Be Aware and Beware

I am very skittish about posting this,but I think it's important for all of you to know. Those of you who were in chat lastnight know the story.

Please be aware that if you give neutral or negative ratings in the Garden Watchdog to certain unstable vendors, that they could end up calling your home and being rude. Some of you would not be bothered by this sort of contact, but those of you who are more privacy conscience may be freaked out that someone would go to such extreme lengths to find out who and where you are in response to a personal opinion.

I want to stress that this is through NO FAULT whatsoever of Dave's Garden, as Dave works very hard to protect our privacy. It just serves as another example of how vulnerable we may all be regardless of how anonymous we think we are, and how easy it is to get personal information on all of us with just a few clues.

Does this mean that I think we should be less than honest when conveying our experiences with vendors in the Watchdog? Not at all. Those who engage in shoddy business practices should be exposed for what they are. But I have always felt that forewarned was forearmed, and I wanted to make sure that some of you were aware of a potential situation.

Thank you for clueing us in on this IndaShade.

As we were stating last evening this is World Wide Web. And there are alot of weirdos in the world. I'm not namecalling..just stating facts. I for one don't trust too many people. Inda, you already know how I feel about this situation. My heart hurts for you and I'm still praying for you. I am quite confident that this company will be hearing from quite a few DGr's during the next few days. "T" :)

Sledder, you were a good friend last night, and I feel much better about things today. Thank you. :-)

I still felt as though everyone should be aware, so that they aren't taken by surprise like I was. One would like to think that a business owner would maintain a professional demeanor and not do something like that, but I guess that's not always the case.

Thanks for letting us know, now I will know just how to handle them if they decide to call me.

Geez - I missed the talk! I can't believe a business would do that! I did recieve a nice e-mail from a CO that I left a possitive comment on. They even sent a coupon for my next purchase.

Inda, I've emailed you; I'd like to get to the bottom of this ASAP. I've also made a couple suggestions to Dave that I think will prevent this from occurring in the future.

There shouldn't be any reason for anyone to be reluctant to leave feedback for a company on the Watchdog. As long as you're truthful in your comments, a company should be spending their efforts to make things right, not scaring people by tracking them down.

Here's an idea...use a false name (or no name at all) when posting in the Watchdog area. Never use your last name anywhere on DG...so even if a company that you've ordered from sees your name on here, they won't know WHICH Mary is saying thier company stinks!...lol I doubt they'll call every Mary that has ever ordered from them to find out which one it is. I know your username will always show up on DG, but how else do these people know it's you that ordered from them? Use a different email when ordering from any business on the web (like a Yahoo account). I don't know how they could find you otherwise. Can someone provide me with the details of exactly how a company KNEW who it was that said something about thier company? I'd be very interested in knowing that.

Now, as to the company calling and badmouthing someone because that person just gave a bad rating to the company based on service...what a dirtbag they mst be! They're too childish to be in business if you ask me...if they've got nothing better to do than to torment thier customers. That's something someone in the 4th grade would do. Maybe my wife (a teacher) should give THEM a call and take away thier recess. Big babies!...lol Let's all chip in so we can go to Wal-Mart and buy the offending business owner a binky...because they obvioiusly need one. Here's a picture of the rude business person that calls you... http://www.cse.ucsc.edu/~ejw/tatum/images/tatum-binky-out.jpg Get it?...lol...they need to grow up.

This message was edited Wednesday, Apr 3rd 11:52 AM

hczone6, that's what scary about this whole thing for me.

