[rmta]

Hello everyone!

My name's Ruben, I'm Portuguese and I am writing in this forum for the first time.
I’m writing because of a problem I’m having with Sportingbet. I’m not sure, but I think that this may even be a crime committed by this company. I hope you can help me figuring this out.

The facts:

I have an account with Sportingbet.com. On April the 20th, as I was trying to make my second time ever bet on horse racing, I noticed that the system only allowed me to place bets up to a few cents (0.35€, per example).
As I didn’t know what was going on, I logged in to sportingbet’s chat, and talked an operator called ‘Antonio’.
I asked him about the reasons for the account limitation, but he was unwilling to tell me. Even so, after some insistence, the dialogue was as follows:

RUBEN: Se me limitaram a conta por uma aposta de 60€ perdedora (!!!) suponho que tenham fechado a conta ao
Mário C., de Lisboa, que apostou 50€ e vos ganhou 108.008€, certo?
Antonio: nao posso entrar em detalhes
Antonio: as razões da limitação não sao apenas sobre o k faz na nossa casa
RUBEN: Não?
RUBEN: Então?
Antonio: a sportingbet tem acesso a todas as contas de todos os clientes mesmo noutras casas

Translation:

Ruben: If you have limited my account because I have placed a 60€ losing bet, I suppose you have closed Mario C.’s [a Portuguese player who has won 108.008€ with a 50€ bet] account, correct?
Antonio: I can’t get into details.
Antonio: the reasons for the account limitation are not only about what you did in our betting house.
Ruben: aren’t them?
Ruben: what are them about, then?
Antonio: sportingbet has got access to all of the accounts of our clients, even the ones in other betting houses

Later, on the 22nd of April, I contacted the chat again. This time, ‘Jorge’ was the name of the operator. The dialogue:

Ruben: Antonio: a sportingbet tem acesso a todas as contas de todos os clientes mesmo noutras casas
Ruben: isto é verdade?
Jorge: sim
Ruben: isso constitui uma violação da privacidade dos dados pessoais

Translation:

Ruben: Antonio: sportingbet has got access to all of the accounts of our clients, even the ones in other betting houses
Ruben: Is this true?
Jorge: yes
Ruben: that constitutes a violation of private data.


So, I got a confirmation, from two different operators, that sportingbet.com as got access to all of the accounts that their clients have in other betting houses.
My questions are: is that legal? How can that be?

Thank you!
Ruben

[Justin7]

I'm not quite sure I understand.

"Sportingbet has got access to all of the accounts of our clients"

Who are "our clients"?

[rookie]

I'm not quite sure I understand.

"Sportingbet has got access to all of the accounts of our clients"

Who are "our clients"?

Sportingbet's clients. They seem to have access to account info (with other sportsbooks) of their clients.

[lucciferg]

Are you talking about ieSnare (or similar) and them sharing data with other places about "undesirable" bettors? Or something else?

[kkkkk]

it depends on the law in the country where sportingbet is registered and in your country.
for example in my country there is an act for protection of personal data(its a raw translation in english but i guess u get what i mean), so noone can give your data to anybody else.
but if u agreed to some terms and condition of other bookmaker that gives them the permission to use your data then maybe this is the way that may looks legal.
However for example in my country its said you have to be registered as administrator of personal data so u can collect and eventually give someones data to others. so this mean they have to obtain this permission from the country.

im not a lawyer im speaking from my experiance

[MMM]

Bookmakers do share info on infamous punters that only bet on fixed matches. However, I really dont think Sportingbet knows anything about their clients activity with other bookmakers in 99.9999% of cases. That Antonio guy must be full of shit.

As for legislation, I cannot see anything illegal about Sportingbet asking competitors about certain clients betting profile.

[HeeeHAWWWW]

Bookmakers do share info on infamous punters that only bet on fixed matches. However, I really dont think Sportingbet knows anything about their clients activity with other bookmakers in 99.9999% of cases.

If they use iesnare, they do.

(just checked, they do).

[twister]

Found elsewhere, hopefully of some use.

EDIT:
After writing all of this someone from the 'state the bleedin obvious' society (of which I'm clearly NOT a member hehe) pointed out on a.n.other forum that a much easier way to block flash cookies (ie iesnare) is just to uninstall the Flash player. So, if you don't use Flash that much, I'd recommend NOT following the info below and instead just uninstall Flash!

What is iesnare?
Iesnare is a ‘reputation management’ system by a company called Iovation that stores a digital fingerprint of your current system in a database on their website. That fingerprint can then be accessed by all of their customers - ie online gaming websites - to track your online activity.

The main purpose of the system is to block criminal activity where fraudsters use multiple stolen identities / ************ to sign up for multiple accounts on the same gaming sites.

Whilst this sounds like a good thing and any lawful user shouldn’t have anything to worry about, what is worrying is the fact that your computer’s identity is being monitored as you use it across many different gaming websites. So for example if you use the same machine to sign up to two or more different sites that use the iesnare system, each site will know that you’ve recently signed up somewhere else and potentially earmark you as a criminal or abuser.

