The story unfolds like this.
October 21, 2009--I purchase 6 same-model MSI notebooks from a US retailer on behalf of customers. On arrival, I am disappointed to discover that I cannot access the hard drive or RAM without breaching the "Warranty Void" sticker. For a VAR, and somebody that services these things for a living, this is a big deal. Strike one.
December 2009--I go to ca.msi.com to register for my free Windows 7 upgrade, and learn that there is a fee of $15. This in itself is annoying, but not entirely surprising. We've discussed this on
If you're thinking this is just another 'poor me' story, I would have agreed with you up to this point, but here's where things go from rude to potentially criminally negligent.
I registered the first upgrade from home. Registration requires the upload of a scan of my receipt, which I provided at the time of the initial registration. Later, from work, I started registration of the remaining 5 laptops. Because the receipt is at home, I simply logged into my first registration to get a copy of my uploaded receipt, which is attached to the online registration. It was at this point I discovered that my receipt is being stored on a publicly available web server. No php or cgi, no cookie required, just an 8.3 file name that any human or bot can type into the address bar to be rewarded by seeing my full receipt, including full name, home address, retailer account number (not my credit card info, thank goodness, or my first call would have been to a lawyer), and purchase details.
This raises some questions, like how many other MSI customers's private information is at this very moment available to the whole online world? What entitlement or expectation do I realistically or legally have to the protection of my privacy by lazy corporations in such a case?
Obviously I will be protesting this to MSI and asking them to take down the sensitive information ASAP, but I have to ask, what similar abuses have slashdotter's suffered by careless corporations, and what soft of resolution were you able to obtain? I also think this should serve as a reminder and warning that potentially thousands of you are being exposed by MSI at this very moment thanks to this gross oversight."