2009 DVC Annual Meeting Report
- Thread starter RobDoc
- Start date
DVCGeek
DIS Veteran
- Joined
- Feb 3, 2009
- Messages
- 1,123
Oh yeah- and the zero 2009 taxes for VGC were (not) there as well. 
I hadn't actually paid any 2009 VGC dues so the other two components simply appeared as a balance forward (as MA told me they would several months back). Nice when things go as expected! 
I hadn't actually paid any 2009 VGC dues so the other two components simply appeared as a balance forward (as MA told me they would several months back). Nice when things go as expected! 
Brian Noble
Gratefully in Recovery
- Joined
- Mar 23, 2004
- Messages
- 18,115
A thought just occurred to me.
If online reservations come to pass, that will render the Associate Member Four-Account Rule completely toothless.
If online reservations come to pass, that will render the Associate Member Four-Account Rule completely toothless.
- Joined
- Aug 18, 1999
- Messages
- 32,488
Only if the owner is willing to give the Associate full access to his or her account by sharing his/her login info.
Brian Noble
Gratefully in Recovery
- Joined
- Mar 23, 2004
- Messages
- 18,115
An associate effectively has that already---they have full discretionary use of the points.
/
- Joined
- Feb 6, 2000
- Messages
- 30,804
But they don't have access to the Member Accounting info for the membership, including dues payment and loan info. If the website upgrades include more personal info, I certainly would not give an associate access to the account.
Good point.
One way DVC could combat that is by using financial institution-type security, which includes tracking activity by IP address or some type of code (cookie?) unique to the computer. One financial service that I use places an activation call to my home phone whenever I log into the site for the first time from a new computer. The call will only go to phone numbers I already have on file. That would limit the ability of any third party to access the site, even if approved by me.
Others appear to track activity by IP address and require answers to security questions whenver the IP address changes from one visit to another. With a system like that, the third party would have to be given answers to multiple private security questions, which increases the risk on the part of the member. Even if you trust the broker, are you going to send answers to your personal security questions (mother's maiden name, childhood friend, etc.) in an unencrypted email message? What if the message gets intercepted? What if the broker's computer us hacked or infected with a virus?
Assuming that DVC is targeting one specific rental broker (or a limited number of individuals), they could use activity logs to track that person's IP address and eventually block future access. I'm assuming accessing multiple accounts would be a violation of DVC policies. They could justify completely locking out any violators and forcing them to continue using Member Services for all reservation activity.
There are ways to get around IP blocks but it can be time-consuming and costly.
Brian Noble
Gratefully in Recovery
- Joined
- Mar 23, 2004
- Messages
- 18,115
But Tim, all of the mechanisms you mention (other than IP tracking) are designed to keep out Bad Guys, for whom the rightful owner wishes to deny access. In this situation, we have to instead stop what's known as an Insider Attack---the rightful owner *wants* to grant access to an outsider. Any authentication creditials can be passed by phone rather than email, and the insider (owner) has a financial interest in disclosing the information. Insider attacks are almost as hard as denial-of-service attacks (and you could argue that they are harder.) For example, if they do a callback, I can just list the broker's phone number as one that can be called.
And, personally, I'd trust your security policies at dvcnews.com before I'd trust the folks who maintain Disney's IT infrastructure, just based on the past history of "accomplishments" by the latter.
IP address matching is generally used as an access-granting technique rather than an access-denying one. Trying to block access to specific IP addresses is a losing proposition. It's neither hard nor expensive to route through indirection proxies. You just need a proxy, and there are plenty of them available. Even if it costs a few bucks a month to use it, it's going to be lost in the wash at DVC rental prices at any volume at all.
Edited to add: this came to mind in part because Wyndham recently disallowed all transfers between owners. This was intended in part to solve a point-washing problem (which it does solve) but also to make renting more difficult. The Wyndham mega-renters responded by doing something similar to what I'm suggesting will happen here---they just obtain login credentials for owners wishing to dispose of points. The Wyndham web site has much of the same financial information, etc. So, there is an existence proof that people may not mind disclosing that information when a little money can be made.
And, personally, I'd trust your security policies at dvcnews.com before I'd trust the folks who maintain Disney's IT infrastructure, just based on the past history of "accomplishments" by the latter.
IP address matching is generally used as an access-granting technique rather than an access-denying one. Trying to block access to specific IP addresses is a losing proposition. It's neither hard nor expensive to route through indirection proxies. You just need a proxy, and there are plenty of them available. Even if it costs a few bucks a month to use it, it's going to be lost in the wash at DVC rental prices at any volume at all.
If the broker wants to pay my dues, s/he is welcome to do so.
Edited to add: this came to mind in part because Wyndham recently disallowed all transfers between owners. This was intended in part to solve a point-washing problem (which it does solve) but also to make renting more difficult. The Wyndham mega-renters responded by doing something similar to what I'm suggesting will happen here---they just obtain login credentials for owners wishing to dispose of points. The Wyndham web site has much of the same financial information, etc. So, there is an existence proof that people may not mind disclosing that information when a little money can be made.
tallgalaz1
Mouseketeer
- Joined
- Aug 26, 2009
- Messages
- 83
-
New Limited-Time Seasonal Side at Polite Pig Disney Springs
-
NEW Vault Collection Brings Vintage Fun to Disneyland 70
-
Disneyland Paris: New Disney Music Festival Foodie Guide
-
Disney Shares First Look at New Villains Show at Hollywood Studios
-
See the New Zootopia 2 Teaser Trailer Disney Just Dropped!
-
BOTH Water Parks Are Finally Open at Disney World!
-
New Disney Dogs and Cats Loungefly Collection
New Posts
- Poll
