info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Blackmail Email
115 views
Skip to first unread message
Alasdair X
Aug 8, 2018, 4:26:58 AM8/8/18
to
I have received several emails in the past few days from "important" telling me to send him/her £1000 by bitcoin else he will tell all my contacts that I have been visiting pornographic websites which he claims to know about. As it happens, I have not been visiting such sites but I want to know how to track down his IP address to pass on to the police. When I hover over "important", no email address is displayed. The Bitcoin has to be sent to Bitcoin Address: 1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
Is it possible to find out the sender from this address?
Is it possible to find out the sender from this address?
Pelican
Aug 8, 2018, 5:34:13 AM8/8/18
to
On 8/08/2018 08:48, Alasdair X wrote:
> I have received several emails in the past few days from "important" telling me to send him/her £1000 by bitcoin else he will tell all my contacts that I have been visiting pornographic websites which he claims to know about. As it happens, I have not been visiting such sites but I want to know how to track down his IP address to pass on to the police. When I hover over "important", no email address is displayed. The Bitcoin has to be sent to Bitcoin Address: 1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
You and many others around the world.
> Is it possible to find out the sender from this address?
Not in reality.
> I have received several emails in the past few days from "important" telling me to send him/her £1000 by bitcoin else he will tell all my contacts that I have been visiting pornographic websites which he claims to know about. As it happens, I have not been visiting such sites but I want to know how to track down his IP address to pass on to the police. When I hover over "important", no email address is displayed. The Bitcoin has to be sent to Bitcoin Address: 1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
You and many others around the world.
> Is it possible to find out the sender from this address?
Norman Wells
Aug 8, 2018, 5:34:26 AM8/8/18
to
On 07/08/2018 23:48, Alasdair X wrote:
> I have received several emails in the past few days from "important" telling me to send him/her £1000 by bitcoin else he will tell all my contacts that I have been visiting pornographic websites which he claims to know about. As it happens, I have not been visiting such sites but I want to know how to track down his IP address to pass on to the police. When I hover over "important", no email address is displayed. The Bitcoin has to be sent to Bitcoin Address: 1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
> I have received several emails in the past few days from "important" telling me to send him/her £1000 by bitcoin else he will tell all my contacts that I have been visiting pornographic websites which he claims to know about. As it happens, I have not been visiting such sites but I want to know how to track down his IP address to pass on to the police. When I hover over "important", no email address is displayed. The Bitcoin has to be sent to Bitcoin Address: 1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
>
> Is it possible to find out the sender from this address?
Of course not. That's its whole point.
> Is it possible to find out the sender from this address?
Andy Burns
Aug 8, 2018, 5:34:43 AM8/8/18
to
Alasdair X wrote:
> I have received several emails in the past few days from "important" telling me to send him/her £1000 by bitcoin else he will tell all my contacts that I have been visiting pornographic websites which he claims to know about. As it happens, I have not been visiting such sites but I want to know how to track down his IP address to pass on to the police. When I hover over "important", no email address is displayed. The Bitcoin has to be sent to Bitcoin Address: 1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
>
> Is it possible to find out the sender from this address?
>
No chance, delete it and forget all about it
> I have received several emails in the past few days from "important" telling me to send him/her £1000 by bitcoin else he will tell all my contacts that I have been visiting pornographic websites which he claims to know about. As it happens, I have not been visiting such sites but I want to know how to track down his IP address to pass on to the police. When I hover over "important", no email address is displayed. The Bitcoin has to be sent to Bitcoin Address: 1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
>
> Is it possible to find out the sender from this address?
>
Robbie
Aug 8, 2018, 5:35:04 AM8/8/18
to
Alasdair X wrote:
> I have received several emails in the past few days from "important" telling me to send him/her £1000 by bitcoin else he will tell all my contacts that I have been visiting pornographic websites which he claims to know about. As it happens, I have not been visiting such sites but I want to know how to track down his IP address to pass on to the police. When I hover over "important", no email address is displayed. The Bitcoin has to be sent to Bitcoin Address: 1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
>
> Is it possible to find out the sender from this address?
I wouldn't normally provide a link to a thread at DigitalSpy but there's
> I have received several emails in the past few days from "important" telling me to send him/her £1000 by bitcoin else he will tell all my contacts that I have been visiting pornographic websites which he claims to know about. As it happens, I have not been visiting such sites but I want to know how to track down his IP address to pass on to the police. When I hover over "important", no email address is displayed. The Bitcoin has to be sent to Bitcoin Address: 1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
>
> Is it possible to find out the sender from this address?
a thread about the very email you have received
https://forums.digitalspy.com/discussion/2291408/porn-ransom-email
It's a scam email.
--
------
Robbie
Broadback
Aug 8, 2018, 5:35:25 AM8/8/18
to
On 07/08/2018 23:48, Alasdair X wrote:
> I have received several emails in the past few days from "important" telling me to send him/her £1000 by bitcoin else he will tell all my contacts that I have been visiting pornographic websites which he claims to know about. As it happens, I have not been visiting such sites but I want to know how to track down his IP address to pass on to the police. When I hover over "important", no email address is displayed. The Bitcoin has to be sent to Bitcoin Address: 1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
>
> Is it possible to find out the sender from this address?
>
I have also received several of these. though thee are several glaring
> Is it possible to find out the sender from this address?
>
mistakes the concern of mine is that they have one of my passwords correct.
TTman
Aug 8, 2018, 5:35:38 AM8/8/18
to
On 07/08/2018 23:48, Alasdair X wrote:
> I have received several emails in the past few days from "important" telling me to send him/her £1000 by bitcoin else he will tell all my contacts that I have been visiting pornographic websites which he claims to know about. As it happens, I have not been visiting such sites but I want to know how to track down his IP address to pass on to the police. When I hover over "important", no email address is displayed. The Bitcoin has to be sent to Bitcoin Address: 1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
>
> Is it possible to find out the sender from this address?
>
Look here... https://whatismyipaddress.com/trace-email
> Is it possible to find out the sender from this address?
>
It's probably an untraceable scam.
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
The Todal
Aug 8, 2018, 6:02:46 AM8/8/18
to
On 07/08/2018 23:48, Alasdair X wrote:
> I have received several emails in the past few days from "important" telling me to send him/her £1000 by bitcoin else he will tell all my contacts that I have been visiting pornographic websites which he claims to know about. As it happens, I have not been visiting such sites but I want to know how to track down his IP address to pass on to the police. When I hover over "important", no email address is displayed. The Bitcoin has to be sent to Bitcoin Address: 1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
>
> Is it possible to find out the sender from this address?
>
I posted the same query in May, with the subject line Internet Blackmail.
> Is it possible to find out the sender from this address?
>
I knew it was a scam and my query was, can the perpetrator be traced
from the bitcoin address to which the answer by consensus appears to be no.
Some websites suggest reporting it to law-enforcement authorities but I
assume there's no point, as there must be millions of these messages in
circulation.
In recent weeks I've had the same query from a family member in her 70s
who obviously knew that she hadn't been on any porn sites masturbating
to her webcam. And from an elderly friend in his 80s who embarrassingly
told me that he "may" have been looking at some porn on his computer at
the time and had resolved not to give into blackmail.
The scammer often quotes one of your own passwords as a way of
intimidating you - so he has access to some usernames and passwords
leaked, possibly many years ago, from insecure sites that you may have
registered with.
