Illegal Data Release Massachusetts

[fshalor]

Cool.. I'm the only one in 2 zipcodes I've lived in with a specific birth date.
Anyone else notice the ID numbers aren't uniform? IE, I've spotted at least one ID which had a changed expiration date field (indicating the ID moved from one person to another)

Any Business Analyst would have a field day with this.

 

[Machines]

I just tried something in the last three minutes without any actual detective work or even Googling. Should I have been able to do this? Does this make NES members comfortable?

1. Went to the New Acquisitions for December 2011 thread on NES
2. Picked a post
3. Found that specific transaction in the FFL data
4. Found that member has 33 FFL transactions and 14 personal transactions
5. I now know exactly what models and how many guns he's bought since 2006
6. I know the serial numbers of four of them
7. I know his town of residence, presumed birthday, and gender without him ever having posted this on NES

 

[SgtHal75]

It doesnt even need to be as complicated as serial numbers. Go to the range, see a guy with 3 guns, x, y, and z. You know what town he is from. Search for sales of those 3 guns in that town, you have identified your guy.

Also, there is a difference between the risk of a random breakin with unknown payout, to an itemized list of loot that someone might assemble a crew for. This just made potential targets of a lot of people that were previously trying their best to stay anonymous.

I agree with the previously stated 'this is an act of terrorism'. Not meant to be pant shitting, it fits the definition.

In this example Your at the range with your shit and other LTC holders are at the range and are gonna see what you have…go to this database and find out where you live..grab all their buddies and conduct a home invasion to steal all your shit? Doesn’t make sense. I would be more worried about what the media and the politicians do with this and prosecuting whoever put it on mass.gov

 

[JoseyWales]

I don't see a birthday column unless I screwed something up...

The expiration date (column "J" above) is normally the birthday.

 

[Picton]

I just tried something in the last three minutes without any actual detective work or even Googling. Should I have been able to do this? Does this make NES members comfortable?

1. Went to the New Acquisitions for December 2011 thread on NES
2. Picked a post
3. Found that specific transaction in the FFL data
4. Found that member has 33 FFL transactions and 14 personal transactions
5. I now know exactly what models and how many guns he's bought since 2006
6. I know the serial numbers of four of them
7. I know his town of residence, presumed birthday, and gender without him ever having posted this on NES

Good.

I didn't post in that thread.

No. Kidding. But I don't doubt for a second how easy that was. Disgusting.

 

[Kevin_NH]

Cool.. I'm the only one in 2 zipcodes I've lived in with a specific birth date.
Anyone else notice the ID numbers aren't uniform? IE, I've spotted at least one ID which had a changed expiration date field (indicating the ID moved from one person to another)

Any Business Analyst would have a field day with this.

I am guessing the so-called anonymized ID number is actually some sort of trivial hash. De-anonymization (the data mining strategy in which pseudo-anonymous data is cross-referenced with other data sources to re-identify the anonymous data source) is way easier than the lowly paid state employee who is usually tasked with "anonymizing" the data thinks. It's like cryptography -- anybody can create an encryption scheme they themselves cannot break, but that doesn't mean it is any good.

A study of Census records was able to uniquely identify by name about 87% of citizens given only a combination of their 5-digit zip code, gender, and date of birth. Gee, what did Massachusetts publish?

 

[Mountain]

I'm sorry. Perhaps I'm stupid, but how is some stranger going to figure out who is who? I found me by looking at my town, and looking up my LTC issue and expiration date. That gave me my ID, which I then searched.
If you don't have that info, how does anyone find me?

Via town and birthdate / age it is easy to find individuals on the net. Might require a paid service but it is doable. That will give you names and addresses. How many adults of LTC eligible age might have your same name and birthday in your particular town? Now filter out any PP's if they exist. The remaining list will likely be very short.

 

[Machines]

On the plus side, I can now build a catalog of NES members who live within 5 miles of me and own a gun I want to try out. Expect PMs asking you to bring your AC556 or MR73 to the range with me soon.

