| Pages in topic: < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] > | Illegal use of data from ProZ.com profile Thread poster: RoxanaTrad (X)
|
|---|
paula arturo 
United States
Local time: 10:51
Spanish to English
+ ...
| key words: credible and comprehensive | Aug 4, 2009 |
Bob Kerns wrote:
Fully agree with the comments from Ralf above.
Why are we being thanked for our patience when it is blatantly obvious that our patience is slowly but surely running out?
And reading that one member of the site staff is "sure Henry will be providing a more detailed update as soon as possible" does not do anything to assuage my dissatisfaction on this issue.
What I would have liked to hear is something on the lines of "Henry has assured me that he will ...", or even better a credible and comprehensive statement from Henry himself.
All we got were a little over 100 words of nothing! Once again Henry has managed to “reply” to our concerns without actually addressing them.
Somewhere in this post Henry bashed the ethics of the site that’s using our info. But what can be said about the ethics of Proz.com in handling this matter? People, who may be have been affected by this breach, but who may not be aware of this thread, still have no idea what’s going on. There have been no concrete answers as to what Proz.com is doing to solve this matter (BTW, “we’re looking into it,” “we’re working on it,” and “we’ll keep you posted” don’t constitute CONCRETE answers). No public apologies were made anywhere outside this thread.
People have a RIGHT to know what’s going on and make informed decisions. As a service provider, Proz.com has an OBLIGATION to handle this matter with clarity and transparency.
Looking forward to a REAL answer from Proz.com, not just a vague pacifier to calm the waters.
| | | | MariusV
Lithuania
Local time: 17:51
English to Lithuanian
+ ...
| security from what? | Aug 4, 2009 |
Enrique wrote: Marjolein Verhulsdonck-Roest wrote:
It's a gift...
... using 148 words and saying nothing new.
ProZ.com staff has launched with top priority a comprehensive security review. This was reported earlier, and staff continue this work. It is nothing new, but the follow-up of a hard and delicate work that is being carried on with great dedication. Regards, Enrique
Dear Enrique,
Can you please explain me how proz.com can protect personal data security if CVs of translators are actually "demanded" to be filled on and posted -PUBLICLY- on proz.com? By "demanded" I mean this crazy "advice" to "complete one's profile", i.e. if the CV is not on the profile, the profile "appears to be incomplete"? What security measures can you undertake if such "profiles with CVs" are shown publicly and are like a heaven for internet data "harvesters"? The only thing they'd still want to have - credit card information and PIN codes...All the rest is there - CV with the whole biography, even project history with client names, and etc...
Maybe there can be some other solutions without the need of "security measures"? Like demanding to post only "non-sensitive" personal data on proz? And if there is someone interested in this or that translator (after reading the general info on proz.com) profile - that someone might ask for any additional info "in private" from the translator? In such a case, no one will need "security measures" on proz, and if someone provides some sensitive info to someone else directly (i.e. when such info is not received/harvested from proz), Proz can "wash the hands" and can have no responsibility for that...I see no logical reason to brake through an open door.
[Edited at 2009-08-04 16:08 GMT]
| | | | Textklick
Local time: 15:51
German to English
+ ...
In memoriam | No worries on that one, Marius | Aug 4, 2009 |
Can you please explain me how proz.com can protect personal data security if CVs of translators are actually "demanded" to be filled on and posted -PUBLICLY- on proz.com? By "demanded" I mean this crazy "advice" to "complete one's profile", i.e. if the CV is not on the profile, the profile "appears to be incomplete"? What security measures can you undertake if such "profiles with CVs" are shown publicly and are like a heaven for internet data "harvesters"?
Hi Marius,
Just for the record: I 'disconnected' my CV, and a mouseover of the green button still says "All required and encouraged fields in your profile are completed".
Cheers,
Chris
| | | | Merja Jauhiainen
Finland
Local time: 17:51
Member (2008)
English to Finnish
+ ...
| Another option with CV | Aug 4, 2009 |
Hi Marius,
another option is to complete the CV section by writing "CV will be submitted upon request", and that's enough for the section to be considered complete.
Regards,
Merja
| | |
|
|
|
PRen (X)
Canada
Local time: 11:51
French to English
+ ...
| Proz.com invoicing tool | Aug 4, 2009 |
Given the serious security concerns on this site, I'm amazed that members / users want to lodge this information with this site:
"Financial overview - get a comprehensive summary of your cash flow, at a glance.
Sales by client - see amounts billed to each client, in a calendar format.
Time to pay - know how quickly each client tends to pay your invoices.
Invoice aging - stay on top of past due invoices.
Payments received - track payments received.
Invoi... See more Given the serious security concerns on this site, I'm amazed that members / users want to lodge this information with this site:
"Financial overview - get a comprehensive summary of your cash flow, at a glance.
Sales by client - see amounts billed to each client, in a calendar format.
Time to pay - know how quickly each client tends to pay your invoices.
Invoice aging - stay on top of past due invoices.
Payments received - track payments received.
Invoice activities - track invoicing history.
Tax reports - see details about taxes collected" ▲ Collapse
| | | | | Can you please be MORE clear? | Aug 4, 2009 |
Henry D wrote:
To be clear...
