I Am Mark Zuckerberg
iammarkzuckerberg.com1215 points by jb1991 a day ago
1215 points by jb1991 a day ago
A friend of mine has a relatively common first name and last name, and she regularly gets mail that is clearly not meant for her. She started a Facebook group for homonyms to help her route mail, and it now have a hundred members and have helped people get important documents.
At some point, they even organized an impersonation because someone needed to retrieve an official document and couldn’t be there in person. Another member nearby offered to go and get it. “Won’t you need my ID for that? — Oh, I have one with just the right name…”
My name isn’t super known, but it happened to be the same as that of a very big fish in the financial institution I worked for.
Thankfully these people were working mostly through physical meetings and calls, so no sensitive info was leaked, but I did get calendar invites to discuss the future of entire countries as an engineering intern.
I used the name a couple times to set up our internal meetings in the fancier upper floors, so we could have whiteboard discussions over a fancy hardwoods table. No one questioned the name appearing in the entrance display as the current user.
Not identical, but I once shared most of the first name as well as my last name with a VP of research at the company I worked for, and we were in the same technical field. My (much less impressive) publication record got confused with his frequently and I always wondered if it gave me a career boost.
>> My name isn’t super known, but it happened to be the same as that of a very big fish in the financial institution I worked for.
Same thing happened to me. My name in outlook was the right under a high up VP. Outlook auto correct would bring my name up at the top of the list so people would just hit enter and write their email.
Same thing, I was getting some emails I clearly should not have been viewing, with budgetary spreadsheets and names of people who were being considered for layoffs.
One of them I sent back to the VP and diplomatically explained the mixup. I didn't get any emails for a few months and wondered how they fixed the situation. I guess they gave the VP and underscore in his name instead of the normal firstname.lastname@company.com so now when I typed in my name, his came up first.
We had a board member who frequently emailed confidential documents to a security guard with the same name as another director.
It was his iPad's fault, apparently.
My deadname was not only owned by some other people in my industry, it was also used by someone else born in the same hospital, same ward on the same day, on the same morning as me. That was endlessly irritating.
Glad to see that after five years post abandoning it my contribution to the name is basically gone from the internet now.
>>it was also used by someone else born in the same hospital, same ward on the same day, on the same morning as me. That was endlessly irritating
How so? Other than a funny coincidence, how would that ever come up anywhere in anything unless you both lived in a tiny community where everyone knows each other. I just don't understand how someone born on the same day as you having the same name was "irritating".
An ex-gf of mine’s dad had the same name and birthday as a convict. Caused him plenty of trouble when crossing the border apparently. Hopefully that’s not the case for GP
Used to work as a manager at a pizza place and we had a guy apply to deliver who had the same name as... their son.
Allegedly Jr. had a lengthy record including some drug offenses and something like a DUI / DWI. Naturally Sr. And Jr's records got crossed since they have the same First, Last, and Address, which caused Sr. many headaches including that we required a driving record check that would fail on a DUI / DWI.
>I just don't understand how someone born on the same day as you having the same name was "irritating".
Because, lacking a national identity number, the natural way to distinguish to people in a system when the name wouldn’t do is going to be age/birthdate or location.
Birthdate and place of birth are used as identifiers (I have been asked what hospital/city I was born in before on paperwork).
[flagged]
Discuss it as in “there’s elections in Argentina, let’s see how we react to the change of administration”. Not as in “I will replace Argentina’s president”.
At least the titles/descriptions didn’t contain anything to consider pulling a Snowden about it.
Not a great example when a $40B bailout is preventing an Argentine puppet from being sacked.
Yes, and the reason I've commonly heard for the bailout was that it is to help US based investors. That's a clear example of the US financial sector influencing foreign politics.
[flagged]
> You're being naive. This is exactly what they do.
You are being knee-jerk judgemental.
They didn't say those things don't happen, just that it didn't appear the comms they received by mistake looked like less sinister interactions with the political world.
Oops, didnt realize it was the same poster. Thought it was someone else saying these things dont happen.
I have a relatively rare name — I’ve actually never met anyone with my last name, never mind someone with my full name — and this happens to me regularly. Last week I got a job rejection from New Zealand post, for a while I was getting someone’s pay stub notifications from the US, etc.
I suspect it’s because I was the first to register the first.last@gmail.com address for my name. I guess it’s a bit like owning a simple noun .com domain.
I use my lastname [at] gmail (same as my HN username). Over the years, I’ve received all sorts of misdirected messages: medical, financial, support, even real estate documents. When it seems important, I do my best to contact the sender and let them know.
What I’ve learned is that “no-reply” email addresses can cause real harm in situations where it’s critical to reach an actual person.
One of my gmail doppelgängers has started trading crypto and I am deeply concerned for them.
I think mine is worse off. He keeps being signed up for Facebook notifications on whatever activity he's doing.
My dad's first name is my last name so my last name @gmail is taken by him :)
But I have a relatively rare first name and even rarer last name due to my dad having a very rare first name, so I easily snagged first.last. Pretty sure to this day I've never even seen anyone with my dad's first name (or my last name).
Meanwhile, my coworkers name is literally Adam Smith and his usernames tend to be adamsmith2 or 3 or 4.
I once worked at a place that has two Brian Smiths who worked at desks across from each other. That was quite bizarre.
> Over the years, I’ve received all sorts of misdirected messages […]
Looking at my text messages, surely these are a mix of serious business and the starts of scams. How unsavory to think that helping someone could be a bad thing.
I get a ton of email to my gmail address for other people with similar names.
One of them was a director at Google, but I think she retired. Always assumed that meant I'd get a lame work email if I applied there.
I have lastname.firstname@gmail.com because first.last was already taken.
Just curious, do gmail accounts ever expire? Will I ever get the chance to snag the other one? Or does it forever belong to my nemesis and life-long enemy?
Even if your google account is deleted, the email address is NOT recycled because it can be used to impersonate people - maybe the previous owner still has physical/digital accounts linked to that old email. As far as I know most services do this - an email address once registered is never released again.
After two years of inactivity:
This answer is not actually correct. I have an account I deleted 18 years ago, still can’t make it again.
Could in theory be because someone else grabbed the account 16 years ago tho, unless I'm missing something?
No Google does not allow creating a new account with a previously-used Gmail address. Each Gmail address can be used at most once.
You can never make another account with that address because Google does not delete things.
Yea I own first.last@gmail.com for my name too and I get emails for who I think is the same person fairly often. Like job stuff, professional education emails, etc. I used to reply to them saying wrong person but have given up...the guy must not care about not getting these emails...
My first name is very uncommon and my last name is very common.
I'm in the same boat, except my first and last name are fairly common. My gmail account is not my primary email address, and to be honest I don't know if I could manage making it my primary because of the amount of rubbish I get.
I am on the other side of this problem and was surprised because it is very easy to contact me. When the other person with my name forwarded the emails, it was all careless and unwanted recruiter mail. Someone goes into work, types first.last@gmail, and hits send without doing one Google search. Incredible.
Same, albeit it seems like multiple people. Or at least someone who moves states.
It's bizarre though... who puts down an email address they don't own on a job application?!
I recently wanted to introduce someone to our internal recruiters to a person with a long, uniqueish name. The recruiter was like: they did respond with „I’m not interested“. But the person was like: I’ve never got a mail.
Turned out the whatever tool our recruiter used spit out „first.lastname@gmail.com“ even though the person in question doesn’t own that email.
I have met someone with my last name, if its not hyphenated, which mine is. My name is as unique as it gets with hyphenating. I never use my hyphenated name anywhere other than 100% legal stuff.
My address is the same. Someone with my name thinks their email address is firstlast@gmail.com
Its annoying especially since we have the same bank and they are not very good at paying their credit card on time. I therefore get their bank emails. Initially It will always have me confused as weight wait. I don't have any balance on my credit card. Was this fraud?
I'm in exactly the same situation - very rare last name, first.last@gmail.com address, wrong mail from all over including NZ.
I have pretty rare first and last name, but somehow have gotten random person's car service receipts (and reminders) from a service place in the US (I live in NZ).
There car has a lot of problems.
I got on twitter pretty early too, and just have a short first time as my @, and occasionally get DMs about getting my @, but no one wants to hand out cash for it. The most I've been offered is $50. But most just expect me to give it for free.
I have a sufficiently uncommon last name to be able to figure out which branch of the family the misdirected emails are meant for. Was quite nice getting updates from the chip shop we used to get fish and chips from when we went to visit grandma, intended for someone who afaik I never met.
I had an Australian criminal defense attorney with my name, register the .au version of my personal domain.
I used to get very sensitive documents sent to me. A lot of juvenile cases. I suspect people could have gone to jail for sharing it.
It's really on the sender, to make sure, but it's still a nasty situation.
It eventually stopped. I think they ended up registering a different domain name. I used to diligently respond, when sent erroneous documents, but never got a reply. I destroyed them, but there's no telling where other copies might have gone.
> At some point, they even organized an impersonation because someone needed to retrieve an official document and couldn’t be there in person. Another member nearby offered to go and get it. “Won’t you need my ID for that? — Oh, I have one with just the right name…”
That's a felony in many places.
If it hypothetically was a crime, I wonder how often it would actually get prosecuted given someone used their real ID, showing the office failed to check anything other than a name known to have dupes, and/or given they had no intent to steal something and acted with knowledge and permission of the intended recipient, showing no malicious intent. I can imagine reasons those wouldn’t be considered a valid defense, but I guess it probably depends on what office & document & law we’re talking about.
Obtaining something of value through deception is fraud.
My name is X and another person also named X tells me to gather their documents from the office. Other X also signs a paper for me that says I'm allowed to do this.
