The video that I used to test this finally disappeared from Amazon S3 server in 2013, leading me to believe that the issue has been addressed, though I have not had time to verify this (you can try it yourself by following the above link). FetLife denied this was true when I first wrote about this in 2012, despite the number of engineers who weighed in. Until recently, deleting one’s images on the network didn’t fully delete them due to some sloppy engineering. Anyone with an account can see your posts and comments on FetLife, which means any one of its 3,010,332 members can write a bit of code to access the site and serve its information to the outside world. This is not true: it doesn’t matter how good your password is. This suggests that if a user creates a strong enough password and keeps a virus-free computer, they’ll be safe. It segues from saying anyone might be able to access one’s information to suggestions for better passwords and a recommendation for current antivirus software. You can reduce these risks by using common sense security practices such as choosing a strong password, using different passwords for different services, and using up to date antivirus software.Īside from being completely buried in a footer - a place no user will ever go unless they’re media and looking to contact the social network for comment on a developing story - the warning is almost willfully misleading. We can’t be responsible for third party circumvention of any privacy settings or security measures on FetLife. We cannot ensure that information you share on FetLife will not become publicly available. We cannot control the actions of other users with whom you share your information. Please be aware that no security measures are perfect or impenetrable. On this page, buried under all kinds of other things, FetLife states: Unless one is interested in reading a lot and seeks out FetLife’s Privacy Policy, it’s unlikely one would find anything about the risks. Nothing is said at that point about risks associated with sharing one’s sexual proclivities on a social network that is only as safe as the creation of an account and a general sense of human decency. The same security banks use,” FetLife tells people signing up. That’s why we’re the first social network to be 100% SSL. This is a gross injustice, as ours is an extremely sex-negative world and being found out as a kinkster can have serious repercussions on a person’s life and, as evidenced by threads relating to the proxy incident, a lot of users on the social network do not have the technical knowledge to understand the gravity of the situation. Unfortunately for users, its founder and administrators are far more concerned with maintaining the illusion of safety than being transparent about potential issues that people on the site may face after being exposed. FetLife remains unsafe, easily accessible and possibly indexable. The proxy hadn’t hacked anything - it was simply operating through FetLife’s security holes.ĭespite the fact that FetLife has had two years to quietly address this, the existence of shows that the security issues have not changed. In truth, FetLife only blocked connections originating from maymay’s site where the proxy was installed, meaning that connecting to the network from any other source would have enabled the proxy to continue its business. Because this was an activism project, maymay widely publicized what they were doing unfortunately, FetLife refused to face the underlying issue, choosing instead to launch a campaign accusing maymay of hacking the site and endangering its users.įetLife founder John Baku assured users at the time that FetLife had “blocked the proxy,” a statement that led many to believe the issue had been addressed. It took no time for this proxy to be coded, and even less for it to get to work, illustrating how false people’s sense of security really is on the kinky network. The proxy maymay created in the summer of 2012 accessed FetLife and made the profiles of public individuals in the BDSM community available to people outside the network. The user, known online as maymay, had been a long-time critic of FetLife’s inconsistent approach to user safety, and was one of the loudest voices rallying for the use of cryptographic protocols at login (which FetLife finally adopted in 2011). This is a replay of an incident that occurred two years ago when a FetLife user created a PHP proxy to illustrate the issues with FetLife’s insufficient concern for user privacy. The existence of this site and similar tools expose an enormous and unspoken risk to users of the network, who rely on the illusion of security created by the need to log in before they can access any content. The website enables people to search the kinky social network FetLife without first logging in.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |