OT - WAY - OT

[Fairlight]

Simon--er, no...it was Howie--said:
> You miss my point.
> 
> I am not proposing flooding them with automated replies.  Just responding to 
> their requests for my private information (while illegally pretending to be 
> a company that they are not.)

Misrepresenting yourself in return is ethical -how-, again?  Is it even
legal?  IANAL.  Ask one.

> I don't see any problem with responding to a criminal attempt to steal my 
> information, money, credit or identity with an incorrect response.  I tend 
> to make a lot of typos anyway.  What, are they going to sue me?

Well, that depends.  Maybe not sue, but imagine they try using that
information and incur chargeback fees.  A third party could come after you
for fraud based on information you willingly falsified.  I don't know how
this would play out, only that it would give me pause.

> Ken's point about them making a DoS attack on me is only not really 
> worrisome since how would they know who to do it to if many people 
> responded?  These people are not out for revenge, just theft.

You've never gotten on the bad side of a cracker, have you?  Some will
launch a DoS for -no- logical reason at all.  If they're nuts enough to
disregard the law to this extent, is it really wise to provoke them?
Shafting them out of what they're after will rankle them.  Do you -really-
want to be the target if the authorities cotton on to them because of
something you did?  I think most people would be thinking payback at that
point.

You've also apparently never talked to the victim of a real DoS, or you
wouldn't be so cavalier about it.

> And no, I don't have much free time but I'll be glad to spare a few moments 
> a day (for the greater good) to screw up these criminals and eventually 
> maybe make it too expensive for people to bother phishing.

Won't happen.  This is an area where one person can't really make a dent.

> Maybe you can't cheat an honest man (not too easily anyway) but cheating a 
> crook is a moral imperative.

Apparently you've never heard the old saw about two wrongs not making a
right...  

And you can fool an honest man--they're calling it ID Theft Insurance.  The
banks do nothing more than they already do (stop questionable payments and
"pay off" your card in the event it's compromised badly--paying off being
equivalent to "writing off", which they've done for years), but charge you
for the benefit of no real extra protection.  Hell, they're more likely
to divulge your card than you are.  One bank lost 900k cards a year or
so ago in one shot.  If you can get someone's address, mother's maiden
name, and SSN (not hard or expensive) you could pose as anyone even on the
phone.  BellSouth's original web site security was so lax that I could have
cancelled my in-laws' service in 5min.  They beefed it up some since.

But the ID Theft insurance racket is big bucks.  

And it wouldn't surprise me if virus protection companies paid offshore
hackers to write new strains, justifying their existence.  I've wondered
about that for years.

And I think you can -easily- cheat an honest man.  Our government does it
daily.  They call it taxation.

m->
-- 
"Moral cowardice will surely be written as the cause on the death
certificate of what used to be Western Civilization." --James P. Hogan