 

[FalArAk]

In order to know what a criminal can do with information, you have to think like a criminal.

I just tried something in the last three minutes without any actual detective work or even Googling. Should I have been able to do this? Does this make NES members comfortable?

1. Went to the New Acquisitions for December 2011 thread on NES
2. Picked a post
3. Found that specific transaction in the FFL data
4. Found that member has 33 FFL transactions and 14 personal transactions
5. I now know exactly what models and how many guns he's bought since 2006
6. I know the serial numbers of four of them
7. I know his town of residence, presumed birthday, and gender without him ever having posted this on NES

8. Anonymously report one of those serial numbers as stolen.
9. ?
10. Profit!

I haven't even downloaded this spreadsheet, should I ? lol

 

[Woodsloafer]

I just tried something in the last three minutes without any actual detective work or even Googling. Should I have been able to do this? Does this make NES members comfortable?

1. Went to the New Acquisitions for December 2011 thread on NES
2. Picked a post
3. Found that specific transaction in the FFL data
4. Found that member has 33 FFL transactions and 14 personal transactions
5. I now know exactly what models and how many guns he's bought since 2006
6. I know the serial numbers of four of them
7. I know his town of residence, presumed birthday, and gender without him ever having posted this on NES

Perhaps the new acquisitions threads should be removed by the administrators for now?

 

[Mountain]

I just tried something in the last three minutes without any actual detective work or even Googling. Should I have been able to do this? Does this make NES members comfortable?

1. Went to the New Acquisitions for December 2011 thread on NES
2. Picked a post
3. Found that specific transaction in the FFL data
4. Found that member has 33 FFL transactions and 14 personal transactions
5. I now know exactly what models and how many guns he's bought since 2006
6. I know the serial numbers of four of them
7. I know his town of residence, presumed birthday, and gender without him ever having posted this on NES

Now imagine connecting the dots to obtain name and address.

 

[chris_1001]

I just sent an aquaintance a list of all his guns. He was shocked, and by shocked I mean pissed off but not suprised by the commies.

I had to know something about him but it was trivially easy.

In addition to the doxxing that is likely coming and the increased risk from criminals, it would be very easy for an employer to find this info. How about insurance companies?

Some of you are underestimating how serious this is.

Buddy of mine found me and my "horde" Not happy, as in one of the dealer files it has S/N's

 

[wmassregulators]

I picked a co worker, went to his FB page, gathered data he posted and used that to find his pin and told him what was in his safe.
I want an explanation from the state, what good can come from this list being public.
I can see a million ways to misuse this and literally no upside to it being available.

 

[BigGreen2000]

It's my personal belief based on no fact, that:

Someone with access to the fa10 database agreed to provide the everytown variety of domestic terrorists with the data. They didn't want to risk mailing it so the did an electronic version of a dead drop. This isn't much different (IMO) than taping a packet of papers and photos to the bottom of a park bench for "the other guy" to collect later.



Any FOIA experts out there? I'm interested to know what chain of emails led to someone deciding to post that...

I'm guessing no e-mails, just phone calls or face-to-face conversations.

 

[amm5061]

I am guessing the so-called anonymized ID number is actually some sort of trivial hash. De-anonymization (the data mining strategy in which pseudo-anonymous data is cross-referenced with other data sources to re-identify the anonymous data source) is way easier than the lowly paid state employee who is usually tasked with "anonymizing" the data thinks. It's like cryptography -- anybody can create an encryption scheme they themselves cannot break, but that doesn't mean it is any good.

A study of Census records was able to uniquely identify by name about 87% of citizens given only a combination of their 5-digit zip code, gender, and date of birth. Gee, what did Massachusetts publish?

I doubt that; it would require effort. More likely it's an autogenerated database ID column from their licensing table.

 

[cstockwell]

I don't see any serial number columns in these dumps, but I havent openeed the 3rd one yet. That doesnt mean they cant use the data for nefarious purposes by trying to associate it with some other datasets.