I think this is a reliable website to check if your password has been
made available to scammers. If not, perhaps someone will correct me.
https://haveibeenpwned.com/
Mark Goodge
Aug 8, 2018, 9:42:15 AM8/8/18
to
On Wed, 8 Aug 2018 10:16:36 +0100, Broadback
<messag...@j-towill.co.uk> wrote:
>On 07/08/2018 23:48, Alasdair X wrote:
>> I have received several emails in the past few days from "important" telling me to send him/her £1000 by bitcoin else he will tell all my contacts that I have been visiting pornographic websites which he claims to know about. As it happens, I have not been visiting such sites but I want to know how to track down his IP address to pass on to the police. When I hover over "important", no email address is displayed. The Bitcoin has to be sent to Bitcoin Address: 1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
<messag...@j-towill.co.uk> wrote:
>On 07/08/2018 23:48, Alasdair X wrote:
>>
>> Is it possible to find out the sender from this address?
>>
>I have also received several of these. though thee are several glaring
>mistakes the concern of mine is that they have one of my passwords correct.
Almost certainly from somewhere that you have (or had) an account with
>> Is it possible to find out the sender from this address?
>>
>I have also received several of these. though thee are several glaring
>mistakes the concern of mine is that they have one of my passwords correct.
but that has suffered a data breach.
You have, I presume, ceased using that password completely now (and,
if you haven't, then you should, as a matter of urgency). And if you
want to check whether any of your other passwords have been
compromised, then the excellent https://haveibeenpwned.com/Passwords
will allow you to do so.
(To forestall the obvious question about whether it's wise to send
your password to a website to see if someone else has your password,
there's a blog post at
https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#cloudflareprivacyandkanonymity
which explains how it's done in a way which preserves the security and
anonymity of the request).
Mark
Tim Watts
Aug 8, 2018, 9:42:28 AM8/8/18
to
On 07/08/18 23:48, Alasdair X wrote:
> I have received several emails in the past few days from "important" telling me to send him/her £1000 by bitcoin else he will tell all my contacts that I have been visiting pornographic websites which he claims to know about. As it happens, I have not been visiting such sites but I want to know how to track down his IP address to pass on to the police. When I hover over "important", no email address is displayed. The Bitcoin has to be sent to Bitcoin Address: 1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
emails and old passwords harvested from hacks/data breaches of other
people's servers that you may have had an account on at some point.
b) The best thing to do is hit the delete button.
c) If you want to forward to the Police (who being 20,000 officers short
compared to a decade or so ago probably won't have the resources to be
do anything), forward the entire mail including headers and leave it to
them to worry about the forensics.
> I have received several emails in the past few days from "important" telling me to send him/her £1000 by bitcoin else he will tell all my contacts that I have been visiting pornographic websites which he claims to know about. As it happens, I have not been visiting such sites but I want to know how to track down his IP address to pass on to the police. When I hover over "important", no email address is displayed. The Bitcoin has to be sent to Bitcoin Address: 1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
>
> Is it possible to find out the sender from this address?
>
a) These emails are not "personal" - they are a scripted scam, using
> Is it possible to find out the sender from this address?
>
emails and old passwords harvested from hacks/data breaches of other
people's servers that you may have had an account on at some point.
b) The best thing to do is hit the delete button.
c) If you want to forward to the Police (who being 20,000 officers short
compared to a decade or so ago probably won't have the resources to be
do anything), forward the entire mail including headers and leave it to
them to worry about the forensics.
Tim Watts
Aug 8, 2018, 9:42:43 AM8/8/18
to
happened on legit websites over the years.
https://haveibeenpwned.com/
will tell you (it's OK, it's a well known tester)
Caecilius
Aug 8, 2018, 9:43:34 AM8/8/18
to
clients hide most of these, and you need to do something like "view
message source" or "view full headers" to show them.
Here's some example headers from one of those common blackmail
messages that I received yesterday. My domain is replaced by
"DOMAIN", but everything else is unchanged:
Return-Path: <nor...@ginifabrics.co.in>
Received: from starburstsf.com (starburstsf.com [194.58.61.103])
by mercury.DOMAIN.com (8.14.4/8.14.4/Debian-4+deb7u1) with
ESMTP id w77CE3cl032135
for <recru...@DOMAIN.com>; Tue, 7 Aug 2018 13:14:09 +0100
Message-ID: <1CE6AD60885C7350...@ginifabrics.co.in>
From: "axxzmck" <nor...@ginifabrics.co.in>
To: <recru...@DOMAIN.com>
Subject: You're my victim
Date: Tue, 7 Aug 2018 13:13:21 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="fea60aa0044cf7863ca960c9bbb0"
>From this, we can see that:
a) The mailer that sent the email to my mail server has IP address
194.58.61.103.
b) The mailer at 194.58.61.103 claims to have the hostname
starburstsf.com, but this could be forged.
c) The envelope from address and the header from address are both
ginifabrics.co.in. But these could be forged.
So the only thing concrete we have to go on is the IP address
194.58.61.103. Putting this into an IP geolocation website gives:
194.58.61.103 Russian Federation Moskva Moscow
At that point, I generally give up.
GB
Aug 8, 2018, 9:49:27 AM8/8/18
to
On 08/08/2018 14:00, Caecilius wrote:
> So the only thing concrete we have to go on is the IP address
> 194.58.61.103. Putting this into an IP geolocation website gives:
>
> 194.58.61.103 Russian Federation Moskva Moscow
>
> At that point, I generally give up.
>
As well you should even if the originating country were not Russia,
> So the only thing concrete we have to go on is the IP address
> 194.58.61.103. Putting this into an IP geolocation website gives:
>
> 194.58.61.103 Russian Federation Moskva Moscow
>
> At that point, I generally give up.
>
because there's every chance the PC the email came from is part of a
botnet, and the PC owner is unaware of the scam.
Martin Brown
Aug 8, 2018, 10:26:19 AM8/8/18
to
On 08/08/2018 15:12, Jethro_uk wrote:
I do, but then that gets you into the "one ring to bind them all"
problem. Somewhere you need one secure master password that you can
remember reliably and isn't written down to access the data vault.
Otherwise you have to risk writing them down in a coded form that only
you can read or risk breaking the T&C's of your bank.
I have three rough tiers of passwords:
- financial sites where there is significant risk of financial loss.
- login email credentials where some embarrassment is a possibility.
- also ran websites which insist on me having a login account.
They get allocated passwords that although "strong" are nowhere near the
level of high entropy passwords that I use for banks and the like.
--
Regards,
Martin Brown
> On Wed, 08 Aug 2018 13:34:03 +0100, Mark Goodge wrote:
>
>> You have, I presume, ceased using that password completely now
>
> Having a unique password for every site you use should be second nature.
>
>> You have, I presume, ceased using that password completely now
>
I do, but then that gets you into the "one ring to bind them all"
problem. Somewhere you need one secure master password that you can
remember reliably and isn't written down to access the data vault.
Otherwise you have to risk writing them down in a coded form that only
you can read or risk breaking the T&C's of your bank.
I have three rough tiers of passwords:
- financial sites where there is significant risk of financial loss.
- login email credentials where some embarrassment is a possibility.
- also ran websites which insist on me having a login account.
They get allocated passwords that although "strong" are nowhere near the
level of high entropy passwords that I use for banks and the like.
--
Regards,
Martin Brown
Roland Perry
Aug 8, 2018, 12:07:21 PM8/8/18
to
In message <pketo1$r1c$2...@dont-email.me>, at 14:12:18 on Wed, 8 Aug 2018,
Jethro_uk <jeth...@hotmailbin.com> remarked:
>> You have, I presume, ceased using that password completely now
>
more ways to frustrate people who have algorithms to help them
"remember" hundreds of different passwords.
