What is iesnare and why does it matter to punters?

This is a forum for discussing privacy abuse. Some bookmakers secretly use insidious tracking techniques on computers and smartphones. The one product most talked about is 'iesnare', which is never specifically mentioned in terms and conditions, but there are plenty of other privacy abuses you may not be happy with. Let everyone know.
User avatar
Jimmy's Apprentice
Site Admin
Posts: 3
Joined: Wed Jan 13, 2016 8:40 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: What is iesnare and why does it matter to punters?

Post by Jimmy's Apprentice » Sat Feb 20, 2016 9:46 pm

Jimmy Justice wrote:'Iesnare' will be dead around 2-years from now, unless we vote to come out of the EU, as new EU online privacy laws will be making products like 'Iesnare' illegal, unless it is explained to every customer what it actually does in full and that ain't going to happen either or nobody would sign up.
Ah, but if these websites are hosted in the UK, and are accessed from anywhere in the EU they could still be persued under the new European Data Protection Regulation.

mick
Supporter
Posts: 350
Joined: Thu Feb 18, 2016 6:41 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: What is iesnare and why does it matter to punters?

Post by mick » Sun Feb 21, 2016 8:55 am

Hi JA many thanks for your thoughts and conclusions.This explains much and needs sorting, its of particular concern that the provider also harvests this info and could or does share with others long after we no longer do business with a bookmaker because of account restriction.I had no idea this was happening i am glad that i am now aware but almost wish that i was not.!

Jimmy Justice
Site Admin
Posts: 915
Joined: Wed Jan 13, 2016 9:16 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: What is iesnare and why does it matter to punters?

Post by Jimmy Justice » Sun Feb 21, 2016 10:17 pm

mick wrote:
Jimmy Justice wrote: We've just had an apology for illegal use by one major bookmaker and are deciding what to do next.
Well done indeed i bet that's a first.!
This is a really interesting one, as their legal department has admitted illegal use of 'iesnare' and other tracking cookies. Their defence at present is a 'mistake'. We will see. We need to be careful on this one at present - not evading, just doing the right thing until we know more.

mick
Supporter
Posts: 350
Joined: Thu Feb 18, 2016 6:41 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: What is iesnare and why does it matter to punters?

Post by mick » Sat Feb 27, 2016 10:58 am

Jimmy Justice wrote:We will post this as mentioned. We've forced one company, using regulators, to reveal all the initial data it collects, but a dispute is still continuing on what it collects on an on-going basis and how this is stored.
This is the real concern because even when we identify and block has the damage already been done with the iesnare company still retaining the information and making it available to new subscribers.?

Jimmy Justice
Site Admin
Posts: 915
Joined: Wed Jan 13, 2016 9:16 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: What is iesnare and why does it matter to punters?

Post by Jimmy Justice » Sun Feb 28, 2016 12:28 am

If they get your e-device once; they've got it forever and at present you have no right to have it removed from the database. It is an absolute scandal. I have an official complaint progressing, which has generated a general investigation into the bookmaking industry and its use of 'iesnare' by the UK Information Commissioner's Officer. It's now been on-going for over 6 months. What the outcome will be I don't know, but I doubt the present status quo will continue. I would like them to fine every company the maximum permitted, which is 500K, but there is no chance of that happening.

mick
Supporter
Posts: 350
Joined: Thu Feb 18, 2016 6:41 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: What is iesnare and why does it matter to punters?

Post by mick » Sun Feb 28, 2016 8:02 am

Cheers for the above Jim it gives some hope. :)

ThudNBlunder
Supporter
Posts: 2
Joined: Fri Apr 07, 2017 1:37 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: What is iesnare and why does it matter to punters?

Post by ThudNBlunder » Mon Apr 10, 2017 1:23 pm

I started following this debate through some trade mags and felt I had to get involved. I'm coming from the other side of the coin- I work in online security in the gaming industry.

I've read the analysis and claims of what iesnare does and doesn't do and it reads like a conspiracy theory. If firms want to share data about you and your gambling they can- and they certainly don't need iesnare or similar to do it. You have an account after all, so it's hardly a secret. Companies signing up to a system that shares financial information of THEIR customers would be business suicide so why would they do it? Whenever coming up with a conspiracy theory question 1 should always be 'what's in it for them?'

