On Fri, Feb 4, 2011 at 11:24 AM, Wesley Kerfoot <wja...@gmail.com> wrote: > I think the fact that they have that info in their systems is pretty awful. > I wouldn't trust them with my personal information. How do you know some > disgruntled employee won't take it all and sell it? Or that their database > servers are insecure? BB have shown that they have incompetent employees and > no ethics whatsoever. http://dsandler.org/wp/archives/2002/05/01/it-seems-that-best-buy-uses-unencrypted-wireless-to-transfer-in-store-data-including-register-transactions-credit-card-info
> > On Fri, Feb 4, 2011 at 11:16 AM, Thor (Hammer of God) <t...@hammerofgod.com> > wrote: >> >> I found this interesting, so I thought I would share it. >> >> >> >> Over the last few years I had amassed quite a number of various gaming >> system games that I never used anymore (if at all) so I decided to trade >> them in at Best Buy (they do this for store credit). Though $3 for a $50 >> game wasn’t exactly attractive, I figured I could get a free Blue Ray out of >> it, so why not. >> >> >> >> I showed up with a stack of games, and sat at the counter for about 30 >> minutes while the guy individually entered each title, catalog number, etc >> for each game. After all that, he finally said that he needed to see my >> driver’s license in order to give me my $73 credit. I always question this >> type of thing, so asked him why. “In case these were stolen” he says, going >> on to say it is store policy. Whatever, I think, so I give it to him. He >> doesn’t just look at it, but starts entering my info into the system – I >> didn’t care because it was an out-of-state license, but didn’t like that he >> was actually entering it into the system. >> >> >> >> He then notices that my license had expired a month earlier. I actually >> knew this, but wasn’t going to offer it up. He says he can’t take it, and I >> give the obligatory “I’m not driving in the store, I’m just giving you >> games” bit and the “it was me a month ago, so what difference does it make >> now” pitch. He goes asks the manager, and sure enough, they can’t take it >> because it is expired. >> >> >> >> So this is the point where I really start to wonder and ask more questions >> about what difference it makes. He then tells me that the reason he has to >> enter so much information, including each individual title and UPC, is >> because they have to send all this information to the Seattle police in case >> any of the titles I turned in were reported stolen by someone. I asked how >> they expected to match up a stolen title with a redeemed one short of >> putting 5 “Pimp My Ride” games in a line-up for identification, and of >> course the kid didn’t know and didn’t care. I then pointed out that even if >> I did steal it, if the cops came around looking for it, I wouldn’t have it >> anymore anyway because it would be in the Best Buy warehouse. More not >> caring. >> >> >> >> While the overall process of wasting police resources on tracking games >> that might have been stolen seems like a complete waste of time and money, >> what really concerned me is that Best Buy was going to send my personal >> information over to the police without disclosing anything to me. There was >> no mention of it anywhere, no fine print, nothing. Had my license not been >> expired, that info (which they would not have had) would be put into the >> public system, and there would be no way I could control the information or >> what they did with it. This would have been particularly bad if I had to >> explain why I had a copy of “Barbie’s Horse Adventure” at some point. >> >> >> >> As far as profiling is concerned, you would think they would be more >> interested in the fact that I was going to use the $73 credit towards the >> purchase of a couple of seasons of Dexter, but I have no way of knowing that >> they wouldn’t have sent this information anyway. It begs the question as to >> what other information Best Buy is sending to whom, and what kind of privacy >> rights I am implicitly giving up by shopping there. If they can report >> personal information to government agencies without my knowledge, approval, >> or any sort of notification, and in this case collected the information for >> the explicit purpose of doing so, why else are they collecting? >> >> >> >> AFAIAC, there is something seriously wrong with this. Anyway, I thought I >> would share this in case anyone found it interesting. >> >> [SNIP] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/