I had ordered twice from this person. He had NO WAY of knowing who I REALLY was based on my Dave's Garden identity of Indashade, and yet he knew that much about me when he called me lastnight. To my knowledge, I have never posted my last name on this website. The E-mail address that I use here is for my gardening sites ONLY. Only the people I have traded with, who are somewhat few in number, would have known my full name, address, etc, and I just can't imagine anyone giving that info out to someone they didn't know. Plus, you have to be a member here to send another member an e-mail, don't you? If he's not a member here, he certainly couldn't have e-mailed and asked someone from Dave's Garden who I was. Which means that Mr. Snotty Business Owner would have had to have made SOME EFFORT to find out who I was, which is a little on the scary side. Why would someone work that hard to find out who I was in order to confront me over a rating that was NEUTRAL for Heaven's sake, unless he was.....well....unstable? I said GOOD things about him too, just that I had received misidentified plants. I haven't given ANY company a negative rating as of this date!

Wow...that's very interesting. Sounds like to me he surely does have a problem and I bet he did take the time to figure out who you were, unless there was some other way that he could have ID'd you. You say the address you used to order with was the same as you use here?...or it was different? I would suggest using 1 email address for only ordering things. Granted you shoudln't have to do that...it's a shame. Rather than get everyone suspicious and paranoid about their security and privacy on here again, I'm thinking maybe he had a more simple approach to figuring out who you were...I don't know. Maybe he actually visits this site and possibly is a member?...doubtful, but possible. Maybe you gave away a tid bit of info somehow that ID'd you?...hard to say. I'd love to know how he did it though. I'm just curious like that.

I ordered a camera off the net from a company and I almost immediately started getting spam in my email. The privacy policy on that website said they don't sell or give away your email address when you order, but you tell me...how did I get the junk mail when I never had in the past? Not until I ordered from them. This is my work email I'm talking about...I thought it was safe to do with that company. I learned my lesson.

Okay, before everybody rushes out to create an alter-ego ID at Dave's Garden, let me point out something - your email address (be it yahoo, hotmail, AOL, Prodigy, whatever) cannot be seen by anyone here. When someone emails you via DG, they will never know your "real" email address unless you choose to reply to their email.

As a side note, that was one of the features that Dave had from the get-go (and was...ummmm, "emulated" (copied) by another gardening site when a lot of spamming started to occur because the webmaster hadn't bothered to create a setup to protect members' email addresses :)

This business owner has definitely crossed the line. We'll take care of it and ensure that people can confidently post their opinions in the Garden Watchdog.

I'm glad you brought this to our attention as many of us do not go into the chat' Personally,I think legally something can be done also' I would have a phone trace put on just in case it all escalates in the future' Very disturbing to hear that someone would go to such lengths. Thanks for the assurance GV and we all know you will certainly get to the bottom of this nonsense' Sis'

Wow! I can't believe a business would do that. I hope it's not one that I'm expecting plants or seeds from. His actions are definitely not professional. I'm so sorry this happened to you IndaShade.

Darn, I wish I wouldn't have missed chat last night. It's always right during our commute home from work and supper.

That is really strange because i asked
Daves members about a certain company the
other night,whether anyone had ordered
from them or not,not anything negative
just wanted to know if anyone had any
good or bad feed backs from this company.
last night,i got a e-mail from them saying
what a good reliable company they were,ect,
ect, ect. I only looked at their web_site
once and never ordered a catalog or anything
from them,so how did they know who i was?
And where to send me a e-mail? I have since
erased this e-mail from them and wish i
didn't now so i could forward it to Dave
and let him see for himself. It was not
anything bad so i just did not think to
keep it. I order lots of catalogs online
but i know not from them yet! This is a good
subject and glad you all posted. I did not
catch the chat last evening,wish i could
have.

bitty1, maybe it's still in your trash and you could forward it from there. I am a little suspicious of a company that is so sneaky, and that's the way I feel about these contacts. I want to know who they are, and I intend to boycott them.

I have had companies send me a canned email when I've accessed their "contact us" or "catalog request" email form (even if I didn't send them any message - usually I'm checking to see if they have an email address or URL for a catalog to add to the Garden Watchdog.)

I figure they've got something set up to detect my presence and so they send me a mildly irritating but harmless generic email (usually along the lines of "thanks for contacting us, we'll be in touch soon"...) I've never had one follow up a second time when I don't reply, so I guess I'm not that worried about them.

