Collarspace Discussion Forums


Home  Login  Search 

RE: No site security concerns in real life


View related threads: (in this forum | in all forums)

Logged in as: Guest
 
All Forums >> [Casual Banter] >> Off the Grid >> RE: No site security concerns in real life Page: <<   < prev  3 4 [5] 6 7   next >   >>
Login
Message << Older Topic   Newer Topic >>
RE: No site security concerns in real life - 1/24/2016 7:19:50 PM   
mousekabob


Posts: 187
Status: offline

_____________________________

aka littlewonder
------------------------
Nothing has changed
Everything has changed

(in reply to crumpets)
Profile   Post #: 81
RE: No site security concerns in real life - 1/24/2016 7:23:57 PM   
crumpets


Posts: 1614
Joined: 11/5/2014
From: South Bay (SF & Silicon Valley)
Status: offline
quote:

ORIGINAL: PonyGroom
To meet someone from here, or any social media site, I first give them my email address.


Thank you AGAIN for adding technical value to the discussion.

In the interest of TEACHING people good security and privacy practices, that's probably a good idea to give one piece of personal information, and then discuss everything else over that mode of communication.

Realistically, that's probably either an email address or a telephone number or a fetlife account (or similar).

Most email and telephone communications are somewhat secure (certainly more so than Collarspace mails are).


(in reply to PonyGroom)
Profile   Post #: 82
RE: No site security concerns in real life - 1/24/2016 7:33:52 PM   
crumpets


Posts: 1614
Joined: 11/5/2014
From: South Bay (SF & Silicon Valley)
Status: offline
quote:

ORIGINAL: angelikaJ

No, responding via ridicule only makes you seem trollish.
If that is what you are trying to achieve then good for you.
IF you are trying for something else, then you might want to drop that tactic.


You have to understand that most people who posted are merely posting because they have nothing to say but they still want to say it.

I'm just calling them out on that fact.
If they find a technical error in my posts - they're welcome to bring it up.
I take correction well.

I don't suffer fools well - but I take technical advice and learning and correction well.

The reason I put most of these morons on hide is that they add ABSOLUTELY ZERO TECHNICAL VALUE!
(In general, they just love to see their posts in print.)

They don't understand the issue the OP brought up.
They can't comprehend any solutions.
They don't even understand the slightest thing about encryption or privacy or security.

They're like a guy having unprotected sex and sharing needles with drug addicts on the street, and then someone mentions a viral infection and then they proclaim to the whole world WHO NEEDS CONDOMS ANYWAY? They're clean. They're safe. Or so they think.

Their thought process appears to be: Why should they bother to protect anyone else?

Ignorance is their bliss.
Hence, I've put a few people on permanent hide in this thread alone in order to save precious ink.

(in reply to angelikaJ)
Profile   Post #: 83
RE: No site security concerns in real life - 1/24/2016 7:59:12 PM   
crumpets


Posts: 1614
Joined: 11/5/2014
From: South Bay (SF & Silicon Valley)
Status: offline
quote:

ORIGINAL: PonyGroom
Let's compare results with Fetlife, which uses SSL and loudly tells people the site is secure.

You're one of the few people who posted to this thread who ADD VALUE.
I, for one, appreciate your insight and technical input.
quote:

ORIGINAL: PonyGroom
Anyone can get an account on Fetlife using only an email address as a credential.

Does FL even check the email you give them?
Certainly Collarspace does not verify the email.

Gimme a second to test https://fetlife.com/signup
OK. Nope. They don't seem to check the email.
I gave 'em a wholly bogus email.
Everything still works it seems.


quote:

ORIGINAL: PonyGroom
While they prevent you from right-clicking on photos and easily saving them, there are many workarounds, and personal images are copied and posted onto Tumblr all the time.

It's quite trivial to copy ANYTHING that you can see.
quote:

ORIGINAL: PonyGroom
There is absolutely nothing safe or secure about the site.
Security on Fetlife is entirely an illusion.