Undoubtedly iesnare and similar identifies the machine and IP being played from and links it to a customer. In most cases there's an additional barrier- it links it to a username and further (usually manual) stages have to be followed to link it to a 'real' person. There's no office somewhere with geeks sat behind screens going 'oh look, Jim's on again'.

Whilst some of the data is used for marketing purposes it's on a macro level, not individually targeted. It's useful to know where, when and how often people are logging in to bet- it allows marketing money to be targeted effectively. If a firm wants to target you individually then it'll be the firm you've signed up with and they either already know what you like or they'll throw different offers at you to figure it out. They don't need to be underhand.

Now where I come in. I saw the article on how to remove iesnare and block downloads and thought 'oh great, that's the crooks educated!' Let me tell you why I'm a big fan of this and other similar systems, and the way we use them to protect customers.

Most punters don't realise that every day there are teams of crooks out there trying to take your money- it's not just the bookies ;) . One vital tool in our arsenal is the ability to check that the person operating the account is who they say they are. It's sailed under the radar a lot but every day, as the result of some massive data hacks, thousands of online accounts get hacked from bank accounts to gambling- http://www.securityweek.com/credential- ... ethodology .

We have various ways to try and combat this but one of our most effective is identification of a machine. This is a real world example; Punter A logged on and registered a new payment method, then withdrew all funds on the account to that new card. Two days later it was then disputed by punter A who claimed they hadn't withdrawn funds. We looked at the account and saw this transaction was performed on a machine that hadn't been used before and also a different IP. The IP was actually from a different country. After further checks on the machine used for the disputed transaction we found it had logged on to over 50 other accounts and attempted the same scam. We were able to block it and the case is now with the authorities.

Without the ability to track the machine and the IP Punter A would have had a very hard time proving they hadn't withdrawn the funds. If the crook had been educated and blocked or removed the identifier we wouldn't have been able to stop them attacking 50 other accounts. I can't say this loudly enough- THIS IS THE MAIN PURPOSE OF THE SOFTWARE!

If you don't like it because you think it tracks your betting activity- you're wrong.
If you don't like it because it stops you from opening accounts under other names then read the site T&Cs- you're breaking them (and the law in some cases). There are plenty of ways to do it but I'm not going to list them, given my job......
If you think everyone has access to your personal data you're wrong. Only those companies you've got an account with have- and that's only after following other steps.

It's there to try and keep you safe. If you'd rather ride without a seatbelt then so be it- but PLEASE no more articles to educate the crooks!!!

Jimmy Justice
Site Admin
Posts: 915
Joined: Wed Jan 13, 2016 9:16 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: What is iesnare and why does it matter to punters?

Post by Jimmy Justice » Tue Apr 11, 2017 8:16 am

Hi

Thanks for your post.

Loudly and clearly, we support the use of Iovation (iesnare, iovation, Reputation Manager) for fraud purposes. As a honest punter why wouldn't you?

Sadly, as we have found out over the last 2.5 years (only 14 months since we launched the website) some modern large corporate off-course bookmakers cannot be trusted. I obviously don't know who you work for, but we have sent 99% conclusive evidence to the ICO that your claim that Iovation is only used for fraud is probably inaccurate in the case of some major players in the market. I am not at liberty to divulge what has been sent, as I am very aware through working with the BBC and The Times how sensitive legally this information is. Both organisations have spent thousands on legal advice before broadcasting or printing anything and believe me if what has been claimed was not true both organisations would be facing legal battles, but they're not.

One thing I will divulge is that a member of staff at Iovation has confirmed what was written in this article is all true: https://www.thetimes.co.uk/article/book ... -gq2hdcvfz

An analysis is available on on our website if you don't have access to The Times online: https://justiceforpunters.org/how-iovat ... ding-more/

All this will eventually prove that your claim, "it reads like a conspiracy theory" is not so.

I'm interested in this claim, "If firms want to share data about you and your gambling they can." If you wish to expand on this, we have a lawyer who specialises in EU pivacy law who would love to know the companies involved. What you claim is without question illegal if the companies you refer to are not in the same company holding group. It is also worth noting the following: https://iapp.org/news/a/top-10-operatio ... profiling/ This will be the end of products like Iovation, unless how they are used is tightened up considerably.

