At: ashok.org.uk/2008/telephone-spam
I've always been quite wary of the Telephone Preference Service (and its sibling the Mail Preference Service). It makes me nervous that the do-not-spam list is held by an organisation that promotes direct marketing.
After getting more marketing calls, and this weekend a spam text message from Firezza (a local pizza firm, no link-love from here), I finally signed up for the TPS for my mobile number and our home number.
Unfortunately, this showed up a rudimentary security error by the TPS. As is common, they verify the email address you give them by sending a link you must follow before they act on your request.
Alas, the two links they sent me were:
https://secure.dma.org.uk/tps/confirm/xxxxx28
and
https://secure.dma.org.uk/tps/confirm/xxxxx29
(for the same xxxxx in each case).
That is, they're using a serial number as the hard-to-guess, hard-to-forge thing.
I can think of nice, privacy respecting ways to store do-not-spam lists, using something like a Bloom filter. Unfortunately, doing that would require a basic understanding far in excess of the TPS' displayed competence.
Tagged: Rants, Business, Security, Technology
Posted at 06:45 EDT, 19th May 2008.
No comments. Add one.