| Halaman dalam topik: < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] > | Illegal use of data from ProZ.com profile Penyiaran jaluran : RoxanaTrad (X)
|
|---|
| Response from staff | Jul 19, 2009 |
Hi all,
I am out of the country and this matter just came to my attention. This is an important topic that we are investigating. There are a couple of points I can make immediately, however.
For the purposes of this discussion, the first thing to understand is that there is data in your profile that is public, and there is data in your profile that is not public.
As a logical matter, when you choose to make information public in your profile, well, you have... See more Hi all,
I am out of the country and this matter just came to my attention. This is an important topic that we are investigating. There are a couple of points I can make immediately, however.
For the purposes of this discussion, the first thing to understand is that there is data in your profile that is public, and there is data in your profile that is not public.
As a logical matter, when you choose to make information public in your profile, well, you have made it public. To be clear, this fact does not give sites like "outsourcingroom" the right to use your data, and you are quite within your rights to demand that they not -- in fact ProZ.com is in the process of preparing our own demand that data found in ProZ.com profiles be removed from that site -- but no one should be surprised any site has access to data in a profile which is, after all, public.
As for the data in your profile that is not public, no one should have access to it. To get it, one would have to breach ProZ.com's security, and while that is certainly possible (no system is entirely secure), we do not at this time have any indication that a breach has actually occurred. There have been a number of reports that data which is not public has appeared on the site in question, but when we have gotten exact details and investigated, so far it has turned out in each case that the information was actually public somewhere. (For example in a forum posting.)
As for the report in this thread that a name was taken from credit card information, there is no need to worry on that count, because ProZ.com does not process any payments and therefore does not have any financial or identity information from credit cards, etc. (Membership fees, etc., are always processed behind the scenes by Paypal or similar.)
We have more reports to look into, though, including those made in this thread.
This is my preliminary report. I'll keep you posted. ▲ Collapse
| | | | Claudio Porcellana (X) 
Itali
| Illegal use of identity | Jul 19, 2009 |
I'm on that website too, but note that I found my records only putting my surname in the search field: putting name & surname I found nothing!
anyway, there are 2 records with unuseful informations
first record:
Login xxxPorcellana
First Name Claudio
Last Name Porcellana
Country Italy
State Turin
City La Cassa
second record:
Login Current ID Proz
First Name Claudio
Last Name Porcellana
Country Ita... See more I'm on that website too, but note that I found my records only putting my surname in the search field: putting name & surname I found nothing!
anyway, there are 2 records with unuseful informations
first record:
Login xxxPorcellana
First Name Claudio
Last Name Porcellana
Country Italy
State Turin
City La Cassa
second record:
Login Current ID Proz
First Name Claudio
Last Name Porcellana
Country Italia
State Piemonte
City Villarbasse
note that the first record shows an old address, were I lived about 8 years ago, and a never existed (as I can remember) Proz username/visible ID
only the second record shows my current address
this more updated record shows the current Proz login username, but I remember that I used it as a visible ID for a short period, by mistake, many years ago
currently, I use a visible ID that is different from Proz login username, and doesn't appear on outsourcingroom.com
so, I think that in my case it's only a matter of (very old) data-mining yield
finally, I'll not ask them to remove my records for the same reason that I never answer to pishing e-mails: they can interpret the answer as an existence evidence for that particular ID ...
;-D
Claudio
[Edited at 2009-07-19 22:44 GMT] ▲ Collapse
| | | | JaneTranslates
Puerto Rico
Local time: 00:34
Bahasa Sepanyol hingga Bahasa Inggeris
+ ...
| Clarifying (and partially retracting) my statement | Jul 19, 2009 |
Henry D wrote:
As for the report in this thread that a name was taken from credit card information, there is no need to worry on that count, because ProZ.com does not process any payments and therefore does not have any financial or identity information from credit cards, etc. (Membership fees, etc., are always processed behind the scenes by Paypal or similar.)
Thanks, Henry, for responding to this thread and for any and all efforts being made to investigate and deal with this disconcerting situation. I checked on a few things and am making the following clarification (and partial retraction) in the hopes that it will aid in your investigation.
I guess I'm the one making the "report in this thread that a name was taken from credit card information." I never meant to imply that I thought my credit card data had been compromised. I just meant that "H. Barnes de Ramirez," as my name appears on Outsourcingroom, is a name that I NEVER use ANYWHERE. As can be seen on my ProZ profile, my full name is Helen Jane Barnes de Ramírez. The name I use both socially and professionally is Jane Ramírez. The only place I've ever come across the truncated "H. Barnes de Ramírez" version is here on ProZ.