The sort of rules which make 'Password#1' acceptable, and much more
subtle ones unacceptable.
--
Roland Perry
Jethro_uk <jeth...@hotmailbin.com> remarked:
>> You have, I presume, ceased using that password completely now
>
>Having a unique password for every site you use should be second nature.
The problem with that is network-nazis at the sites come up with ever
more ways to frustrate people who have algorithms to help them
"remember" hundreds of different passwords.
The sort of rules which make 'Password#1' acceptable, and much more
subtle ones unacceptable.
--
Roland Perry
Graham.
Aug 8, 2018, 12:35:03 PM8/8/18
to
>(To forestall the obvious question about whether it's wise to send
>your password to a website to see if someone else has your password,
>there's a blog post at
>https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#cloudflareprivacyandkanonymity
>which explains how it's done in a way which preserves the security and
>anonymity of the request).
--
Graham.
%Profound_observation%
Judith
Aug 8, 2018, 12:35:46 PM8/8/18
to
Here's one of my passwords: 8bC#ne7Bk3wqcs$iLg
And before anyone says : that was silly - I've actully changed one of the
characters :-)
Roland Perry
Aug 8, 2018, 12:36:11 PM8/8/18
to
In message <pketq0$r1c$3...@dont-email.me>, at 14:13:21 on Wed, 8 Aug 2018,
Jethro_uk <jeth...@hotmailbin.com> remarked:
>> c) If you want to forward to the Police (who being 20,000 officers short
>> compared to a decade or so ago probably won't have the resources to be
>> do anything), forward the entire mail including headers and leave it to
>> them to worry about the forensics.
>
>Not so sure about that. Various news stories over the past few years
>suggest the police have a *lot* of resources for social media. Maybe less
>so for "real" crime ?
The only place interested in hearing about emerging threat vectors is
Action Fraud (and then only to gauge the extent, rather than the
existence), and there's little appetite within the police for dealing
with other than a few VIP harassment cases, and even fewer VIP hacking
cases.
--
Roland Perry
Jethro_uk <jeth...@hotmailbin.com> remarked:
>> c) If you want to forward to the Police (who being 20,000 officers short
>> compared to a decade or so ago probably won't have the resources to be
>> do anything), forward the entire mail including headers and leave it to
>> them to worry about the forensics.
>
>suggest the police have a *lot* of resources for social media. Maybe less
>so for "real" crime ?
The only place interested in hearing about emerging threat vectors is
Action Fraud (and then only to gauge the extent, rather than the
existence), and there's little appetite within the police for dealing
with other than a few VIP harassment cases, and even fewer VIP hacking
cases.
--
Roland Perry
Handsome Jack
Aug 8, 2018, 12:37:01 PM8/8/18
to
Mark Goodge <use...@listmail.good-stuff.co.uk> posted
different sites - discussion groups, internet retailers, etc - and
generally I use the same password, or nearly the same password, for all
of them, because it is such a pain to keep a record of thirty different
ones. Does this matter? What should I do if I find that this "universal"
password has been discovered by spammers such as Broadback's? Some of
these accounts haven't been used for years, and I might not even have a
record of them anywhere.
Needless to say I use quite different passwords for sensitive purposes
such as e-mail accounts and on-line banking.
--
Jack
>On Wed, 8 Aug 2018 10:16:36 +0100, Broadback
><messag...@j-towill.co.uk> wrote:
>
>>On 07/08/2018 23:48, Alasdair X wrote:
>>> I have received several emails in the past few days from "important"
>>>telling me to send him/her £1000 by bitcoin else he will tell all my
>>>contacts that I have been visiting pornographic websites which he
>>>claims to know about. As it happens, I have not been visiting such
>>>sites but I want to know how to track down his IP address to pass on
>>>to the police. When I hover over "important", no email address is
>>>displayed. The Bitcoin has to be sent to Bitcoin Address:
>>>1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
>>>
>>> Is it possible to find out the sender from this address?
>>>
>>I have also received several of these. though thee are several glaring
>>mistakes the concern of mine is that they have one of my passwords correct.
>
>Almost certainly from somewhere that you have (or had) an account with
>but that has suffered a data breach.
>
>You have, I presume, ceased using that password completely now (and,
>if you haven't, then you should, as a matter of urgency).
This isn't so easy for me. Over the years I have signed up on dozens of
><messag...@j-towill.co.uk> wrote:
>
>>On 07/08/2018 23:48, Alasdair X wrote:
>>> I have received several emails in the past few days from "important"
>>>telling me to send him/her £1000 by bitcoin else he will tell all my
>>>contacts that I have been visiting pornographic websites which he
>>>claims to know about. As it happens, I have not been visiting such
>>>sites but I want to know how to track down his IP address to pass on
>>>to the police. When I hover over "important", no email address is
>>>displayed. The Bitcoin has to be sent to Bitcoin Address:
>>>1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
>>>
>>> Is it possible to find out the sender from this address?
>>>
>>I have also received several of these. though thee are several glaring
>>mistakes the concern of mine is that they have one of my passwords correct.
>
>Almost certainly from somewhere that you have (or had) an account with
>but that has suffered a data breach.
>
>You have, I presume, ceased using that password completely now (and,
>if you haven't, then you should, as a matter of urgency).
different sites - discussion groups, internet retailers, etc - and
generally I use the same password, or nearly the same password, for all
of them, because it is such a pain to keep a record of thirty different
ones. Does this matter? What should I do if I find that this "universal"
password has been discovered by spammers such as Broadback's? Some of
these accounts haven't been used for years, and I might not even have a
record of them anywhere.
Needless to say I use quite different passwords for sensitive purposes
such as e-mail accounts and on-line banking.
--
Jack
Tim Watts
Aug 8, 2018, 4:42:48 PM8/8/18
to
On 08/08/18 15:13, Jethro_uk wrote:
> On Wed, 08 Aug 2018 13:45:45 +0100, Tim Watts wrote:
>
>> c) If you want to forward to the Police (who being 20,000 officers short
>> compared to a decade or so ago probably won't have the resources to be
>> do anything), forward the entire mail including headers and leave it to
>> them to worry about the forensics.
>
>
>> c) If you want to forward to the Police (who being 20,000 officers short
>> compared to a decade or so ago probably won't have the resources to be
>> do anything), forward the entire mail including headers and leave it to
>> them to worry about the forensics.
>
> Not so sure about that. Various news stories over the past few years
> suggest the police have a *lot* of resources for social media. Maybe less
> so for "real" crime ?
>
Social media != email scams.
> suggest the police have a *lot* of resources for social media. Maybe less
> so for "real" crime ?
>
Yellow
Aug 8, 2018, 4:43:22 PM8/8/18
to
In article <$iLQAPPW...@none.demon.co.uk>, Ja...@nowhere.com says...
passwords so for forums or unimportant and non personal websites, and
those that are important and personal where I use different passwords.
I also have different email addresses for the different categorises too.
And bollocks to all this "do not write it down" nonsense. I am far far
far more concerned about being hacked than burgled.
