Dodo Internet and your privacy

[Yaw]

I am currently having an argument with Dodo internet regarding privacy.

You see Dodo ask you as a way to identify yourself your account password.
Now the major problem with this is that this means each and every staff member of Dodo can see your password.

This creates a security problem with your privacy that one of thier employees could take your account name and password home (with dodo your account password and defualt email password are the same, if you change one they both change) So the potential problem is one of thier staff could malicously use your account and email or just read your private emails.

Now the Fedral privacy act states this :
An organization must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorized access, modification or disclosure.

My argument is they are breaching that section of the privacy act.

They argue that most other I.S.P's do this also. I want to know if your I.S.P does this.

[Christina]

uh, dodo, what can one expect, really? lol

[uranium_death]

"Credit Cards Only"

Papa needs a new pair of slippers!

[uranium_death]

Whoops. I am a complete idiot. -1 for "My I.S.P Does ask for my account password" and +1 for "My I.S.P does not ever ask for my account password."

I have called Optusnet many times and to identify me, I have a unique number that in no way reflects the main account password.

[Hunter]

No helpdesk should *ever* ask for your password - I have worked in IT for about 4 1/2 years (including a recent 9 month stint on a helldesk) and I can tell you that asking for a password is a big no no and is considered a cardinal sin amongst IT staff.

I'm not surprised, dodo probably is an abbreviation for 'Dodgy Dodgy'.

[I FluXx I]

iinet ask me for my password. I couldnt care less. I trust the good people over there to not read my super dooper top secret emails. And you would know if they read your emails because it would be listed as opened in your inbox. What else are they going to do? change your password for you to only ring up and have them fix it?

[uranium_death]

Quote:

Originally Posted by I FluXx I

iinet ask me for my password. I couldnt care less. I trust the good people over there to not read my super dooper top secret emails. And you would know if they read your emails because it would be listed as opened in your inbox. What else are they going to do? change your password for you to only ring up and have them fix it?

Umm...they can mark your emails as "unread".

They can also delete mail without you even knowing.

That's the danger.

[Bluefreak]

Quote:

Originally Posted by uranium_death

I have a unique number that in no way reflects the main account password.

Same, with Netspace.

[LTDHO]

Well they can ask.
It's the same as your bank knowing your password, I know ANZ does.

Being a call centre, they will forget it before the next call anyway!

[sgt_doofey]

Quote:

Originally Posted by Yaw

So the potential problem is one of thier staff could malicously use your account and email or just read your private emails.

On the point about the e-mails, the fact that they run an e-mail server means that there is some people (administrators) who could read all e-mails on the server. That include yours as well. They will also have access to your personal details, including Credit Card details.

The only real thing that they could achieve by taking your account home that they probably can't already do at work is to use up your quota.

I work in IT for a financial services company. I am an administrator for a couple of their systems and I have access to a hell of a lot of information, including banking details of clients. Does it mean that I am going to exploit this to steal money? Hell no. I value my job too much for that.
If these ISP staff do what you are thinking about and get caught, they will be fired from their jobs and no doubt criminal charges would be pressed. That probably means that they then won't be able to get another job very easily at the least, or worst case, end up in jail.

[MoreHPformyXR6]

Quote:

Originally Posted by Yaw

Now the Fedral privacy act states this :
An organization must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorized access, modification or disclosure.

My argument is they are breaching that section of the privacy act.

They argue that most other I.S.P's do this also. I want to know if your I.S.P does this.

IMO your are taking the act out of context.
If we take that part of the act & look at what it means:

An organization must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorized access, modification or disclosure.

The organization in your case your ISP Dodo is not taking resonable action to protect your personal info in what way?

Would the canteen lady @ Dodo have access to your password? If she does then yes it could be argued they have breached the act as that would not be reasonable as its not in line with her current duties. The person that takes your call in Dodo's call centre that ask's for your password as part of there POI prior to getting into the call to ensure they are speaking to the correct person, which is in your interest by the way & reasonable. There is also no argument that it isnt inline with there current duties as a Dodo employee which is so relevant to the context of what this part of the privacy act is saying. Obvisiously if a Dodo employee breached your privacy then you would have reason to complain & expect appropriate action to be taken. As you would dealing with any organisation that holds your personal information.

In answer to my your question my ISP Adam Internet does not ask for my password. My bank ANZ does, have I had a problem with either NO. If I did would I come down on them like a ton of bricks = yes. (Especially if in any way shape or form they breached any of my private information.)