You missed one key point.

If you sat next to me at Starbucks, and you logged into collarspace and I logged into fetlife, then I'd have your password, but you would not have mine.

Likewise, if we switched places, since I use encryption on Collarspace, if I logged into Collarspace, and you logged into Fetlife, you'd STILL not have my password on either site, while I'd still only have yours for Collarspace.

That is a very important technical distinction.
quote:

ORIGINAL: PonyGroom
All of his tools are still available.

I must find this guy's tools!
(jk)
quote:

ORIGINAL: PonyGroom
The lesson we ought to take from this sort of thing is that any information we give to any social media web site will show up in surprising places and be used in ways we don't want, no matter what steps we take to protect it.

Wrong lesson.

I ride a motorcycle.
Motorcycles are dangerous.

If you take the "lesson" that motorcycles are dangerous, so you shouldn't bother trying to protect yourself by wearing a helmet, long pants, a jacket, boots, and gloves, then the only lesson there is to be learned is that you're a fool.

Likewise, if you take the "lesson" that your privacy is lost "no matter what steps you take to protect it", then the only lesson to be had here is that you're a fool.

(Note: The "you" here is a general plural you. Not any one you (singular) in particular).

quote:

ORIGINAL: PonyGroom
The birth date I give to social media sites varies, and is never my actual birthday.

I can't imagine that there is a single thing in my official profile on either site that is accurate, with respect to my real birthdate or my real email or my real zip code, etc.
quote:

ORIGINAL: PonyGroom
I never post my home address, phone numbers, birthday, or real name on social media sites.

Me neither.

Remember, I'm mostly not talking about the information in the PROFILE.
I'm talking about your LOGIN & PASSWORD combination.

Once the guy next to you in Starbucks has that, they have EVERYTHING.
(You're smart. But I must ask: Do you actually realize this? Please say that you do so that I don't need to belabor that issue.)

quote:

ORIGINAL: PonyGroom
I assume someday that info will go where I don't want it to go. Why do I assume that? Because I have been reading security blogs for many years, and have read about dozens of incidents involving tens of millions of accounts.

Me too.
That's why I use encryption on Collarspace, for heaven's sake.
Every single time I log in.
quote:

ORIGINAL: PonyGroom
My all time fave incident: Ashleigh Madison. The hackers exposed the site operators for the predatory liars they really are. Least fave incidents: US government personnel records and veterans records. Those hackers should be hung up by their thumbs.

There's more.
Lot's more.
Target. BOA. Morgan Stanley. Anthem Blue Cross. etc.
quote:

ORIGINAL: PonyGroom
Admin here is almost completely honest with us.
That's a huge plus compared with other sites.

You seem to know a lot.
How do you know the admins are "almost completely honest" with us?

quote:

ORIGINAL: PonyGroom
That said, I take every precaution recommended by my bank, when using their site.

Banks take security and privacy (two different things) very seriously.

(in reply to PonyGroom)
Profile   Post #: 84
RE: No site security concerns in real life - 1/24/2016 8:10:34 PM   
LadyPact


Posts: 32566
Status: offline
quote:

ORIGINAL: PonyGroom
Let's compare results with Fetlife, which uses SSL and loudly tells people the site is secure.

Anyone can get an account on Fetlife using only an email address as a credential. Underage people access the site until challenged to show government ID. Law enforcement is present on the site. Inboxes are known to be insecure, read by mods from time to time and mined for info. While they prevent you from right-clicking on photos and easily saving them, there are many workarounds, and personal images are copied and posted onto Tumblr all the time. There is absolutely nothing safe or secure about the site. Security on Fetlife is entirely an illusion.

To be fair, any of the social media sites have to have the ability to access any member's email. In the event of an actual criminal investigation, it's necessary to have that ability. Whether that gets abused or not has a lot to do with who has the access.

quote:

maymay shredded their security and there is nothing they can do about it now. Sure, they banned him from the site. But he's made a number of tools that people use every day to unwittingly compromise their own security and the overall security of the site. They tried to get these tools deleted, they tried to get his site host to dump him, they tried to get his Twitter account revoked. He is still around and doing well. All of his tools are still available.