Here's the "Retraction" part: I thought the truncated version came from a credit card, but it did not. It WAS, very briefly, on public display on ProZ (though without my approval!), for a couple of hours on October 3, 2006. I was trying to find a way to change my username from "JaneTranslates" to "Jane Ramírez (JaneTranslates)," without losing my Verified ID. I was told that username had too many characters. While trying to find a solution, a staffer changed my username to "H. Barnes de Ramírez," without consulting me. I was greatly dismayed and quickly got it changed back. If you want to see the details, please check my support ticket history--the ticket is dated October 1, 2006, with the title, "Want to change my username without losing VID."
So, I was wrong about the short version being my (private) registered name on ProZ. I apologize for my faulty memory and for propagating my error. Still, isn't it strange that the scammers mined info that appeared publicly for only 2 hours, nearly 3 years ago? The only record of that username is in that support ticket, which is NOT on public display, unless ProZ keeps some sort of record of old usernames--also not a public-access file, I'm sure. What are the odds of their finding precisely that version of my name?
I hope this can be resolved. In my own case, I'm not bothered much by it, either personally or professionally, since I don't use that identity. Many of my colleagues, however, have reason to be distressed.
Jane Ramírez (JaneTranslates)
| | | | PRen (X)
Kanada
Local time: 01:34
Bahasa Perancis hingga Bahasa Inggeris
+ ...
| Well, that's interesting... | Jul 19, 2009 |
Henry D wrote:
As for the report in this thread that a name was taken from credit card information, there is no need to worry on that count, because ProZ.com does not process any payments and therefore does not have any financial or identity information from credit cards, etc. (Membership fees, etc., are always processed behind the scenes by Paypal or similar.)
We have more reports to look into, though, including those made in this thread.
This is my preliminary report. I'll keep you posted.
because when I filled up my "wallet" to buy a translation, you took my credit card information. Paypal was not involved.
| | |
|
|
|
| Cancelling all copying and information retrivals on the pages | Jul 19, 2009 |
Hi,
I don't think that this illegal use happened because of the publicity of the profiles.
Such situations happened (and will continue to happen) because of the functions provided on the pages such as select & copy.
If site would find something that restricts or makes very difficult to copy the information on the pages then I think we would never suffer from such stealings.
I suggest cancelling all copying and retrieval methods on the pages (at least for unr... See more Hi,
I don't think that this illegal use happened because of the publicity of the profiles.
Such situations happened (and will continue to happen) because of the functions provided on the pages such as select & copy.
If site would find something that restricts or makes very difficult to copy the information on the pages then I think we would never suffer from such stealings.
I suggest cancelling all copying and retrieval methods on the pages (at least for unregistered visitors)
I don't think those who aim to steal information would use the advanced information retrival methods. (They want easy money so they are lazy persons and won't spare their time by using different technics in order to write or scan the pages )
Regards,
M. Ali
Addendum:
May be cancelling right click of the mouse at all (for unregistered visitors)
[Edited at 2009-07-19 23:56 GMT] ▲ Collapse
| | | | | Yes, they are usually lazy | Jul 20, 2009 |
M. Ali Bayraktar wrote:
I don't think that this illegal use happened because of the publicity of the profiles.
Such situations happened (and will continue to happen) because of the functions provided on the pages such as select & copy.
If site would find something that restricts or makes very difficult to copy the information on the pages then I think we would never suffer from such stealings.
I suggest cancelling all copying and retrieval methods on the pages (at least for unregistered visitors)
I don't think those who aim to steal information would use the advanced information retrival methods. (They want easy money so they are lazy persons and won't spare their time by using different technics in order to write or scan the pages )
So the thought that they might actually be sitting there and physically copy + pasting is just fantasy.
From Jane and Claudio's comments above it seems quite clear that somebody has managed to lay there hands on old database material.
| | | |
PRen wrote:
Henry D wrote:
As for the report in this thread that a name was taken from credit card information, there is no need to worry on that count, because ProZ.com does not process any payments and therefore does not have any financial or identity information from credit cards, etc. (Membership fees, etc., are always processed behind the scenes by Paypal or similar.)
We have more reports to look into, though, including those made in this thread.
This is my preliminary report. I'll keep you posted.
because when I filled up my "wallet" to buy a translation, you took my credit card information. Paypal was not involved.
Nope. As I said, this stuff happens behind the scenes. Since ProZ.com does not have a merchant account, it could not process your credit card even if it wanted to. (And it doesn't.)
| | | | | Yes there are a lot of question marks | Jul 20, 2009 |
Madeleine MacRae Klintebo wrote:
M. Ali Bayraktar wrote:
I don't think that this illegal use happened because of the publicity of the profiles.