Aren't there a couple of members who own or work for mail-order plant/seed companies? I think I remember someone from Baker Creek Heirloom Seeds posting (?) or maybe it was another company? Just seems like I remember something like that. Could they be the same company Bitty mentioned? Regardless, they probably should have introduced themselves in the e-mail as a DG member if they were ~ atleast said how they came to get the info to send the e-mail.

IndaShade, maybe the person who gave you the hard time doesn't have a very extensive customer list and cross-referenced your zone &/or location posted here against it to find info about you they already have on their customer list? From your description of how they treated you, them having a small customer list sounds beleveable. I'm just very glad that Dave and Terry are doing something about it. No doubt they will come up with a solution.

Here's a question for ya...how hard would it be to snag someone's cookie off the net? If these people have a copy of your cookie that your brower stores, they can go to DG and instantly gain access as you, unless you've logged out completely. At least, that's my understanding...DG would use your cookie to identify you and if you hadn't logged off, DG website would naturally assume you are the valid user for the cookie in question. For example, if I copied my cookie and gave that copy (it's just a text file) to another person, that person could go to DG and act as if he/she were me if I hadn't logged out...am I correct, or is it more complicated than that?...is there specific info within the cookie to ID the machine itself...therefore making the cookie useless to another other computer?...that may very well be the case. Maybe I'll do a little experiment today. I'll copy my cookie at work and email it to my home. I'll totally log out of DG at home and then delete my cookie at home...then paste in my cookie from my laptop at work in the proper location on my PC at home and see if when I go to DG again, see if it recognizes me properly...if it does, that means it IS possible to use another persons cookie to gain access...or it would seem to me to be that way. This should be interesting. Keep in mind, I am in no way suggesting that DG has bad security...I'm sure it's very good, but I just want to try this experiment for myself...I'd like to see if it works.

Just saw this old article related to cookie interception across the net...very interesting: http://www.pcworld.com/news/article/0,aid,16708,00.asp

I think the best thing anyone using Windows operating systems can do is use Microsoft's free update site. It allows you (free of charge) to download the latest security patches and updates to your installed Microsoft operating system and certain other MS products on your PC. The link to do this is here: http://windowsupdate.microsoft.com/
Click on PRODUCT UPDATES to get the process started. Be warned, it may take awhile to download the updates if you use a modem (phone modem).

no hczone6, nobody can hijack your DG cookie unless you are running an insecure web browser.

Cookie snatching just isn't feasible or do-able.

Dave

Dave, are you sure? My kids snitch (snatch, whatever) cookies all the time, especially when they're chocolate chip! (Sorry, I just couldn't resist the low-tech pun :)

IndaShade, thank you for taking the time to make everyone aware of this. Considering the fact that links to DG are at several gardening sites/pages I would assume that anyone in the gardening business would be interested in what was reviewed about them - especially those concerned about good customer service and unfortunately the ones who don't.
Could it be that the timing of your order and mailing address in relation to your honest opinion directed them straightly to you?
Personally, I do not want to deal with any business that conducts themselves in such an unprofessional manner and if you feel like disclosing their name please email me. Carol

Ok, yep...the insecure browser thing is what I was hitting on. That's why i offered up the free update site for anyone who may have a PC from 1923 and hasn't bothered to update any security issues.
Also, I wasn't able to paste in the cookie I copied from work, and I don't know if that's a security feature of Windows that has always been in place or a recent fix...but you just can't seem to paste in ANYTHING in the temp internet files. So that doesn't work. But if someone were able to gain access to your cookie, I think that would provide all the info they need to log on. I think I'll shut up now...cuz I think Dave is getting aggrevated with me...lol...which wasn't my intent at all. I only like to try to help people understand that if someone is determined enough and you haven't (the user at home) taken the necessary measures to protect yourself (get all security updates), you may be vunerable. Enough said. This is not at all anything Dave needs to deal with...it's a user issue. Everyone is responsible for updating thier own computer. It's kinda like this: Let's say you buy a new car. The manufacturer has equiped the car with locks on the door. You do not lock the doors when you go to the store and your car gets stolen. Whose fault is it if the car gets stolen?...not the maunfacturer. The dirver should have used the securitty features provided with the vehicle.