At any given time, there's always somebody on these sites who are better at this stuff than the site, itself.

quote:

Mircesu's "meatlist" was created long after maymay's heyday. The meatlist holds an index of profiles so you can search the site by age, sex, and location. This enables the very spam Fetlife says they sought to avoid: a determined man sending the same message to every woman he wants to send it to. Although many women changed their location to Antarctica and their age to 95, this has not helped them escape the indexing, because the index was made from data extracted from the site before they changed their profiles. On learning this, some women deleted their profiles and made a new one with an age of 95 and a location in Antarctica.

Yep. It's even in their FAQ. Personally, I don't find this to really do anyone any good, unless you will NEVER RSVP to an event local to you or want to attend one while traveling.

quote:

The lesson we ought to take from this sort of thing is that any information we give to any social media web site will show up in surprising places and be used in ways we don't want, no matter what steps we take to protect it.

I have to say I believe this to be correct.

quote:

The birth date I give to social media sites varies, and is never my actual birthday.

Just as a funny story, I have been the dip who wished somebody a happy birthday when their 'fake' birthday turned the page. I felt silly but I have to admit, it was kind of comical.

quote:

I never post my home address, phone numbers, birthday, or real name on social media sites. I assume someday that info will go where I don't want it to go. Why do I assume that? Because I have been reading security blogs for many years, and have read about dozens of incidents involving tens of millions of accounts.

Over the years, I admit that I've failed in this area repeatedly.

quote:

My all time fave incident: Ashleigh Madison. The hackers exposed the site operators for the predatory liars they really are. Least fave incidents: US government personnel records and veterans records. Those hackers should be hung up by their thumbs.

I'm still torn on the Ashley Madison thing. Exposing the site itself was one thing. Especially for the stuff they were doing in hiring people (and keeping them on the payroll) to create bogus female profiles to basically create and/or keep customers was pretty scummy. Publishing the membership list? I see that as pretty much akin to outing. Imagine if a similar thing happened here or on Fet.

quote:

Admin here is almost completely honest with us. That's a huge plus compared with other sites.

I don't mean to be disrespectful, but whoever sold you this song and dance took you for a ride. There's been at least two lead administrators who did everything but tell the truth, up to and including giving false information to members about other members.

quote:

That said, I take every precaution recommended by my bank, when using their site.

That's probably a good approach.


Edited to fix the dang quote feature.


< Message edited by LadyPact -- 1/24/2016 8:15:49 PM >

_____________________________

The crowned Diva of Destruction. ~ ExT

Beach Ball Sized Lady Nuts. ~ TWD

Happily dating a new submissive. It's official. I've named him engie.

Please do not send me email here. Unless I know you, I will delete the email unread

(in reply to PonyGroom)
Profile   Post #: 85
RE: No site security concerns in real life - 1/24/2016 8:27:18 PM   
PonyGroom


Posts: 150
Joined: 2/26/2006
Status: offline 		Here's what the OP wrote:

There are major security issues with this site.

1. No SSL at all... no secure login, all done in the clear. Logins should be secured.

2. The entire site is visible to Google! So all profiles are searchable, including via image search, which is a serious privacy issue!

This needs resolving asap. I have raised it with the site operator and I recommend other users do the same.

Addressing these two points directly,

1. Consequences of stolen password to this site:
I use a password for Collarme that is wildly different and distinct from any other password I use anywhere else on the web. If you use a password identical to one you use on other sites, you risk compromising access to those other sites if your password here becomes known to someone with ill intent.

If my password is stolen, someone will have access to my account. They can pretend to be me. They can delete the contents of my profile. They can read a few months of history of my messages. They can post madness on the message boards and for a while, some people might think that's me doing that. They can message people while pretending they are me, and I won't know.