Have you had a problem with Dodo breaching your private information? yes/no

If you want an ISP that doesnt ask your password (give your business to them.)

Are Dodo breaching the privacy act "get real"

:

Dodo employees probably get free internet anyways.

[james22]

OptusNet never asks me, just user name and phone number

[fat289]

If you don't like it "move"
easy fix

[BigAL_250]

I'm wondering why you have your internet with an ISP that sponsors HRT.

[Yellow_Festiva]

Each time I call the bank they ask for my password, the opperator then has full access to my account info... Big deal, its their job and if i want help than they need to know the password, simple.

If you don't trust the very company you deal with to discuss your password than I think you should re-assess the things you worry about...

The person you deal with on the phone probably hears hundreds of passwords a day, by the time their day is over they would have forgotten the last person they spoke to.

[I FluXx I]

Quote:

Originally Posted by uranium_death

Umm...they can mark your emails as "unread".

They can also delete mail without you even knowing.

That's the danger.

But why would they?

[SiKoRa_eL_97]

Quote:

Originally Posted by bigal_1701

I'm wondering why you have your internet with an ISP that sponsors HRT.

AHHAHAH good call =D

[GXL078]

Do Dodo employ Australians on their help desk that can understand "Australian" because TPG sure as hell don't?!

[nugget378]

Quote:

Originally Posted by sgt_doofey

If these ISP staff do what you are thinking about and get caught, they will be fired from their jobs and no doubt criminal charges would be pressed. That probably means that they then won't be able to get another job very easily at the least, or worst case, end up in jail.

Fired yes,but I really doubt they'll face any type of charge,companies like this will do anything to avoid this sort of publicity.

[flappist]

Well paranioa is alive and well isn't it?

A few points:

Asumptions: ADSL is the deployment medium and as DODO is virtual you are attached to the IPSN/ERX at Charlotte St exchange.

1) Every time your account is used the time, date, FNN of the phone line and a few are details are recorded. This has happend since the beginning, I have used this in investigations many time.
2) All your email data is stored accross servers that are accessable by the admins at all times. There is NO SUCH THING AS PRIVATE EMAIL.
3) Misuse of any information is in fact indeitable and many have been prossecuted over the years. Penalties are quite severe.

Do you really think you that interesting that someone would care what is in your emails to the point of risking a custodial sentence?

The idea of the verification is to ensure thet it is actually YOU they are talking to not just some stupid child or an enemy of yours trying to play games.

[satria]

i think you need a chill pill mate.

I think my ISP asks for my password but i trust them enough to not screw around with my account, because if they do i will just have to ring them up to fix it lol.

I loved I FluXx I's comment, made me crack up hehehe

"I trust the good people over there to not read my super dooper top secret emails."

[robjh80]

Iv'e never phoned my ISP ever.........oh that's right I'm with INTERNODE!!!........never had to phone them.... :hihi:

[MON10A]

i had one ask, i gave it and with in 5 days there was over 900mb used while we were away,so never again and when they ask i refuse to give it.

[Tommo224]

with Optus, never been asked.

[sgt_doofey]

Quote:

Originally Posted by MON10A

with in 5 days there was over 900mb used while we were away

Was your modem still on? If so, turn it off in the future and I'll think you'll find that there won't be any usage. That's due to "noise" on the internet whilst you have a connection.
There are virii and spyware/malware programs out there which probe internet connections testing to see if there is a computer they can compromise on that connection. This usage is not much per attempt, but add it up over a huge number of attempts over say the space of a week and you can easily have about 200Mb "go missing." It's unfortunately the nature of the internet and unless the modem is turned off, then you are still going to have usage, even with your PC off.

[GasoLane]

Exetel, and never been asked.

[clontarf_x]

I work for an ISP and I can say that we definately use passwords as a primary form of identification. If they can not supply us with the password we then go through a 9 Point Check to verify their ID

The purpose is a password is your primary indentification next to your user name, or main identifying customer number. Otherwise what point is there in having a password at all?

Seriously, those that get on their high horse about ISP staff knowing passwords need a new career. We work for the bloody company That being said though, I wouldn't trust DODO with my password either

Dodgy bastards...

[GasoLane]

Quote:

Originally Posted by clontarf_x

Dodgy bastards...

Shouldn't that be 'Dodogy' bastards

[gozza]

how many people do over the phone c/c transactions?
i have plenty of times and in my line of work i take down credit card details all the time....more to worry about there than email security...