Shoutbox

Where has our privacy wandered off to?

Well well well, I've just learnt something that really ticks me off. My privacy has been violated. I know I get what I paid for but this is COMPLETELY ridiculous. I for one am disappointed in the lack of care taken to secure my @msgplus.net account password. I wouldn't mind if it were forum staff or people I know and trust that moderate the accounts but lettings someone, whom I DON'T TRUST moderate the accounts isn't what I call respecting my privacy. Now that may not be as bad as it seems but combine that with plain text password storage...and there goes my privacy completely. Now what if I used the same password everywhere? "universally" so to speak? There's a possiblity all those accounts could be lost, thankfully all those accounts I have each have a different password. But this isn't really about me it's about everyone. Everyone and everyone's privacy. Now I understand if you've used the same password for everything and I wouldn't call you foolish for doing so..because I'd do the same too as I really trusted the services this community has to offer, but not anymore.. Any trust I have for the services this community provides have been reduced to little to nothing now. I'm not happy about XxRebelSeanxX having access to my plain-text-stored passwords and I don't think other people are happy too. I have nothing against RebelSean, I just don't trust him. For things he's done in the past and for other reasons too. If only you had asked the users for their opinion on who should be allowed to moderate our accounts..then this wouldn't have happened... The fact that RebelSean, someone I really DO NOT TRUST has full access to my password (which, I must emphasise is STORED IN PLAIN TEXT) isn't the only thing that pissed me off, as you've probably already guessed. Why, oh why, are our passwords being stored in plain text in the first place? Why, oh why, are people whom you don't even know being given access to your possessions without your permission? Don't answer that, there's no excuse for recklessness or laziness.

*takes a deep breath*

I don't know why RebelSean has access to moderate our accounts, MY ACCOUNT especially, and I don't know why he was chosen instead of a forum staff member whom we all probably trust..but I hope this get's rectified immediately even if I probably won't be using any services this community offers until I'm well aware of how secure it is and how well thought over the data storage scheme is. I may sound demanding, but hey, I'm pissed off. You just took away my privacy, one of the things that's truly mine. One of the things I thought was safe when I signed up for a @msgplus.net email. Please reconsider your password storage solutions and please, please, PLEASE don't go giving out access to random people that you trust, but we don't. I don't care if your opinion counts the most, we're the ones using the service and sorry if I sound harsh but, if I can't place my trust in your hands, and expect that my voice will be heard and my opinions considered then I don't think I want to utilise the services you offer. That's how it goes, you've given someone I don't trust access to my password (which I once again stress is NOT encrypted) and as a result you've thrown my trust out the window as if it was nothing.

*tries to calm down*

Well, if people like RebelSean can get access, _so easily_, to my passwords then who knows who else can go about doing so too? All I have to end in saying is that you've successfully lost my trust. From now on I'll think it over really hard when you guys offer services to us. Free or not, this is utter bullshit. This is COMPLETELY unacceptable.

-EvilSeph


johnny: removed ALL CAPS from title.

I completely agree with you EvilSeph.  XxRebelSeanxX is the worst candidate ever to get this option.  There are people that have been at these forums far longer and are far more trusted to do this job.

This was a fast decision and the person given these powers wasnt looked into.  I agree with you, I will now be reconsidering what MsgPlus services I use if any new ones come out.

Alright, however I still don't understand how and why anyone that doesn't already have access/had access to the old system could so easily get access to our accounts, with our passwords.

Sorry if I really sound rude, or unappreciative, I'm not doing it on purpose, this just makes me angry ...

shouldn't the passwords be encrypted using MD5?? etc.

To address another concern, passwords are not stored on the mailserver in plaintext.  I could not even extract them.  I also keep a mysql version as a backup (and in case we ever changed mailservers or the like) where passwords are stored in plaintext.  Nobody except myself has access to this.

[EDIT] Also, the moderation script does not access this database, and cannot pull plaintext passwords.

SonicBoom

OK. I have a problem with this. I'm sure that he won't do anything stupid unless provoked, but that's hard not to do. He is known to be quick to anger. I don't like the idea that he has access to ALL PASSWORDS in plaintext. I request either a GROUP of people be instated or encryption to the passwords be used. I will definetly not be using an @msgplus.net account in the near future.

Sorry if I caused anyone any trouble. I never knew that anyone would have a problem with this. Tbh, even if I did know your password, it don't make a difference. SonicBoom trusted me in doing this, and I have done nothing wrong. Not sayin you hav accused me for doing wrong but I didn't. Now, I will not be helping SonicBoom with activating the accounts.The ony reason I have asked him for me to help out with this, is because he got so behind, so I thought that he could use some help. Now this said, I don't think it is a real problem as for I am not immature as for going out with anyones passwords and doing immature things with them, like Seany did on IRC. I am not that immature and I would never do that. I am not that rude and mean. As SonicBoom said the passwords are no longer stored in plaintext.

Sorry I caused you all trouble again.,



Sean.

Well SB, I apologise if I'm wrong, but I was informed otherwise..

^^

Edit: Well, that tells me they were, which I'm glad has changed. But I'm still going to be cautious.

quote:

---

Originally posted by XxRebelSeanxX
Sorry if I caused anyone any trouble. I never knew that anyone would have a problem with this. Tbh, even if I did know your password, it don't make a difference. SonicBoom trusted me in doing this, and I have done nothing wrong. Not sayin you hav accused me for doing wrong but I didn't. Now, I will not be helping SonicBoom with activating the accounts.The ony reason I have asked him for me to help out with this, is because he got so behind, so I thought that he could use some help. Now this said, I don't think it is a real problem as for I am not immature as for going out with anyones passwords and doing immature things with them, like Seany did on IRC. I am not that immature and I would never do that. I am not that rude and mean. As SonicBoom said the passwords are no longer stored in plaintext.

Sorry I caused you all trouble again.,



Sean.

---

Sonicboom trusting you is a whole different story, the point of evilseph writing that was to say that more than half the people on these forums dont trust you, and probably dont trust a lot of people with things such as passwords, as evilseph said, they could use the same passowrd for everything. Say once on IRC, if someone kicks you, you could easily get pissed off and close the account, or do stupid things to it.  And um, if you're helping out, wanna tell me why my 2 week over due mail hasnt came?