crumpets
Posts: 1614
Joined: 11/5/2014
From: South Bay (SF & Silicon Valley)
Status: offline
|
quote:
ORIGINAL: LadyPact
There is nothing in my private messages or forum posts that reveal any more info than what I am ready willing to give.
Like I said, there are always (at least) two kinds of people:
1. People who don't mind EVERYTHING they typed into collarspace mails being made public, and,
2. People who would mind everything they typed into their collarspace mails being made public.
BTW, this includes people who are two-timing, and people who are married, and people who tell someone they have Herpes or HIV, and people who tell one person they're gay while they tell the other that they're heterosexual, etc.
Everything is everything.
Once they have your password (and, trust us, they have your password if they want to just look for it), then they have EVERYTHING (within the past year, anyway).
quote:
ORIGINAL: LadyPact
I highlighted the above because that would be how this would pertain to me.
I can't speak for the OP, but "my" issue isn't the personal details of the initial login.
Mine would be the fact that ALL MY MAILS are open game for ANYONE who wants them (who knows how to get them).
That's anyone in the library or Starbucks within WiFi distance, anyone at my ISP at home, anyone in the house who wants my password, anyone on any server that the port 80 http connection goes through (which can be a dozen or more servers - just do a traceroute for an idea of how many hops it takes to get from your computer to the collarspace server and back).
quote:
ORIGINAL: LadyPact
More often than not, if you are planning to meet somebody, exchange phone numbers, etc, I'd suggest taking that off site. If you put it in an email here, the potential exists for Admin to access it, if you kept it, rather than deleted it.
I see this as the chicken-and-the-egg problem.
You rarely have to prove you're a female, but, a guy would want to be sure he's talking to a female before he bothers to meet "her".
And, a woman might need the guy to prove he's not overweight or not bald or that he really does have that Clark Gable look.
Most women would like the security of a guy who gives his real name, and maybe his real phone number, wouldn't they?
I know I'd like that.
How does anyone give ANY of this reasonably necessary information out without putting it in the Collarspace mail?
quote:
ORIGINAL: LadyPact
Admin has to have the ability to read emails, etc. Really, they do. They have to have that ability if there is any case where LEO is involved. They aren't supposed to be doing it for their own personal sh^ts and giggles and most of the long term members here have seen that certain former Mods did.
I don't think this is the issue that the OP brought up though.
Certainly it can happen - but - really - it can and will happen with or without https SSL/TLS encryption.
So, correct me if I'm wrong, but, snooping by those on Collarspace/Collarchat who have root privileges isn't at all the issue being discussed here that was brought up by the OP.
quote:
ORIGINAL: LadyPact
It's not especially the signing up for this site that you have to worry about. Instead, think of everything you've ever said is a supposedly private email. Admins really do have access to that stuff.
Again, the issue that the OP brought up seems to be:
Google indexes (apparently) all the profiles and collarchat discussions (this is not my beef, btw)
Your Collarspace/Collarchat login/password is easily compromised (almost certainly already IS compromised), if you've ever logged in from a non-encrypted access point or if you've logged in from home on an ethernet connection, or if anyone anywhere along the chain from your modem to the collarme/collarchat site, including the ISP, feels like looking at your login/password which are all transmitted in the clear, clear across the Internet!
|
RE: No site security concerns in real life - 
Profile
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread