[clug] .com vs .org

[Scott Ferguson]

On 05/02/13 14:14, Robert Edwards wrote:
> On 05/02/13 13:17, Stephen Rothwell wrote:
>> Hi Bob,
>>
>> On Tue, 05 Feb 2013 13:12:37 +1100 Robert Edwards <bob at cs.anu.edu.au>
>> wrote:
>>>
>>> Can any of the fine minds on this list suggest what she may have been
>>> referring to by this remark, that dot coms are to be trusted more than
>>> dot orgs?
>>
>> Personally, I would not trust a web site just because it was a .com or
>> a .org - anyone can register either name with no proof of anything.  The
>> trust belongs to the particular site.
>>
> 
> I would totally agree with that.
> 
> Does anyone know of any high-, medium-, or even low-, profile case of a
> .org having disclosed trusted user information, either deliberately or
> by compromise? There are plenty of such cases in the .com TLD...

Oh you mean Telstra and Vodafone?

And .gov, and .net


Tricky question - because you're generally referring to Federal and
State Privacy law*1:-
;where the type of TLD involved in a prosecuted breach is rarely
published. They don't even publish all the breaches

;it could be unethical and/or legally dangerous to comment on
un-prosecuted breaches *cough*Gold Coast councils*cough*Brimbank*cough*

;the law covers both intentional breaches and those that simply result
from stupidity - I'm guessing intent is of greater interest, in which
case it's far easier to register a .com, or .com.au (many .com.au whois
records don't report an ABN)

;commercial enterprise being restricted to .com.* TLDs is not strictly
enforced (likewise .net.*, and *.org) Then you've got all the other TLDs
of which only .gov and .mil are, NTBOMN, strictly controlled.



*1 if an organisation has a gross of less than $3m they are often *not*
covered by the Privacy Act 1988 (INAL). In both state and federal law
*some* non-profits are exempt from (some) Privacy laws.


<snipped>

> it was said with a certain amount of authority
> and a hint of a reference to something that I feel I should know about.

<cynic>
Murdoch press/day time television/MSN/SANS [insert other irrelevant,
self appointed "authority"]??

And "everybody" knows you should only trust the big brands. Non-profit
and opensauce is dodgy (or they'd have a real business). Bricks and
mortar is reliable too - just ask Harvey</cynic>

> 
> Cheers,
> 
> Bob Edwards.
> 
> 

In positive news - Google penalises a site's SERP for not having a
Privacy policy - which possibly has more effect than State and Federal
agencies. At least having a Privacy Policy is a start off sorts. Pity it
does nothing to actually 'secure' that information.

And though no one asked - the answer to these problems and more is for
Insurance companies to make data breaches hurt - which IMO is best
affected at a shareholder level. Government regulation is pointless.

And the bad news, the worst Privacy offenders are multi-million dollar
businesses driven by shareholder demand (including Banks):-
*cough*Data Warehouse*cough*Fffacebook Pharmaceutical Rewards scheme
partners*cough*Media data entry company is also major Melbourne direct
marketing company*cough*(retch, sigh)