I ask the office clerk: "Hi, I'm here to retreive the documents for X". He checks my ID and gives me the documents without asking for written permission from the other X.
It's deception by omission, but there is no fraud. I was legally allowed to do this. It's also a win for everyone because it avoids complications.
The key term in most statutes is dishonesty.
Impersonating someone at their behest as a favour is unlikely to be dishonest.
That's debatable. If I let my friends impersonate me to use my zoo membership for free entrance, then were clearly defrauding the zoo (obviously that's not high stakes, but I dare someone to argue it's not). If one of a set of identical twins is better at math and takes all the math tests for their sibling, that's pretty clearly academic fraud, again pretty low stakes but fraud is still fraud
Key note because in case someone decides to go bad faith here, I think the gp comments use case of fraud is a positive thing (if a bit dangerous). Redefining a term just because you don't like the pejorative implications is not a positive thing, though.
There are so many things wrong with this thread. At least you make an effort, but the categorical dismissals are interesting as well and probably explain to some extent why so many hackers end up in trouble with the law.
It's pretty simple: they are deceiving the other party that the document was handed to the right person, the consequences of which range from 'meh' to spending 6 years behind bars.
Let's say this was a summons for a court case. Then the judge would believe the papers were served properly, when in fact they were never served. Permission doesn't enter into it here, it is wilful deception by two parties of a third. The same name should not normally be enough to get away with this but assuming the story is real (there are many reasons to doubt this, such as the ID matching the name, but nothing else) it all depends on who does the checking. In some cases you might not even go home without a small detour in case you are found out (for instance, because the person handing the document over is familiar with the real recipient).
So, jurisdiction matters, what that document was matters, whether the permission was granted in writing (procuration), who the counterparty was, what the value of the document was, whether the parties lived in the same state/province or country and whether or not the permission was communicated to the person passing the document to the wrong recipient (probably not) and lots of other factors besides, such as the person giving permission still evading some legal obligation, which - conveniently - the story doesn't relate (and which hinges on what that document was).
And that's before we get into the wilder options of the second person being social engineered because after all, the only way they could be sure that they were acting on behalf of the real recipient would be to check their identity, in person, and with someone who is able to do that in a way that is legally binding.
They didn't obtain anything, though.
I understood that they obtained legal documents
They retrieved those documents and gave them to the intended recipient. “Obtain” suggests something longer term.
So the story says. But what if they didn't? What if it turned out the person receiving the document from the person picking it up also wasn't the intended recipient. How would they know? And if so they'd be holding a document that they shouldn't have in the first place.
You could easily be a paw in an identity theft play like that.
"with the approval of the intended recipient" makes it like breaking into someone's home with their consent
Is it? An authorized agent picked up the document. Someone with matching ID picked up the document.
Where's the crime?
I'm Irish and have a common firstname.lastname@gmail.com At some point the head of a national hospital thought he had that address and wasn't using his official email for everything, I got several emails that should not have been for me and some were quiet sensitive, I always emailed back the sender to let them know and eventually I emailed his secretary as it kept happening. I've also received purchase order confirmations from Australia, building contracts from Canada, HR emails from a university to which I had to confirm I had deleted the mail as letting them know led to GDPR investigation
I’m in the midst of a similar situation. My firstinitial.lastname email keeps getting very sensitive legal documents from law firms handling the case of someone who does not seem to know what their actual email address is. I called the firm and told them they needed to have an in-person meeting with their client and get a correct email address from them. That seemed to help for a few months. But now I’m getting emails again from a different law firm.
Law firms that send very sensitive legal documents over email… #sigh
I’d switch firms immediately if that’s their level of opsec awareness
And I worked IT for legal firm, if we were not sending documents over email, we would get replaced by the client.
I spent 3 months on secure document transfer portal system, got scrapped after 4 months because clients wanted their forms as Word/PDF and they wanted them without hopping through any hoops.
If you reread again it sounds as if the secretary was hanging out the wrong email.
Yes I know this was about wrong delivery address (person with same name, wrong account); the point is that email is not completely secure - certainly not for very sensitive (legal) content
What are you talking about? If you send emails from eg GMail to Gmail, it's fairly secure.
Gmail can be fetched via IMAP and leave Gmail's infra entirely. And I don't think Google guarantees that their implementation stays fully on their own owned infra. It's a reasonable assumption but I'd never trust that for a security guarantee.
Email is not an end-to-end secure data protocol without the use of client side encryption/decryption like PGP/GPG, but even then, sender/receiver and time are all in the envelop metadata.
Yeah, that exactly my point - no idea why I’m being downvoted on this
Probably because Law Firms arent necessarily computer security firms. Lots of people have terrible op sec. Additionally if you the recipient are on gmail it stops mattering, now Google knows your legal woes.
Exactly, I’d never use Gmail for anything sensitive. Even for just personal emails I use my own mailserver. (And again, for truly sensitive stuff I don’t use email at all)