It included this link:
http://primusstimulus.ca/landing.aspx?xid=15459722
Which led to an absurd congratulatory "viral" video campaign that made
me want to gouge out my eyes. This video gimmick features my name all
over the place. What's the hook, I wondered? Someone gets paid for this?
It gets far better though: after the video played, I was shown a page
with my name and email address prominently featured.
To reproduce:
1. Copy http://primusstimulus.ca/landing.aspx?xid=15459722 into your
browser bar. Change the xid= number up or down a few hundred or so if
you like.
2. Wait for the page to load and for the server gerbil to grind out
your video and start playing. Do not watch the video, you will want
those 2 minutes back.
3. Click this link: http://primusstimulus.ca/refer.aspx
4. Profit!
The unsubscribe link takes me through dmenet.com, a Florida-based
unwelcome-email consultant.
Way to go, guys! Thanks for the spam!
As a breach of privacy, you mean?
> Jason Doucette and I blogged about it:
Jason is a technical expert. His blog post concludes that the breach
was probably unintentional, a technical oversight by the company. On
reflection, was posting/blogging about it the right way to respond?
I don't pretend I would have done better in your place. I don't know,
I wasn't there. But it's an interesting ethical question, all the
same.
--
Michael Allan
Toronto, 647-436-4521
http://zelea.com/
I thought about this. As a practical matter, it is probably not going
to result in any noteworthy negative effect on those 120,000 or so
people.
It's only name + email address, after all. I'm sure that some
of them uses their last name as a hotmail password. Oh well.
The practical outcome I wanted is not a black eye for Primus; they are
doing to the telecom monopolies what Teksavvy does, minus the
rabble-rousing, and this clearly went through the marketing guys who
probably didn't guess there was a security aspect to this.
I want their supplier, "DME Enterprises" who specialize in this kind of
unwelcome intrusion, to get a kick in the reputation they so richly
deserve.
So further to ethics, now that the site's gone, is it worth an edit to focus more on the technology issues and less on company reputation (noting that I don't even mention DME in the current revision)?