"Identity Theft" shouldn't even be a thing. Someone falsifies documents and takes out a loan or something that should not have been approved. That's bank fraud and should be an issue entirely between the fraudster and the lender/bank.
Somehow banks have re-named it from "bank fraud" to "identity theft," deftly shifting responsibility onto some unrelated third party, who now has to deal with it. "Your identity was stolen! That makes you the victim. Now go help fix it!"
Banks should not be able to shift the blame. They did a crappy job and lent money or opened an account for someone they shouldn't have. They are the ones who should bear the burden of mopping up their mistake.
Yes thank you. This is my "actually it's GNU + Linux" tic, please fellow Americans (and I would be interested in learning if this problem exists in other countries) do not accept the framing that a bank giving a loan to someone they thought was you is _your problem_! It's their problem! We should not be normalizing this phrase or practice.
You’re right, both morally and legally. My friend a government law professor told me that in the EU you could probably even construct a pretty solid case arguing this.
The argument would be that If there is not a single slip of evidence tying you physically to the money Except your PII Then the banks anti-money laundering should have catched it. That gets their attention right away since the fines in that cases are proper billions.
If they don’t settle, you go for the kill and settle that PII is not uniquely tied to legal intent (heck, it wasn’t you! The intent is missing and that’s what you point out as well.)
The problem is that that case will take you 7+ years, all the way to the various supreme courts (local, European). It’s why Max Schrems is a hero, except banks are worse adversaries than government regulators.
This whole digital world has had some impact on our two thousand years plus of contract law. It’s sad judges don’t go back to the basics in these cases. Show me the contract (into the abyss).
> They are the ones who should bear the burden of mopping up their mistake.
This is true to a large extent but having worked in resolving "identity theft" I can say that it is complex.
In a place like the UK the requirements for a bank loan are pretty stringent but here in Australia they are much much lower and people hate friction. Authentication is a hard problem. Knowing someone's creditworthiness is a hard problem. There are a also many of people out there who are willing to claim "identity theft" has occurred to mean that it is complicated.
Most of the time for people whose identities had been stolen it was fairly easy to remove based on the most cursory evidence (which often I only had access to because I had access to air gapped data that was kept for far longer than the 7 years it was meant to be kept).
The status quo exists because it inconveniences just few enough people and is an acceptable amount of risk to the powerful. One side of politics will denounce anything that looks after the interest of both these groups as too much "red tape" and the other will denounce it as "discriminatory".
For comparison I look to the family violence measures we introduced here in the last decade. It was a battle which took years of firmly but politely refuting the opposing ideas "family violence victims should never have to justify themselves to a credit provider" against "credit providers should never increase their risk without having charged more up front".
A compromise model was found where the credit providers effectively pay for the losses but in reality they just charge it back to their customers. Right now paying for identity theft is a lottery. In future it's going to be internalised up front. This will be good for the victims but for the rest of us its an increased cost.
The case is about whether Ms Luke was operating the PayPal account she created.
I don’t doubt her story, but if you can claim the account is yours when it suits you (“where’s my stuff?!”) is it fine to claim it’s not yours when it doesn’t (“these transactions were done by someone else!”)?
Is there a contradiction there? Perhaps not: I doubt you can use a PayPal database row to enforce a contract — you’d need an invoice or order confirmation — so neither should another party be able to use the PayPal db to convict you of fraud.
My brother in law had his identity stolen about 6 months ago. He went through the normal routine of cancelling everything, putting holds on everything, etc. He thought he was in the clear, until last week, he received a letter in the mail for a summons for several felonies, including fraud, in the state of Utah (he lives in PA).
It is insane to me that PayPal, Venmo, VISA, etc, all can allow someone who isn't him to open accounts, run transactions, etc, but not have to bear the legal liability of it, and instead it appears to be him that is legally liable.
IMO, the transacting companies here are the ones that need to be charged. I never consented into the American credit system, yet by virtue of being born here, all these companies can, and will, apparently let others open accounts in my name, with no liability.
He's lucky he found out about the summons, because it's very common to commit a traffic infraction, get pulled over and then find yourself facedown at gunpoint when the cop finds out you have several warrants for crimes you never committed. And depending on your ethnicity it could certainly lead to your untimely demise by police if you got belligerent about it.
