ad: AlphaRF-1

Verified Member Status Requirements

Discussion in 'Ham Radio Gear For Sale' started by AA7BQ, May 19, 2019.

ad: L-HROutlet
ad: l-rl
ad: L-MFJ
ad: Subscribe
ad: Left-2
ad: Left-3
ad: MessiPaoloni-1
  1. N3HKN

    N3HKN Ham Member QRZ Page

    It is not your responsibility to police the Internet and QRZ postings. It is the responsibility of the purchaser. The Internet is a sewer of scams, false info, etc. It is the underbelly of society. By giving you/QRZ my data it is now at risk. You are responsible and liable. I assume your legal council approves of this approach.

    While your service is of value, your approach to security is not. I prefer my own responsibility and will not answer your questions or submit data that can be on the Internet seconds after you receive it!
    N3HKN
     
    N3FAA likes this.
  2. N6UBO

    N6UBO Ham Member QRZ Page

    My reasons for not doing the verification are a bit different than most. To me any additional information I put out there makes me LESS safe when that web site is hacked, and it WILL eventually be hacked.

    Also, I don't bank on line (been hacked on Paypal and won't do that or other e-payment again) and I don't do enough on line selling/buying to make it worth my while to set any of that up.

    Fred and I had several very nice eMails back and forth about it and I completely understand that he needs to do what he feels is best for the largest number of his users and that he will lose a few along the way who don't want to use the new verification process, whatever their reasoning.

    Bottom line, I applaud Fred's efforts to protect as many of his users as he can, it just doesn't work for me and I have no hard feelings against Fred or the site over it.
     
  3. W1BR

    W1BR Ham Member QRZ Page

    I'd make the rules the same, photo with call for all... and it rhymes! too many variations adds to the confusion. Once the two step verification becomes law of the land, the rules should be condensed to fewer stickies. . There is some conflicting requirements as the rules are written at present--older stickies with dated requirements, etc. Just a friendly observation and suggestion. Pete
     
    N1VAU likes this.
  4. AA7BQ

    AA7BQ QRZ Founder Administrator Platinum Subscriber QRZ Page

    Wow. We can all agree that there is a lot of crime and distrust on the internet, and there seems to be scams everywhere.

    The most difficult thing that I have to read in this discussion are the comments by those who lump QRZ in with all of the nasty and negative aspects of the entire internet. I don't think that we deserve that, but then I have to consider the source of the criticism, i.e., by those who by their own admission, have at some point fallen victim to internet crime that QRZ had nothing to do with.

    For the majority of members who agree with what we're doing, please know that you have both our gratitude and that of the buying public. QRZ doesn't have a profit motive in asking for your ID and we would rather not need to ask for it. We're just sick and tired of all the scams out there and if there is anything that we can do to dissuade them, we will. It's worth noting that privacy advocates will express loud and vociferous disagreement and/or flatly refuse to cooperate. The crooks, on the other hand, absolutely won't complain or comply, they will simply go elsewhere. Therein lies our key motivation because we feel that the loss of participation by a few of our members (those who refuse to ID), is more than offset by the chilling effect that it will have on the scammers.

    73 -fred
     
    N1VAU and K3BR like this.
  5. KB2SUJ

    KB2SUJ Ham Member QRZ Page

    My own, worthless $0.02.
    I'm savvy enough not to get scammed. My rule is 'trust but verify'. I make a phone call. Too good to be true always is. Unsolicited is unwanted. I am a tech kind of guy but I am not wasteful. I have no need for a smart phone. $50 to $400 a month is simply not worth it to me. The methods to do 2FA are cumbersome and quite frankly, just to use the swap section, not worth the bother. I've dealt with half a dozen QRZ member in the last six months. First using confirmed emails, then with phone calls. But, as they say, it is what it is. It is a shame that QRZ is going to lock guys like me out of the swapmeet section because I simply find 2fa to much of a PITA given my method of living. I'd of been fine if any post I made had a big red flag stating "Only Transact with this person after telephone verification". My area code and phone number verify my identity. I have read (out of morbid curiosity) many of the threads about people that got scammed. Honestly, I saw so many warning signs that I find it hard to feel sorry for many of them. You cannot protect people from themselves. I am a moderator of a much larger site than QRZ. We too, have a classifieds section. Maybe once a year, someone does not get what they agreed to transact. My response is to first, see how active the seller was. Read some of their posts to get a feeling about the guy.
    I only say this to give pause for thought.
     
