While it may be unwelcome to raise this in public, it affects the data protection of all members. As it concerns senior members of the forum, my thought is that it should be left in public as that is the only way of protecting the interests of the masses.
Much of this refers to the HJ Backroom, but as this is the old software with the same webmaster, this *probably* equally applies here. I think the information should be made public.
This site needs a privacy policy and terms publishing quickly. Especially in light of info I have been given.
First questions.
I have been told the passwords here are encrypted (as they should be).
***
When a user creates an account, is the password visible in plain text to webmaster or moderators at any stage?
And is the username emailed or sent in some other form to webmaster or moderators?
And is the username/password stored in any other form (by these people) off the main server of the forum, apart from secure backups containing only encrypted passwords?
***
I have evidence that all the above things are happening.
Having any plain text copy of an encrypted password is extremely dangerous. Why? Because most people tend to use the same password for several online apps, and therefore access can be gained to other accounts of that user, like Facebook and email. Once access has been gained to other private accounts, further information is available to the thief and things like bank accounts and credit card accounts can be compromised. This is not an argument about your own use of data, it trying to establish the truth about the storage/transmission and use of data on this forum.
Why am I bothered? Because I have been asked to invite my customers/visitors here, and I want to be sure data is not being misused. As there is no privacy policy I am forced to ask these questions.
|