Or that in general SSL isn't used any place Personal Private Information (PPI) is transmitted. This site has: My email address My name My local address Purchase history etc...
I opened a ticket on this subject and got a polite reply but was essentially told they have thought about it but no ETA.
I would AT LEAST expect that the login process would occur over SSL (Or even better hash the passwords in the db and hash before they are submitted) and I would hope that any page that shows my home address be encrypted but neither seems to be done.
To enter a coupon code in your post please enter the following info:
Coupon Code:
Coupon Offer:
Merchant:
Expires (optional):
Restrictions (optional):
saving...
Quick Summary is created and edited by users like you... Add FAQ's, Links and other Relevant Information by clicking the edit button in the lower right hand corner of this message.
they have your name and address, but many other mailing lists have that so I don't see the big deal. If you ask them, I'm sure they will purge your membership so they don't have any info. BTW the info they do have YOU provided to them under no SSL which YOU provided so the blame falls on YOU.
FrugalFreak said:It isn't like they have credit card info
they have your name and address, but many other mailing lists have that so I don't see the big deal. If you ask them, I'm sure they will purge your membership so they don't have any info. BTW the info they do have YOU provided to them under no SSL which YOU provided so the blame falls on YOU.
Correct I registered without thinking and I should have known better but most people do not realize the risk and any company that collects this data should do the right thing and ensure that it is encrypted when transmitted. Are they legally required to encrypt? Not according to most of the new state laws that are popping up, they generally only require it if financial account information is also stored with the PPI.
Lets look at this more simply though, many of us rely on Fatwallet to process some form of financial transactions for us, why shouldn't we expect them to encrypt that data when it is transmitted over a public network? I never reuse passwords but most people do, so they might be sending their email password in the clear with their address without thinking about it!
Honestly, we don't have any "really" personal information. Sure, theres your address if you enter it, but we don't have your CC info or anything else other than your email. If you're that worried about your email, you can always use a junk account.
Honestly, we don't have any "really" personal information. Sure, theres your address if you enter it, but we don't have your CC info or anything else other than your email. If you're that worried about your email, you can always use a junk account.
You require my address to send a check correct? So the very act of participating in the services the site provides requires that I send PPI. Obviously I am in the minority here and my concern is greater than the average user here but it concerns me when any organization attempts to rationalize against the use of using something so basic as encrypting customer PPI when it is in transit.
The phone book also has your name, phone number and address. That is IF you have a landline.
I would be more worried about user names here. Many people reuse the same one and/or have very unique user names. Very easy to do a Google search and find your real name, address and phone number. Not to mention all the sites you visit ,comments and videos you post.
dalbers said:MVP9596 said:*Takes notes on KK's info*
Honestly, we don't have any "really" personal information. Sure, theres your address if you enter it, but we don't have your CC info or anything else other than your email. If you're that worried about your email, you can always use a junk account.
You require my address to send a check correct? So the very act of participating in the services the site provides requires that I send PPI. Obviously I am in the minority here and my concern is greater than the average user here but it concerns me when any organization attempts to rationalize against the use of using something so basic as encrypting customer PPI when it is in transit.He has a point, MVP. Seriously.
dalbers said:MVP9596 said:*Takes notes on KK's info*
Honestly, we don't have any "really" personal information. Sure, theres your address if you enter it, but we don't have your CC info or anything else other than your email. If you're that worried about your email, you can always use a junk account.
You require my address to send a check correct? So the very act of participating in the services the site provides requires that I send PPI. Obviously I am in the minority here and my concern is greater than the average user here but it concerns me when any organization attempts to rationalize against the use of using something so basic as encrypting customer PPI when it is in transit.
would you like FW to rid you of your SSL Issues?