Jeez - I can't imagine the stress he's under in dealing with something that isn't, and should never have been, something he has to deal with. It's enough to make you want to scream into a pillow until your lungs give out.
It's just so frustrating and deflating to go through the process. It's a chore that shouldn't really be our problem - but it is and it feels terrible to be beholden to that process and ultimately come out losing in the end when you get a letter like that in the mail.
I had a identity theft come up a few years ago and I'm still dealing with it (all the way back from 2016!). But at the end of the day, I really shouldn't complain because things could always have been worse.
I just empathize with your final sentiment completely. We're just...beholden to it. Bleh.
The only way this gets fixed is if enough people get put through the wringer through no fault of their own and they finally start demanding politicians to do something about it.
To give context to people who may have not heard; there has been a MASSIVE amount of high profile data breaches in the Australia in the past 12 months with zero consequences for the businesses involved.
In a 6 month period I had;
- My private health insurance data leaked (AHM/Medibank) - including claim history, medicare number, password, username, email, phone
- My old phone account (Optus) - including my phone number, my current passport number(!!!), current address, phone.
- My old credit card account (Latitude finance) - including my current passport, driver license, my income history and bank statements that was provided to get the credit card originally, address, phone, email
The ONLY thing that any of these businesses have done is pay for a replacement passport and a 12 month credit watch. Optus wasn't even a 'breech', they had an API exposed with the all the data!
How is someone meant to protect themselves from this? It is pure negligence. Until governments legislate that the punishment for exposing personal data is more expensive than the work and infrastructure required to keep it secure this will continue to happen.
> Until governments legislate that the punishment for exposing personal data is more expensive
The EU did. Everyone, for some inexplicable reason hates it; and not the casual hate one spews when it rains or traffic is bad but a deep visceral hatred normally reserved for war criminals or kiddie fiddlers.
This is absurd. This is just as much as indictment of ridiculous American courts as it is the corporations prosecuting such a case. What is happening in that clown country that a civil case against a person who wasn't even involved in the infraction can be judged liable when they are not even present to defend themselves? America is a bully nation.
If she was compromised by credential stuffing at PayPal, I have to say I'm disappointed. I actually wrote the anti-credential-stuffing code 20 years ago. It was one of the core component of PayPal security. We were one of the first sites to get those kinds of attacks so we got good at stopping them.
>She was then served electronically with papers from the US District Court of Florida outlining Adidas' case against her.
I don't get it, based on this[1] it looks like electronic service is only possible if the party consented. That seems fairly reasonable. How would this have happened? Is there more to this?
My understanding is there are international agreements (eg Hague Convention) when serving civil court documents to someone in another sovereign nation like Australia. US courts have no jurisdiction here and nobody cares about their rules. I think electronic service has similar limitations in Australia.
Situations like these keep bringing me back to the idea that important actions should require an actual, in person, human notary seal.
Contract signings, online court service, title changes, etc should not be valid without an offline record examiner who affirms under threat of perjury that the parties involved are who they claim (or are claimed to be).
Some countries/jurisdictions do exactly that, and trust me, it's a massive pain in the ass. Would you really want to visit a notary just to set up an eBay account? Because that's what you're proposing.
The existing system isn't foolproof but, by and large, it works perfectly well. If the transactions in TFA truly were fraudulent, no court is going to hold her liable. The bigger problem here is a US court being happy to issue ex parte judgments for someone who should have been trivially contactable.
It’s entirely possible to do this digitally and have it working seamlessly.
In Denmark we have a thing called “MitID” (MyID) which is basically a government login and which you can use to sign and also login to all kinds of things that need to confirm your identity (e.g. Phone subscription, taxes, 3DS verification for Credit Card transactions, etc).
It’s essentially 2FA, works by the site sending a confirmation to an app on your phone that is behind PIN code. The analog version is a paper slip with 100 lookup codes.
We have e-notaries in Nevada. It requires a webcam/ability to make a video call, and to show your ID in a solid resolution. It's actually probably not the worst thing.
I'm sure it happens, and I know the bar for becoming a notary public (official able to notarize documents) isn't that high, but I haven't heard about a ton of fraud where things were falsely notarized. I suppose accessible notarization is a positive thing, at least as long as fraud doesn't become a problem with the system.
Eh, I was forced to have a notary do something and it ended up being an apparently 20 year old dude at a UPS store looking at some papers for a few seconds. Not exactly the high trust exercise it’s made out to be.