Risk Level: I am unaware of any situation where someone lost access to their account while a malicious person assumed control of it and essentially hijacked their CM identity.

If you have stored phone numbers, credit card numbers, bank details, or any other valuable information in messages, you have failed to take the advice given by site admin. Loss should be limited to loss of access to the account, and no personally identifying information should have been compromised.

Remedy: I can message admin here and probably get my account back. Site admin will not take responsibility for any personal losses.

Prevention: change your password frequently. Never use the same password here as you do on any other site or service. Don't access the site in an insecure way: don't use public WiFi with this site. At home, if you use WiFi, use a security protocol and keep the passwords to that safe and unique from all other sites and services.

2. This site is indexed by search engines by design. This is not a flaw of design or an oversight of the designers. They intended it to be found and searched.

If you are here thinking this is a secret site, you have misunderstood or failed to read the basic information about the site. Admin here does not represent that the site is safe or secret.

Consequences: if you use an ID here that is identical to the ID you have used on another site, for example, a gaming site, information about your interests here will be easily cross-referenced with you gaming interests.

Risk Level: numerous incidents have occurred, where information on an alt-sex site was indexed against information from another site. An index of Fetlife accounts exists even though technically, it should not. I cited the Ashleigh Madison incident. These are famous - but there have been many others. Cross-indexing is very likely.

Remedy: once search engines have this information it is almost impossible to get it removed from indexing. You may need to create a new ID for use here, on the other site, or both.

Prevention: do not use the same ID here as you do on any other site.

Summary: Use a unique ID and unique password on this site. Use WiFi only when you believe it is secure. Read the Terms of Use and if you do not agree, discontinue use of the site.

==========
Please note: I am not teaching anything. I am sharing my point of view.


(in reply to crumpets)
Profile   Post #: 86
RE: No site security concerns in real life - 1/24/2016 8:28:06 PM   
crumpets


Posts: 1614
Joined: 11/5/2014
From: South Bay (SF & Silicon Valley)
Status: offline
quote:

ORIGINAL: Wayward5oul
How can you be such an ass?

I'm gonna take your advice, and that of angelikaJ below, and just put those who have absolutely nothing of value to add on permanent hide.

quote:

ORIGINAL: angelikaJ
IF you are trying for something else, then you might want to drop that tactic.


I'm gonna take your advice, and simply put on hide those who never have anything of value to add anyway.
No loss.
Actually, it's a gain.
For everyone.

For example...here's an improvement right off the bat!

(in reply to Wayward5oul)
Profile   Post #: 87
RE: No site security concerns in real life - 1/24/2016 8:44:54 PM   
PonyGroom


Posts: 150
Joined: 2/26/2006
Status: offline 		LadyPact wrote:

quote:


quote:


quoting me:

Admin here is almost completely honest with us. That's a huge plus compared with other sites.


I don't mean to be disrespectful, but whoever sold you this song and dance took you for a ride. There's been at least two lead administrators who did everything but tell the truth, up to and including giving false information to members about other members.



When I joined, I expected mods would do these antics. Later, I saw those antics. Lately, I've read confessions and no, I don't trust any moderator of this site because I still don't understand how this corruption is being prevented. I believe any post I make might be deleted or moved or edited, for any reason, at any time, without apology. I have no idea who is moderating anything on this forum now or if they can be trusted at all with anything. I have learned to assume the very worst.

By Admin, I mean the site owner, whoever takes ultimate responsibility for the Terms of Use, Privacy Policy and other legal stuff about the site. I understood from reading these policies that I was being allowed to post in a forum controlled by sociopaths, at their sufferance. I realize most people did not realize that's what the documents meant and most would disagree with my interpretation. However: there is no guarantee any of us will be treated with respect by any moderator on this site, nor did Admin promise us "a rose garden" of delights. We were promised powerful, secretive overlords. What could go wrong?

One of the reasons I made so little use of the site over the years was that the moderation system was corrupt. Those mods damaged the site. The internet sees their censorship in all it's forms, and routes around it, yes? Some of my posts were changed. Other posts were deleted. I was personally threatened by two mods at various points.