This is from Fatwallet's TOS/website use policy that you agreed to adhere to when you joined. Your joining and continued use means you agreed to this;
FatWallet DOES NOT MAKE ANY REPRESENTATIONS THAT ACCESS TO THIS SITE WILL BE UNINTERRUPTED OR ERROR-FREE, AND FatWallet ASSUMES NO RESPONSIBILITY FOR ANY DAMAGE CAUSED BY YOUR ACCESS, OR INABILITY TO ACCESS, THIS SITE, INCLUDING, BUT NOT LIMITED TO, YOUR INABILITY TO RECEIVE FatWallet Cash Back BY PURCHASING ITEMS WITH A PARTICIPATING MERCHANT.IN NO EVENT SHALL FatWallet BE LIABLE FOR ANY DAMAGES, CLAIMS OR LOSSES INCURRED (INCLUDING WITHOUT LIMITATION COMPENSATORY, INCIDENTAL, INDIRECT, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES), HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY ARISING IN CONNECTION WITH YOUR USE OF FatWallet.com; ANY ACT OR OMISSION BY FatWallet IN ADMINISTERING THE WEBSITE OR THE PROGRAM; OR THE PURCHASE OR USE OF ANY GOODS OR SERVICES OF MERCHANTS OR SUPPLIERS, EVEN IF FatWallet HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, CLAIMS, OR LOSSES AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. NOTWITHSTANDING THE FOREGOING, IN NO EVENT SHALL FatWallet BE LIABLE TO YOU FOR DIRECT DAMAGES CAUSED BY FatWallet IN EXCESS OF THE Cash Back EARNED BY YOU DURING THE MOST RECENT SIX (6) MONTHS. SOME STATES DO NOT ALLOW LIMITATIONS ON INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
FrugalFreak said:dalbers said:MVP9596 said:*Takes notes on KK's info*
Honestly, we don't have any "really" personal information. Sure, theres your address if you enter it, but we don't have your CC info or anything else other than your email. If you're that worried about your email, you can always use a junk account.
You require my address to send a check correct? So the very act of participating in the services the site provides requires that I send PPI. Obviously I am in the minority here and my concern is greater than the average user here but it concerns me when any organization attempts to rationalize against the use of using something so basic as encrypting customer PPI when it is in transit.
would you like FW to rid you of your SSL Issues?
This is from Fatwallet's TOS/website use policy that you agreed to adhere to when you joined. Your joining and continued use means you agreed to this;
FatWallet DOES NOT MAKE ANY REPRESENTATIONS THAT ACCESS TO THIS SITE WILL BE UNINTERRUPTED OR ERROR-FREE, AND FatWallet ASSUMES NO RESPONSIBILITY FOR ANY DAMAGE CAUSED BY YOUR ACCESS, OR INABILITY TO ACCESS, THIS SITE, INCLUDING, BUT NOT LIMITED TO, YOUR INABILITY TO RECEIVE FatWallet Cash Back BY PURCHASING ITEMS WITH A PARTICIPATING MERCHANT.IN NO EVENT SHALL FatWallet BE LIABLE FOR ANY DAMAGES, CLAIMS OR LOSSES INCURRED (INCLUDING WITHOUT LIMITATION COMPENSATORY, INCIDENTAL, INDIRECT, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES), HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY ARISING IN CONNECTION WITH YOUR USE OF FatWallet.com; ANY ACT OR OMISSION BY FatWallet IN ADMINISTERING THE WEBSITE OR THE PROGRAM; OR THE PURCHASE OR USE OF ANY GOODS OR SERVICES OF MERCHANTS OR SUPPLIERS, EVEN IF FatWallet HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, CLAIMS, OR LOSSES AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. NOTWITHSTANDING THE FOREGOING, IN NO EVENT SHALL FatWallet BE LIABLE TO YOU FOR DIRECT DAMAGES CAUSED BY FatWallet IN EXCESS OF THE Cash Back EARNED BY YOU DURING THE MOST RECENT SIX (6) MONTHS. SOME STATES DO NOT ALLOW LIMITATIONS ON INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
no, if, and or butt.