>
> Mark Goodge <use...@listmail.good-stuff.co.uk> posted
> >On Wed, 8 Aug 2018 10:16:36 +0100, Broadback
> ><messag...@j-towill.co.uk> wrote:
> >
> >>On 07/08/2018 23:48, Alasdair X wrote:
> >>> I have received several emails in the past few days from "important"
> >>>telling me to send him/her £1000 by bitcoin else he will tell all my
> Mark Goodge <use...@listmail.good-stuff.co.uk> posted
> >On Wed, 8 Aug 2018 10:16:36 +0100, Broadback
> ><messag...@j-towill.co.uk> wrote:
> >
> >>On 07/08/2018 23:48, Alasdair X wrote:
> >>> I have received several emails in the past few days from "important"
> >>>contacts that I have been visiting pornographic websites which he
> >>>claims to know about. As it happens, I have not been visiting such
> >>>sites but I want to know how to track down his IP address to pass on
> >>>to the police. When I hover over "important", no email address is
> >>>displayed. The Bitcoin has to be sent to Bitcoin Address:
> >>>1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
> >>>
> >>> Is it possible to find out the sender from this address?
> >>>
> >>I have also received several of these. though thee are several glaring
> >>mistakes the concern of mine is that they have one of my passwords correct.
> >
> >Almost certainly from somewhere that you have (or had) an account with
> >but that has suffered a data breach.
> >
> >You have, I presume, ceased using that password completely now (and,
> >if you haven't, then you should, as a matter of urgency).
>
> This isn't so easy for me. Over the years I have signed up on dozens of
> different sites - discussion groups, internet retailers, etc - and
> generally I use the same password, or nearly the same password, for all
> of them, because it is such a pain to keep a record of thirty different
> ones. Does this matter? What should I do if I find that this "universal"
> password has been discovered by spammers such as Broadback's? Some of
> these accounts haven't been used for years, and I might not even have a
> record of them anywhere.
>
> Needless to say I use quite different passwords for sensitive purposes
> such as e-mail accounts and on-line banking.
I have two categories - ones I do not care about and use common
> >>>claims to know about. As it happens, I have not been visiting such
> >>>sites but I want to know how to track down his IP address to pass on
> >>>to the police. When I hover over "important", no email address is
> >>>displayed. The Bitcoin has to be sent to Bitcoin Address:
> >>>1E2LsJumNzVCD1ghNnxXexxtJvMkhFm1SW
> >>>
> >>> Is it possible to find out the sender from this address?
> >>>
> >>I have also received several of these. though thee are several glaring
> >>mistakes the concern of mine is that they have one of my passwords correct.
> >
> >Almost certainly from somewhere that you have (or had) an account with
> >but that has suffered a data breach.
> >
> >You have, I presume, ceased using that password completely now (and,
> >if you haven't, then you should, as a matter of urgency).
>
> This isn't so easy for me. Over the years I have signed up on dozens of
> different sites - discussion groups, internet retailers, etc - and
> generally I use the same password, or nearly the same password, for all
> of them, because it is such a pain to keep a record of thirty different
> ones. Does this matter? What should I do if I find that this "universal"
> password has been discovered by spammers such as Broadback's? Some of
> these accounts haven't been used for years, and I might not even have a
> record of them anywhere.
>
> Needless to say I use quite different passwords for sensitive purposes
> such as e-mail accounts and on-line banking.
passwords so for forums or unimportant and non personal websites, and
those that are important and personal where I use different passwords.
I also have different email addresses for the different categorises too.
And bollocks to all this "do not write it down" nonsense. I am far far
far more concerned about being hacked than burgled.
Martin Brown
Aug 9, 2018, 5:09:12 AM8/9/18
to
store payment details really need such aggressive protection?
Likewise I wonder why when a bank card is only protected by a 4 digit
PIN that the rail tickets you buy with it are protected by a high
entropy password that includes all the worst misreading lookalikes!
--
Regards,
Martin Brown
Andy Burns
Aug 9, 2018, 5:31:03 AM8/9/18
to
Martin Brown wrote:
> But does the access to an online plant vendor that you don't allow to
> store payment details really need such aggressive protection?
Perhaps not, but when it's as easy to give everything a strong,
> But does the access to an online plant vendor that you don't allow to
> store payment details really need such aggressive protection?
individual password, why not do it anyway?
Roland Perry
Aug 9, 2018, 7:01:45 AM8/9/18
to
In message <pkgtm2$io9$2...@gioia.aioe.org>, at 09:23:29 on Thu, 9 Aug
2018, Martin Brown <'''newspam'''@nezumi.demon.co.uk> remarked:
>Likewise I wonder why when a bank card is only protected by a 4 digit
>PIN that the rail tickets you buy with it are protected by a high
>entropy password that includes all the worst misreading lookalikes!
I think the "number" you get (the name assigned by different TOCs, even
at different parts of the process are often different and confusing) is
unique to their ticket sales database and is used to look up the journey
you bought.
The card number you present to the TVM is neither necessary nor
sufficient to identify the ticket about to be vended.
--
Roland Perry
2018, Martin Brown <'''newspam'''@nezumi.demon.co.uk> remarked:
>Likewise I wonder why when a bank card is only protected by a 4 digit
>PIN that the rail tickets you buy with it are protected by a high
>entropy password that includes all the worst misreading lookalikes!
at different parts of the process are often different and confusing) is
unique to their ticket sales database and is used to look up the journey
you bought.
The card number you present to the TVM is neither necessary nor
sufficient to identify the ticket about to be vended.
--
Roland Perry
Yellow
Aug 9, 2018, 8:47:35 AM8/9/18
to
In article <ft2fuh...@mid.individual.net>, use...@andyburns.uk
says...
It is of course do-able, but why bother if you do not need to?
What is the potential loss?
says...
What is the potential loss?
Roland Perry
Aug 9, 2018, 9:00:34 AM8/9/18
to
In message <pkh0jp$r1c$1...@dont-email.me>, at 09:13:29 on Thu, 9 Aug
2018, Jethro_uk <jeth...@hotmailbin.com> remarked:
>Oh, I know. But following the news it seems the police put a lot of
>effort into policing Twitter
No, they really don't. It's just one small central Met unit which puts
effort into policing tweets related to a handful of very high profile
individuals.
>which is exactly the same amount of effort they are not putting into
>email scams.
--
Roland Perry
2018, Jethro_uk <jeth...@hotmailbin.com> remarked:
>effort into policing Twitter
No, they really don't. It's just one small central Met unit which puts
effort into policing tweets related to a handful of very high profile
individuals.
>which is exactly the same amount of effort they are not putting into
>email scams.
--
Roland Perry
Yellow
Aug 9, 2018, 9:01:12 AM8/9/18
to
In article <pkh0fo$r1c$1...@dont-email.me>, jeth...@hotmailbin.com
says...
> written reminder. Just adding "1" to the first 5 letters and numbers
> would do (special characters can stay the same)
>
> so EFIUEW{I(J-98&EFW[890weu=
>
> becomes *FGJVF* W{I(J-98&EFW[890weu=
>
> or some such similar.
Yes, that is an option and over the years I have used all sorts of
schemes.
says...
>
> On Wed, 08 Aug 2018 21:38:24 +0100, Yellow wrote:
>
> > And bollocks to all this "do not write it down" nonsense. I am far far
> > far more concerned about being hacked than burgled.
>
> Also it's relatively easy to devise a scheme to further encrypt the
> On Wed, 08 Aug 2018 21:38:24 +0100, Yellow wrote:
>
> > And bollocks to all this "do not write it down" nonsense. I am far far
> > far more concerned about being hacked than burgled.
>
> written reminder. Just adding "1" to the first 5 letters and numbers
> would do (special characters can stay the same)
>
> so EFIUEW{I(J-98&EFW[890weu=
>
> becomes *FGJVF* W{I(J-98&EFW[890weu=
>
> or some such similar.
Yes, that is an option and over the years I have used all sorts of
schemes.