Those mods are gone, yes? Or their attitudes have changed. And you are here, LadyPact, and so am I. And ResidentSadist. And more than a few of us from those olden days of yore. We have survived.


(in reply to PonyGroom)
Profile   Post #: 88
RE: No site security concerns in real life - 1/24/2016 8:46:03 PM   
crumpets


Posts: 1614
Joined: 11/5/2014
From: South Bay (SF & Silicon Valley)
Status: offline
quote:

ORIGINAL: LadyPact
To be fair, any of the social media sites have to have the ability to access any member's email. In the event of an actual criminal investigation, it's necessary to have that ability.

I doubt I have ever once given Collarspace or Fetlife my real email, so, um, what are they gonna do with [email protected] ?

quote:

ORIGINAL: LadyPact
At any given time, there's always somebody on these sites who are better at this stuff than the site, itself.

Probably very true.

quote:

ORIGINAL: LadyPact
I have to say I believe this to be correct.

In order to make sense to each other, we must strive to SEPARATE wholly different issues:
1. Any real information in the public profile (e.g., your real birthdate or full name or zip code)
2. Any real information in the mail system (e.g., your phone number or picture or whom you converse with and what about)
3. Your login credentials (e.g., your password).

To each his/her/its own, but I never give any real information in the public profile, but I almost always give true information in the mail system to people I care about meeting, and, I certainly care greatly about my login credentials being protected by encryption.

quote:

ORIGINAL: LadyPact
Just as a funny story, I have been the dip who wished somebody a happy birthday when their 'fake' birthday turned the page. I felt silly but I have to admit, it was kind of comical.

I don't even know what birthday I have given to ANY site, since I have never given any site my real birthday. I can't see why anyone would EVER give their real birthday.

But, I'm mostly worried about the login/password credentials which are available for the taking on Collarspace for anyone near enough to you to take them.

Once they have your login credentials, they have everything.

quote:

ORIGINAL: LadyPact
Over the years, I admit that I've failed in this area repeatedly.

I too have failed in this regard.

I have given people my home address in the past so that they could come and swim nekked in my pool, and it was fun, but now my home address is out there for the taking if that person doesn't use encryption (don't worry - she taught me some things about encryption that I still use today!).

I certainly have handed out my real phone number to a lovely lady of Collarspace.

And, well, lately, I find that I pour my heart out almost daily to one in particular, so, all those personal mails are up for grabs if SHE doesn't use encryption herself.

NOTE: Her emails to me are NOT up for grabs, because I use encryption.
quote:

ORIGINAL: LadyPact
to create bogus female profiles to basically create and/or keep customers was pretty scummy.

I agree.
It was a scam.
They deserve the lawsuits.
But that's a different topic because the site itself was hacked.

While I would think CS is ripe for a similar hack, this thread isn't about that.
This thread is mostly about the lack of basic protection for your login and password on CS.
quote:

ORIGINAL: LadyPact
I don't mean to be disrespectful, but whoever sold you this song and dance took you for a ride. There's been at least two lead administrators who did everything but tell the truth, up to and including giving false information to members about other members.

How do you guys know all this?
I don't have a clue what the admins say or do.
You both must have a red telephone in your bedroom that they don't want to give me.
(jk)



< Message edited by crumpets -- 1/24/2016 8:50:57 PM >

(in reply to LadyPact)
Profile   Post #: 89
RE: No site security concerns in real life - 1/24/2016 9:06:43 PM   
Lucylastic


Posts: 40310
Status: offline 		The only reason fet is on a https link is because it has a payment gateway.


_____________________________

(•_•)
<) )╯SUCH
/ \

\(•_•)
( (> A NASTY
/ \

(•_•)
<) )> WOMAN
/ \

Duchess Of Dissent
Dont Hate Love

(in reply to crumpets)
Profile   Post #: 90
RE: No site security concerns in real life - 1/24/2016 9:10:15 PM   
crumpets


Posts: 1614
Joined: 11/5/2014
From: South Bay (SF & Silicon Valley)
Status: offline
quote:

ORIGINAL: PonyGroom
If my password is stolen, someone will have access to my account.

