What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Messenger Plus! for Live Messenger » WLM Plus! General » [split] MyPlus! Logs Security

Pages: (3): « First « 1 [ 2 ] 3 » Last »
[split] MyPlus! Logs Security
Author: Message:
Menthix
forum admin
*******

Avatar

Posts: 5534
Reputation: 102
35 / Male / Flag
Joined: Mar 2002
RE: Plus! 5 is out!
At the moment online logs are send and viewed using a secure (encrypted) connection. But they are not stored on the server in an encrypted form, no. Source: Jieff's reply to Messenger Plus! 5 information.
It is something I would like to see in a future version too: Allowing users to save encrypted logs online and doing a client-side decryption. In fact maybe even force users to use encryption, or at least make it default. And in a way the hashed MyPlus! password couldn't possibly used to decrypt the logs of a user. It would also be much less of a liability for Yuna should they get hacked.

quote:
Originally posted by Chrissy
Even If it is encrpyted on the server, Yuna can still see it. And If It's encrypted here then sent, the amount of data Yuna has they can easily come up with an algorithm to decrypt most of them, and sell them to marketing companies or spammers. 
Not when users set their own encryption key, just like local logs can be encrypted at the moment. Sure, you could try to bruteforce weak passwords, but you can do that with every type of encryption and service in the world. You don't need a large amount of data for that, just a dictionary. As always: don't use weak passwords.

quote:
Originally posted by Thor
Admins on these forums: nothing?
Being a global admin on the site i can tell you I don't have access to any logs except my own. As for bigger picture (server admins / corporate), I agree these are things people are right to ask and should get a proper and detailed answer to. Preferably in the form of an updated privacy policy. Personally in addition to that I would still like to see encrypted storage as in the top of my post.
Although even when we do know information like this it still comes down to trust. Yes, Microsoft is a huge well-known company. So are Facebook and Google, still doesn't stop them from doing things users are shocked by.

This post was edited on 02-11-2011 at 06:53 PM by Menthix.
Finish the problem
Menthix.net | Contact Me
02-11-2011 06:47 PM
Profile E-Mail PM Web Find Quote Report
Chrissy
Senior Member
****

Avatar

Posts: 850
Reputation: 5
24 / Male / Flag
Joined: Nov 2009
O.P. RE: Plus! 5 is out!
Okay.

So if someone hacks into the server or access the data on it, they have all our chats?
02-11-2011 06:55 PM
Profile E-Mail PM Web Find Quote Report
Menthix
forum admin
*******

Avatar

Posts: 5534
Reputation: 102
35 / Male / Flag
Joined: Mar 2002
RE: Plus! 5 is out!
quote:
Originally posted by Chrissy
if someone hacks into the server or access the data on it, they have all our chats?
I don't know the level of other security on the server, for example file permissions. But generally if someone would manage to get root access and files are unencrypted, they could get all the contents, yes.

This post was edited on 02-11-2011 at 06:59 PM by Menthix.
Finish the problem
Menthix.net | Contact Me
02-11-2011 06:59 PM
Profile E-Mail PM Web Find Quote Report
blessedguy
Skinning Contest Winner
*****

Avatar

Posts: 1762
Reputation: 25
26 / Male / Flag
Joined: Jan 2008
RE: Plus! 5 is out!
quote:
Originally posted by Chrissy

Okay.

So if someone hacks into the server or access the data on it, they have all our chats?
Just as they had people's emails and passwords when they hacked Gawker, I guess. I hope Yuna is prepared for that :rolleyes:

*Menthix beat me...

This post was edited on 02-11-2011 at 07:01 PM by blessedguy.
[Image: Empty.png]
02-11-2011 06:59 PM
Profile PM Web Find Quote Report
Thor
Veteran Member
*****

Avatar
Awwwwwwww.

Posts: 1117
Reputation: 42
27 / – / Flag
Joined: May 2006
RE: Plus! 5 is out!
quote:
Originally posted by Menthix
Being a global admin on the site i can tell you I don't have access to any logs except my own. As for bigger picture (server admins / corporate), I agree these are things people are right to ask and should get a proper and detailed answer to. Preferably in the form of an updated privacy policy. Personally in addition to that I would still like to see encrypted storage as in the top of my post.
Although even when we do know information like this it still comes down to trust. Yes, Microsoft is a huge well-known company. So are Facebook and Google, still doesn't stop them from doing things users are shocked by.
I was replying to CookieRevised in the context of the admins on this forum doing anything to a user's profile, not in the context of accessing logs. Sorry about that, might've been an idea to be a bit more specific. :p
:plus4: Translation guidelines for Messenger Plus! Live
I'm no longer around this town, but I miss the community dearly. You can always find me lurking in #banana, or at
nitrolinken.net.
02-11-2011 08:52 PM
Profile PM Web Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15522
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: RE: Plus! 5 is out!
quote:
Originally posted by Thor
quote:
Originally posted by Menthix
Being a global admin on the site i can tell you I don't have access to any logs except my own. As for bigger picture (server admins / corporate), I agree these are things people are right to ask and should get a proper and detailed answer to. Preferably in the form of an updated privacy policy. Personally in addition to that I would still like to see encrypted storage as in the top of my post.
Although even when we do know information like this it still comes down to trust. Yes, Microsoft is a huge well-known company. So are Facebook and Google, still doesn't stop them from doing things users are shocked by.
I was replying to CookieRevised in the context of the admins on this forum doing anything to a user's profile, not in the context of accessing logs. Sorry about that, might've been an idea to be a bit more specific. :p
It doesn't matter if it is messing with profiles or accessing logs (or in this case PMs) for that matter. The point of the re-questions where that almost every service on the net you trust your data on, needs to be ... well... trusted.... Even if there are NDAs or EULAs in place it doesn't physically stop some people (like root admins) from doing the 'wrong' thing in many cases, not even if it is a 'well known company'. In the end, it always comes down to trust. And if you don't trust it, don't use it.