Chris R
Aug 9, 2018, 9:35:57 AM8/9/18
to
Roland Perry
Aug 9, 2018, 9:36:06 AM8/9/18
to
In message <pkheoj$r1c$1...@dont-email.me>, at 13:14:59 on Thu, 9 Aug
2018, Jethro_uk <jeth...@hotmailbin.com> remarked:
>> No, they really don't. It's just one small central Met unit which puts
>> effort into policing tweets related to a handful of very high profile
>> individuals.
>
>But my point still stands. Every unit of resource put into policing
>twitter is a unit of resource that is *not* put into scams.
But the effort does need to be put into policing that extreme
VIP-trolling end of Twitter, quite separately from scams.
--
Roland Perry
2018, Jethro_uk <jeth...@hotmailbin.com> remarked:
>> No, they really don't. It's just one small central Met unit which puts
>> effort into policing tweets related to a handful of very high profile
>> individuals.
>
>twitter is a unit of resource that is *not* put into scams.
But the effort does need to be put into policing that extreme
VIP-trolling end of Twitter, quite separately from scams.
--
Roland Perry
Yellow
Aug 9, 2018, 10:12:31 AM8/9/18
to
The Todal
Aug 9, 2018, 10:13:50 AM8/9/18
to
post ought to have been rejected.
Handsome Jack
Aug 9, 2018, 11:41:35 AM8/9/18
to
Martin Brown <'''newspam'''@nezumi.demon.co.uk> posted
owner allows somebody to steal it from them.
--
Jack
>On 08/08/2018 15:45, Judith wrote:
>> On Wed, 8 Aug 2018 15:26:12 +0100, Martin Brown
>> <'''newspam'''@nezumi.demon.co.uk> wrote:
>>> I do, but then that gets you into the "one ring to bind them all"
>>> problem. Somewhere you need one secure master password that you can
>>> remember reliably and isn't written down to access the data vault.
>>>
>>> Otherwise you have to risk writing them down in a coded form that only
>>> you can read or risk breaking the T&C's of your bank.
>>>
>>> I have three rough tiers of passwords:
>>> - financial sites where there is significant risk of financial loss.
>>> - login email credentials where some embarrassment is a possibility.
>>> - also ran websites which insist on me having a login account.
>>>
>>> They get allocated passwords that although "strong" are nowhere near the
>>> level of high entropy passwords that I use for banks and the like.
>> You should have a look at LastPass:
>> Here's one of my passwords: 8bC#ne7Bk3wqcs$iLg
>> And before anyone says : that was silly - I've actully changed one
>>of the
>> characters :-)
>
>But does the access to an online plant vendor that you don't allow to
>store payment details really need such aggressive protection?
Moreover, it doesn't matter how strong your password is if the website
>> On Wed, 8 Aug 2018 15:26:12 +0100, Martin Brown
>> <'''newspam'''@nezumi.demon.co.uk> wrote:
>>> I do, but then that gets you into the "one ring to bind them all"
>>> problem. Somewhere you need one secure master password that you can
>>> remember reliably and isn't written down to access the data vault.
>>>
>>> Otherwise you have to risk writing them down in a coded form that only
>>> you can read or risk breaking the T&C's of your bank.
>>>
>>> I have three rough tiers of passwords:
>>> - financial sites where there is significant risk of financial loss.
>>> - login email credentials where some embarrassment is a possibility.
>>> - also ran websites which insist on me having a login account.
>>>
>>> They get allocated passwords that although "strong" are nowhere near the
>>> level of high entropy passwords that I use for banks and the like.
>> You should have a look at LastPass:
>> Here's one of my passwords: 8bC#ne7Bk3wqcs$iLg
>> And before anyone says : that was silly - I've actully changed one
>>of the
>> characters :-)
>
>But does the access to an online plant vendor that you don't allow to
>store payment details really need such aggressive protection?
owner allows somebody to steal it from them.
--
Jack
Handsome Jack
Aug 9, 2018, 11:42:27 AM8/9/18
to
Roland Perry <rol...@perry.co.uk> posted
OK, that was Youtube, but the principle's the same. Every prosecution of
a Hitler-saluting dog is a whole bunch of e-mail scams that get
completely ignored.
>>But my point still stands. Every unit of resource put into policing
>>twitter is a unit of resource that is *not* put into scams.
>
>But the effort does need to be put into policing that extreme
>VIP-trolling end of Twitter, quite separately from scams.
Isn't that a matter of opinion?
--
Jack
>In message <pkheoj$r1c$1...@dont-email.me>, at 13:14:59 on Thu, 9 Aug
>2018, Jethro_uk <jeth...@hotmailbin.com> remarked:
>
>>> No, they really don't. It's just one small central Met unit which puts
>>> effort into policing tweets related to a handful of very high profile
>>> individuals.
Like Count Dankula?
>2018, Jethro_uk <jeth...@hotmailbin.com> remarked:
>
>>> No, they really don't. It's just one small central Met unit which puts
>>> effort into policing tweets related to a handful of very high profile
>>> individuals.
OK, that was Youtube, but the principle's the same. Every prosecution of
a Hitler-saluting dog is a whole bunch of e-mail scams that get
completely ignored.
>>But my point still stands. Every unit of resource put into policing
>>twitter is a unit of resource that is *not* put into scams.
>
>But the effort does need to be put into policing that extreme
>VIP-trolling end of Twitter, quite separately from scams.
--
Jack
Roland Perry
Aug 9, 2018, 5:42:12 PM8/9/18
to
In message <DxNY1uMM...@none.demon.co.uk>, at 16:30:20 on Thu, 9
Aug 2018, Handsome Jack <Ja...@nowhere.com> remarked:
>>>But my point still stands. Every unit of resource put into policing
>>>twitter is a unit of resource that is *not* put into scams.
>>
>>But the effort does need to be put into policing that extreme
>>VIP-trolling end of Twitter, quite separately from scams.
>
>Isn't that a matter of opinion?
It's politics. When you have people like Premier League footballers
getting tens of thousands of racially abusive tweets, you can't really
ignore it. In effect it's a bit of a "public order" agenda, the same one
which uses police resources that could be investigating email scams
keeping gangs of rival football supporters apart on a Saturday
afternoon.
--
Roland Perry
Aug 2018, Handsome Jack <Ja...@nowhere.com> remarked:
>>>But my point still stands. Every unit of resource put into policing
>>>twitter is a unit of resource that is *not* put into scams.
>>
>>But the effort does need to be put into policing that extreme
>>VIP-trolling end of Twitter, quite separately from scams.
>
>Isn't that a matter of opinion?
getting tens of thousands of racially abusive tweets, you can't really
ignore it. In effect it's a bit of a "public order" agenda, the same one
which uses police resources that could be investigating email scams
keeping gangs of rival football supporters apart on a Saturday
afternoon.
--
Roland Perry
Mark Goodge
Aug 9, 2018, 5:43:08 PM8/9/18
to
On Thu, 9 Aug 2018 16:30:20 +0100, Handsome Jack <Ja...@nowhere.com>
wrote:
>Roland Perry <rol...@perry.co.uk> posted
>>In message <pkheoj$r1c$1...@dont-email.me>, at 13:14:59 on Thu, 9 Aug
>>2018, Jethro_uk <jeth...@hotmailbin.com> remarked:
>>
>>>> No, they really don't. It's just one small central Met unit which puts
>>>> effort into policing tweets related to a handful of very high profile
>>>> individuals.
>
>Like Count Dankula?
>
>OK, that was Youtube, but the principle's the same. Every prosecution of
>a Hitler-saluting dog is a whole bunch of e-mail scams that get
>completely ignored.