Yup. That's the main issue I'm trying to educate people on.
Their password is, essentially, already handed out to almost anyone near enough (figuratively speaking) to them to get it.
quote:

ORIGINAL: PonyGroom
They can read a few months of history of my messages.

Mine seem to go back a year (all 45 pages of them).
I'm sure ladies in demand have far more than I do.
quote:

ORIGINAL: PonyGroom
Risk Level: I am unaware of any situation where someone lost access to their account while a malicious person assumed control of it and essentially hijacked their CM identity.

Me neither.
I've seen plenty of profiles where women (it's usually women for some strange reason) complain that they can no longer log into their profiles though.
Certainly I saw that recent thread where it was intimated that profiles were hacked (I didn't participate in the thread though).
So, who knows without actually looking for it (and neither of us is looking for such things).

I don't see California Newts either, until I go outside looking for them (and then I find them all over the place).
quote:

ORIGINAL: PonyGroom
If you have stored phone numbers, credit card numbers, bank details, or any other valuable information in messages, you have failed to take the advice given by site admin. Loss should be limited to loss of access to the account, and no personally identifying information should have been compromised.

What's "stored" is every contact you've made and what you've said to them and what they've said to you, and when.
Don't you think that's something worth protecting with a teeny tiny bit of encryption?
quote:

ORIGINAL: PonyGroom
Remedy: I can message admin here and probably get my account back.

But losing your stuff was never my beef.
Handing everything in your CS mail to the guy next to you at Starbucks was my beef.
What HE does with it is up to HIM (and no longer up to YOU).

And, that's not only YOUR private information. It's HERS too!

SSL is like wearing a condom.
A condom protects BOTH of you.

quote:

ORIGINAL: PonyGroom
Don't access the site in an insecure way

THIS IS THE MOST IMPORTANT HELPFUL HINT OF ALL!
Do not log into this site without adding encryption!

quote:

ORIGINAL: PonyGroom
don't use public WiFi with this site.

It's OK to use public WiFi if you follow the advice just given above; but it's certainly NOT ok if you don't use encryption!

quote:

ORIGINAL: PonyGroom
At home, if you use WiFi, use a security protocol and keep the passwords to that safe and unique from all other sites and services.

Yeah. WPA2/PSK is relatively good stuff.
But, a huge number of WPA2/PSK connections are already compromised due to the pre-computed hashes long available on the net.

Do you know about rainbow tables yet?
https://security.stackexchange.com/questions/92903/rainbow-tables-hash-tables-versus-wpa-wpa2

The WPA2 salt is the SSID (stupid as that is in hindsight).

So, if you use a common SSID and a common passphrase, your router is already useless as a protective mechanism.

And, by 'common', I mean in the top many millions or so (last I looked - years ago - I think it was something like 30 million - but I don't remember how many hashes they pre computed since I haven't looked up rainbow tables in years. The main takeaway is that if your ssid and passphrase aren't guaranteed to be unique - you probably don't have any protection in your router at the moment.)

Anyone who knows computers knows this, and has known this for years; but I will bet that a lot of people reading this don't know about it.

quote:

ORIGINAL: PonyGroom
2. This site is indexed by search engines by design. This is not a flaw of design or an oversight of the designers. They intended it to be found and searched.

That was never "my" beef ... just to be clear.
But I agree. The OP brought it up.

quote:

ORIGINAL: PonyGroom
Summary: Use a unique ID and unique password on this site.
Use WiFi only when you believe it is secure.


I'd simplify all the recommendations to this single one:

NEVER log into Collarspace without encryption.


