Three.ie using unsecure pages for personal information

USER X

I needed to activate a new sim card recently to use my phone number which is with the three mobile network and the replacement sim says to go to three.ie/simactivation

The page (http://apps.three.ie/sim_activation) requires personally identifying information (all the details required to access and make changes to an account) such as Name, address and date of birth. I contacted Three by phone to say that I was not comfortable with submitting these details through an unsecure page and their response was pretty much tough luck as they are not allowed to do a sim swap over the phone because they are not permitted to by Comreg. They gave me the alternative of visiting one of their shops to do the swap but I decided to port off the network instead as ive had numerous problems with the service they provide.

Their contact page also requires personal information over an unsecure page if you select the option that you are an existing billpay customer :rolleyes:
http://apps.three.ie/contact_form/ask

Given how little an SSL certificate costs, I was quite surprised to see such practice from a company as large as Three - It also doesn't inspire confidence for their recent acquisition of O2.

Given Three's lack of response and assistance on the matter, I reported it to the Data Protection Commissioner's office who confirmed that they should be using a secure page and have requested Three to secure the page -Result!

jjpep

Well done!! The shoddy practices of some of the largest companies never cease's to amaze....

edanto

Good hustle! And if you had visited one of their shops to do the SIM swap.... did they tell you anything about how secure your data might be then?

USER X

I asked if the staff in the shops would be using the same website to enter the details and they couldn't give an answer on that one :rolleyes:

Recondite49

USER X wrote: »

I needed to activate a new sim card recently to use my phone number which is with the three mobile network and the replacement sim says to go to three.ie/simactivation

The page requires personally identifying information (all the details required to access and make changes to an account) such as Name, address and date of birth. I contacted Three by phone to say that I was not comfortable with submitting these details through an unsecure page and their response was pretty much tough luck as they are not allowed to do a sim swap over the phone because they are not permitted to by Comreg. They gave me the alternative of visiting one of their shops to do the swap but I decided to port off the network instead as ive had numerous problems with the service they provide.

Their contact page also requires personal information over an unsecure page if you select the option that you are an existing billpay customer :rolleyes:


Given how little an SSL certificate costs, I was quite surprised to see such practice from a company as large as Three - It also doesn't inspire confidence for their recent acquisition of O2.

Given Three's lack of response and assistance on the matter, I reported it to the Data Protection Commissioner's office who confirmed that they should be using a secure page and have requested Three to secure the page -Result!

Hey,

I use Three for their "all you can eat" data in my modem to stay safe online - I've found if you go into the store you can pay cash for a PAYG chip and have it topped up straight away by 20 Euro.

They asked me to write my name and address down so I just put a fake name and that of a local hostel.

I'm still not satisfied as any fool reviewing CCTV and store records could see your face so I decided to buy a job lot of Three UK cards from eBay. I have an English friend buy a top up code using cash and text it to the new number once a month and thanks to their reciprocal arrangement you can still get unlimited data.

If I've one criticism it's their blasted content filter which blocks any site with mildly offensive humour or porn - nothing a VPN won't fix but still...

Khannie

Nice.

Ebay doesn't cover you fully of course. Using my old "if I were the NSA" thing, I'd be selling lots of sims on ebay that I would then deliberately track. Oh, and of course I'd be running the best VPN's. I'm such a scumbag!

Recondite49

Khannie wrote: »

Nice.

Ebay doesn't cover you fully of course. Using my old "if I were the NSA" thing, I'd be selling lots of sims on ebay that I would then deliberately track. Oh, and of course I'd be running the best VPN's. I'm such a scumbag!

Good man Khannie, for keeping us on our toes.

I see the sense in what you say, I just think using PAYG chips over 3G is more palatable than the other options which is either to steal someone else's Wifi, use public Wifi or of course use your home connection - I don't need to tell you why none of those options appeal if you want to stay anonymous.

All we can do is make it more difficult for an adversary like the NSA to monitor us and if as you say they truly are buying, logging and monitoring the data connection of every SIM chip sold on eBay then my connection is no more secure than if I used home broadband but the resources required to spy on people in this way would be staggering compared to telling all the ISP's to hand over a few hard drive's worth of data once a month.

As for VPN's - once again it comes down to resources. If you sign up via anonymously and pay with Bitcoins hopefully it wouldn't be giving too much away anyway.

Perhaps Tor or I2P are better than VPN's when it comes to anonymity though?