Looking at the court documents, it seems shady organizations registered a bunch of domain names that are used in the trade of brand-name athletic gear. The victim's identity was used to register one of those domain names, but just looking at the other registrations it's pretty clear the organizations are based out of China. In this context, the case brought by the brand owners is a little more reasonable -- if they did not try to defend their brands against this level of counterfeiting, then, they can be found to have lacked diligence in defending their trademarks.
However, in the case of the victim, her owing $1.2mm in penalties hinges on her identity being used as the owner of some domain names that contain these brands' names.
I suppose if the victim had "infinite resources" the next step as the victim would be to file a lawsuit against the domain name registrars for claiming she owned the sites. If the registrar would remove her stolen identity from the site then the suit would have no basis to link her to the domain names and she would be cleared.
But then again, what incentive would a domain name registrar have to remove your stolen ID as the owner? If they simply agreed to do it when asked, then anyone could send a fake letter to the registrar claiming you don't own your DNS records and remove you as the owner of them.
Genuine question to HN readers -- if you woke up tomorrow and found a whois entry that had your name and details listed as owner for a site that traded in illicit goods and/or morally objectionable content, how would one go about correcting that?
[email protected] and contacting the registrar to start. File a police report (this will help if anyone comes to visit your address) regarding identity theft. Contact the IRS regarding identity theft and possible foreign dba. Contact the post office if you dont have a locked mailbox..also, if you get any domain related mail, it can elevate the federal response. Talk to your bank about invalidating all checks and putting a limit on daily withdrawls/spending.
This is just off the top of my head. It is a huge headache that will trouble you for a few years.
I had a paypal account. They demanded copies of my govt. ID. I refused and said close the account. I only ever used it to make payment to web shops using my credit card.
Paypal refused repeatedly to simply close the account given their change in terms of service to which I do NOT agree.
Will someone hack into paypal? Absolutely they will and it will have happened multiple times since this debacle. Will someone hacking paypal then use this account which should not exist to do something that causes a problem for me?
Paypal are responsible for this. This is 100% paypal's problem. Paypal should be on the wrong end of the most expensive litigation seen in this are from which they do not survive.
Paypal's actions in this area are quite deliberate and they know and understand the consequences to people.
You wouldn't think there is a very good judicial process in place if it could charge someone of a crime without first establishing the identity of the perpetrator beforehand. What's to stop fictitious entities from being charged with fictitious crimes against fictitious victims? Surely the standard of proof should be higher...
This was a civil case, not a criminal case[1]. In civil cases after the plaintiff has made a prima facie case the burden shifts to the defendant to dismiss the claims against them, if they can, usually at their cost. Lots of people end up with default judgments against them every day because the court systems are terribly difficult to navigate with no legal knowledge. Civil in rem forfeiture is even worse as most jurisdictions allow for the state to take your property with no court involvement at all if you fail to file the right paperwork at the right place at the right time.
[1] I have been in court three different times and seen the wrong defendant brought from the jail to be released since they aren't the person being sought by the indictment, but a case of misidentification by law enforcement. Quite how these people managed to alert the jail authorities to the problem I do not know; having spent significant time in jail I have no idea how you would get any personnel to take seriously the idea that you "aren't supposed to be there."
This is really stupid. Follow the money. If she had been responsible for the theft, the money collected should somehow be traceable back to her. Obviously it would not be, and given the data breach she would have plausible deniability.
Furthermore, no sane lawyer would hope to recover such large numbers from a single mother of four children. There is no value in prodding a legal system to render a pointless judgement against a plaintiff who is very likely not responsible for the crime.
How was the ex parte trial even allowed here? Did she not respond to the summons? Is this just something they do if the person is outside US jurisdiction?
The court docs say that the brands made the case that because the illegal business had been happening over the internet, reaching out to her via email was a satisfactory way of serving her. What a farce.
> In court documents seen by the ABC, default judgements were handed down by the US courts and damages were awarded against Ms Luke of $US200,000 ($293,000) in the NBA case and $US1million ($1.5 million) in the Adidas matter.
Strange co-incident, just woke up from a dream about something similar where a deep state mole remained annonymous using these kind of transactions.....Yikes, not a good start to the day, going to bed again...
The tl;dr is that the victim was Australian and the court proceedings were heard in the US. Unless they're put before a court in Australia she's under no obligation to pay. Knowing a bit about Australian society it would not go down well if they tried.
