Tag Archives: Utah

The Lego Scam

A man after my own heart: AP reports that a man has been arrested accused of stealing a truck full of Lego:

A 40-year-old man is behind bars, accused of stealing hundreds of thousands of dollars of a toy geared toward the 6-and-up crowd: Legos. To haul away the evidence, agents working for the U.S. Postal Inspector said they had to back a 20-foot truck to William Swanberg’s house in Reno, Nev., carting away mountains of the multicolored bricks.

Swanberg was indicted Wednesday by a grand jury in Hillsboro, a Portland suburb, which charged him with stealing Legos from Target stores in Oregon. Target estimates Swanberg stole and resold on the Internet up to $200,000 of the brick sets pilfered from their stores in Oregon as well as Utah, Arizona, Nevada and California.

When no one was looking, Swanberg switched the bar codes on Lego boxes, replacing an expensive one with a cheaper label, said Detective Troy Dolyniuk, a member of the Washington County fraud and identity theft enforcement team.

Target officials contacted police after noticing the same pattern at their stores in the five western states. A Target security guard stopped Swanberg at a Portland-area store on Nov. 17, after he bought 10 boxes of the Star Wars Millennium Falcon set. In his parked car, detectives found 56 of the Star Wars set, valued at $99 each, as well as 27 other Lego sets. In a laptop found inside Swanberg’s car, investigators also found the addresses of numerous Target stores in the Portland area, their locations carefully plotted on a mapping software.

Records of the Lego collector’s Web site, Bricklink.Com, show that Swanberg has sold nearly $600,000 worth of Legos since 2002, said Dolyniuk.

Interestingly, folk seemed to have been quite happy to deal with Swanberg on Bricklink.com. He’s been registered on the site since 2002, earning praise from more than 6,000 users, and getting complaints from only 11. He was still shipping up until the last minute: Eight folk posted praise about dealing with him on the day or after he’d been indicted. Only one person seemed to harbour doubts: That person wrote on November 19, four days before Swanberg was indicted: “Wish I knew where these came from…”

Actually, this kind of scam is well documented, and may be a copycat theft. Eagle-eyed readers may recall a piece I wrote a few months back about Douglas Havard, a phisher who was jailed in June for conspiracy to defraud and launder money. According to an earlier piece in the Dallas Observer Havard used to steal expensive Lego sets by switching price tags on Lego boxes. The only difference was that Havard was printing his own price stickers.

What is it with Lego that turns people into criminals?

WhenU’s Popup Victory

WhenU, now known as Claria, has won what it calls an “important decision for the entire Internet industry” in its motion to enjoin the Utah Spyware Control Act, passed in March. WhenU had argued the Act “affects legitimate Internet advertising companies and therefore violates the First Amendment and dormant Commerce Clause of the United States Constitution, among other laws”. (Here’s a CNET story on the verdict.)

If I understand the ruling correctly (and this is based largely on Ben Edelman’s assistance), the judge has ruled that, in this particular law, Utah was unconstitutional in trying to limit popups, while it was within the constitution in trying to outlaw spyware — or more specifically, software that is installed without a licence and lack a proper uninstall procedure. As the judge did no want to break the act in half he ruled in favour of a preliminary injunction for WhenU. Ben, who works as a consultant for the Utah government, reckons WhenU could lose on appeal, since under Utah law, the judge “is obliged to regard the act as ‘severable'” — in other words, that he can keep parts and discard parts.

Avi Naider, WhenU’s Chief Executive Officer, meanwhile, is celebrating his victory. “Spyware is a problem and we want to put an end to it,” he says in a press release. “WhenU supports appropriate anti-spyware legislation at the federal level, but unfortunately Utah’s Act also impairs legitimate Internet advertising.”

Thanks For Reading My Email for 13 Minutes In Wisconsin

Just when I started agonizing about the privacy aspects of MessageTag, a company has come along with a service that makes the mail-receipt monitoring service look like chicken-feed.

MessageTag allows users to see whether and when their emails have been read by recipients. It does this by inserting what privacy advocates called a web-bug into the email — a unique link, basically, that checks back to the MessageTag servers and matches it with the original email. The sender will then be notified as to when the email was opened.

