The team of PayPal is a band of pigs and cads!

Mike Perry mikeperry at fscked.org
Wed Aug 25 08:24:21 UTC 2010 

Thus spake David Carlson (carlson.dl at sbcglobal.net):

>On 8/23/2010 2:05 PM, Andrew Lewman wrote:
> >They are correct,
> >https://cms.paypal.com/us/cgi-bin/?&cmd=_render-content&content_ID=ua/UserAgreement_full&locale.x=en_US
> >
> >Section 9.1, j.
> >
> >Apparently they don't want you as a customer if you want to protect
> >yourself from unscrupulous marketing or local ISP surveillance.  I'll
> >start a conversation with them.  Thanks for bringing this up.
> >
> I am a newbie here.  Since they use SSL, isn't it overkill to route your 
> connection through Tor?  I know it is a pain to switch Tor on and off 
> when multitasking, but it would seem that Tor button could do that.

There have already been lots of excellent paypal-specific answers
here, but the more general problem is that any company on the web is,
or at least eventually will conider, making money of of your
information, any way they can.

Using the Firefox addon RequestPolicy really makes you aware of this.
For example, I've seen facebook domains sourced in my airline ticket
purchase windows. When I happen to be wearing my paranoid hat (pretty
often -- it's rather stylish), I am convinced this is facebooks' way
of getting to ground-truth on an identity they have a profile for,
because plane ticket use is strongly authenticated.

I'm sure the same thing can happen with any bank, or even online
merchant. Once they get a purchase with a cookie set and IP, they not
only know your location, but they can correlate it with the rest of
the marketing data they have on you, and if you dont clear your use
Tor+Torbutton, they can infer a list of the rest of the websites you
visit.  In this case, "they" of course, are the voracious advertising
companies[1].

In fact, because so many users are actually clearing cookies these
days, marketing companies have begun developing fingerprints to track
you even if your cookies and IP change:
https://wiki.mozilla.org/Fingerprinting. Torbutton blocks most of
these, but work needs to be done to block more.

So for me, Tor is about cutting that crap off at the bud. If I must be
strip-searched at the airport (digitally or not), and have my airline
ticket purchase IP recorded at the DHS[2], at the very least they will
not correlate that with my other Internet activity.

In fact, you could take the paypal conspiracy one further, in that
they also don't like many forms of prepaid gift card use. They are
simply not interested in collecting information that contains any
noise what-so-ever...

1. http://techcrunch.com/2009/11/06/zynga-scamville-mark-pinkus-faceboo/
2. http://current.newsweek.com/budgettravel/2008/12/whats_in_your_government_trave.html

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20100825/584da06f/attachment.pgp>

More information about the tor-talk mailing list