Flawed topic - please ignore.

[Bubbajazz]

b]I am editing this post at the top to tell all that the topic was started as a result of my mistaken assumption about a Norton message I had received while browsing. B&H is a reputable firm that I have had personal good experience with, and I regret that I started this topic.. I am removing the original posting to avoid any confusion.[/b]

[lwilliam]

[b]Their cookie attempted to access my Social Security number. [/b] Was this an obvious, "please enter your SSN" question, or was it snooping on your PC somehow and you managed to figure out what the cookie was doing? I try to remember to turn cookies off whenever I visit a "sales-oriented" site. I don't always remember, and sometimes you can't do much without having cookies enabled...

[Anderton]

No company has a right to take your social security number information without first obtaining your approval. The company could be as pure as the driven snow, but that doesn't help if unscrupulous people hack their system and start appropriating personal data. I predict, BTW, that the concept of privacy will not be understood or used in the common vernacular by the end of this century.

[Bubbajazz]

[quote]Originally posted by lwilliam: [b][b] Was this an obvious, "please enter your SSN" question, or was it snooping on your PC somehow and you managed to figure out what the cookie was doing? [/quote]It was a snoop that I caught courtesy of a recently installed copy of Norton Internet Security Pro. [quote] I try to remember to turn cookies off whenever I visit a "sales-oriented" site. I don't always remember, and sometimes you can't do much without having cookies enabled...[/b][/quote]I've decided I can live with cookies on sales sites, but I guess I need to reexamine this. I'm really very disappointed by this.

[Marvster]

I'm not saying this didn't happen, but it's perhaps helpful to realize that cookies *store* information -- they're not applications that can access other things. I'm really interested, though. Could you be a bit more specific about the sequence of clicks that took you to the offensive request? Cheers, Marv

[Bubbajazz]

[quote]Originally posted by Marvster: [b]I'm not saying this didn't happen, but it's perhaps helpful to realize that cookies *store* information -- they're not applications that can access other things. I'm really interested, though. Could you be a bit more specific about the sequence of clicks that took you to the offensive request? Cheers, Marv[/b][/quote]I entered their site by entering their URL directly into Explorer. I got to the home page (no problem), and clicked on their Pro Audio page. Norton sent me a warning that the site had requested info that included my SSN (which I have set Norton to block.) I reaffirmed my block, and the B&H site blocked me from further access. I canm't even get to the Pro Audio page without releasing my SSN. No way! Presumably, B&H's cookie includes my SSN as an identifier. I certainly don't recall giving it to them - I won't even give it to American Express these days. I never gave it to them voluntarily, and certainly was surprised at the request. They got the info somehow, and are using it in a fairly public way as an identifier. I'm really surprised - at their size, they should know a thing or two about credit fraud.

[Bubbajazz]

[quote]Originally posted by Anderton: [b]No company has a right to take your social security number information without first obtaining your approval. The company could be as pure as the driven snow, but that doesn't help if unscrupulous people hack their system and start appropriating personal data.[/quote]While it might be a hacker, I am still suspicious and concerned. Regardless, Craig, while I agree with your point about approval ethically, I am not sure it is legally true. It should certainly be true as a matter of policy with an otherwise reputable firm. [quote] I predict, BTW, that the concept of privacy will not be understood or used in the common vernacular by the end of this century.[/b][/quote]Perhaps not, but it is hard to envision any public commerce without reasonable safeguards that ensure that I am me, that I am the only one who can spend my money (yeah, I know, taxes and marriage, but that is a different thread) and that the seller is the seller. This whole SSN-identity theft thing is really weird. If anyone wants to really locate my medical records to find out about the boil on my butt, that doesn't really disturb me, but I might feel differently if I was HIV-positive.

[Bubbajazz]

A red-faced apology to B&H, and I am sorry to have wasted everyone's time. Briefly, I checked my settings, again, and what B&H was accessing was a fragment of the number - I believe they have not, in fact, chased my SSN. Again, my apologies. Move along...there's nothing to see here.

[Marvster]

[quote]I reaffirmed my block, and the B&H site blocked me from further access. I canm't even get to the Pro Audio page without releasing my SSN. No way! Presumably, B&H's cookie includes my SSN as an identifier. I certainly don't recall giving it to them - I won't even give it to American Express these days. I never gave it to them voluntarily, and certainly was surprised at the request.[/quote]Again, I'm not calling you crazy, but I think you may have encountered a dreaded Internet -- highly technical term coming here -- gremlin. The B&H site does set a cookie if you let it, but it seems to be primarily for tracking purposes. Not only do they say this in their privacy policy, I opened the cookie and checked to confirm. I blocked cookies and the B&H site still worked just fine for me (including going to the Pro Audio page and beyond). The B&H site will let you purchase without creating an account (a privacy-friendly practice I'm fond of), but it doesn't look like they ask for your SSN regardless. Finaly, the B&H privacy policy is among the clearest I've seen -- they seem to be as concerned as any Net-savvy store about making sure you understand what they collect and for what reason. I'm not a shill for B&H and have never purchased there, but you might want to keep an open mind about what's causing your problem. On quick inspection, it doesn't seem to be their site. Could it be Norton? Marv

[Marvster]

Oops! Sorry, our posts crossed. Glad you worked it out. Marv

[Bubbajazz]

Marv - absolutely - please see my above post, and again my apologies to B&H. I am still puzzled as to why the site would not let me proceed without allowing the cookie, while you apparently had no problem.

[Dan South]

Although we now know that B&H did NOT try to access your SSN without your prior consent, let's examine what it would take for this to be possible at all. (1) You would have to have your SSN stored on your computer somewhere. (2) The place where your SSN was stored would have to be a commonly accepted place for storing such information. I know of no such file in any operating system. So, unless you've stored your SSN somewhere on your hard drive in a file called HeresMySSN_ComeAndGetIt.txt, no site could ever access that information no matter how craftily it searched (unless it prompts you and you enter it, but then you have only yourself to blame). Glad to hear that B&H has been exhonorated.

[Bubbajazz]

[b]I am editing this post at the top to tell all that the topic was started as a result of my mistaken assumption about a Norton message I had received while browsing. B&H is a reputable firm that I have had personal good experience with, and I regret that I started this topic.. I am removing the original posting to avoid any confusion.[/b]