The UK's Information Commissioner's Office has recently ruled that Iovation does collect personal data, i.e. when the e-device data is combined and analysed with personal data a company holds elsewhere about a person the e-device data becomes personal. This is a very important ruling and problematic for the way Iovation is presently used by most companies.

J4P is not in the business of going to court, it is about campaigning for an 'open and fair' gambling market. Whilst we support the use of methods to protect customers from fraud, we expect that the customer will be clearly told how this is done and what is collected (this is not happening). Perhaps more important to your posting is that you should be reporting back to your senior colleagues that they appear to be breaking EU privacy law, assuming what you outline is factual. This could cost them a lot now and from 2018 will cost them a fortune.

I hope this helps?

JJ

Jimmy Justice
Site Admin
Posts: 915
Joined: Wed Jan 13, 2016 9:16 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: What is iesnare and why does it matter to punters?

Post by Jimmy Justice » Tue Apr 11, 2017 8:22 am

Apologies I forgot to link to this other article, which expands on other methods of tracking & profile building which like Iovation are likely to fall foul of the new EU privacy laws: https://www.thetimes.co.uk/article/padd ... 527bc304c4

When the UK leaves the EU it will not change anything as most of the companies are trading online from EU bases.

JJ

ThudNBlunder
Supporter
Posts: 2
Joined: Fri Apr 07, 2017 1:37 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: What is iesnare and why does it matter to punters?

Post by ThudNBlunder » Tue Apr 11, 2017 4:21 pm

I agree there's a potential scenario where a tool like iesnare could log a particular machine or IP as 'bad' and raise a flag if an account tried to sign up or play from it. I find it a stretch that a company would share a 'code' with a competitor to identify the type of activity that caused it to be flagged- they certainly wouldn't put something in there to identify an individual. I have to raise a full DPA request if I want personal details, it would be great if I just needed a code!!

Just to clarify my comment 'if they want to share data about you they can' simply refers to the obvious- I'm not saying it would be done 'legally' within the framework of the Data Protection Act. I was just making the point that there's no reason for them to do so- it makes literally no business sense whatsoever. The same holds true for using a (visible) data collection tool for profiling purposes.

The whole identifying of an individual by collating data is an extremely difficult area and one that's been debated hotly under the new GDPR. Taken to an extreme it makes online security virtually impossible. Companies are (deliberately) putting barriers in place to prevent any one employee being able to identify a 'natural person' as defined in the act- but in security we often need to be able to make these links to make the case; eg money laundering via sports exchange. There are a variety of seminars and consults with the UKGC we'll be having between now and May 2018 when the new act comes into force to clarify our position.

I have no direct knowledge of what other ways the data collected by iesnare might be used and it's never been discussed in my presence. I just know the data we collect to identify a machine and IP is used for one purpose only- security. I work for a company that supplies product specific online security and fraud protection for a variety of companies, including some of those you've mentioned. Not all use iesnare, but all of them use a means of identifying the device being played from. It's simply common sense and isn't designed to inconvenience or penalise the customer- unless they're operating the account in a fraudulent manner. From experience there's not even a database of unwelcome players- one of the frustrations of my job is finding a known fraudster popping up with a different operator after having their account closed. If they've used a different machine/ IP address we only find out when they repeat the fraud and have cause to obtain their name under a Data Protection request (we only have visibility of usernames). We don't even have a record of names/ addresses permanently stored- we delete them immediately after a case is made to comply with Data Protection rules. Links to previous cases are made because our analysts have memories like elephants!

If it turns out the data captured by iesnare is being used in any of the ways you describe I'll be extremely surprised. If there's something surreptitious going on it seems far more likely (to me) to be old fashioned low tech rather than the high tech iesnare offers. You do know some of the firms you mention have offices above each other in Gib and they're always swapping staff?

I'll continue to follow the story with some interest but I still believe you're causing more harm than good by getting people to remove identifiers that allow us to check you are who you say you are!

Post Reply
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Who is online

Users browsing this forum: No registered users and 1 guest