I get enough spam email and telemarketers to have to clear the carp out my phone daily. Just a part of living in the digital world . Maybe facial recognition with a brain scan can prevent these kind of shenanigans. Yeah right . I do not trust that any verification software will not provide the deep state from knowing what you are doing at all. Many hams are in this arena and many Bob hams would be jealous enough to degrade the hobby by using fake callsigns for unlicensed operation then we already know we have a problem. When anyone can buy a ham radio without a callsign this hobby has become compromised . Facts are stranger than fiction. Great try Fred but I'm for iris scans . Bob
I have been using swapnets and ebay for years and I have never had an issue . But then I only use CC s or Paypal . The only time I have ever had an issue was when I went into a store. Fortunately Bof A caught it and informed me and sent a new CC to me. Most places dont want to handle cash these days ,its to inconvenient , you have to keep change and that means you can be robbed at gun point. With electronic transactions , theres not much for a would be robber to take . With cash at a store you may actually pay more , because its a security risk. It also requires that they hire someone smart enough to make change.
I think it’s a wonderful program Fred and I wouldn’t purchase anything unless the gentleman or Lady was verified. Thank you for adding such wonderful features for our safety and I am very proud to be a ham radio operator. de KD2SCE Cono
7 months ago my bank started to require all computer logins to their site to require 2FA. I quickly shut down my online banking account and now do everything at the local branch. IMO this is more about control than security. Hopefully I'll die of old age before the local pizza join requires a DNA sample to order a pie. What about users in far off places, with no cell phone or live "off the grid", in EU or Asia that can't receive text messages? Again just my opinion.
Amen K1YYI - This is getting out of hand. Everyone wants to be down your throat and up your a**. And some of these folks are among the first to complain of invasion of privacy. This hobby is starting to become “unfun” - sad. KC8GL out. 73 to all.
Sheesh. What happens when any company gets hacked? Are there any hackproof companies? Your fear mongering about something that happened more than 5 years ago is completely irrelevant. Don't be part of the problem. You're spreading FUD (Fear, Uncertainty, and Doubt) that only confuses our non-technical users. You're spreading confusion about a complex topic that undermines our program. I'm willing to hear constructive criticism on this project, but I will not tolerate scare tactics as a counterpoint.
Can we have a filter in the forums to only see posts by Verified users. At least then if someone has some constructive commentary, we know they went through the process and know of what they speak.
You and I don't like each other do we? Not trying to spread FUD. Just being a realist and looking at the other side of the fence and I don't think I'm the only one. I think people are entitled to all the facts and not just proud pom pom waving. Christ 3FA is out now so you think 2FA is going to work for long? All I'm trying to say is I'm glad you've implemented some additional security to cover your ass and glad that you have extra fingers to stick in the cracks of the dyke. The way the world is going you're going to your toes too. Again I say... a false sense of security is worse than no security at all. Oh probably the last question I'll ever be allowed to make. Do you think all this scammery escalated after the migration to Amazon cloud service or whatever it's called?
Someone must have read my reply, as I received an email stating that my verification process had been approved. Thank you! No fear mongering here, just an additional form of authentication. As Popeye used to say: "I ams who I ams" 73's my fellow operators!
I'd consider the verification only if my the number and address on my ID can can be redacted. That is information I simply refuse to transmit across the internet...which is a far greater security risk than my password to QRZ getting hacked.
I don't have any opinion about you on a personal level. Stating that we don't like each other is nothing less than a supposition on your part. Okay, you probably know how you feel but you have no idea about what's on my mind. Your comments suggest that "oh what the hell, it's a losing battle so why try?". That attitude would never have won the battle at D-Day and I just don't subscribe to it. Problems are never solved, or even mitigated by doing nothing. This is not the kind of problem that will "work itself out on its own". QRZ isn't covering our asses, we're covering your asses. We're not getting ripped off by scammers, you are. If we do nothing, nothing at all, we'll still be here 10 years from now. By then, however, hundreds of thousands of dollars worth of bad deals will have gone down. If we can change that to tens of thousands of dollars then we'll consider it a win. Your argument also suggests that our solution isn't perfect, that 2FA will soon be obsoleted by 3FA, and that even big companies will get hacked. Perfect is the avowed enemy of good and I'm perfectly happy with good. That's why we're moving forward with this despite the fact that we can't predict the future or that someday, 2FA will become obsolete. One thing for damn sure is that plain passwords, no matter how complex they are, are obsolete already, and the situation won't improve under your "security plan", which as far as I can determine is "none". Then, your last question, i.e. "Do you think all this scammery escalated after the migration to Amazon cloud service or whatever it's called?". Is this supposed to apply to QRZ, who migrated to AWS 8 years ago, or to the thousands of other companies that have as well? We used to have our own hardware that we purchased and maintained ourselves. Our move to AWS resulted in greater security, better performance, lower cost, and better reliability. In the past 8 years, cybercrime has escalated throughout the world and to suggest that AWS is particularly vulnerable over all others is so unsubstantiated that it reeks of conspiracy theorist conjecture. Just as the internet and computing, in general, has grown over the past decade, so has cybercrime. Cybercrime isn't fought by acceptance or resignation. It's fought by engaging them directly on the battlefield. You apparently aren't interested in fighting them, and so we can't really take you seriously as a security proponent.
Not to pick on you in particular but I would like to ask this rhetorical question: Would you let me see your license if we met face to face? I suspect that you would probably say "yes". So then, the difference, as you stated, is in its transmission over the Internet. The primary thing that folks worry about transmitting data over the internet is that the actual wires that carry the data can be eavesdropped. This is true, and there are probably dozens if not more points along the route between your computer and ours where someone could insert a tap and watch the data go by. The data that flows over the wire, however, is completely encrypted such that even though it may be seen or even collected by others, it cannot be decoded. It's just numeric gibberish when its obtained through eavesdropping. This protection is provided by Secure HTTP, known as HTTPS. You will notice that QRZ made the entire site HTTPS a couple of years ago and this is something that we will never turn back. This means that whatever leaves your computer cannot be viewed or decoded by anyone except QRZ. Even individual keystrokes are afforded this protection. When you type in your password, for example, it is also completely encased in strong encryption for travel back to QRZ. Therefore, the risk of a compromise between your computer and ours is mitigated by strong encryption. I don't expect my explanation above will change your mind, and that's fine but I wanted to point this out in case others were concerned by the notion that something transmitted over the internet cannot be trusted. The trust must lie with the endpoint, not the transmission medium. So, if in our face-to-face meeting, you used a 10-foot pole grabber to hand me your license, you wouldn't be worried about the security of the pole. Also, I will add that you may redact whatever you like from the document and our staff will evaluate what's left to see if it provides enough confidence to approve. If not, we'll tell you. 73, -fred
I use this same 2FA for bitcoin, and Paypal. Its no big deal. If you can pass an amateur exam I expect you will be able to handle this!