< Message edited by crumpets -- 1/24/2016 9:17:14 PM >

(in reply to Lucylastic)
Profile   Post #: 91
RE: No site security concerns in real life - 1/24/2016 9:16:30 PM   
angelikaJ


Posts: 8641
Joined: 6/22/2007
Status: offline 		Or one could simply not use CS email for transmitting personal information-
including photos, real names, phone numbers etc.

I am not worried about anyone hacking my CS emails because I have nothing that can be linked back to me in them.

_____________________________

The original home of the caffeinated psychotic hair pixies.
(as deemed by He who owns me)

http://www.collarchat.com/m_3234821/tm.htm

30 fluffy points!

https://www.youtube.com/watch?v=mQjuCQd01sg

(in reply to crumpets)
Profile   Post #: 92
RE: No site security concerns in real life - 1/24/2016 9:22:24 PM   
crumpets


Posts: 1614
Joined: 11/5/2014
From: South Bay (SF & Silicon Valley)
Status: offline
quote:

ORIGINAL: angelikaJ
I am not worried about anyone hacking my CS emails because I have nothing that can be linked back to me in them.


I'm not sure if you skipped the main point on purpose or if you didn't realize that it's sort of like wearing a condom, or if you just didn't want to touch the subject of you also being the guardian of other people's privacy.

Therefore, to be clear, I'll repeat that encryption is not only for YOUR protection.

Specifically, EVERYONE who has sent YOU a mail is at risk if YOU don't protect your login and password.

(in reply to angelikaJ)
Profile   Post #: 93
RE: No site security concerns in real life - 1/24/2016 9:27:18 PM   
crumpets


Posts: 1614
Joined: 11/5/2014
From: South Bay (SF & Silicon Valley)
Status: offline
quote:

ORIGINAL: Lucylastic
The only reason fet is on a https link is because it has a payment gateway.


This is an interesting observation.

I've never once put a credit card into a social networking site, but, if fetlife has a payment gateway (e.g., to watch videos), then, it is de rigueur for such a site to employ basic security, at the very least.

I think that the other example given, that of Craigslist, also has a monetization method, so, of course, they'd have encryption also (but you'd have to use "https everywhere" to take advantage of it if you go to http://craigslist.org instead of to https://craigslist.org).

(in reply to Lucylastic)
Profile   Post #: 94
RE: No site security concerns in real life - 1/24/2016 9:31:23 PM   
angelikaJ


Posts: 8641
Joined: 6/22/2007
Status: offline 		Here's the thing: no one sends me mail with sensitive personal information in it.
My profile is hidden.
I am Owned and am here for the forums.

And the people who know me well enough to communicate with me on the other side, know that.

_____________________________

The original home of the caffeinated psychotic hair pixies.
(as deemed by He who owns me)

http://www.collarchat.com/m_3234821/tm.htm

30 fluffy points!

https://www.youtube.com/watch?v=mQjuCQd01sg

(in reply to crumpets)
Profile   Post #: 95
RE: No site security concerns in real life - 1/24/2016 9:35:31 PM   
Lucylastic


Posts: 40310
Status: offline
quote:

ORIGINAL: crumpets


quote:

ORIGINAL: Lucylastic
The only reason fet is on a https link is because it has a payment gateway.


This is an interesting observation.

I've never once put a credit card into a social networking site, but, if fetlife has a payment gateway (e.g., to watch videos), then, it is de rigueur for such a site to employ basic security, at the very least.

I think that the other example given, that of Craigslist, also has a monetization method, so, of course, they'd have encryption also (but you'd have to use "https everywhere" to take advantage of it if you go to http://craigslist.org instead of to https://craigslist.org).

To view vids you have to" support" fet
To support fet, theres a payment page.
It doesnt redirect to a secondary gateway for payment, it is done with ssl on site.


