[split] MyPlus! Logs Security |
Author: |
Message: |
Menthix
forum admin
Posts: 5537 Reputation: 102
40 / /
Joined: Mar 2002
|
RE: Plus! 5 is out!
At the moment online logs are send and viewed using a secure (encrypted) connection. But they are not stored on the server in an encrypted form, no. Source: Jieff's reply to Messenger Plus! 5 information.
It is something I would like to see in a future version too: Allowing users to save encrypted logs online and doing a client-side decryption. In fact maybe even force users to use encryption, or at least make it default. And in a way the hashed MyPlus! password couldn't possibly used to decrypt the logs of a user. It would also be much less of a liability for Yuna should they get hacked.
quote: Originally posted by Chrissy
Even If it is encrpyted on the server, Yuna can still see it. And If It's encrypted here then sent, the amount of data Yuna has they can easily come up with an algorithm to decrypt most of them, and sell them to marketing companies or spammers.
Not when users set their own encryption key, just like local logs can be encrypted at the moment. Sure, you could try to bruteforce weak passwords, but you can do that with every type of encryption and service in the world. You don't need a large amount of data for that, just a dictionary. As always: don't use weak passwords.
quote: Originally posted by Thor
Admins on these forums: nothing?
Being a global admin on the site i can tell you I don't have access to any logs except my own. As for bigger picture (server admins / corporate), I agree these are things people are right to ask and should get a proper and detailed answer to. Preferably in the form of an updated privacy policy. Personally in addition to that I would still like to see encrypted storage as in the top of my post.
Although even when we do know information like this it still comes down to trust. Yes, Microsoft is a huge well-known company. So are Facebook and Google, still doesn't stop them from doing things users are shocked by.
This post was edited on 02-11-2011 at 06:53 PM by Menthix.
|
|
02-11-2011 06:47 PM |
|
|
Chrissy
Senior Member
Posts: 850 Reputation: 5
29 / /
Joined: Nov 2009
|
O.P. RE: Plus! 5 is out!
Okay.
So if someone hacks into the server or access the data on it, they have all our chats?
|
|
02-11-2011 06:55 PM |
|
|
Menthix
forum admin
Posts: 5537 Reputation: 102
40 / /
Joined: Mar 2002
|
RE: Plus! 5 is out!
quote: Originally posted by Chrissy
if someone hacks into the server or access the data on it, they have all our chats?
I don't know the level of other security on the server, for example file permissions. But generally if someone would manage to get root access and files are unencrypted, they could get all the contents, yes.
This post was edited on 02-11-2011 at 06:59 PM by Menthix.
|
|
02-11-2011 06:59 PM |
|
|
blessedguy
Skinning Contest Winner
Posts: 1762 Reputation: 25
32 / /
Joined: Jan 2008
|
RE: Plus! 5 is out!
quote: Originally posted by Chrissy
Okay.
So if someone hacks into the server or access the data on it, they have all our chats?
Just as they had people's emails and passwords when they hacked Gawker, I guess. I hope Yuna is prepared for that
*Menthix beat me...
This post was edited on 02-11-2011 at 07:01 PM by blessedguy.
|
|
02-11-2011 06:59 PM |
|
|
Thor
Veteran Member
Awwwwwwww.
Posts: 1118 Reputation: 42
32 / – /
Joined: May 2006
|
RE: Plus! 5 is out!
quote: Originally posted by Menthix
Being a global admin on the site i can tell you I don't have access to any logs except my own. As for bigger picture (server admins / corporate), I agree these are things people are right to ask and should get a proper and detailed answer to. Preferably in the form of an updated privacy policy. Personally in addition to that I would still like to see encrypted storage as in the top of my post.
Although even when we do know information like this it still comes down to trust. Yes, Microsoft is a huge well-known company. So are Facebook and Google, still doesn't stop them from doing things users are shocked by.
I was replying to CookieRevised in the context of the admins on this forum doing anything to a user's profile, not in the context of accessing logs. Sorry about that, might've been an idea to be a bit more specific.
|
|
02-11-2011 08:52 PM |
|
|
CookieRevised
Elite Member
Posts: 15517 Reputation: 173
– / /
Joined: Jul 2003
Status: Away
|
RE: RE: Plus! 5 is out!
quote: Originally posted by Thor
quote: Originally posted by Menthix
Being a global admin on the site i can tell you I don't have access to any logs except my own. As for bigger picture (server admins / corporate), I agree these are things people are right to ask and should get a proper and detailed answer to. Preferably in the form of an updated privacy policy. Personally in addition to that I would still like to see encrypted storage as in the top of my post.
