Registration:User
From Hackepedia
Jump to navigationJump to search
Being asked to Register
So you've been asked to enter your personal information somewhere. There are very few places you would really need to register your personal information, even as simple as your name, yet so many require it. Many attempts to bypass these unnecessary processes are made. We will assume in this example that the registration is on a web page, and it's asking for your personal information (Name, Address, etc).
- If you look at the URL in your browser, on the registration site, does it start with http://? If so, you should contact them and send them to Registration:Host and definitely do NOT register until they change their process. Personal information should only be entered on URLs that start with https:// no exception.
- Do not be afraid to ask questions before filling out a form. How will your personal information be securely stored on their servers? What access control do they have around your personal information? Can anyone access your personal information, with no audit trail? This is the case in +90% of the environments this author has worked in.
- Read through their privacy policy and see if it appears suitable to you. Very few people do this, but it's amazing what you can find. Often companies will have phrases like "We may give your personal information to third party affiliates" which means they can sell your personal information to make a profit.
External Reading
Canadian Privacy Act If you're a Canadian citizen, it is required that any business that asks you for your personal information publish a privacy policy that outlines what you they do with the personal information of your Canadian users.