  6. AA7BQ

    AA7BQ QRZ Founder Administrator Platinum Subscriber QRZ Page

    I like your idea and thoughts about protecting yourself, asking for phone calls, and in general, the "trust but verify" statement. I do wish all QRZ users were like you and it's because they aren't that we've instituted these protocols.

    2FA isn't cumbersome at all, once it's been setup. If you watch the video I made you'll see that the steps are few and easy to understand.

    Here's a rhetorical question: Do you believe in passwords? Do you think that a password should be required to login? If yes then presumably you agree that it is important to protect your reputation by jealously guarding your personal password. You wouldn't want someone logging in under your name to conduct illegal activities, would you? So if you believe in the usefulness of passwords, then what is the objection to a stronger password? That's what 2FA is, a stronger password.

    73, -fred
     
    KB2SUJ likes this.
  7. VE3TMT

    VE3TMT XML Subscriber QRZ Page

    Unless your in Canada
     
  8. KB2SUJ

    KB2SUJ Ham Member QRZ Page

    No direct argument (and BTW, I am not arguing QRZ's policies, you guys have every right of course, to manage as you see fit). Just food for thought and fun discussion. :)

    There is a limit to site security Vs. the risks. Let's flip the mattress for a moment. You have a verified seller (or WTB). You know, being reasonably assured, the member is on the up and up. What if a scammer contacts the member and negotiates a purchase or a sale and scams. No protection. It sort of seems to me if QRZ is trying (and I applaud the effort to do so) to ensure transaction security, it has to do it on both sides. That is a nightmare to be the middleman/broker.
    On the site I moderate, we emphatically inform all people (if they bother to read the classified FAQs) that it is Caveat Emptor. Do your own due diligence. Meet in person when possible at a secure (IE, police department) location. A concern I'd think you guys would/might have is by trying to protect members, you are also accepting the responsibility for protecting members. We used to have a policy of not allowing the distribution of copyrighted materials. We did not want to be party to the illegal distribution of intellectual materials. However, due to the size of the site, it was realized we cannot catch ever instance. By not catching every instance, we were possibly exposing ourselves to 'failure to perform' and could be held liable. so the solution (crazy stuff) was to ignore every instance. If the intellectual property owner wanted to search the site and identify every instance, we would comply and remove.
    As far as verifying who a person is, my bank, brokerage company, all require a simple password. They do log my machine MAC address and tie it to my login. If the MAC changes, I have to go through additional steps to verify my identity. Oddly, my cell phone site has insane security. Login, password, PIN, multiple secret questions, a image identification. A real PITA. All for a prepaid cell phone!
    So, I believe in reasonable security. Basic, strong passwords (16 character, no words in the Oxford Dictionary, numbers interspersed in the strings, special characters). QRZ members are already vettted by the FCC.
     
    K3EY likes this.
  9. K4AGO

    K4AGO Ham Member QRZ Page

    I had the same problem. It was my fault though, NOT QRZ at fault. What happened to me was...

    I was getting a lot of spam phome calls on my smart phone. So, I started blocking the spam numbers. When QRZ called with the varification code, I didn't recognize the phone number so I blocked the number. That nmeant QRZ could not send a varification code.

    Now, I can't figure out how to unblock the number...

    Yes, I am old and stupid. Smart phones are smarter than I am. Sigh...

    John
    K4AGO
     
    W1BR likes this.
  10. AA7BQ

    AA7BQ QRZ Founder Administrator Platinum Subscriber QRZ Page

    Great comments. This is probably off-topic but as a technical point, your MAC address isn't visible outside your local network, behind a router. IP, yes, MAC, no.

    Also, all things being equal, the key to a good password is its length, above all else. For example, a password like AppleOrangeSteelGasoline is vastly more secure than "dy45@$wp!" 16 characters is a good start, but longer is still better. Best explained here: https://xkcd.com/936/
     

Share This Page