I have to confess I find it an excellent service, and I use it, along with a message at the bottom of each email informing the recipient I’m doing it and offering not to if it offends them. Few ask me to remove them, an indication they either don’t object or they don’t read all the way through my emails. But despite finding it a huge timesaver — knowing whether an email’s landed safely, and whether to expect a reply any time soon makes life a lot easier — I still worry it’s too intrusive. Is it fair to make the process one the recipient must not first approve? MessageTag, to their credit, have acknowledged these concerns and have built in some safeguards, including limiting the service to individual emails. But is it enough?

As I was juggling all this, word comes by of a new service that can tell you not only if and when your email has been opened, but approximately where the reader is located and how long they read the email for. If they open it again, or forward the message, you’ll also be informed (it’s not clear whether the original sender is informed as to who the email is forwarded to). What’s more, DidTheyReadIt is invisible, meaning, in their own words, “every e-mail that you send is invisibly tracked so that the recipients will never know you’re using didtheyreadit”.

Privacy aside, for the moment, you can imagine the social fallout from this. “Jean only read my email for two minutes, and she read it in Utah when she said she was in Seattle. The cheatin’, lyin’ skunk!” Or “Brian has read my email 14 times and he still hasn’t replied! Is he trying to break up with me?” Or “That love note I sent Sandra in personnel has been forwarded to 64 people! I’m the laughing stock of the office!” (OK, there are probably easier ways to find out if you’re the laughing stock of the office. But you get the idea.)

The company behind the service is a Florida-based company called Rampell Software, whose other products include keyboard loggers such as Spector, ”the most advanced computer monitoring application” for Macs (“Spector locally (and secretly) records everything you do on your computer”). Then there’s ViewRemote (“record everything that happens on your computer and watch it from any other computer in the world!”). Clearly Rampell has some experience in the field of stealth software. I can see warning flags being raised all over the place already, and the company’s privacy policy, as it stands, is not comprehensive or specific enough to be reassuring. Perhaps it will be before the official launch.

DidTheyReadIt works slightly differently to MessageTag. Once you’ve signed up and installed the software, you add an extra didtheyreadit.com to any email you send out that you want to track. So joe@sixpack.com becomes joe@sixpack.com.didtheyreadit.com. There’s not enough information on the website to say more than that. Indeed, there’s a lot that’s not on the website, and which I think we need to know before assessing DidTheyReadIt. Such as:

  • How can the user alert recipients to the fact he’s using the service and what it entails?
  • How will the email addresses harvested by Rampell be used?
  • Why is the service invisible by default?
  • How will Rampell prevent this service being used by spammers and other mass-mail marketers?

The service will be officially launched later this month. The basic version of DidTheyReadIt is free, but is limited to 5 messages. Subscriptions cost $10 a month, $40 a half-year or $50 for the whole year.

I’d be interested in hearing from folk (lwire at jeremywagstaff.com) about whether they think there’s a line here that could allow services like MessageTag to thrive without sacrificing privacy — such as allowing users to choose whether they acknowledge receiving an email, without requiring much effort on their part, perhaps– or whether DidTheyReadIt just throws into sharp relief that this sort of thing is unacceptable to most folk and should be stopped. I’ll also forward this to Rampell to see if they have any comments.

Utah, WhenU And Pop-Up Poaching

The spyware war continues.

Ben Edelman, an expert on spyware, reports that “WhenU, a major provider of programs that show pop-up ads according to users’ web browsing activities, yesterday filed suit seeking that Utah’s Spyware Control Act be declared void and invalid.” WhenU effectively poaches browser real-estate by plopping its ads above those of others without the permission of the website.

Ben says: “I’ve followed the act and believe it would provide substantial assistance to consumers facing an increasing barrage of pop-up ads.”

It’s an interesting issue: If Utah’s new act kicks in, will it just be folk like WhenU who will be affected? On Monday, April 19, the FTC will hold a workshop on spyware, Ben says. Here’s the agenda (PDF) and written comments, along with Ben’s own (PDF).