About privacy on the forum

by Simon 51 Replies latest jw friends

  • The_Bad_Seed
    The_Bad_Seed

    Thanks -- 40 minutes long, nice!

  • waiting
    waiting

    Hey Simon,

    Thanks for the warning.....and explaining the need for the warning.

    I know some are going to scream if you have to become more viligent in moderating this place. But it's nice to know that the screamers can always choose to go to Kent's and have 5 moderators to scream at.

    Freedom of choice is a nice thing. This is your forum, your freedom, and your choice. Congratulations.

    waiting

    ps: I followed JanH's click to read the entire thread. To Simon's credit, I believe he has mistaken double identity posters twice (Julie & Wholewheat) - and has apologized on the forum each time for his mistake. Other times when multiple identities have been discovered - he was correct. Ain't a bad record for handling this crew of thousands of posters coming/going here for almost 3 years now, imho.

    I also edited my above post to Simon.

    Edited by - waiting on 8 July 2002 14:36:56

  • JanH
    JanH

    Simon,

    I think what you have done is called "over-interpretation."

    This is the original thread "over there" that you seem to be referring to: http://kent.steinhaug.com/forum/showthread.php?s=&postid=4548#post4548

    I have a problem seeing how "disclosing" information anyone can find in their Windows manual can be a threat to your forum. The context is clearly one where two people share the same PC and don't want to share the same cookies. We have, after all, a few couples on this board, and misunderstandings have happened before where spouses are accused of being their SOs, and thereby having their anonymity violated.

    I regret that the silly "board wars" are flaring up again.

    - Jan

  • Englishman
    Englishman

    I regret that the silly "board wars" are flaring up again.

    Me too.

    Maybe we should rename them the BORED wars.

    Englishman.

  • Xander
    Xander
    The context is clearly one where two people share the same PC and don't want to share the same cookies
    Then you will see a place called Web Sites - and here you can open the edit button to override cookies. If you add jehovahs-witness.com to the list, and say "Deny" - no cookies will ever be accepted from the site in question.

    Doesn't seem like that context to me. Sounds like instructions on how to avoid detection.

    That said, you don't HAVE to use cookies to identify someones IP address. Simon apparently does, but there are other ways. Simple packet logging would do the trick just as well, and if you are faking return IP addresses (aka 'spoofing')....well, you aren't getting any page content that way and there is NO legitimate reason to do that.

    Alternatively, Simon could just throw some javascript up to collect the IP address of surfers (you don't even need to be a poster then - any time you visit the site your address would be logged).

    In short, Kent was not instructing people in how to maintain anonymity - just how to defeat Simon's currently implemented fraud detection scheme.

  • Simon
    Simon

    That's how I read it. It was not general information about cookies and web browsers but specific instructions on how to create duplicate accounts undetected.

    Of course this is not the only system I use - every request is logged so it is possible to compare IP addresses but again, this has limitiations and is not fool proof either (different people could get the same IP address assigned from a dialup account or proxy). The good thing about the cookies were that they were concusive. I could tell for certain that accounts had come from the same PC (which was why I knew SexyTeen/YoYo was lying).

    I am aware of quite a few cases where people share a PC and have only mistakenly flagged one of these once (twice?). Again, it's something I only look into if there is reason to. Typically if someone is being a nuisance I look them up and then try and watch out for them reappearing and do a quick scan occasionally.

    Edited by - Simon on 8 July 2002 15:0:18

    Edited by - Simon on 8 July 2002 15:1:46

  • Simon
    Simon

    I'm sorry you think I have over-reacted JanH but I have to spend a lot of time having to deal with idiots trying to cause mischief and anything that helps them or even instructs them how to do it is "less than helpful".

    I do not want any board war - if I did then I would be posting instructions on how to take advantage of flaws in other forum software to steal passwords ... would that be irresponsible or informative?

  • Sam Beli
    Sam Beli

    Thank you, Simon, for your very hard work.

    Sam

  • 144001
    144001

    Simon,

    Can't you make it so your site doesn't load if the browser doesn't accept cookies?

    Anyway, thanks for all that you do here and I hope this stuff doesn't irritate you too much. Take care!

  • Wendy
    Wendy

    This is really sad.

    Xander,

    I have no idea what Simon uses to find out who are duplicates, how do you? How does anyone in fact? The subject of security has never been discussed here. To be honest, imo, most who come here and cause trouble using duplicate accounts, probably have never heard of or will see Kent's DB...well now they will.

    As for the other thread, I concur with JanH, I did not see it as a way to breach security, and I learned lots from cynicus's link. I always learn lots from his links

    As for cookies...I like white chocolate ones with walnuts

    Pweese let this be buried now.

    wendy

Share this

Google+
Pinterest
Reddit