Such situations happened (and will continue to happen) because of the functions provided on the pages such as select & copy.
If site would find something that restricts or makes very difficult to copy the information on the pages then I think we would never suffer from such stealings.
I suggest cancelling all copying and retrieval methods on the pages (at least for unregistered visitors)
I don't think those who aim to steal information would use the advanced information retrival methods. (They want easy money so they are lazy persons and won't spare their time by using different technics in order to write or scan the pages )
So the thought that they might actually be sitting there and physically copy + pasting is just fantasy.
From Jane and Claudio's comments above it seems quite clear that somebody has managed to lay there hands on old database material.
I thought that the situation concerns only public information. But it is obvious from the other statements that it is not related to public information only (according to the statements of course).
So there are a lot of question marks come to my mind;
For example one of them:
It is a strange coincidence that recently Proz.com opened it's new office in Ukraine and now as I see there is a person from Ukraine who got those public/non-public details.
May be site did something wrong while sharing the reach to database from Ukraine?
Or may be there is a worser scenario...
[Edited at 2009-07-20 00:31 GMT]
| | |
|
|
|
| Thanks, Jane | Jul 20, 2009 |
Thanks for this interesting bit of additional information, Jane.
JaneTranslates wrote:
Still, isn't it strange that the scammers mined info that appeared publicly for only 2 hours, nearly 3 years ago?
Yes, it is strange. Especially since even gaining access to the ProZ.com database would not give you that information. (An edited username gets overwritten and one that has been overwritten is not saved elsewhere.)
| | | |
M. Ali Bayraktar wrote:
Madeleine MacRae Klintebo wrote:
From Jane and Claudio's comments above it seems quite clear that somebody has managed to lay there hands on old database material.
I thought that the situation concerns only public information. But it is obvious from the other statements that it is not related to public information only (according to the statements of course).
No, that is not correct. Jane and Claudio are both reporting on information that was once public. We still do not have an instance of data which was never public having been accessed.
| | | | | Data combination | Jul 20, 2009 |
Henry D wrote:
No, that is not correct. Jane and Claudio are both reporting on information that was once public. We still do not have an instance of data which was never public having been accessed.
Hi Henry,
In my case, the data appearing on outsoucingroom, is not important. Further, it is publicly known (my contact information on ATA website). However, it appears in a combination that only appears (in combination) on ProZ internal data.
Let me explain: I searched outsourcingtoom, using all possible combinations of my name and last names. Nothing. But then I googled for "Luis Arri Cibils" and found this:
Outsourcing everywhere. Find designers, coders, writers ...
Profile of Luis_Arri (Luis Arri Cibils) · Profile of transtel01 (Harry Prezzer) · Profile of PAK01 (icl translations) · Profile of Gladius87 (Su Ming Tai) ...
www.outsourcingroom.com/AllUsers/27105/Default.cbsx - Cached - Similar
What is the relevance?
1. I use Cibils (my mother's maiden name) only in ProZ
2. Luis_Arri (note the underscore) is my eamil address. Yes, it appears on the ATA site, an assumed commercial risk, but nowhere on that site I use Cibils.
Luis_Arri is listed, with my correct address (city, state and country), on outsourcingroom.
A search for "Luis Arri Cibils" and Luis_Arri only gives as a result the above mentioned hit.
Yes, it is possible they could have combined the data from different sources, but, is it likely?
In any event, the data disclosed is not relevant, AFAIK, but I would like to know.
Best regards,
Luis
| | | | | Thanks, Luis | Jul 20, 2009 |
Luis Arri Cibils wrote:
However, it appears in a combination that only appears (in combination) on ProZ internal data.
Thanks for this post, Luis. I checked and I think you are wrong in concluding that some of the data is "internal". All of the information I see for you at outsourcingroom is information that can be accessed by anyone who visits your ProZ.com profile, ie. it is data that you have made public. (Please log out and check it for yourself, and if I am wrong, correct me.)
As for the username that they have assigned to you, "Luis_Arri", it seems to me that that can not come from ProZ.com, because it does not appear anywhere in your ProZ.com profile, public or private. My guess is that the string was generated automatically by an algorithm that looks at your name. It is common practice for such algorithms to replace spaces with underscores; this is done by wikipedia, for example. (They also would have checked it against other usernames in their database to be sure it is a unique sequence; for this reason, I would not be surprised if some other users see that unique usernames have been created for them.)
