Talk:1279: Reverse Identity Theft

Explain xkcd: It's 'cause you're dumb.
Jump to: navigation, search

My first attempt at an explanation. I have actually received emails designed for someone else because we had the same name and the sender missed a crucial difference between my email address and the intended recipient. Grahame (talk) 05:39, 18 October 2013 (UTC)Grahame

This must be the one of the few times where we have such an well written and complete explanation this early in the day -- well done Spongebog (talk)
Thank you, but all of what I said has been removed, and the new explanation does make more sense! Or at least the bits of it that are relevant.  ;-) Grahame (talk) 00:51, 22 October 2013 (UTC)Grahame

AFAIK if you have adress [email protected], then gmail delivers all mails in shape [email protected] to your box. So the trick is to make address like [email protected], then heavily use [email protected] to the point, that other people catch up an for example Joe Smith instead correct [email protected] will write [email protected] - which would end in your mailbox then. (talk) (please sign your comments with ~~~~)

Good explanation, except gmail only allowes usernames between 6 and 30 characters (and doesn't allow + in username). I would assume that this was true even before this strip and it's not so hard to verify, so Randal probably speaks about addresses like [email protected] being mistakenly used by other Joe Smiths. -- Hkmaly (talk) 08:55, 18 October 2013 (UTC)

I don't get this. When you're creating an account, every e-mail service provider checks to see if the username is available, and only lets you create an account if your username's unique. This kind of issue can happen if you then go around and enter a wrong e-mail ID whenever you sign up for something, or if the company automatically assumes an e-mail ID without asking you (I don't think the latter happens). It shouldn't matter if a provider (GMail for instance) ignores everything after a certain character (+) while determining recepient, or even if it ignores an entire character (.) - all this should've been taken care of when you signed up in the first place. 08:50, 18 October 2013 (UTC)

Exactly, it's about entering wrong e-mail ID. -- Hkmaly (talk) 08:55, 18 October 2013 (UTC)

I'm pretty sure the "+" in the comic refers to a simple concatenation of first initial and last name (e.g., [email protected]), not a literal + character (as in [email protected]). 09:04, 18 October 2013 (UTC)

No, because then it should be [First initial][Last name] instead of [First initial]+[Last name] (talk) 10:20, 18 October 2013 (UTC)
Taking the plus sign as a literal character does not make very much sense. GMail would ignore [Last name] behind it and deliver the message to [First initial], which is no valid address at all due to the limit of 6 characters. Also, it is fairly uncommon to use a plus sign in an email address, and the joke of the comic relies on the pattern being generic. LotharW (talk) 11:28, 18 October 2013 (UTC)

The point of the comic is that old people forget their email address and regularly give other people the wrong email address. So when they register for something, like online notifications of a phone bill, Joe Smith puts down [email protected] even though his email address is a different variation on that.

Some of them might not even have an email address. They might easily believe that email addresses are assigned automatically, somewhat like street addresses or telephone numbers. Which is not so very far-fetched, since in the early days of the Internet your provider gave you an email address when you signed up for an Internet connection. Many might also think that an email address is reserved for the person with the corresponding name, instead of their having to claim it. LotharW (talk) 12:17, 18 October 2013 (UTC)
I can definitely tell you as the owner of a common-pattern email address: it's not just old people. I've had bank statements, insults, and declarations of love, thrown at me that were definitely intended for someone half my age. 18:37, 21 October 2013 (UTC)

[First Initial]+[Last Name] is the same as [ FIailnrst]+[ LNaemst]. Then he is clearly referring to names such as IrinaN or FanniL. Xhfz (talk) 13:24, 18 October 2013 (UTC) This is a joke, and the plus sign means concatenation.

I don't get it. How is [First Initial]+[Last Name] the same as [ FIailnrst]+[ LNaemst]? That isn't concatenation, it is scrambling. ~~~~ -- Stilbene (talk) (please sign your comments with ~~~~)
Regular Expressions character classes (talk) (please sign your comments with ~~~~)

The plus sign is clearly an indication of concatenation and not meant as a literal character. 14:29, 18 October 2013 (UTC)

This sentence is false, and I deleted it:

The problem is intensified by the fact that providers like Google Mail, which has become synonymous with email services, regard certain alterations as variations of the same address. For example, Google Mail ignores the dot character and does not allow hyphens and underscores, although they are valid characters for email addresses. Ironically, these restrictions are supposed to prevent fraud, but instead lead to problems like the one described in the comic.

If the addresses [email protected], [email protected], [email protected] and [email protected] belonged to different persons the problem exposed in the comic would be increased, not decreased. Xhfz (talk) 15:04, 18 October 2013 (UTC)

You should consider the context: The sentence you deleted appeared after
Most internet users face at some point the message that their desired email address is "already taken". [...]
And that problem is made worse by not allowing any variation in the address. LotharW (talk) 16:56, 18 October 2013 (UTC)
Small variations in the address lead to reverse identity theft. If the address [email protected] belonged to John Smith and [email protected] belonged to Jane Smith, the probability that John gets emails directed to Jane and viceversa increases. Xhfz (talk) 21:14, 22 October 2013 (UTC)

The second scenario presented in the explanation has nothing to do with reverse identity theft. The idea is that the victim is exposing their own identity by assuming someone else's address. A third party sending emails to the wrong recipient (thus exposing the victim) is very unfortunate, but there is nothing reverse about it. LotharW (talk) 17:06, 18 October 2013 (UTC)

I think the "reverse" nature is that instead of the THEIF going out and hacking the VICTIM'S email to learn their identity and steal information, the VICTIM is the one delivering the information to the THEIF'S email account. 14:08, 21 October 2013 (UTC)

It's worth noting that the name "Randall" peaked in popularity in the 1950s, so most people with that name are older than Randall Munroe. This isn't just an "old person" thing. My name peaked in popularity in the 80s and 90s, so I get a lot of people in their 20s and 30s signing up for stuff with my e-mail address. (talk) (please sign your comments with ~~~~)

I can't imagine how morbidly funny it would be if someone named Edward Coli did this. ~Cye from #team cyeborg