
A privacy flaw in Comcast's automated telephone system - chrisacky
https://www.reddit.com/r/technology/comments/8bnl9v/comcast_will_give_out_your_home_address_to_anyone/
======
htgb
If I read this correctly, you have to spoof the telephone number in order to
get the address, and you only get it read out loud so automation isn't
trivial.

To me, it doesn't feel like a big deal, but that might be because in Sweden,
_everyone 's_ [1] addresses are freely available and searchable online, given
for example name or telephone number. See [2] and [3] for example.

So are telephone numbers and addresses considered very private in the US? Some
comments in the Reddit thread suggest security bounties etc.

[1] Unless you have a protected identity.

[2] [https://www.eniro.se/](https://www.eniro.se/)

[3] [https://www.hitta.se/](https://www.hitta.se/)

~~~
diggan
I'm swedish as well, and explaining this to my wife from Peru was a fun
experience. The rest of the world is not as open with neither address
information or salary information as Sweden is. If this is good or bad, I'm
not sure but it saved me in a number of situations to be able to search for
someone's number via a public website.

Keep in mind that the social number in USA is apparently also supposed to be
secret (like a password) which sounds absolutely crazy to me.

~~~
htgb
Yeah, I suppose that's right. And as you say, it's very practical.

> _Keep in mind that the social number in USA is apparently also supposed to
> be secret (like a password) which sounds absolutely crazy to me._

That's very true, reminds me of this video [1] by CGP Grey, giving some
background of the issue.

[1]
[https://www.youtube.com/watch?v=Erp8IAUouus](https://www.youtube.com/watch?v=Erp8IAUouus)

------
cptskippy
I recall once when a storm knocked down the cable lines in my neighbor's yard.
He called Comcast to report the downed line however he wasn't a customer but
some how got an appointment to come out on my account. I received a call
confirming the appointment time the day it was set to happen.

Aother interesting quirk of their system is that if you ever contact them
about your account, whatever phone number you use to contact them is
automatically added to their CRM system and associated with your account. That
phone number is not shown on your account though if you login to check.

I know this because I received a marketing call at my Office Desk Phone
regarding my home account. The agent asked for me by name and then said
something like "hi, I was calling to discuss your account that services <my
address>". I logged into my Account on their website and verified that my
office phone number was not associated with my account. Then I interrupted
their script to ask how they got the number and they said that it was
associated with my account.

------
coinerone
Remember the Time when you just look for an Adress in a Telephonebook?

~~~
p49k
You could always opt out of the white pages. Not the case here.

~~~
gm-conspiracy
To be a dick, you don't have to be a Comcast customer, either.

~~~
p49k
They have a monopoly in many areas of the US.

~~~
cptskippy
There's always DSL. /s

------
ryanlol
Pfft, boring stuff.

Comcast will let anyone get your home address, name, last 4 digits of SSN with
just your IP address!

~~~
goldenkey
There was a thread here recently about how it costs 10 bucks to rent out a
cellular tower in Malaysia and co-opt a cell phone number as roaming, in order
to defeat SMS security 2FA. Experts on HN were saying that the trunk level
protocols for cell phone numbers are pretty much worthless when it comes to
security. Their conclusion was that: security in this world is so poor that
you might as well live with the assumption that there is no real security for
public services.

~~~
fyfy18
Do you have happen to have a link?

~~~
exikyut
[https://hn.algolia.com/?query=tower%20malaysia&sort=byPopula...](https://hn.algolia.com/?query=tower%20malaysia&sort=byPopularity&prefix&page=0&dateRange=all&type=comment)

------
exabrial
Really could be entitled: "^A(?nother)? ?(?/w.+ )?flaw in Comcast.*$"