By the way, it seems to me that outsourcingroom is making changes -- your link there doesn't work anymore. I imagine they are hearing from lots of unhappy people right now.
| | |
|
|
|
irina savescu
Romania
Local time: 07:34
Bahasa Inggeris hingga Bahasa Romania
| Two profiles | Jul 20, 2009 |
Well, mine are still there and they are both definitely from proz.com. I checked all the other websites were I have listed my profile and also checked websites of people that have my exact name and realised that they could only take it from here.
They were obviously mined from different years. Sometime before the end of 2008 I listed my location as Cluj, Romania, because that is were I spent four years during my University studies. Then, moving back to Iasi, my hometown, I changed this inf... See more Well, mine are still there and they are both definitely from proz.com. I checked all the other websites were I have listed my profile and also checked websites of people that have my exact name and realised that they could only take it from here.
They were obviously mined from different years. Sometime before the end of 2008 I listed my location as Cluj, Romania, because that is were I spent four years during my University studies. Then, moving back to Iasi, my hometown, I changed this information in my profile (end of 2008 or beginning of 2009).
So now I have to profiles on outsourcingroom.com. And the only thing that bothers me is that on the second one, they use my login name. I used that name on my profile between 2004 and 2008 when I was only reading the forum from time to time, or looking at Kudoz questions, without actively participating in any way.
Then, sometime in August or September I changed the name displayed to my real name as I was also starting to translate full time and started participating in the forum threads, Kudoz, polls, etc.
To make a long story short, my details where taken by outsourcingroom in two separate moments and have generated two distinct profiles, neither one at my request or with my permission. The email message that I have sent them on Saturday requesting to be removed from their website has not received any reply. My profiles are still there and there is no contact information or link for any of the profiles.
It seems that right now someone claiming to be the CEO of the company behind outsourcingroom.com posted a one page long disclaimer on their website. No appologies whatsoever, just a cheap attack against the people at elance who are, according to him, the only ones to blame for the security breach.
http://www.outsourcingroom.com/en/services/AboutOutsourcingRoom.aspx
To Henry, I'll send all the links and other proof in a support ticket I will make today. ▲ Collapse
| | | | | Thank you, Henry. My last comments on the subject. | Jul 20, 2009 |
Hi Henry,
Thank you for your fast answer.
Your explanation seems logical. I checked before posting and I did not see any underscore, but I did check again now, and although I still did not find any underscore, all logins were a single word.
As to Luis_Arri, it does appear on ProZ internal records. It is the first part of my email address, all the way up to, but not including, the @. It is on a line (visible only to me) close to the User Name line. I though... See more Hi Henry,
Thank you for your fast answer.
Your explanation seems logical. I checked before posting and I did not see any underscore, but I did check again now, and although I still did not find any underscore, all logins were a single word.
As to Luis_Arri, it does appear on ProZ internal records. It is the first part of my email address, all the way up to, but not including, the @. It is on a line (visible only to me) close to the User Name line. I thought that the machine could have somehow skipped lines o reversed two.
In any event, there is nothing on ProZ records (private and public), excluding my credit card info (and you have already addressed that issue), that I would be concerned if disclosed. And the only way to be fully protected is becoming fully unreachable to the clients.
BTW, do you know that you are there, too, in five places from all over the planet, with user names such as proz, xxxHDrex? And Cathy, and Patrick, and several other Dotterers, too.
That link never worked. It sends you to the main page of that site. But you are right, things are moving there. There is a message on the home page from their CEO. Elance has moved against them. The CEO says we can delete our info from our profiles, but I have not been able to do it (prob I need a PW). If any Prozian finds away to do it, please let us know.
Thank you, Henry, again.
Luis ▲ Collapse
| | | | irina savescu
Romania
Local time: 07:34
Bahasa Inggeris hingga Bahasa Romania
| CEO statement | Jul 20, 2009 |
There is a message on the home page from their CEO. Elance has moved against them. The CEO says we can delete our info from our profiles, but I have not been able to do it (prob I need a PW). If any Prozian finds away to do it, please let us know.
Seems we posted at the same time
Regarding the statement, surely you can login and remove your profile. But to do that you need to have signed up with them sometime in the past and none of the people complaining in the forum have done that.
Thanks a lot outsourcingroom dot com. It is my fault I never signed up with you. Had I done that, now I would have been able to remove my profile.
| | | | | Halaman dalam topik: < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] > | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » Illegal use of data from ProZ.com profile | Protemos translation business management system | Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!
The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.
More info » |
| | TM-Town | Manage your TMs and Terms ... and boost your translation business
Are you ready for something fresh in the industry? TM-Town is a unique new site for you -- the freelance translator -- to store, manage and share translation memories (TMs) and glossaries...and potentially meet new clients on the basis of your prior work.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