< Message edited by Lucylastic -- 1/24/2016 9:39:24 PM >

_____________________________

(•_•)
<) )╯SUCH
/ \

\(•_•)
( (> A NASTY
/ \

(•_•)
<) )> WOMAN
/ \

Duchess Of Dissent
Dont Hate Love

(in reply to crumpets)
Profile   Post #: 96
RE: No site security concerns in real life - 1/24/2016 9:37:23 PM   
crumpets


Posts: 1614
Joined: 11/5/2014
From: South Bay (SF & Silicon Valley)
Status: offline
quote:

ORIGINAL: PonyGroom
One of the reasons I made so little use of the site over the years was that the moderation system was corrupt. Those mods damaged the site. The internet sees their censorship in all it's forms, and routes around it, yes? Some of my posts were changed. Other posts were deleted. I was personally threatened by two mods at various points.

I have had mods change my posts but generally I received a gold explanation from them in my CS mails about why.
I generally explain my point of view.
They explain theirs.
And they win.
Every time.
And we leave it at that.
quote:

ORIGINAL: PonyGroom
Those mods are gone, yes? Or their attitudes have changed. And you are here, LadyPact, and so am I. And ResidentSadist. And more than a few of us from those olden days of yore. We have survived.


I've only been here since, oh, I don't know (I'd have to look up my first profiles), but I'd say about 2008.
Maybe earlier. Maybe a year later. (I'll check but I'd have to log in as a different user to check because of the encryption and the need to always log in with a different IP address for privacy reasons.)

(in reply to PonyGroom)
Profile   Post #: 97
RE: No site security concerns in real life - 1/24/2016 9:48:43 PM   
Lucylastic


Posts: 40310
Status: offline 		Also, I do not process cards on my site, i do not have https in my address. I use a third party processr, as soon as you get to the checkout the address has https

If i did processing in store it would have https.



_____________________________

(•_•)
<) )╯SUCH
/ \

\(•_•)
( (> A NASTY
/ \

(•_•)
<) )> WOMAN
/ \

Duchess Of Dissent
Dont Hate Love

(in reply to crumpets)
Profile   Post #: 98
RE: No site security concerns in real life - 1/24/2016 10:06:06 PM   
crumpets


Posts: 1614
Joined: 11/5/2014
From: South Bay (SF & Silicon Valley)
Status: offline
quote:

ORIGINAL: angelikaJ
Here's the thing: no one sends me mail with sensitive personal information in it.


Like I said quite a few times, there are people who don't feel they need any protection, and there are people who do.
It's just like people who feel they need protection when they have sex, while others feel they don't need any protection at all.

You don't seem to care if someone next to you at Starbucks has your password the moment you type it in (it's all easily logged so he doesn't have to be waiting).

EDIT: I'll post a test I ran at a local Starbucks earlier today just to show you a representative output from the easily available freeware.

NOTE: Every single computer saavy person on the planet knows how to do this - so please do not assume it's a "special" skill or that it takes special tools to capture all your packets at the local Starbucks, including those that I'll show which indicate all the logins and passwords for all the non-encrypted web sites you log into.

< Message edited by crumpets -- 1/24/2016 10:14:05 PM >

(in reply to angelikaJ)
Profile   Post #: 99
RE: No site security concerns in real life - 1/24/2016 10:07:08 PM   
crumpets


Posts: 1614
Joined: 11/5/2014
From: South Bay (SF & Silicon Valley)
Status: offline
quote:

ORIGINAL: Lucylastic
To view vids you have to" support" fet
To support fet, theres a payment page.
It doesnt redirect to a secondary gateway for payment, it is done with ssl on site.


This is a good observation.

Are you implying that fetlife didn't care about our privacy until/unless they needed money from us.

Then it cared.

Is that what you're implying?
(Because that's kind of what I at least initially intimated from what you pointed out.)

< Message edited by crumpets -- 1/24/2016 10:10:06 PM >

(in reply to crumpets)
Profile   Post #: 100
Page:   <<   < prev  3 4 [5] 6 7   next >   >>
All Forums >> [Casual Banter] >> Off the Grid >> RE: No site security concerns in real life Page: <<   < prev  3 4 [5] 6 7   next >   >>
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts




Collarchat.com © 2025
Terms of Service Privacy Policy Spam Policy

0.109