Frienditto and Online Security.
May. 10th, 2005 12:45 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
swestrupI have mentioned, once or twice in the past, that my truely private thoughts never leave my skull. I don't write them down and I certainly don't put them in a LiveJournal post. Now, I have occassionally confided them to another person that I trusted. Only once has this had disasterous results, but once bitten, twice very shy indeed.
That's not to say that I am completely unable to open up to someone, only that I keep my innermost thoughts and feelings very close to my chest. In a situation where I'm talking one-on-one to someone and a level of trust has had time to build, I'll drop some of my barriers.
This never happens in groups though. If I'm in a group of people and someone asks me why I'm looking glum, then they are unlikely to hear more than the least thing that is bothering me, regardless of how much I trust that person individually.
Since LiveJournal is all about the groups, my most secret thoughts never end up here. As a result, I am not as dismayed as many by Frienditto and its breaching of the LJ security barriers. For those that haven't heard about this, you can check out this article on Websnark. In a nutshell, what's been happening is that folks sign up for a free Frienditto account and give it their LJ name and password. Frienditto then downloads all of the LJ posts from that account and all posts visible from that account!
So, if you have posted something that only a half-dozen folks can see, and one of them signs up for a Free Account on frienditto, then it gets downloaded. What's worse is that there is no security on free frenditto accounts, so that post is now visible to everyone on the internet. To say that this is upsetting folks is an understatement.
Now, I can understand how this can upset people, but I never really believed that LJ had a strong security model in the first place. Then again, I'm an IT professional and so I KNOW that typing in my LJ password on another system is not only letting the tiger out of the cage with respect to any security I might think I have, but it is also a violation of the trust of everyone who has friended me.
Sadly though, passwords and computer security 101 is not a required course in todays world, and the vast majority of folks who've signed up for Frienditto had no idea of the havok they were about to cause. I'm sure that many of them are probably blaming Frienditto rather than themselves for having betrayed their friends.
All I can say is that the LJ Drama Llama is going to be burning the midnight oil tonight!
That's not to say that I am completely unable to open up to someone, only that I keep my innermost thoughts and feelings very close to my chest. In a situation where I'm talking one-on-one to someone and a level of trust has had time to build, I'll drop some of my barriers.
This never happens in groups though. If I'm in a group of people and someone asks me why I'm looking glum, then they are unlikely to hear more than the least thing that is bothering me, regardless of how much I trust that person individually.
Since LiveJournal is all about the groups, my most secret thoughts never end up here. As a result, I am not as dismayed as many by Frienditto and its breaching of the LJ security barriers. For those that haven't heard about this, you can check out this article on Websnark. In a nutshell, what's been happening is that folks sign up for a free Frienditto account and give it their LJ name and password. Frienditto then downloads all of the LJ posts from that account and all posts visible from that account!
So, if you have posted something that only a half-dozen folks can see, and one of them signs up for a Free Account on frienditto, then it gets downloaded. What's worse is that there is no security on free frenditto accounts, so that post is now visible to everyone on the internet. To say that this is upsetting folks is an understatement.
Now, I can understand how this can upset people, but I never really believed that LJ had a strong security model in the first place. Then again, I'm an IT professional and so I KNOW that typing in my LJ password on another system is not only letting the tiger out of the cage with respect to any security I might think I have, but it is also a violation of the trust of everyone who has friended me.
Sadly though, passwords and computer security 101 is not a required course in todays world, and the vast majority of folks who've signed up for Frienditto had no idea of the havok they were about to cause. I'm sure that many of them are probably blaming Frienditto rather than themselves for having betrayed their friends.
All I can say is that the LJ Drama Llama is going to be burning the midnight oil tonight!
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2005-05-10 04:54 pm (UTC)People can be so dumb it makes my head explode!
no subject
Date: 2005-05-10 05:20 pm (UTC)no subject
Date: 2005-05-10 08:13 pm (UTC)no subject
Date: 2005-05-10 11:10 pm (UTC)no subject
Date: 2005-05-10 05:28 pm (UTC)no subject
Date: 2005-05-10 08:56 pm (UTC)no subject
Date: 2005-05-10 09:05 pm (UTC)no subject
Date: 2005-05-10 09:08 pm (UTC)not I.
no subject
Date: 2005-05-10 10:21 pm (UTC)no subject
Date: 2005-05-10 10:23 pm (UTC)no subject
Date: 2005-05-11 11:35 am (UTC)One thing not mentioned is that the login to LJ (and most likely all other blog sites) is not encrypted. Or maybe I just haven't found the option yet ;-)
This basically means, that passwords can easily be snatched from the network by e.g. the sysadmins at a workplace...