Does the TOS forbid them from rethinking their policy or from someone pointing out to them that they should reconsider? Throwing the TOS into this thread solves nothing and has no relevance, I am raising the concern in this forum in hope that it might help Fatwallet make the decision to change their practice.
I'm no programmer. Looks like the only liability to me is the strength of your password on this site, and with your email. All identifiable info looks to be kept on the back end.
SSL would be nice too, but I don't keep any CC's or SSN's or bank info here.
dalbers said:FrugalFreak said:dalbers said:MVP9596 said:*Takes notes on KK's info*
Honestly, we don't have any "really" personal information. Sure, theres your address if you enter it, but we don't have your CC info or anything else other than your email. If you're that worried about your email, you can always use a junk account.
You require my address to send a check correct? So the very act of participating in the services the site provides requires that I send PPI. Obviously I am in the minority here and my concern is greater than the average user here but it concerns me when any organization attempts to rationalize against the use of using something so basic as encrypting customer PPI when it is in transit.
would you like FW to rid you of your SSL Issues?
This is from Fatwallet's TOS/website use policy that you agreed to adhere to when you joined. Your joining and continued use means you agreed to this;
FatWallet DOES NOT MAKE ANY REPRESENTATIONS THAT ACCESS TO THIS SITE WILL BE UNINTERRUPTED OR ERROR-FREE, AND FatWallet ASSUMES NO RESPONSIBILITY FOR ANY DAMAGE CAUSED BY YOUR ACCESS, OR INABILITY TO ACCESS, THIS SITE, INCLUDING, BUT NOT LIMITED TO, YOUR INABILITY TO RECEIVE FatWallet Cash Back BY PURCHASING ITEMS WITH A PARTICIPATING MERCHANT.IN NO EVENT SHALL FatWallet BE LIABLE FOR ANY DAMAGES, CLAIMS OR LOSSES INCURRED (INCLUDING WITHOUT LIMITATION COMPENSATORY, INCIDENTAL, INDIRECT, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES), HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY ARISING IN CONNECTION WITH YOUR USE OF FatWallet.com; ANY ACT OR OMISSION BY FatWallet IN ADMINISTERING THE WEBSITE OR THE PROGRAM; OR THE PURCHASE OR USE OF ANY GOODS OR SERVICES OF MERCHANTS OR SUPPLIERS, EVEN IF FatWallet HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, CLAIMS, OR LOSSES AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. NOTWITHSTANDING THE FOREGOING, IN NO EVENT SHALL FatWallet BE LIABLE TO YOU FOR DIRECT DAMAGES CAUSED BY FatWallet IN EXCESS OF THE Cash Back EARNED BY YOU DURING THE MOST RECENT SIX (6) MONTHS. SOME STATES DO NOT ALLOW LIMITATIONS ON INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
no, if, and or butt.
Does the TOS forbid them from rethinking their policy or from someone pointing out to them that they should reconsider? Throwing the TOS into this thread solves nothing and has no relevance, I am raising the concern in this forum in hope that it might help Fatwallet make the decision to change their practice.
it IS relevant. I'm sure FW will consider but will not be moved to act just because you raise the issue. They CTA and I just wanted to point that out in case you had devious thoughts concerning lawsuits, etc...
DangerBoy said:I'm no programmer. Looks like the only liability to me is the strength of your password on this site, and with your email. All identifiable info looks to be kept on the back end.
SSL would be nice too, but I don't keep any CC's or SSN's or bank info here.
Seems like it could be a "finger in chili" issue to me.
Yeah, I can say that I would prefer that SSL be used while our passwords and PPI are in transit. Honestly, it shouldn't be all the difficult to implement and would just keep our minds at ease a bit.
it IS relevant. I'm sure FW will consider but will not be moved to act just because you raise the issue. They CTA and I just wanted to point that out in case you had devious thoughts concerning lawsuits, etc...
I am sure that Fatwallet appreciates your zealous responses to this thread and your "protection" of their interests.... I am sure that if thread violates their TOS in any way they will handle it. Now back to the original topic...
Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.