I am afraid that none of what you wrote is clear--it's just a repeat dose of what you have already told us.
Henry D wrote:
Work has continued through the weekends since the breach became apparent.
Through the weekends?!? And this is what you call 'top priority'? What have you been working on through the weeks, then?
Henry D wrote:
As posted previously, notification will also go out to those affected.
When, Henry, when? It's been two weeks now, for crying out loud! Even the week-end is long enough to write four paragraphs!
Henry D wrote: If anyone has specific questions that have not been answered in this thread, please submit them via the support system.
I have. A reply was added to it and it is now closed. In my support request, I was asking what ProZ is doing to ensure that "my" account is removed on that site, and what ProZ was waiting for to post information (not excuses and repeated requests for patience) in this thread and through e-mail to site users. The reply was pointing back to this thread. So, I am venture to say, Henry, that the solution you propose here is nonsense. My support ticket was not addressed as the reply didn't address any of the issues I wrote about when I submitted said support ticket.
So, I am going to ask you here, as it seems there is now no other way to get the slightest information.
1. Are you in contact with the site in question?
2. Did you request that the data be removed?
3. If yes, did you get a reply?
Telling us that this is top priority and that you are making every effort you can is entirely beside the point, Henry. What we want to know is not whether you are working on this, but rather what has been done so far and what's next. At the moment, I don't care how data will be made more secure in the future on this site. I want to get "my" account removed FIRST. Can you tell me what is being done to achieve this? As I have already said a few times, I have found no way to remove it myself. Since the data was stolen from YOUR site, I believe the ball is in YOUR court. Had my data not been on your site, it wouldn't have been stolen in the first place.
| | | | Uldis Liepkalns
Latvia
Local time: 17:51
Member (2003)
English to Latvian
+ ...
| Actually I was always wondering | Aug 4, 2009 |
what imbecile even a complete beginner has to be to entrust all his financial info storage to any 3rd Party (and with this I do not mean specifically ProZ, there are many sites that promise to keep your backup data - and for free). Seems they have never heard that for free there is only the cheese in a mousetrap - and then only for the second mouse...
But yes, as these services seem to thrive, I can conclude that another generation has succeeded mine - consisting of people who canno... See more what imbecile even a complete beginner has to be to entrust all his financial info storage to any 3rd Party (and with this I do not mean specifically ProZ, there are many sites that promise to keep your backup data - and for free). Seems they have never heard that for free there is only the cheese in a mousetrap - and then only for the second mouse...
But yes, as these services seem to thrive, I can conclude that another generation has succeeded mine - consisting of people who cannot make their own backups on external disks, are unable to keep their own accountancy, or compose their own invoices...
Uldis
PRen wrote:
Given the serious security concerns on this site, I'm amazed that members / users want to lodge this information with this site:
"Financial overview - get a comprehensive summary of your cash flow, at a glance.
Sales by client - see amounts billed to each client, in a calendar format.
Time to pay - know how quickly each client tends to pay your invoices.
Invoice aging - stay on top of past due invoices.
Payments received - track payments received.
Invoice activities - track invoicing history.
Tax reports - see details about taxes collected"
▲ Collapse
| | | | heikeb
Member (2003)
English to German
+ ...
| clearly visible note | Aug 5, 2009 |
Uldis Liepkalns wrote: PRen wrote:
Given the serious security concerns on this site, I'm amazed that members / users want to lodge this information with this site:
"Financial overview - get a comprehensive summary of your cash flow, at a glance.
Sales by client - see amounts billed to each client, in a calendar format.
Time to pay - know how quickly each client tends to pay your invoices.
Invoice aging - stay on top of past due invoices.
Payments received - track payments received.
Invoice activities - track invoicing history.
Tax reports - see details about taxes collected" what imbecile even a complete beginner has to be to entrust all his financial info storage to any 3rd Party (and with this I do not mean specifically ProZ, there are many sites that promise to keep your backup data - and for free). Seems they have never heard that for free there is only the cheese in a mousetrap - and then only for the second mouse... But yes, as these services seem to thrive, I can conclude that another generation has succeeded mine - consisting of people who cannot make their own backups on external disks, are unable to keep their own accountancy, or compose their own invoices... Uldis
Particularly, but not only, for the benefit of those users, I think a note regarding this issue placed in a prominent place (or at least a clearly visible link to such note) would be the thing to do.
Also, Proz' privacy statement could use a good overhaul as it is IMO not quite adequate for a professional site that offers all kinds of online services and handling of personal and sensitive information; it lacks all kinds of standard disclaimers regarding the (well, so-called) safety of data entrusted to any online site, data transfer between different locations, etc. or information on whether SSL encryption or similar standard safety devices are being used. Right now, there is not even any mention of data from the invoicing system that passes through Proz' servers or how that data is protected.
It would be a smart or even necessary move for any internationally active company offering storage and transfer of sensitive information to adhere to the Safe Harbor principles and to become e.g. TRUSTe certified, so that there is also a clear procedure in place in case disputes regarding the safekeeping and handling of data arise. Lots of companies do that that collect nothing more than their users' email and mailing addresses.