I would've used the money she spent on a US IP lawyer to sue Medibank for negligently allowing her personal information to be hacked and sold on the dark web. At the very least I hope she's part of the class action.
She’s under no obligation to pay but I do wonder if she ever decides to take a trip to the US if she will be escorted away from the airport under police escort on landing. That’s a big worry if I was in her shoes.
The next big data breach in Australia will be from the wave or realestate rental “startups”, it’s only a matter of time.
The sites are badly designed which doesn’t give much faith in security. Also the largest being a Murdoch subsidiary which I guess the data conveniently has huge money value for ad targeting…
The online rental application companies collect (require) more data than any paper rental application form, credit card/bank/mortgage application, or visa application. It’s also unregulated! They’ve positioned themselves so a large number of rental applications have to go through them to apply. The amount of detailed sensitive pii data they hold has to be huge. It’s a treasure trove for any hacker and an easier target than a bank or insurance company.
It's crazy that a lot of this crap is just associates hiring paper throwers that just keep this shit going. Responding to the cases just raises a blip somewhere and it's passed onto another yet higher-level paper shuffler. But in the end, the courts just keep awarding because Shifferd-Melnap-Hamilton (fake name), a well trusted legal firm, always wins therefore should continue winning.
So if there was a crime, and it was committed by the person whose identity was "stolen", is the implication that there is no reason for law enforcement to investigate the person who "stole" it?
She’s an Australian and the US and Australia do not have reciprocal agreements to enforce civil cases. She’s probably best off contesting that the US court has no jurisdiction over Australian citizens.
[+] [-] ryandrake|2 years ago|reply
Somehow banks have re-named it from "bank fraud" to "identity theft," deftly shifting responsibility onto some unrelated third party, who now has to deal with it. "Your identity was stolen! That makes you the victim. Now go help fix it!"
Banks should not be able to shift the blame. They did a crappy job and lent money or opened an account for someone they shouldn't have. They are the ones who should bear the burden of mopping up their mistake.
[+] [-] jaredandrews|2 years ago|reply
[+] [-] wjnc|2 years ago|reply
The argument would be that If there is not a single slip of evidence tying you physically to the money Except your PII Then the banks anti-money laundering should have catched it. That gets their attention right away since the fines in that cases are proper billions.
If they don’t settle, you go for the kill and settle that PII is not uniquely tied to legal intent (heck, it wasn’t you! The intent is missing and that’s what you point out as well.)
The problem is that that case will take you 7+ years, all the way to the various supreme courts (local, European). It’s why Max Schrems is a hero, except banks are worse adversaries than government regulators.
This whole digital world has had some impact on our two thousand years plus of contract law. It’s sad judges don’t go back to the basics in these cases. Show me the contract (into the abyss).
[+] [-] sqrt_1|2 years ago|reply
[+] [-] blitzar|2 years ago|reply
This works for me.
[+] [-] Affric|2 years ago|reply
This is true to a large extent but having worked in resolving "identity theft" I can say that it is complex.
In a place like the UK the requirements for a bank loan are pretty stringent but here in Australia they are much much lower and people hate friction. Authentication is a hard problem. Knowing someone's creditworthiness is a hard problem. There are a also many of people out there who are willing to claim "identity theft" has occurred to mean that it is complicated.
Most of the time for people whose identities had been stolen it was fairly easy to remove based on the most cursory evidence (which often I only had access to because I had access to air gapped data that was kept for far longer than the 7 years it was meant to be kept).
The status quo exists because it inconveniences just few enough people and is an acceptable amount of risk to the powerful. One side of politics will denounce anything that looks after the interest of both these groups as too much "red tape" and the other will denounce it as "discriminatory".
For comparison I look to the family violence measures we introduced here in the last decade. It was a battle which took years of firmly but politely refuting the opposing ideas "family violence victims should never have to justify themselves to a credit provider" against "credit providers should never increase their risk without having charged more up front".
A compromise model was found where the credit providers effectively pay for the losses but in reality they just charge it back to their customers. Right now paying for identity theft is a lottery. In future it's going to be internalised up front. This will be good for the victims but for the rest of us its an increased cost.