That's right hczone, if someone can gain physical access to your computer, they can copy your cookies file and have your passwords to every site you are logged in on.

However, they will need physical access to the computer, or they will need to crack into it. I guess these days that's a simple matter for those Windows boxes. :(

Just another reminder, I suppose, to keep in mind this at all times and beware what you do on the internet...

dave

The world is a scary place, and to think these things happen is even more scary. But if someone wanted to find out things about you they can and it is easy as they say.

Our lives are not a private as you may think, which is disturbibng in it's self.

If this company is that stupid then they will pay the price via word of mouth, which is the best thing you can do.

There will always be someone out there that to say something bad about everything in life, so why one comet to this company got their goat is beyond me.

Just let it roll off your back and forget it, and if they call again you can report them for harrassment.

BBB just love to hear of bad companies to make examples of.

I think Zone Alarm helps out a lot. I've used GRC.COM's testing utilities to see how secure I am, and it always turns out to be very secure. I don't know how anyone could get past my "firewall" and do anything...and again, I always keep up to date with my Windows updates.

If you want a persons phone number all you have to know is their name and the town they live in --- then go to Google (or another search engine), ask for the white pages, put in your info, and there it is. So --- if you order on line and have goods delivered to your home it's very easy for them to get your phone number. Sorry this has happened to you, I've never heard of a company doing this, kind of scarry for sure.

Inda, I think we have taken care of the problem. If you have any more contact from this person, please let Dave or me know ASAP.

dguimo, I think the problem here is that Inda posted a comment using her DG name only (which gives no clue to her real name), and this company somehow managed to determine who she was, and contact her about her rating and comments.

Dave and I have discussed some measures that should strongly discourage any company from ever attempting this in the future.

I would agree that if you know someone's address or name, it's very easy to find their phone number (unless it's unlisted, then it's a little harder.) And if you know someone's phone number, but not their name or address, you can find that out, too via a reverse switch.

I would also stress that there are legitimate uses for this information (for example, I think I wore huge, deep ruts in Switchboard.com's reverse directory when I was verifying addresses and phone numbers for the Garden Watchdog - frequently, I found phone numbers and/or addresses had changed or were transposed when submitted to directories; I want to make sure we provide accurate, up-to-date info for each company we list.)

It's easy to see how this information could be abused, as well. But the fact is, it's always been available (reverse directories have been around a loooong time), but it is certainly easier to get with the internet. A mixed blessing, perhaps.

One thing they say... a happy customer tells 3 friends how happy they are. An unhappy customer tells 30 friends how UN-happy they are. A small business can really be hurt by a few negative comments. The watchdog is a good thing to keep businesses in line and I hope that everyone feels the can be honest with their comments.

I'd love to know the name of the company in question, if anyone would share it with me. I order a lot of things by mail, and I definately DON'T want to do business with anyone like this!

Ditto to what MsBatt said. A private e-mail would be appreciated.

Me too. I don't want to support them in any way at all.

ME TOO! Please e-mail me

I didn't want to do business with anyone like that, either. That kind of person having my address? *SHUDDER!* So I just re-read IndaShade's comments closely, clicked on her name, went to see all her entries in the Watchdog, put two and two together and figured it out. :-)

You only have to click on my name and go to my Member page, then scroll down to see the feedback that I have left.

I left a total of two neutrals. The one in question is the one where I cite misidentified plants in a shipment.

Gee, I read your 2 neutral entries several times. I can not see anything for someone to get angry over. You were very gentle in my opinion. Only a crazy prson would get upset over either of those comments. What do they want, for you to lie? Oh well, this too shall pass.

Ditto, Ozarksue. And thanks to Dave and Terry, it won't happen again, I'll bet.