Re: [Anti-fraud] good ideas
Duane
> No, because it is just not a very profitable thing to
> do. To make any money out of it, you have to keep your
> fake storefront running, and fully simulating the real
> store front, for a while.
Ok, based on this reply and others we can assume it's possible to judge
the possibility of fraud in similar manners to how we associate fraud in
real life, ie ask others about (or in this high tech world google about
it), after all if you have a problem with a company you tell everyone
about it, or at least all the bloggers seem to.
This was in line with my comment to the mozilla list the other day how
people as a society have been building relationships for thousands of
years without some non-government body that is only concerned with it's
own self interests telling us who we can and cannot "trust".
The only thing pending is we just need proof of ongoing relationships,
and pet name like tools do this at zero cost to all involved..
This is looking more and more about building a business case for CAs,
then building a case for better end user security. The end user goes to
their bank to get an account, they have all the web addresses verified
out of band.
> Just set up a site that says "free porn, register here."
That technique has been used in the past to get round captchas...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
Heikki Toivonen
> Ok, based on this reply and others we can assume it's possible to judge
> the possibility of fraud in similar manners to how we associate fraud in
> real life, ie ask others about (or in this high tech world google about
> it), after all if you have a problem with a company you tell everyone
> about it, or at least all the bloggers seem to.
If it were so easy. I've run into this situation several times. I've
wanted to buy something fairly expensive, and went looking for good
deals on the net. I then find a bunch of online stores with good prices.
I have tried all kinds of search (typically "company name" suck etc.),
look at sites where other companies are rated etc. But when you go
through some of that you realize you are not much wiser, because:
- if the site is new, there won't be any feedback
- if there is only good experiences, it goes under reported (maybe not
reported at all)
- if there are bad reports, there will certainly be good reports as
well, and you will have a fiendishly hard problem of trying to figure
out if the good outweigh the bad (the ugliest situation is when the
company that is being criticized by some is heavily promoted by the
company itself by their bloggers etc.)
- you have competing companies anonymously bashing each other
- any company that has operated for a while will gather both good and
bad feedback
In short, either you get no feedback at all or you get mixed feedback.
--
Heikki Toivonen
Duane
I don't see how EV certificates will solve any of the above points either...
Ian G
This is a mistake, you are using two conflicting objectives:
the cheapest price versus the reliability / reputation of a
credible store. If you went to a company with a brand name
like Dell or Frys or ... (I'm not up to date with US brands)
then there wouldn't be a problem. It would just cost you
more.
Basically, feedback a.k.a. reputation a.k.a. brand costs money
to create.
That cost means higher prices.
TANSTAAFL.
>> I don't see how EV certificates will solve any of the above points either...
It can potentially add a little to a brand approach. But
it's tiny, and easily bypassed. And not something that
should be mandated by anyone.
iang