PayPal Phishing Attempt

[Phil Deakins]

And I'll also repeat myself, Solar - yes, I know that a car and a server are different things, and yet my analogy was spot on. It wasn't about the things themselves. It was about who is responsible to who.

If I give personal information to a company that says it respects my privacy, etc., and that company later decides to give it to another company, then the first company is responsible to me for me for the privacy of personal information. The second company is responsible to the first company for it. It is not responsible to me. I.e. Amazon has no responsibility to me for the security of my data.

What you are saying amounts to nobody having any responsibility to me for the personal data I provided to Linden lab. You're saying that LL's responsibility to me ended when they gave the data to Amazon, and you have to be saying that Amazon never has any responsibility to me to keep my data secure. Amazon never deals with me so they can't be responsible to me. They have a responsibility but it's not to me. No matter how you think about it, LL does not and cannot abdicate the responsibility to me for the security of my private data.

If you take your faulty TV back to the shop where you bought, and leave it there for repair, and then the shop passes it on to a TV repair firm, and it gets stolen from there, who is responsible to you for the TV? It's the shop you took it to, of course. It's not their fault it was stolen from the repair firm, and they had no control at all, but they are responsible to you, and they will pay you for it, or replace it.

Similarly, if I give private data to an internet company, with the understanding that it is secure with them, and they pass the data to another company, and it is stolen from there, who is responsible to me for it? It's the company I gave the data to, of course. In this case, there is no cost to recover, but that doesn't change where the responsibility lies. The second company has a responsibility to the first company, and the first company has a responsibility to me.

If you can't agree with that, there is no point in continuing, because it will go on forever, and we might as well agree to disagree again.

 

[Solar Legion]

It seems you're having a hard time understanding what has been written without putting your own assumptions into this. The first being that any physical good analogy will work here. It will not - stop using them.

 

That lovely TV in your example is a singular item, it cannot be replicated nor can it be used to send data back to your computer if it is stolen. An e-mail address can be replicated and someone who steals it out of an e-mail server can send you an e-mail you did not solicit.

 

Amazon is responsible for any e-mail addresses that pass through their AWS/SES systems, both to the companies that contracted them AND the customers of those companies. THEY control the AWS/SES systems, it is their responsibility to ensure the security of those systems.

 

Your assumption that Amazon is not responsible to you for such a breach of security is the sort of response I expect from most people who blindly accept the notion of taking the easiest route out of things ("I gave Linden Lab my e-mail address, they must secure every server it passes through, even if they do not own or control the servers").

 

And no, there really is no point in continuing this Phil: You're mired in the notion that responsibility is utterly black and white, that it has a blanket application. You cannot wrap your head around the notion that - at the least where E-mail is concerned - a company is responsible for its own systems, their responsibility shared by each and every server system that address passes through after leaving their system.

 

What I have been saying is that Linden Lab AND Amazon bear the responsibility for securing their e-mail servers. If the breach is from Linden Lab's servers, they bear the full responsibility of that breach. If it comes from Amazon's servers, they bear the responsibility for the breach (both to Linden Lab AND to you) where Linden Lab is responsible for their choice of routed system.

 

Nowhere is the responsibility to you simply abdicated.

[Phil Deakins]

---

Solar Legion wrote:

It seems you're having a hard time understanding what has been written without putting your own assumptions into this. The first being that any physical good analogy will work here. It will not - stop using them.

---

I haven't quoted the rest of your post because it's just carrying on the disagreement. I kept the bit above to say two things:-

1. I understand what is written perfectly, and without assuming anything.

2. My analogies work perfectly for this case.

And that will do. You think one thing whereas I (and others) think something else, and the bottom line is that it doesn't matter what anyone thinks. This part of the discussion came about when you misunderstood exactly what I meant by "at LL's end", because I didn't write it with complete exactness. Since then, you've understood what I meant and this part of the discussion is just a sub-discussion of that, which we're not going to agree on, so there is no point in continuing it any further.

You may now have the last word - but, whatever it is, it won't make any difference to anything

[Solar Legion]

Phil, the "disagreement" stems simply from one of us coming at it from a "legal" angle and the other coming at it from a realistic and logical angle.

 

And no, your analogies do not work. A stolen TV is not an E-mail address, nor is a car wreck a breach of server security.

 

But whatever, feel free to prop up a system of "easy way out" crap.