All I wanted to do was purchase an item from the same online storefront I purchased a similar item from a few weeks ago.
During the process of 'age verification' (this time) I was again asked to provide my *actual* birthdate. This previous time I provided one that was a day or so away from my actual birthdate (for obvious security/PII reasons) as this is a third-party service, and because...WTF this is against everything I've been writing about for years since my security blog for the Concord Monitor. It's against best practices (security-wise).
As I said a few weeks ago I purchased a similar item from Arizer, and in the process used a close-but-not-exact birthdate which is typical of how I approach sites that ask for my exact age. I'm not lying in any material way that affects the purpose of the 'age verify' and I am protecting my PII. Today however was a bridge too far.
Today I was presented with a message to provide an image of my driver's license and send [it] to this 3rd-party 'service'. I started to comply but thought better of it after the first 'photo' was rejected. I called their support # but ended hanging up after I said "I'm sixty-five goddam years old" and the woman told me not to swear at her (I was holding my tongue). So I decided to send a support message to Arizer, telling them the story and voicing my opposition to this intrusive and serious Pll/security FAIL Oh, and also the fact that they'd just sold me an item without my exact birthdate and no one died, no laws were broken, my PII was kept private and we all lived quite happily after... until I wanted to spend another $150+ on their site, but this time with the [potential] added price of my PII.
After this incident I decided to do a Google search for "security question: Should I give out my birthdate to purchase something"? Take a look -
IF there are state/federal regulations that mandate exact birthdates they need to be changed with common-sense legislation to protect citizens' PII while controlling underage persons with a different (non-invasive) method.
No comments:
Post a Comment
Comments are welcome but need to be on-topic and civil.