Skip to main content

Posts

Showing posts from June, 2012

Transparency Portals - An invitation to Identity theft

Pleased as punch
So, you read with glee the number of cylinders your minister was using. He should not be using so many subsidised cylinders? Fine

Guess what? Your name, address and number of cylinders and when you ordered them is there too.

Privacy Disaster
This portal is a disaster from a privacy perspective. The idea was very poorly thought through. Imagine an e-commerce company just dumping customer data on the web, amillion people would be baying for blood.

One of the Gas companies has embedded dealer ids in the URL query string itself. which allows for ralatively easy automated scraping. I could do a data scrape on ALLcustomers all over INDIA and filter for customers who use a certain number of cylinders. A perfect database to to do direct marketing.

Not scared yet?

Identity Theft

It is an even more perfect database to commit identity theft. All your basic identity/citizenship documents are predicated on your gas connection. Authentication to your bank. Gas bills are one of …