Oz DNA tester’s privacy shocker

Wow

[site:webstore.medvet.com.au details for order]

That's, umm, special.

No need for a name field in the DB

We're all called Bruce ;-)

Not surprised

I.T. culture in Oz is "to get it working". Security concerns are an after-thought. And then it's either too hard or they're already over-budget.

With all-too-few exceptions. business and government are wilfully ignorant until the damage has been done. They ignore security warnings and dismiss recommendation with "nobody else is doing it".

Two things in that article stood out to me

The first thing was: "Medvet’s managing director is reportedly seeking information from the company’s software supplier, rather than staging a public hanging of whoever set up robots.txt on its Website."

The person who set up the robots.txt file is in no way responsible. If your idea of security is relying on search engines to obey robots.txt I sure as hell don't want you working for me. Web design security 101 says that all sensitive information is to be held on a database and inserted into a web page only after suitable authentication of access privileges. Robots.txt is a guide for search engines, not an access blocker.

The second thing that jumped out at me was: "That's my address, but I didn't order a paternity test / drug test - who did and why?"

Can you spell "lawsuit?" Paternity testing is a particularly dangerous thing to associate with random addresses! You see, there's this problem: the vast majority of women will undergo thermonuclear fusion the moment their chosen man even dares to question the paternity of her unborn child. That the woman has biological assurance that the baby's hers while denying to the man any such assurance beyond her word is one of the great double standards of the feminist era.

On a biological level, a woman who falsely claims another man's baby as her husband's does the same thing, from a genetic point of view, as a man who rapes her. That is, by choosing her partner, a woman exercises her right to mate choice - whose genes to pass on to her offspring. A man who rapes her takes away that choice. By choosing his partner, a man exercises his right to mate choice - whose genes to pass on to his offspring. A woman who gets pregnant to another man and lies to her SO takes away that choice. So rape and paternity-deception are effectively the SAME THING. However, the punishment meted out is not the same - hence the double standard.

So now, to get around this discrepancy, companies like Medvet provide a "discreet paternity service". Such a test is often called a "peace-of-mind" test because it's not admissible in court (although it does give grounds for a court-approved test later on). The idea is that a man orders the test, uses the supplied swabs to take saliva samples from himself and the baby, sends them in, and gets a confidential reply saying yea or nay. Secrecy is of the utmost importance lest the woman get wind of the test and explode. There's no way any sane man would dare to question paternity openly to his wife/girlfriend, because the result is all too predictable. He just has to "trust her". Yeah, right.

So if this Medvet has leaked addresses (and wrong ones at that) there is a very real risk that a woman living at such an address might think that her husband has ordered a confidential paternity test (even if he hasn't; the site just mentions the address) and it could destroy their relationship. And I can see some pretty serious lawsuits arising out of that one.

Incidentally, a nice piece of poetic justice concerning a woman who tried to pass off another man's baby as her boyfriend's can be found at: http://www.craigslist.org/about/best/sea/274495936.html

Pardon?

"...staging a public hanging of whoever set up robots.txt on its Website..."

Anyone who thinks robots.txt is a security feature that would have protected against this kind of leak needs their head examined. The real problem here is a wide-open database.