In the UK (no idea of the equivalent in the US) the Data Protection Act makes the sharing of personal information between different organizations is unlawful and it’s arguable that iesnare is in contravention of that law. Iovation would probably argue that they’re not storing or sharing any personal information, it’s only your PC’s identity that they’re storing and sharing. Whether your PC’s identity is a part of your personal identity is up for question.

Also, you don't get the option to opt in or out of this, the iesnare cookie is installed secretly without your knowledge or explicit permission (as opposed to the permission you give when you agree to the T&C of most gaming sites which probably includes a clause that allows them to use companies like Iovation to track users).

Who is affected?
You might be affected if:

• You use a PC with Macromedia Flash installed
• You access online gaming sites regularly

The name ‘iesnare’ seems to have been used because ‘iesnare’ is the name of the website that installs the dodgy files. However because it has ‘ie’ in it, it doesn’t mean you’re only affected if you use Internet Explorer (IE) or if you only use a Windows based PC. You could use Mozilla Firefox on a Mac or on Linux and still be affected.


Which gaming sites use iesnare?
To date the following gaming sites have been flagged as POTENTIAL (ie some are unconfirmed) users of iesnare:

• Bodog
• Sportingbet
• Bet365
• Jaxx
• Noxwin
• Miapuesta
• Bluesquare
• Intertops
• BetUK
• Ladbrokes (added 27/08/08)
• Bwin (added 27/08/08)
• Unibet (added 12/01/09) thanks moneyjon
• Betcris (added 13/01/09) thanks GlobalSquare
• Virgin Casino (added 05/02/09) thanks pfpf
• i4poker (added 20/03/09, thanks GlobalSquare)

This list is taken from experiences of users on the MSE forum and not all are confirmed. It’s still worth checking to see if you have iesnare on your machine even if you don’t have an account at any of the sites above. It's likely there are hundreds of sites using the Reputation Management system.


How to check if iesnare is installed on your machine

1. In Windows XP etc, hit 'Windows-key - F' to open the Search window. (press the windows key and the 'f' key at the same time). In Windows Vista, do same as for xp but note you will probably have to goto 'advanced search' and then tick the 'include non-indexed ...' checkbox.
2. Type in 'mpsnare' in the Search window.

If iesnare has been used on your machine you'll find one or more of the following folders:

• #mpsnare.iesnare.com
• #ci-mpsnare.iovation.com
• mpsnare.iesnare.com
• ci-mpsnare.iovation.com

How to disable iesnare
Step 1 - enable access to the file/folder security properties so you can change the permissions on the folders:
Note: you must have administrative privileges on the machine. The following steps are for Windows XP Service Pack 2/3.

1. Open Windows Explorer.
2. Go 'Tools > Folder Options'.
3. Select the 'View' tab.
4. In 'Advanced Settings', scroll down to the bottom and make sure 'Use simple file sharing' is NOT ticked.
5. Click 'OK'.

This allows you access to the security settings for each file/folder which isn't usually displayed by default (presumably to stop people effing up their system beyond recognition).

Step 2 - deny write access to the iesnare folders:

1. In Windows XP etc, hit 'Windows-key - F' to open the Search window. (press the windows key and the 'f' key at the same time).
2. Type in 'mpsnare' in the Search window.
3. When the search is completed, if iesnare has been used on your machien you'll usually find two or more folders with names like: #mpsnare.iesnare.com, #ci-mpsnare.iovation.com, mpsnare.iesnare.com and ci-mpsnare.iovation.com.
4. Select all of these folders, right click and select 'Properties'.
5. Select the 'Security' tab and then in the section where it says 'Permissions for ', click the 'deny' checkbox for each of the permission types (full control, modify, etc) - you can probably get away with just denying write perms though.

Be very careful not to change any other permissions on any other files/folders because this could make your machine unusable.

Step 3 - re-enable 'simple file sharing'

1. Follow the details in Step 1 above, but make sure the 'use simple file sharing' option IS ticked this time.

Disable iesnare cookies in your web browser
If all that above weren't enough, you should also block any regular HTTP cookies from the domain iesnare.com. These are the cookies that you can control from within your web browser (you can't control Flash cookies by default in your web browser):

Firefox:

1. Goto the Tools > Options menu.
2. Click on the Privacy tab.
3. Click on 'Exceptions'.
4. Enter 'iesnare.com' and click 'Block'

Internet Explorer

1. Goto the Tools > Internet Options menu item.
2. Click on the Privacy tab.
3. Click on 'Sites'.
4. Enter 'iesnare.com' and click 'Block'.

EDIT: See here for a whitepaper by Iovation on the ieSnare technology:
hxxp://www.apwg.com/sponsors_technical_papers/iovation_whitepaper.pdf


Crippling iesnare by modifying your 'hosts' file
This is an alternative to either uninstalling Flash or following the guide above.