[+] [-] gorgoiler|2 years ago|reply
I don’t doubt her story, but if you can claim the account is yours when it suits you (“where’s my stuff?!”) is it fine to claim it’s not yours when it doesn’t (“these transactions were done by someone else!”)?
Is there a contradiction there? Perhaps not: I doubt you can use a PayPal database row to enforce a contract — you’d need an invoice or order confirmation — so neither should another party be able to use the PayPal db to convict you of fraud.
Was there other evidence against Luke?
[+] [-] YeBanKo|2 years ago|reply
[+] [-] parentheses|2 years ago|reply
[+] [-] COGlory|2 years ago|reply
It is insane to me that PayPal, Venmo, VISA, etc, all can allow someone who isn't him to open accounts, run transactions, etc, but not have to bear the legal liability of it, and instead it appears to be him that is legally liable.
IMO, the transacting companies here are the ones that need to be charged. I never consented into the American credit system, yet by virtue of being born here, all these companies can, and will, apparently let others open accounts in my name, with no liability.
[+] [-] qingcharles|2 years ago|reply
[+] [-] dannyphantom|2 years ago|reply
It's just so frustrating and deflating to go through the process. It's a chore that shouldn't really be our problem - but it is and it feels terrible to be beholden to that process and ultimately come out losing in the end when you get a letter like that in the mail.
I had a identity theft come up a few years ago and I'm still dealing with it (all the way back from 2016!). But at the end of the day, I really shouldn't complain because things could always have been worse.
I just empathize with your final sentiment completely. We're just...beholden to it. Bleh.
[+] [-] lotsofpulp|2 years ago|reply
[+] [-] Atsuii|2 years ago|reply
In a 6 month period I had; - My private health insurance data leaked (AHM/Medibank) - including claim history, medicare number, password, username, email, phone - My old phone account (Optus) - including my phone number, my current passport number(!!!), current address, phone. - My old credit card account (Latitude finance) - including my current passport, driver license, my income history and bank statements that was provided to get the credit card originally, address, phone, email
The ONLY thing that any of these businesses have done is pay for a replacement passport and a 12 month credit watch. Optus wasn't even a 'breech', they had an API exposed with the all the data!
How is someone meant to protect themselves from this? It is pure negligence. Until governments legislate that the punishment for exposing personal data is more expensive than the work and infrastructure required to keep it secure this will continue to happen.
[+] [-] blitzar|2 years ago|reply
The EU did. Everyone, for some inexplicable reason hates it; and not the casual hate one spews when it rains or traffic is bad but a deep visceral hatred normally reserved for war criminals or kiddie fiddlers.
[+] [-] mvdtnz|2 years ago|reply
[+] [-] jedberg|2 years ago|reply
I would be sad if that skillset had been lost.
[+] [-] latchkey|2 years ago|reply
[+] [-] gruez|2 years ago|reply
I don't get it, based on this[1] it looks like electronic service is only possible if the party consented. That seems fairly reasonable. How would this have happened? Is there more to this?
The docket for this case is here: https://www.courtlistener.com/docket/66634655/adidas-ag-v-th.... I'd be very interested to see what the "Certificate of Service" contains, but I don't have PACER access.
[1] https://www.law.cornell.edu/rules/frcp/rule_5
[+] [-] mikeyouse|2 years ago|reply
https://servingnotice.com/Da29d1x/index.html
Apparently "Serving Notice dot com" is sufficient to say someone has been served?
I downloaded the Pacer documents with Recap enabled so you should be able to see them on the CourtListener website.
[+] [-] shirro|2 years ago|reply
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] j-bos|2 years ago|reply
Contract signings, online court service, title changes, etc should not be valid without an offline record examiner who affirms under threat of perjury that the parties involved are who they claim (or are claimed to be).
[+] [-] nmfisher|2 years ago|reply
The existing system isn't foolproof but, by and large, it works perfectly well. If the transactions in TFA truly were fraudulent, no court is going to hold her liable. The bigger problem here is a US court being happy to issue ex parte judgments for someone who should have been trivially contactable.
[+] [-] Tehnix|2 years ago|reply
In Denmark we have a thing called “MitID” (MyID) which is basically a government login and which you can use to sign and also login to all kinds of things that need to confirm your identity (e.g. Phone subscription, taxes, 3DS verification for Credit Card transactions, etc).
It’s essentially 2FA, works by the site sending a confirmation to an app on your phone that is behind PIN code. The analog version is a paper slip with 100 lookup codes.