Every prosecution of a burglar is a whole bunch of email scams that
get completely ignored. Every prosecution of a mugger is a whole bunch
of email scams that get completely ignored. Every prosecution of a
shoplifter is a whole bunch of email scams that get completely
ignored. Every prosecution of a rapist is a whole bunch of email scams
that get completely ignored. Etc.
Obviously, the police do have to prioritise their resources, and if
you have access to the facts and figures then you may well be able to
find situations where their priorities could be improved. But it
wasn't the police who chose to make it a crime to train a dog to do a
Hitler salute, and the police can't choose not to pursue certain
crimes just because people on Usenet think it isn't worth it.
>>>But my point still stands. Every unit of resource put into policing
>>>twitter is a unit of resource that is *not* put into scams.
>>
>>But the effort does need to be put into policing that extreme
>>VIP-trolling end of Twitter, quite separately from scams.
>
>Isn't that a matter of opinion?
Yes. But it's a matter of political opinion, and the politicians have
decided that some effort does need to be put into it. The police are
merely attempting to enforce the legislation as it currently exists.
FWIW, I do think that extreme trolling and abuse on social media does
need to be policed. I'm not convinced that it's currently being
policed in the most effective and resource-efficient manner, but it
does need to be done.
Mark
wrote:
>Roland Perry <rol...@perry.co.uk> posted
>>In message <pkheoj$r1c$1...@dont-email.me>, at 13:14:59 on Thu, 9 Aug
>>2018, Jethro_uk <jeth...@hotmailbin.com> remarked:
>>
>>>> No, they really don't. It's just one small central Met unit which puts
>>>> effort into policing tweets related to a handful of very high profile
>>>> individuals.
>
>Like Count Dankula?
>
>OK, that was Youtube, but the principle's the same. Every prosecution of
>a Hitler-saluting dog is a whole bunch of e-mail scams that get
>completely ignored.
get completely ignored. Every prosecution of a mugger is a whole bunch
of email scams that get completely ignored. Every prosecution of a
shoplifter is a whole bunch of email scams that get completely
ignored. Every prosecution of a rapist is a whole bunch of email scams
that get completely ignored. Etc.
Obviously, the police do have to prioritise their resources, and if
you have access to the facts and figures then you may well be able to
find situations where their priorities could be improved. But it
wasn't the police who chose to make it a crime to train a dog to do a
Hitler salute, and the police can't choose not to pursue certain
crimes just because people on Usenet think it isn't worth it.
>>>But my point still stands. Every unit of resource put into policing
>>>twitter is a unit of resource that is *not* put into scams.
>>
>>But the effort does need to be put into policing that extreme
>>VIP-trolling end of Twitter, quite separately from scams.
>
>Isn't that a matter of opinion?
decided that some effort does need to be put into it. The police are
merely attempting to enforce the legislation as it currently exists.
FWIW, I do think that extreme trolling and abuse on social media does
need to be policed. I'm not convinced that it's currently being
policed in the most effective and resource-efficient manner, but it
does need to be done.
Mark
Vidcapper
Aug 10, 2018, 2:31:13 AM8/10/18
to
On 09/08/2018 17:08, Jethro_uk wrote:
>
> Absent a standard for storing passwords, it's prudent to assume that the
> second you hit "enter" your password is visible in plaintext to all and
> sundry. (The preponderance of websites that can email your password to
> you if you forget bears this out).
Whenever I've forgotten a password, I've never had it emailed to me on
request - it's always been a case of being directed to a site where you
can reset it.
--
Paul Hyett, Cheltenham
>
> Absent a standard for storing passwords, it's prudent to assume that the
> second you hit "enter" your password is visible in plaintext to all and
> sundry. (The preponderance of websites that can email your password to
> you if you forget bears this out).
Whenever I've forgotten a password, I've never had it emailed to me on
request - it's always been a case of being directed to a site where you
can reset it.
--
Paul Hyett, Cheltenham
Yellow
Aug 10, 2018, 2:31:27 AM8/10/18
to
Roland Perry
Aug 10, 2018, 2:55:50 AM8/10/18
to
In message <Z1abD.5228$ju....@fx18.am4>, at 07:13:10 on Fri, 10 Aug
2018, Vidcapper <vidca...@yahoo.co.uk> remarked:
>> Absent a standard for storing passwords, it's prudent to assume that the
>> second you hit "enter" your password is visible in plaintext to all and
>> sundry. (The preponderance of websites that can email your password to
>> you if you forget bears this out).
>
>Whenever I've forgotten a password, I've never had it emailed to me on
>request - it's always been a case of being directed to a site where you
>can reset it.
Both schemes exist.
The former, while nowadays rare, can happen when the site isn't one
dealing with money, commerce, sensitive data and so on.
More common than a reminder in plain text, is a password reset site
which then emails you the new password in plain text :( Which isn't
quite so bad if it's a one-shot temporary one for you to log in and set
a permanent new password.
--
Roland Perry
2018, Vidcapper <vidca...@yahoo.co.uk> remarked:
>> Absent a standard for storing passwords, it's prudent to assume that the
>> second you hit "enter" your password is visible in plaintext to all and
>> sundry. (The preponderance of websites that can email your password to
>> you if you forget bears this out).
>
>Whenever I've forgotten a password, I've never had it emailed to me on
>request - it's always been a case of being directed to a site where you
>can reset it.
The former, while nowadays rare, can happen when the site isn't one
dealing with money, commerce, sensitive data and so on.
More common than a reminder in plain text, is a password reset site
which then emails you the new password in plain text :( Which isn't
quite so bad if it's a one-shot temporary one for you to log in and set
a permanent new password.
--
Roland Perry
Handsome Jack
Aug 10, 2018, 3:19:31 AM8/10/18
to
Mark Goodge <use...@listmail.good-stuff.co.uk> posted
shoplifting and rape are serious offences that cause genuine harm to
people, and that society must try to prevent and punish, and that the
consequences of not doing so will be bad. Not so Hitler-saluting dogs.
>Obviously, the police do have to prioritise their resources, and if
>you have access to the facts and figures then you may well be able to
>find situations where their priorities could be improved. But it
>wasn't the police who chose to make it a crime to train a dog to do a
>Hitler salute,
Who was it then? There was no statute (even in Scotland) that
specifically mentioned Hitler-saluting dogs. There was no case law about
it. The police could have simply said to whoever complained, "Sorry,
we've got a lot more important things to do than prosecute trivia like
that." Just as they do several hundred times a day with many far more
serious incidents ranging from criminal damage and threatening behaviour
(in the real world) to assault and ABH.
Of course, once the whole bandwagon had got rolling and Count Dankula
had been brought to court, the magistrate had no real choice but to
convict him, otherwise everybody would have looked even stupider than
they already did. But the magistrate must have looked at the prosecution
papers and thought, What on earth is this case doing in court? Is this
really what we are here for?
>and the police can't choose not to pursue certain
>crimes just because people on Usenet think it isn't worth it.
>
>>>>But my point still stands. Every unit of resource put into policing
>>>>twitter is a unit of resource that is *not* put into scams.
>>>
>>>But the effort does need to be put into policing that extreme
>>>VIP-trolling end of Twitter, quite separately from scams.
>>
>>Isn't that a matter of opinion?
>
>Yes. But it's a matter of political opinion, and the politicians have
>decided that some effort does need to be put into it. The police are
>merely attempting to enforce the legislation as it currently exists.
See above. I don't think so.
>FWIW, I do think that extreme trolling and abuse on social media does
>need to be policed. I'm not convinced that it's currently being
>policed in the most effective and resource-efficient manner, but it
>does need to be done.