The way it works is that you modify a file called 'hosts'' on your PC so that the iesnare software thinks that your PC actually IS the iesnare website. This way, every time the iesnare software tries to communicate with it's website, it's actually contacting YOUR machine which of course doesn't know anything about iesnare and so the whole communication process fails.

To achieve this:

1. Log into Windows as Administrator.
2. Open the 'Run' dialog box (press 'Windows+R' or click 'Start', 'Run').
3. Type in (or copy): 'notepad.exe C:\WINDOWS\system32\drivers\etc\hosts' (note replace 'C:' with whatever drive your windows folder is on, most machines it should be just c: ). Hit 'enter' to open up the file in notepad.
4. At the end of the file, add the following line: Code:
   127.0.0.1 iesnare.com www.iesnare.com mpsnare.iesnare.com ci-mpsnare.iovation.com
5. Save the file (press 'ctrl-s' or go 'File > Save').

To test whether your changes worked:

1. Open the 'Run' dialog box (press 'Windows+R' or click 'Start', 'Run').
2. Type in 'cmd' and hit enter, this brings up the commandline.
3. Type in: 'ping iesnare.com' - this will try to send a ping packet to the address that your machine thinks is 'iesnare.com'.
4. Type 'exit' to close the command line window.

If your modifications were successful, you should see 'Pinging iesnare.com [127.0.0.1]' when you run the ping command above. Don't worry if it says 'ping failed' or similar, just the fact that iesnare.com resolves to 127.0.0.1 is enough to know your modifications were successful - this means the iesnare software will think your machine is the iesnare.com website

With thanks to odeed on MSE.


Disabling Flash Objects / iesnare in Firefox using 'Objection'
Objection is an addon for the Firefox web browser which allows you to block local shared objects (LSO) - iesnare being an example of a Flash based LSO.

It works in the same way as the built-in cookie blocker does in Firefox, allowing you to enter fully qualified domain names for which you don't want LSOs to be installed.

Step by step guide not really needed although will add it if someone requests it!

[headgames]

As well as iesnare, Sportingbet.com will have access to clients using their sister sites .com.au, .gr, miapuesta, superbahis, paradisepoker and it could be this that is being referred to.

"Ruben: If you have limited my account because I have placed a 60€ losing bet, I suppose you have closed Mario C.’s [a Portuguese player who has won 108.008€ with a 50€ bet] account, correct?"

Why would you ask about some other client's bet with them?

Losing doesn't mean you don't get limited. It's a bit more involved than that.

[rmta]

As well as iesnare, Sportingbet.com will have access to clients using their sister sites .com.au, .gr, miapuesta, superbahis, paradisepoker and it could be this that is being referred to.

"Ruben: If you have limited my account because I have placed a 60€ losing bet, I suppose you have closed Mario C.’s [a Portuguese player who has won 108.008€ with a 50€ bet] account, correct?"

Why would you ask about some other client's bet with them?

Losing doesn't mean you don't get limited. It's a bit more involved than that.

They have sent an email with that info. I referred it just as another way to insist on an answer...

[laconic]

Irrespective of whether this is a breach of data protection or not you still have a right to make a subject access request to Sportingbet demanding to see what information they hold about you on computer and paper.

[rmta]

Irrespective of whether this is a breach of data protection or not you still have a right to make a subject access request to Sportingbet demanding to see what information they hold about you on computer and paper.

That's what I said to the operator immediatly after he confirmed that sportingbet has got that kind of information. He said that he didn't have the information himself, I replied asking him to contact someone who has. He said for me to wait for an e-mail response. I'm still waiting...

[Redrum13]

Wats that man?? can any simplify the defination?

[Ira Wilton]

I have found mpsnare files on my CPU - can I just delete them and then block future access?

[Redrum13]

I have found mpsnare files on my CPU - can I just delete them and then block future access?

Yeah i wana know too

[Hareeba!]

This item isn't on the list on my system ?

In 'Advanced Settings', scroll down to the bottom and make sure 'Use simple file sharing' is NOT ticked.

[Toit]

This item isn't on the list on my system ?


In 'Advanced Settings', scroll down to the bottom and make sure 'Use simple file sharing' is NOT ticked.

Maybe that option is only available in XP-pro and you're using XP Home?

[Hareeba!]

Maybe that option is only available in XP-pro and you're using XP Home?

true ... as I suspect most of us would be?

[20Four7]

OK I have found these ie snare files on the computer. Most of them date back to 2007 I'm supposing when I was allowed to bet at bowmans. Wondering what to do now.

[tf]

thanks for all the information shared here.

I had those files, but I've disabled the access through the hosts file.

[Santo]

true ... as I suspect most of us would be?

I never buy the 'home edition' of any OS, they're almost always crippled in some way that will annoy me eventually.

I'm not sure you have any way around it except an upgrade.