

If you lost your wallet at Outside Lands, your information is now public - plusbryan
http://plusbryan.com/outside-lands-lost-and-found-privacy-issue

======
jnfr
"Your information is now public" ... as in, your full name and the fact that
you went to Outside Lands and lost something? I don't see what the big deal
here is. Coachella had a very similar practice when it came to trying to
reunite owners w/ their IDs and credit cards. They are not posting credit card
numbers, they are not posting cities... there is nothing identifying at all
that would pose any danger to these people in real life that cannot be found
on a public LinkedIn or Facebook profile.

~~~
jnfr
I also want to add that your blog post exposes more information than
OutsideLOAF does, Bryan Kennedy, Co-Founder of San Francisco-based Sincerely.

~~~
plusbryan
Yes, my personal blog does expose quite a lot about me. In a way that's the
intention of one's blog. However, I don't think copying my personal
information here is appropriate.

~~~
anigbrowl
Why not? I't s already copied in numerous commercial databases by now. You did
publish it, after all.

------
Navarr
It's interesting that they keep these considering it's a "well known fact"
that you can drop a Driver's License in the mail and it will be returned to
the owner at the address labeled (at no expense to the person putting it in
the mail).

[1] [http://lifehacker.com/return-a-lost-drivers-license-by-
dropp...](http://lifehacker.com/return-a-lost-drivers-license-by-dropping-it-
in-any-ma-510418965)

------
plusbryan
Update: Outside Lands has taken the site down and will be fixing the issues.
Apparently the information was added to the public site unintentionally.

~~~
jnfr
It was added to the site to help quickly reunite owners with their lost
belongings, but now things have to change because one guy thinks exposing
someone's full name is a privacy concern.

~~~
plusbryan
Actually, they are addressing the issues and am told will be re-posting the
site shortly. By the way, I (as the author of the original post) am a huge
proponent of hackathons and think your Lost and Found site is a brilliant
hack. I just think the use of it could have been thought through a little
more.

My apologies if my bringing it to the attention of the festival organizers
caused you any grief - this was certainly not my intention (I had not known
this was even a hack!)

------
reustle
It would be a cool weekend project to scrape this data and do a search for
these people's public profiles that have also mentioned the word "lost" or
"OutsideLands" and send them a message

~~~
scraper90210
Scraping for good, how novel.

------
diminoten
> For instance, using name matching alone, you can clearly identify the full
> name of a student at University of Central Oklahoma, what state she’s from,
> where she went to undergrad, and where she shops for gas.

...and do what, exactly?

~~~
superuser2
My parents never used to let me use my real name on the internet, even for
productive content that I'd choose to take credit for.

The fact that I exist doesn't expose me to pedophiles. Any idiot can buy a
copy of the middle school phone directory and see my name, address, and phone
number. A pedophile looking for children to molest would get more for his
effort in a parked car a block away from school at 3:00 than in my WHOIS
records.

I don't use my name on HN because I sometimes play devil's advocate in ways
that could be used against me if taken out of context. That's a deliberate
choice and specific to this forum. But why does biographical information (in
isolation) deserve protection? Can't I go to the University of Central
Oklahoma registrar's office and get the full names of thousands and thousands
of people who went there, as well as what states they're from?

It's slightly weird for the fact that someone attended Outside Lands to be
revealed, and I agree it'd be better to avoid disclosing that, but what
exactly is so wrong about that?

~~~
cbhl
> _Can 't I go to the University of Central Oklahoma registrar's office and
> get the full names of thousands and thousands of people who went there, as
> well as what states they're from?_

I don't know about the University of Central Oklahoma, but this would be
explicitly prohibited at the University of Waterloo.

There's a specific policy that covers access to student information:
[https://uwaterloo.ca/secretariat/policies-procedures-
guideli...](https://uwaterloo.ca/secretariat/policies-procedures-
guidelines/policy-19)

Granted, you could figure these things out by scraping students' public
Facebook profiles, but I think that says more about Facebook than it does
about whether {full name, alta mater} is PII.

~~~
superuser2
In the US, FERPA covers private information like grades and schedules, but
biographical information and the fact that you attended is public record
unless you submit a specific form.

~~~
rz2k
FERPA may serve as a baseline for federally mandated privacy rights of
students, but many schools have additionally protections that are remarkably
strict.

------
herbig
svbtle blog posts:

"Here's a random thought I had the other day but didn't really think through
too thoroughly"

[Discuss on Hacker News]

------
donretag
"For instance, using name matching alone, you can clearly identify the full
name of a student at University of Central Oklahoma, what state she’s from,
where she went to undergrad, and where she shops for gas."

You mean without using Facebook and/or LinkedIn?

------
jmharvey
It was nice of you to pixellate the image, but you might want to remove the
link, too. "Here's a web site with a bunch of people's private information on
it" isn't the kind of thing you generally want to post to a high-traffic web
site.

~~~
plusbryan
Outside Lands actually tweeted out the link earlier, so it certainly wasn't a
private site.

~~~
jsloat
But the point is, if you were worried about the information going public, why
not exercise some of that "great responsibility" and not push further traffic
to it until the problem is fixed?

------
felixr
I wonder why they included the owner names for the drivers licenses, but not
for the passports.

------
JoeAltmaier
Its a small enough data set to know exactly how much damage was caused by this
disclosure. How many wallets were returned to scammers? Anybody? Zero? I'm
thinking zero.

In that case this was a non-issue.