Why? (The question is addressed to Roland too, who agrees with you.) And
in your answer can you please not divert us into discussions of serious
death threats made to an identifiable person, which is clearly not what
we are talking about.
--
Jack
>On Thu, 9 Aug 2018 16:30:20 +0100, Handsome Jack <Ja...@nowhere.com>
>wrote:
>
>>Roland Perry <rol...@perry.co.uk> posted
>>>In message <pkheoj$r1c$1...@dont-email.me>, at 13:14:59 on Thu, 9 Aug
>>>2018, Jethro_uk <jeth...@hotmailbin.com> remarked:
>>>
>>>>> No, they really don't. It's just one small central Met unit which puts
>>>>> effort into policing tweets related to a handful of very high profile
>>>>> individuals.
>>
>>Like Count Dankula?
>>
>>OK, that was Youtube, but the principle's the same. Every prosecution of
>>a Hitler-saluting dog is a whole bunch of e-mail scams that get
>>completely ignored.
>
>Every prosecution of a burglar is a whole bunch of email scams that
>get completely ignored. Every prosecution of a mugger is a whole bunch
>of email scams that get completely ignored. Every prosecution of a
>shoplifter is a whole bunch of email scams that get completely
>ignored. Every prosecution of a rapist is a whole bunch of email scams
>that get completely ignored. Etc.
Yes, but everybody agrees, and always has done, that burglary, mugging,
>wrote:
>
>>Roland Perry <rol...@perry.co.uk> posted
>>>In message <pkheoj$r1c$1...@dont-email.me>, at 13:14:59 on Thu, 9 Aug
>>>2018, Jethro_uk <jeth...@hotmailbin.com> remarked:
>>>
>>>>> No, they really don't. It's just one small central Met unit which puts
>>>>> effort into policing tweets related to a handful of very high profile
>>>>> individuals.
>>
>>Like Count Dankula?
>>
>>OK, that was Youtube, but the principle's the same. Every prosecution of
>>a Hitler-saluting dog is a whole bunch of e-mail scams that get
>>completely ignored.
>
>Every prosecution of a burglar is a whole bunch of email scams that
>get completely ignored. Every prosecution of a mugger is a whole bunch
>of email scams that get completely ignored. Every prosecution of a
>shoplifter is a whole bunch of email scams that get completely
>ignored. Every prosecution of a rapist is a whole bunch of email scams
>that get completely ignored. Etc.
shoplifting and rape are serious offences that cause genuine harm to
people, and that society must try to prevent and punish, and that the
consequences of not doing so will be bad. Not so Hitler-saluting dogs.
>Obviously, the police do have to prioritise their resources, and if
>you have access to the facts and figures then you may well be able to
>find situations where their priorities could be improved. But it
>wasn't the police who chose to make it a crime to train a dog to do a
>Hitler salute,
specifically mentioned Hitler-saluting dogs. There was no case law about
it. The police could have simply said to whoever complained, "Sorry,
we've got a lot more important things to do than prosecute trivia like
that." Just as they do several hundred times a day with many far more
serious incidents ranging from criminal damage and threatening behaviour
(in the real world) to assault and ABH.
Of course, once the whole bandwagon had got rolling and Count Dankula
had been brought to court, the magistrate had no real choice but to
convict him, otherwise everybody would have looked even stupider than
they already did. But the magistrate must have looked at the prosecution
papers and thought, What on earth is this case doing in court? Is this
really what we are here for?
>and the police can't choose not to pursue certain
>crimes just because people on Usenet think it isn't worth it.
>
>>>>But my point still stands. Every unit of resource put into policing
>>>>twitter is a unit of resource that is *not* put into scams.
>>>
>>>But the effort does need to be put into policing that extreme
>>>VIP-trolling end of Twitter, quite separately from scams.
>>
>>Isn't that a matter of opinion?
>
>Yes. But it's a matter of political opinion, and the politicians have
>decided that some effort does need to be put into it. The police are
>merely attempting to enforce the legislation as it currently exists.
>FWIW, I do think that extreme trolling and abuse on social media does
>need to be policed. I'm not convinced that it's currently being
>policed in the most effective and resource-efficient manner, but it
>does need to be done.
in your answer can you please not divert us into discussions of serious
death threats made to an identifiable person, which is clearly not what
we are talking about.
--
Jack
Mark Goodge
Aug 10, 2018, 8:48:38 AM8/10/18
to
On Fri, 10 Aug 2018 08:04:34 +0100, Handsome Jack <Ja...@nowhere.com>
wrote:
>Mark Goodge <use...@listmail.good-stuff.co.uk> posted
>>Obviously, the police do have to prioritise their resources, and if
>>you have access to the facts and figures then you may well be able to
>>find situations where their priorities could be improved. But it
>>wasn't the police who chose to make it a crime to train a dog to do a
>>Hitler salute,
>
>Who was it then? There was no statute (even in Scotland) that
>specifically mentioned Hitler-saluting dogs. There was no case law about
>it. The police could have simply said to whoever complained, "Sorry,
>we've got a lot more important things to do than prosecute trivia like
>that." Just as they do several hundred times a day with many far more
>serious incidents ranging from criminal damage and threatening behaviour
>(in the real world) to assault and ABH.
There's no statute that specifically mentions Hitler-saluting dogs,
no. But there are statutes that mention inciting racial hatred.
>>FWIW, I do think that extreme trolling and abuse on social media does
>>need to be policed. I'm not convinced that it's currently being
>>policed in the most effective and resource-efficient manner, but it
>>does need to be done.
>
>Why? (The question is addressed to Roland too, who agrees with you.) And
>in your answer can you please not divert us into discussions of serious
>death threats made to an identifiable person, which is clearly not what
>we are talking about.
There isn't a hard and fast line between "trivial" and "serious". It's
a continuum, with irrelevant stuff at one end and extremely serious
and urgent stuff at the other. So what we are talking about includes
serious death threats to an identifiable person, and it's not a
diversion to consider them. And there is plenty of evidence that the
more serious stuff feeds off the less serious. Very few people make a
serious death threat against someone entirely of their own volition.
But if lots of people are making less serious threats, the risk
increases that some people will escalate it into serious threats that,
if not acted on, will be turned into actual violence or other forms of
directly harmful abuse. This isn't hypothetical. It happens. So
nipping it in the bud, by taking action against less serious threats,
is a valid approach.
More generally, it's the same issue with, say, racial or homophobic
abuse in the street. You may think there's no direct harm in calling
someone a "faggot" or a "nigger". But the reality is that environments
where the use of offensive terms are normalised and unchallenged also
see much higher levels of physical assault. You're much more likely to
be beaten up for being black or gay if people are routinely verbally
abusing you for being black or gay, even if the verbal abuse has no
direct effect itself. It's the "broken windows" theory of dealing with
the seemingly trivial before it escalates to the serious, rather than
waiting for someone to be seriously hurt.
Mark
wrote:
>Mark Goodge <use...@listmail.good-stuff.co.uk> posted
>>Obviously, the police do have to prioritise their resources, and if
>>you have access to the facts and figures then you may well be able to
>>find situations where their priorities could be improved. But it
>>wasn't the police who chose to make it a crime to train a dog to do a
>>Hitler salute,
>
>Who was it then? There was no statute (even in Scotland) that
>specifically mentioned Hitler-saluting dogs. There was no case law about
>it. The police could have simply said to whoever complained, "Sorry,
>we've got a lot more important things to do than prosecute trivia like
>that." Just as they do several hundred times a day with many far more
>serious incidents ranging from criminal damage and threatening behaviour
>(in the real world) to assault and ABH.
no. But there are statutes that mention inciting racial hatred.