ETA: supposedly there are serials from 2016 forward. I havent gotten that far yet

correct. Just on the dealer spreadsheet under the weapon type column

 

[FalArAk]

The state should pay for identity fraud monitoring for life for anybody on that list.

The person who published that list should be fired.

 

[deerdad]

The person or people who published that list should be skinned and dropped in salt.

 

[June4th]

I hope Comm2A is working on a class action lawsuit for damage, and take the entire FA10 system and related MGL down.

 

[Machines]

Just a note, tons of people on this site have their town and birthday visible in their profile from when they signed up a billion years ago. Go into your account settings and hide that before you get someone asking you why own 63 Hi-Points or whatever.

 

[JFR2]

Firearms Records Bureau​

Phone​

(617) 660-4782

 

[drgrant]

correct. Just on the dealer spreadsheet under the weapon type column

That actually looks like it was a "mistake" whoever it was was obviously not that careful about what they redacted, but can't say im shocked given the source.

If there was ever any evidence that these people are basically conspiring to destroy/kill us and steal all our shit, there it is....


View: https://www.youtube.com/watch?v=KO73UuSufdE

 

[Mountain]

Perhaps the new acquisitions threads should be removed by the administrators for now?

Yes, all of them.

 

[drgrant]

lso, there is a difference between the risk of a random breakin with unknown payout, to an itemized list of loot that someone might assemble a crew for. This just made potential targets of a lot of people that were previously trying their best to stay anonymous.

FWIW I don't see someone "getting robbed" by some thief as being a likely/probable outcome.

I see this data being used as a tool for some kind of political persecution being exponentially far more realistic scenario.

 

[EJFudd]

That actually looks like it was a "mistake" whoever it was was obviously not that careful about what they redacted, but can't say im shocked given the source.

You are a kind and generous person to attribute that incredible (and illegal) doxxing outrage to an opps... "mistake"

I just hope that whatever harm comes to the law-abiding gun owners of this awful state from this outrage, that the hypocrite lefty DimocRAT pols and loudmouths who own guns themselves get doxxed as well.

 

[drgrant]

You are a kind and generous person to attribute that incredible (and illegal) doxxing outrage to an opps... "mistake"

Thats why I put quotes around the "mistake" I was being half facetious- because its not in the other tables but its in that one, but im sure whoever the faggot/shitbird was that orchestrated this did it that way so they would have plausible deniability and claim it was "done in error."

Watch, a day or three from now that table will reappear on the site with the SN column removed.... shocker.

bunch of a**h***s.

I just hope that whatever harm comes to the law-abiding gun owners of this awful state from this outrage, that the hypocrite lefty DimocRAT pols and loudmouths who own guns themselves get doxxed as well.

oh they probably in there like ragu, but a lot of their stuff is boring and likely to fly under the radar.

 

[EJFudd]

FWIW I don't see someone "getting robbed" by some thief as being a likely/probable outcome.

I see this data being used as a tool for some kind of political persecution being exponentially far more realistic scenario.

The problem with your theory is that former AG Maura and incoming AG Andrea both have unfettered access to all of that data already... with names and addresses.

No need for them to go and download it from the state website.

 

[not new guy]

The problem with your theory is that former AG Maura and incoming AG Andrea both have unfettered access to all of that data already... with names and addresses.

No need for them to go and download it from the state website.

Political persecution by society, neighbors, employers, etc.

 

[Garys]

I stopped several years ago on general principles. This just reinforces my decision.

This really should have people thinking twice about posting in the "look what I just bought" thread.

 

[drgrant]

The problem with your theory is that former AG Maura and incoming AG Andrea both have unfettered access to all of that data already... with names and addresses.

Not sure how it is now with EOPS, but actually, historically, "no they did not". At one point the AG basically got redacted shit exactly like what we see here. But given this
development you can be sure they probably just share it with whoever they want with no regard to protocol or legality of doing so. The fact that some PII is cut out of it is just enough so that a judge wont immediately injunct the behavior or something.