unito
Local time: 03:32
Da Francese a Inglese
+ ...
| Actions aren't that unreasonable | Aug 8, 2009 |
In any security breach, it's generally better to FIX THE SECURITY FIRST and worry about the public relations later. As I understand it, Henry and the team have done things pretty much in the order that you'd expect-- they first concentrated their efforts on fixing the security of the site, and THEN moved on to the public relations (e-mailing users affected) and dealing with the site that scraped the data. In the latter respect, issuing a DMCA notice seems the most appropriate course of action-- ... See more In any security breach, it's generally better to FIX THE SECURITY FIRST and worry about the public relations later. As I understand it, Henry and the team have done things pretty much in the order that you'd expect-- they first concentrated their efforts on fixing the security of the site, and THEN moved on to the public relations (e-mailing users affected) and dealing with the site that scraped the data. In the latter respect, issuing a DMCA notice seems the most appropriate course of action-- as I mentioned before, the actions of the company scraping the data are essentially a copyright issue rather than being criminal as such.
@William -- normally, it's not a good idea to reply to spam because spammers typically work with data (e.g. e-mail addresses) that they are much less certain is correct. For example, they often simply make up a massive number of e-mail addresses (e.g. by prefixing common names to @aol.com) on the off-chance that some of the addresses will be valid. So in that case, replying to a spam is genuinely giving the spammers some information they didn't know.
In the case of a site that's already fairly certain it has a valid e-mail address, it's not really giving them much extra information to log on with that e-mail address. If you're lucky, the DMCA notice may get your information taken down in a few months' time. If your underlying issue is simply getting your information removed from the rogue site as quickly as possible, then I would be tempted to go for the pragmatic option on this occasion-- swallow your pride and just log in and delete it using the facility they've provided. ▲ Collapse
| | | | | Closing the thread | Aug 8, 2009 |
OK, folks, support requests coming in on this issue have slowed considerably. I want to take this opportunity to thank Roxana, once again, for first bringing this up. I also want to thank Katalin, Neil and others who helped get us on the right track in the investigation, and those who otherwise cooperated to improve matters in this unfortunately incident. A big thank you to those who took matters in stride, offering encouragement in the midst of a very challenging period.
Support st... See more OK, folks, support requests coming in on this issue have slowed considerably. I want to take this opportunity to thank Roxana, once again, for first bringing this up. I also want to thank Katalin, Neil and others who helped get us on the right track in the investigation, and those who otherwise cooperated to improve matters in this unfortunately incident. A big thank you to those who took matters in stride, offering encouragement in the midst of a very challenging period.
Support staff members, and I, have come in today (Saturday) and are on duty to continue addressing the issue and answer related questions. Some of us will be on tomorrow, too. If anyone has an urgent concern and needs to speak with me directly, please send an email and I will give you my skype info.
We'll keep posting updates to the security page regarding progress in getting the content down, pursuing justice, improving security, and otherwise taking steps to ensure this sort of thing does not happen again.
(I wrote "closing the thread" but I have left it open. Post if you absolutely must!) ▲ Collapse
| | |
|
|
|
| Thank you, Katalin | Aug 10, 2009 |
I hope this helps.
Katalin
Thank you, Katalin! I've just managed to remove my account! I'm so relieved!
| | | | | Has anybody succeeded in getting their data removed through an e-mail cease and desist? | Aug 11, 2009 |
I have tried every possible solution to get my data removed. Nothing works.
I wrote to OSR last week demanding they immediately remove the data. I took care in mentioning that I have archived data from their site to prove that they have stolen my identity, and that I was just waiting to click on Send to forward the data to authorities. I have so far received no reply and "my" account is still there.
Has anybody succeeded in removing their data by asking them to do so by... See more I have tried every possible solution to get my data removed. Nothing works.
I wrote to OSR last week demanding they immediately remove the data. I took care in mentioning that I have archived data from their site to prove that they have stolen my identity, and that I was just waiting to click on Send to forward the data to authorities. I have so far received no reply and "my" account is still there.
Has anybody succeeded in removing their data by asking them to do so by e-mail? If yes, please let me know how you did it, how long it took to get the data removed, what OSR told you, etc. I want my data removed, and it seems the powers that be are unwilling to help and/or inefficient.
Thanks! ▲ Collapse
| | | | malaudes
Argentina
Local time: 23:32
Da Inglese a Spagnolo
+ ...
Many thanks Katalin for all the info! Successfully deleted all the stolen info!
| | | | | Pagine: < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] > | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » Illegal use of data from ProZ.com profile | Protemos translation business management system | Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!
The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.
More info » |
| | Anycount & Translation Office 3000 | Translation Office 3000
Translation Office 3000 is an advanced accounting tool for freelance translators and small agencies. TO3000 easily and seamlessly integrates with the business life of professional freelance translators.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