Although even when we do know information like this it still comes down to trust. Yes, Microsoft is a huge well-known company. So are Facebook and Google, still doesn't stop them from doing things users are shocked by.
I was replying to CookieRevised in the context of the admins on this forum doing anything to a user's profile, not in the context of accessing logs. Sorry about that, might've been an idea to be a bit more specific.
It doesn't matter if it is messing with profiles or accessing logs (or in this case PMs) for that matter. The point of the re-questions where that almost every service on the net you trust your data on, needs to be ... well... trusted.... Even if there are NDAs or EULAs in place it doesn't physically stop some people (like root admins) from doing the 'wrong' thing in many cases, not even if it is a 'well known company'. In the end, it always comes down to trust. And if you don't trust it, don't use it.
What I also want to point out, in a very strong way, is that I'm equaly 'concerned' about this matter too. I too think there should at least be a more visible EULA or something in place which the user must agree with or sign before being able to upload data like logs. At least more clear than a small link at the bottom of the website pages like it is now. But of course that still wouldn't prevent some server root admins or whatever to do the 'wrong' thing though. Again, it boils down to trust.
But the moaning of Chrissy just for the sake of moaning gets ridiculous. Look at the rest of his posts in regards to Yuna, it is nothing more than trying to find something new to bitch about, nothing more. Yes he stumbled upon a good and valid question/concern, but immediatly screwed it up with his " they can bruteforce it anyway" comment. Showing again he posts that stuff just to moan and bitch imo. If anyone else would have asked the same question in regards to the online logs, I wouldn't have replied what I have replied to him.... Like I said, he makes it very hard for people to take him seriously.
This post was edited on 04-23-2011 at 05:21 AM by CookieRevised.
.-= A 'frrrrrrrituurrr' for Wacky =-.
|
|
02-11-2011 11:17 PM |
|
|
Thor
Veteran Member
Awwwwwwww.
Posts: 1118 Reputation: 42
32 / – /
Joined: May 2006
|
RE: Plus! 5 is out!
quote: Originally posted by CookieRevised
It doesn't matter if it is messing with profiles or accessing logs (or in this case PMs) for that matter. The point of the questions where that almost every service of the net you trust your data on, needs to be ... well... trusted.... Even if there are EULAs in place it doesn't physically stop some people from doing the 'wrong' thing in many cases.
Unless you go with a host-proof solution, but yes. You need to trust your service provider to a certain extent regardless.
quote: Originally posted by CookieRevised
What I also want to point out, in a very strong way, is that I'm equaly 'concearned' about this matter too. But the moaning of Chrissy just for the sake of moaning needs to stop. Look at the rest of his posts in regards to Yuna, it is nothing more than trying to find something new to bitch about, nothing more. Yes he stumbled upon a good and valid question/concearn, but immediatly screwed it up with his "they can bruteforce it anyway" comment. Showing again he posts that stuff just to moan and bitch. If anyone else would have asked the same question in regards to the online logs, I wouldn't have replied what I have replied to him.... Like I said, he makes it very hard for people to take him seriously.
Agreed. (Not exactly a very insightful reply to that, but yes. Agreed.)
|
|
02-11-2011 11:25 PM |
|
|
toddy
Veteran Member
kcus uoy
Posts: 2573 Reputation: 49
– / /
Joined: Jun 2004
|
RE: [split] MyPlus! Logs Security
174.122.242.106
|
|
02-12-2011 02:28 AM |
|
|
blessedguy
Skinning Contest Winner
Posts: 1762 Reputation: 25
32 / /
Joined: Jan 2008
|
RE: [split] MyPlus! Logs Security
And their certificates are still for that placeholder domain
|
|
02-12-2011 02:29 AM |
|
|
V@no
Full Member
sexy
Posts: 162
Joined: Mar 2004
|
RE: RE: Plus! 5 is out!
quote: Originally posted by CookieRevised
What's stopping MS from reading your hotmails?What's stopping your ISP from reading your internet traffic (incl. password sends (like POP3 logins) over an insecure connection).
What's stopping the admins here from tampering with your account?
And I can go on and on and on like a duracell bunny on steroids.
none of these tried install crapware camouflaged as "EULA" agreement, which you can't say the same about MP...sorry but just that slip will make me doubt good intentions of mp online feature.
quote: Originally posted by CookieRevised
What's stopping FB admins from publishing your private data?
nothing and they already proved that they can and will do that, because they don't care about privacy.
|
|
02-25-2011 06:41 AM |
|
|
Pages: (3):
« First
«
1
[ 2 ]
3
»
Last »
|
|