>>FWIW, I do think that extreme trolling and abuse on social media does
>>need to be policed. I'm not convinced that it's currently being
>>policed in the most effective and resource-efficient manner, but it
>>does need to be done.
>
>Why? (The question is addressed to Roland too, who agrees with you.) And
>in your answer can you please not divert us into discussions of serious
>death threats made to an identifiable person, which is clearly not what
>we are talking about.
a continuum, with irrelevant stuff at one end and extremely serious
and urgent stuff at the other. So what we are talking about includes
serious death threats to an identifiable person, and it's not a
diversion to consider them. And there is plenty of evidence that the
more serious stuff feeds off the less serious. Very few people make a
serious death threat against someone entirely of their own volition.
But if lots of people are making less serious threats, the risk
increases that some people will escalate it into serious threats that,
if not acted on, will be turned into actual violence or other forms of
directly harmful abuse. This isn't hypothetical. It happens. So
nipping it in the bud, by taking action against less serious threats,
is a valid approach.
More generally, it's the same issue with, say, racial or homophobic
abuse in the street. You may think there's no direct harm in calling
someone a "faggot" or a "nigger". But the reality is that environments
where the use of offensive terms are normalised and unchallenged also
see much higher levels of physical assault. You're much more likely to
be beaten up for being black or gay if people are routinely verbally
abusing you for being black or gay, even if the verbal abuse has no
direct effect itself. It's the "broken windows" theory of dealing with
the seemingly trivial before it escalates to the serious, rather than
waiting for someone to be seriously hurt.
Mark
Rob Morley
Aug 12, 2018, 2:23:47 PM8/12/18
to
On Fri, 10 Aug 2018 11:53:50 -0000 (UTC)
Jethro_uk <jeth...@hotmailbin.com> wrote:
> On Fri, 10 Aug 2018 11:05:59 +0000, Jethro_uk wrote:
>
> > On Fri, 10 Aug 2018 07:53:05 +0100, Roland Perry wrote:
> >
> [...]
> >
> > Ideally the link to reset should contain a key encoding the email
> > address, locked account, plus an expiry date/time. Otherwise it's
> > trivial to knock up a URL to reset someone elses password ...
> >
> > Yes, BTDTGTTS ...
> >
> > As I said, a standard would be nice. Otherwise you just get coders
> > whose opinion of themselves leads to a plethora of hand-rolled (and
> > usually flawed) implementations. See also: postcode validation,
> > phone number validation and email address validation. The last is a
> > doozy as very few "web experts" know an apostrophe *is a valid
> > character in an email address* (although deprecated). Twice I've
> > had to do an extraordinary amount of work to fix a system when
> > JamesO'ha...@somemail.com couldn't be added as a customer.
>
> interesting footnote: Even Thunderbird doesn't know that - it's
> highlighted the bit after the "'" ....
Claws recognised the whole thing.
Jethro_uk <jeth...@hotmailbin.com> wrote:
> On Fri, 10 Aug 2018 11:05:59 +0000, Jethro_uk wrote:
>
> > On Fri, 10 Aug 2018 07:53:05 +0100, Roland Perry wrote:
> >
> [...]
> >
> > Ideally the link to reset should contain a key encoding the email
> > address, locked account, plus an expiry date/time. Otherwise it's
> > trivial to knock up a URL to reset someone elses password ...
> >
> > Yes, BTDTGTTS ...
> >
> > As I said, a standard would be nice. Otherwise you just get coders
> > whose opinion of themselves leads to a plethora of hand-rolled (and
> > usually flawed) implementations. See also: postcode validation,
> > phone number validation and email address validation. The last is a
> > doozy as very few "web experts" know an apostrophe *is a valid
> > character in an email address* (although deprecated). Twice I've
> > had to do an extraordinary amount of work to fix a system when
> > JamesO'ha...@somemail.com couldn't be added as a customer.
>
> interesting footnote: Even Thunderbird doesn't know that - it's
> highlighted the bit after the "'" ....
Claws recognised the whole thing.
Rob Morley
Aug 12, 2018, 2:36:58 PM8/12/18
to
On Wed, 8 Aug 2018 17:23:50 +0100
Handsome Jack <Ja...@nowhere.com> wrote:
> This isn't so easy for me. Over the years I have signed up on dozens
> of different sites - discussion groups, internet retailers, etc - and
> generally I use the same password, or nearly the same password, for
> all of them, because it is such a pain to keep a record of thirty
> different ones. Does this matter? What should I do if I find that
> this "universal" password has been discovered by spammers such as
> Broadback's? Some of these accounts haven't been used for years, and
> I might not even have a record of them anywhere.
There's a chance someone could impersonate you on a forum you have
Handsome Jack <Ja...@nowhere.com> wrote:
> This isn't so easy for me. Over the years I have signed up on dozens
> of different sites - discussion groups, internet retailers, etc - and
> generally I use the same password, or nearly the same password, for
> all of them, because it is such a pain to keep a record of thirty
> different ones. Does this matter? What should I do if I find that
> this "universal" password has been discovered by spammers such as
> Broadback's? Some of these accounts haven't been used for years, and
> I might not even have a record of them anywhere.
forgotten about - will you be losing sleep over it?
>
> Needless to say I use quite different passwords for sensitive
> purposes such as e-mail accounts and on-line banking.
>
Indeed.
> Needless to say I use quite different passwords for sensitive
> purposes such as e-mail accounts and on-line banking.
>
Rob Morley
Aug 12, 2018, 2:49:43 PM8/12/18
to
On Fri, 10 Aug 2018 08:04:34 +0100
Handsome Jack <Ja...@nowhere.com> wrote:
> But the magistrate must have looked at the prosecution
> papers and thought, What on earth is this case doing in court? Is
> this really what we are here for?
Perhaps it's just to remind people (or inform them if they hadn't
Handsome Jack <Ja...@nowhere.com> wrote:
> But the magistrate must have looked at the prosecution
> papers and thought, What on earth is this case doing in court? Is
> this really what we are here for?
realised before) that stuff on the interwebs /is/ actually real life,
real harm, real consequences no matter how much it may seem like nothing
more than a game to some of them.
Rob Morley
Aug 12, 2018, 5:38:42 PM8/12/18
to
On Thu, 9 Aug 2018 09:11:20 -0000 (UTC)
Jethro_uk <jeth...@hotmailbin.com> wrote:
> On Wed, 08 Aug 2018 21:38:24 +0100, Yellow wrote:
>
Jethro_uk <jeth...@hotmailbin.com> wrote:
> On Wed, 08 Aug 2018 21:38:24 +0100, Yellow wrote:
>
> > And bollocks to all this "do not write it down" nonsense. I am far
> > far far more concerned about being hacked than burgled.
>
> > far far more concerned about being hacked than burgled.
>
> Also it's relatively easy to devise a scheme to further encrypt the
> written reminder. Just adding "1" to the first 5 letters and numbers
> would do (special characters can stay the same)
>
> so EFIUEW{I(J-98&EFW[890weu=
>
> becomes *FGJVF* W{I(J-98&EFW[890weu=
>
> or some such similar.
What you want to use for really high security is double ROT13
> written reminder. Just adding "1" to the first 5 letters and numbers
> would do (special characters can stay the same)
>
> so EFIUEW{I(J-98&EFW[890weu=
>
> becomes *FGJVF* W{I(J-98&EFW[890weu=
>
> or some such similar.
encryption.
0 new messages