What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Messenger Plus! for Live Messenger » WLM Plus! General » [split] MyPlus! Logs Security

Pages: (3): « First « 1 2 [ 3 ] Last »
[split] MyPlus! Logs Security
Author: Message:
Arcticwolfx
Full Member
***

Identity Unknown

Posts: 238
Reputation: 10
113 / Female / Flag
Joined: Feb 2011
RE: [split] MyPlus! Logs Security
When it comes to the internet it's really quite simple; research as much as you can, test as safe as you can and try to use only sources you logically trust. I quite trust the Messenger Plus! team (though I personally see no need for the on-line chat logging).

quote:
Originally posted by V@no
none of these tried install crapware camouflaged as "EULA" agreement, which you can't say the same about MP....

Would you care to define "crapware?" I can not find a clear description of that word. I'd also like to know what specifically you refer to in aforementioned software install.
02-25-2011 08:08 PM
Profile E-Mail PM Web Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15517
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: [split] MyPlus! Logs Security
quote:
Originally posted by V@no
none of these tried install crapware camouflaged as "EULA" agreement, which you can't say the same about MP...sorry but just that slip will make me doubt good intentions of mp online feature.
There are 1001 other examples where people trust there data to, and which do not provide a clear option to opt-in or opt-out of a sponsorprogram/ad/crapware.

And yes, I can say the same about MP because, even back in the time it had the sponsor from C2Media, you always had a clear option to opt-in or opt-out. And it was certainly not hidden behind a Eula, which I can not say about many other ad-sponsored programs which do not provide any clear choice. So, on the contrary, the sole fact they always provided a choice and it never was mandatory should instead give you a bit more trust that they have the right intentions with your data. Also the fact that Plus!, nor its affiliates, nor related services (like these forums) have ever broken any privacy rules should give you trust.

This said, things have changed and C2Media is not the sponsor anymore. Neither is Yuna the same as C2Media and neither have Yuna ever broken any privacy laws or rules.

But that's all besides the point of why I answered with those questions. The point was that as soon as you do stuff online, you need to trust the companies or services you use to do the right thing. No options, no eula, no nda or whatever else will change anything of that or will prevent a malicious employee of those companies to still do the bad thing. If you don't trust them or you think 'they are evil' or have 'evil' employees, then don't use it. This goes for Yuna, but also for Microsoft, Netlog, Facebook, or any other existing online service provided by any existing company.

Hence a question like "What stopping them from reading your logs" is rather useless, and, imo, can only be answered with the same questions: "What stopping any other company from publishing your private data?". If they have a bad admin you're screwed. And that has got nothing todo with having a sponsor or not, or even with being Yuna or not.

So, in the end, it is not because they wouldn't be able to answer such a question and to completely exclude the possebility for an admin turning bad for example, that you should mistrust them on that basis alone. Because no company can garantuee something like that. If you do mistrust them for that, you shouldn't be using the internet.

This post was edited on 02-25-2011 at 08:46 PM by CookieRevised.
.-= A 'frrrrrrrituurrr' for Wacky =-.
02-25-2011 08:45 PM
Profile PM Find Quote Report
V@no
Full Member
***

Avatar
sexy

Posts: 162
Joined: Mar 2004
RE: [split] MyPlus! Logs Security
Ok, let me rephrase the question:
Give me a good reason why they are not encrypted when there is already a built-in encryption feature?
02-27-2011 01:25 AM
Profile PM Find Quote Report
blessedguy
Skinning Contest Winner
*****


Posts: 1762
Reputation: 25
31 / Male / Flag
Joined: Jan 2008
RE: [split] MyPlus! Logs Security
quote:
Originally posted by V@no
Give me a good reason why they are not encrypted when there is already a built-in encryption feature?
Server strain.
[Image: Empty.png]
02-27-2011 01:28 AM
Profile PM Web Find Quote Report
V@no
Full Member
***

Avatar
sexy

Posts: 162
Joined: Mar 2004
RE: RE: [split] MyPlus! Logs Security
quote:
Originally posted by blessedguy
Server strain.
Oh, c'mon, that's the best you got?
How about encryption on client side then?
02-27-2011 01:31 AM
Profile PM Find Quote Report
blessedguy
Skinning Contest Winner
*****


Posts: 1762
Reputation: 25
31 / Male / Flag
Joined: Jan 2008
RE: [split] MyPlus! Logs Security
quote:
Originally posted by V@no
How about encryption on client side then?
Ask jieff. But it may be related to the way they store the sessions, it's not individual files.
[Image: Empty.png]
02-27-2011 01:36 AM
Profile PM Web Find Quote Report
Menthix
forum admin
*******

Avatar

Posts: 5537
Reputation: 102
40 / Male / Flag
Joined: Mar 2002
RE: [split] MyPlus! Logs Security
They'll have to rewrite stuff on the server-side if they add encryption. Yes, you could easily use client-side encryption which Plus! already has and upload .ple files. But those files will still have to be decrypted somewhere at some point for the online logging feature to be useful. Decrypting files server-side wouldn't be very sufficient since then decrypted files will still reach the server, how much security does that actually add? The good way to do it IMO is perform both encryption and decryption client-side. Why they didn't add something like that already? Who knows. But Jieff did say they are considering adding encryption to online logging in the future. I rather see them taking some extra time to do it right than doing it in a way which doesn't really add much extra security in the first place.
Finish the problem
Menthix.net | Contact Me
02-27-2011 10:41 AM
Profile E-Mail PM Web Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15517
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: [split] MyPlus! Logs Security
quote:
Originally posted by Menthix
Decrypting files server-side wouldn't be very sufficient since then decrypted files will still reach the server, how much security does that actually add?
Not to mention that Plus! needs to send the password to the server for that.

quote:
Originally posted by V@no
quote:
Originally posted by blessedguy
Server strain.
Oh, c'mon, that's the best you got?
It _is_ a very big issue.

Imagine you have 50MB worth of logs on the server. And all that needs to be decrypted everytime you search or update a log. Now multiply that by a few million (users).

Not to mention, again, Plus! would need to send your password to the servers. And seeing people already complain and mistrusting the current logging system (for no valid reason imo) I can only imagine what they would say when their pwd is send to it.

quote:
Originally posted by V@no
How about encryption on client side then?
Same issue about the server strain will exist though. In fact, if logs would not be cached locally, you would have even more server strain because now the whole 50MB worth of encrypted logs needs to be downloaded before even a search can start.

Unless of course they disable searching encrypted online logs. But even still, server strain is and will be a big issue with stuff like this.
.-= A 'frrrrrrrituurrr' for Wacky =-.
02-27-2011 04:45 PM
Profile PM Find Quote Report
Dex Luther
Junior Member
**

Avatar

Posts: 88
39 / Male / Flag
Joined: Jan 2006
RE: RE: Plus! 5 is out!
quote:
Originally posted by CookieRevised
What's stopping FB admins from publishing your private data?

Nothing really, which I guess is why they do it.
03-22-2011 07:07 AM
Profile PM Find Quote Report
Pages: (3): « First « 1 2 [ 3 ] Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On