What I also want to point out, in a very strong way, is that I'm equaly 'concerned' about this matter too. I too think there should at least be a more visible EULA or something in place which the user must agree with or sign before being able to upload data like logs. At least more clear than a small link at the bottom of the website pages like it is now. But of course that still wouldn't prevent some server root admins or whatever to do the 'wrong' thing though. Again, it boils down to trust.

But the moaning of Chrissy just for the sake of moaning gets ridiculous. Look at the rest of his posts in regards to Yuna, it is nothing more than trying to find something new to bitch about, nothing more. Yes he stumbled upon a good and valid question/concern, but immediatly screwed it up with his "they can bruteforce it anyway" comment. Showing again he posts that stuff just to moan and bitch imo. If anyone else would have asked the same question in regards to the online logs, I wouldn't have replied what I have replied to him.... Like I said, he makes it very hard for people to take him seriously.

This post was edited on 04-23-2011 at 05:21 AM by CookieRevised.
.-= A 'frrrrrrrituurrr' for Wacky =-.
02-11-2011 11:17 PM
Profile PM Find Quote Report
Thor
Veteran Member
*****

Avatar
Awwwwwwww.

Posts: 1117
Reputation: 42
27 / – / Flag
Joined: May 2006
RE: Plus! 5 is out!
quote:
Originally posted by CookieRevised
It doesn't matter if it is messing with profiles or accessing logs (or in this case PMs) for that matter. The point of the questions where that almost every service of the net you trust your data on, needs to be ... well... trusted.... Even if there are EULAs in place it doesn't physically stop some people from doing the 'wrong' thing in many cases.
Unless you go with a host-proof solution, but yes. You need to trust your service provider to a certain extent regardless.

quote:
Originally posted by CookieRevised


What I also want to point out, in a very strong way, is that I'm equaly 'concearned' about this matter too. But the moaning of Chrissy just for the sake of moaning needs to stop. Look at the rest of his posts in regards to Yuna, it is nothing more than trying to find something new to bitch about, nothing more. Yes he stumbled upon a good and valid question/concearn, but immediatly screwed it up with his "they can bruteforce it anyway" comment. Showing again he posts that stuff just to moan and bitch. If anyone else would have asked the same question in regards to the online logs, I wouldn't have replied what I have replied to him.... Like I said, he makes it very hard for people to take him seriously.
Agreed. (Not exactly a very insightful reply to that, but yes. Agreed.)
:plus4: Translation guidelines for Messenger Plus! Live
I'm no longer around this town, but I miss the community dearly. You can always find me lurking in #banana, or at
nitrolinken.net.
02-11-2011 11:25 PM
Profile PM Web Find Quote Report
toddy
Veteran Member
*****

Avatar
kcus uoy

Posts: 2573
Reputation: 49
– / Male / Flag
Joined: Jun 2004
RE: [split] MyPlus! Logs Security
174.122.242.106

[Image: hands.gif]
02-12-2011 02:28 AM
Profile PM Find Quote Report
blessedguy
Skinning Contest Winner
*****

Avatar

Posts: 1762
Reputation: 25
26 / Male / Flag
Joined: Jan 2008
RE: [split] MyPlus! Logs Security
And their certificates are still for that placeholder domain :(
[Image: Empty.png]
02-12-2011 02:29 AM
Profile PM Web Find Quote Report
V@no
Full Member
***

Avatar
sexy

Posts: 162
Joined: Mar 2004
RE: RE: Plus! 5 is out!
quote:
Originally posted by CookieRevised
What's stopping MS from reading your hotmails?What's stopping your ISP from reading your internet traffic (incl. password sends (like POP3 logins) over an insecure connection).
What's stopping the admins here from tampering with your account?
And I can go on and on and on like a duracell bunny on steroids.

none of these tried install crapware camouflaged as "EULA" agreement, which you can't say the same about MP...sorry but just that slip will make me doubt good intentions of mp online feature.

quote:
Originally posted by CookieRevised
What's stopping FB admins from publishing your private data?
nothing and they already proved that they can and will do that, because they don't care about privacy.
02-25-2011 06:41 AM
Profile PM Find Quote Report
Pages: (3): « First « 1 [ 2 ] 3 » Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On