Stricter, self-imposed regulations and definitely a much higher degree of transparency might help avoid brushed-under-the-carpet situations (such as the one mentioned previously by Ralf), which leave a rather bitter aftertaste, and might also help gain back the trust a lot of Proz members have lost in recent times.
Bottom line of this incident and, sadly enough, a good number of others is that the justified request of Proz members to have their concerns be taken more seriously is pretty much ignored. "Take two of these and submit a support ticket in the morning" is not a good way and, most important, not a professional way of handling members' concerns.
| | |
|
|
|
David Russi
United States
Local time: 08:51
English to Spanish
+ ...
| Is the membersihip at large EVER going to hear about this? | Aug 5, 2009 |
I just found this thread by accident, and I am absolutely appalled at the handling of this issue by ProZ, it absolutely unprofessional and unconscionable not to notify immediately all site users of what happened over two months ago!
| | | | Nicole Schnell
United States
Local time: 07:51
English to German
+ ...
In memoriam | I just found this thread by accident, too. | Aug 5, 2009 |
I checked this mysterious website - not only do they have a profile with my full name but also a second profile with my ProZ.com user name. My login information. Which by no means should be public.
Good grief.
| | | | Steffen Walter
Germany
Local time: 16:51
Member (2002)
English to German
+ ...
| Professionalism, or the lack of it | Aug 5, 2009 |
Heike Behl, Ph.D. wrote:
...
It would be a smart or even necessary move for any internationally active company offering storage and transfer of sensitive information to adhere to the Safe Harbor principles and to become e.g. TRUSTe certified, so that there is also a clear procedure in place in case disputes regarding the safekeeping and handling of data arise. Lots of companies do that that collect nothing more than their users' email and mailing addresses.
...
Exactly, Heike, and I also agree with the other points you've made in your posting. While I do realise that it takes some time for site staff to cope with the consequences and to close any existing security gaps, there's definitely huge room for improvement as regards the professional handling of such matters by the site, including the way this is being communicated (or not) to members/users in general.
Steffen
| | | | Saskia Steur (X)
Local time: 16:51
English to Dutch
+ ...
I've only come across this thread by accident and when I checked OutsourcingRoom.com I discovered, much to my disgust, that I have a profile there, too. I am positive I was not the one who did that.
I, too, wish answers and assurancec by ProZ staff that security of details is improved and that our illegitimate profiles as sites such as OutsourcingRoom are removed immediately!
Saskia
| | |
|
|
|
Saskia Steur (X)
Local time: 16:51
English to Dutch
+ ...
| reply from The OutsourcingRoom Team | Aug 5, 2009 |
This is the reply I got to my message to them:
Dear Saskia,
Thank you for your message.
Your account has been deleted from our database.
Sorry for inconvenience and have a nice day!
Sincerely,
The OutsourcingRoom Team
[email protected]
www.outsourcingroom.com
| | | | David Russi
United States
Local time: 08:51
English to Spanish
+ ...
| I got no response, but the profile in my name was removed | Aug 5, 2009 |
Saskia Steur wrote:
This is the reply I got to my message to them:
Still, the real problem is the response on THIS site. By keeping this in a forum discussion, making no announcement to the community at large of the existence of a problem, at least to explain the approach taken at fixing it and avoiding its repetition, like the proverbial ostrich, it has simply buried its head in the sand.
| | | | MariusV
Lithuania
Local time: 17:51
English to Lithuanian
+ ...
Merja Jauhiainen wrote:
Hi Marius,
another option is to complete the CV section by writing "CV will be submitted upon request", and that's enough for the section to be considered complete.
Regards,
Merja
Dear Merja,
Please let me explain more exactly what I had in mind...I had in mind that proz profile "screaming" each time I edited the profile that I did not upload my CV. Well, if someone needed my place of birth as a proof of my expertise, no problem. But, fairly, personal data is quite a sensitive thing and I did not burn with a great desire neither for some personal data harvesters to have my CV downloaded (and published somewhere else without my permission or knowing), nor even Proz community owners having this info. Let alone data with recent project lists (well, somehow, I do not want to disclose the info about my clients because I do respect them and their confidentiality)...Finally - BB posts with many clients stolen by more hungry people...OK, can blame my own stupidity (naivety) for posting good words about some great clients...But back to the topic - I think that info on the profiles shall be limited to relevant issues only. Of course, the solution "CV will be submitted upon request" is a good option, but I have noticed it ONLY after I read your post. Because proz profile "blankets" are soooooooooooooooo long and I do not (nor have a great desire) to sit the whole day analyzing all that (and trying to understand or question certain issues as questioning in some context about some things can be ... well...). OK. Enough Enough of criticism - will come up with contructive solutions for proz next time.
| | | | | Pages in topic: < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] > | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » Illegal use of data from ProZ.com profile | Anycount & Translation Office 3000 | Translation Office 3000
Translation Office 3000 is an advanced accounting tool for freelance translators and small agencies. TO3000 easily and seamlessly integrates with the business life of professional freelance translators.
More info » |
| | Protemos translation business management system | Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!
The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