[+] [-] adanto6840|2 years ago|reply
I'm sure it happens, and I know the bar for becoming a notary public (official able to notarize documents) isn't that high, but I haven't heard about a ton of fraud where things were falsely notarized. I suppose accessible notarization is a positive thing, at least as long as fraud doesn't become a problem with the system.
[+] [-] colechristensen|2 years ago|reply
[+] [-] bunnie|2 years ago|reply
However, in the case of the victim, her owing $1.2mm in penalties hinges on her identity being used as the owner of some domain names that contain these brands' names.
I suppose if the victim had "infinite resources" the next step as the victim would be to file a lawsuit against the domain name registrars for claiming she owned the sites. If the registrar would remove her stolen identity from the site then the suit would have no basis to link her to the domain names and she would be cleared.
But then again, what incentive would a domain name registrar have to remove your stolen ID as the owner? If they simply agreed to do it when asked, then anyone could send a fake letter to the registrar claiming you don't own your DNS records and remove you as the owner of them.
Genuine question to HN readers -- if you woke up tomorrow and found a whois entry that had your name and details listed as owner for a site that traded in illicit goods and/or morally objectionable content, how would one go about correcting that?
[+] [-] Supermancho|2 years ago|reply
This is just off the top of my head. It is a huge headache that will trouble you for a few years.
[+] [-] harry8|2 years ago|reply
I had a paypal account. They demanded copies of my govt. ID. I refused and said close the account. I only ever used it to make payment to web shops using my credit card.
Paypal refused repeatedly to simply close the account given their change in terms of service to which I do NOT agree.
Will someone hack into paypal? Absolutely they will and it will have happened multiple times since this debacle. Will someone hacking paypal then use this account which should not exist to do something that causes a problem for me?
Paypal are responsible for this. This is 100% paypal's problem. Paypal should be on the wrong end of the most expensive litigation seen in this are from which they do not survive.
Paypal's actions in this area are quite deliberate and they know and understand the consequences to people.
Paypal are foul.
[+] [-] jongjong|2 years ago|reply
[+] [-] qingcharles|2 years ago|reply
[1] I have been in court three different times and seen the wrong defendant brought from the jail to be released since they aren't the person being sought by the indictment, but a case of misidentification by law enforcement. Quite how these people managed to alert the jail authorities to the problem I do not know; having spent significant time in jail I have no idea how you would get any personnel to take seriously the idea that you "aren't supposed to be there."
[+] [-] michaelteter|2 years ago|reply
Furthermore, no sane lawyer would hope to recover such large numbers from a single mother of four children. There is no value in prodding a legal system to render a pointless judgement against a plaintiff who is very likely not responsible for the crime.
[+] [-] bagels|2 years ago|reply
[+] [-] themoonisachees|2 years ago|reply
[+] [-] tedunangst|2 years ago|reply
Can we see these documents?
[+] [-] rahimnathwani|2 years ago|reply
[+] [-] testemailfordg2|2 years ago|reply
[+] [-] empyrrhicist|2 years ago|reply
[+] [-] tjpnz|2 years ago|reply
I would've used the money she spent on a US IP lawyer to sue Medibank for negligently allowing her personal information to be hacked and sold on the dark web. At the very least I hope she's part of the class action.
[+] [-] tiew9Vii|2 years ago|reply
The next big data breach in Australia will be from the wave or realestate rental “startups”, it’s only a matter of time.
The sites are badly designed which doesn’t give much faith in security. Also the largest being a Murdoch subsidiary which I guess the data conveniently has huge money value for ad targeting…
The online rental application companies collect (require) more data than any paper rental application form, credit card/bank/mortgage application, or visa application. It’s also unregulated! They’ve positioned themselves so a large number of rental applications have to go through them to apply. The amount of detailed sensitive pii data they hold has to be huge. It’s a treasure trove for any hacker and an easier target than a bank or insurance company.
[+] [-] coding123|2 years ago|reply
[+] [-] mhb|2 years ago|reply
[+] [-] randomcarbloke|2 years ago|reply
[+] [-] boondoggle16|2 years ago|reply
[+] [-] mr_toad|2 years ago|reply
[+] [-] mhb|2 years ago|reply
[+] [-] NotYourLawyer|2 years ago|reply
[+] [-] pjc50|2 years ago|reply