security issue

[Missy]

Dear moderator Hendie,

I have only recently registered as a user on this forum and have come across a security issue for users that I think should be rectified immediately.

During registration one is asked to fill in a form outlining ones personal details, date of birth, place of residence full name etc. This information is given in good faith. However unbeknown to the person registering, this information is immediately upon completion of the registration process and first posting, available to all public members. All they have to do is mouse clic the persons name and up it pops.

I find this unacceptable. No where during the registration process are you warned that this is so. One assumes this information is needed to register and so one then gives the information freely, one does not assume that members of the public have clear access to it. In order for this too be rectified there should be a warning in red on the registration page that this is so. So that we as users are not subject to possible identity theft or worse and can modify our personal information before it is submitted. It is too late to do this once one has already registered and found out that this information is not secure. Most people would only edit their info a few days later if at all, as most are keen to post first. It also takes awhile to find the area where this may be done.

The registration process is miss leading the public and should be changed immediately.

Thank you for your time

Missy

Edited June 28, 2006 by Missy

[Guest Jules]

Missy,

I think you will find if you look at the registration form again that the only information that is required is a log-in name and a password. Your log-in name does not have to be your name. The other, more personal information is actually optional. I hardly think this is a security concern, you are under no obligation to post any personal information.

Julie

[Missy]

Jules are you a moderator? It get a bit confusing as there seems to be multiple moderators. But for your information an e-mail address is also required and no where is it stated that all the information asked for is optional or secure. I would be happy to look again. What page is the registration form to be found? Perhaps Riekie has changed this already, I think she is also one of the many moderators. who knows.

Honestly, to avoid confusion and impartiality there is normally only one moderator. Here, moderators seem to be posting and moderating and answering posts all at the same time? So far Dedrei seems to be a real moderator in that she is not actually involved in any postings as such, but is actually moderating with complete impartiality.

If you are also one my apologies, but it is mighty confusing.

Edited June 29, 2006 by Missy

[Guest Jules]

Sorry Missy, I am not a moderator and I don't really have any idea how the moderating process works either. All I know is that most of the moderators are pretty hands-on when it comes to posting and moderating if need be.

Maybe I shouldn't have jumped in and answered your post as I see now that it's addressed to Hendie, it's just that I registered my daughter on the forum not too long ago and distinctly remembered the optional part of the form. I would imagine most people use a hotmail/yahoo/gmail etc address for these type of things to avoid giving out their personal e-mail address.

Julie

[Missy]

I will look into this. I dont think so though. I will log out and hit the reg. Yes I think most do use hotmail accounts. I was taken completely by surprise when a public member private mailed me and used my complete full name. You cant be too careful with this sort of thing.

Also I found it a bit intimidating and quite an invasion of privacy that certain people kept asking me for my profession almost demanding it. Surely people have a right whether they want to give out this information or not. It is not always appropriate, and since there are so many moderators floating around it is quite honestly a bit odd-ball because you dont know who to believe or not.

[Guest Seoul Sister]

Missy,

Guests of the forum can't see any of your details, only your username. Registered members can see your name, your signature and all other things you choose to reveal about yourself. On this forum I am not seen as a public member (of the garden or any variety) as I am registered. I had no idea that you had such serious fears of personal contact with ppl, and did not mean to get you in a knot, I was merely trying to be friendly. It is very easy to see who the moderators are, as they all have the word HOST in their title. You can also look under MY ASSISTANT at the top right in the middle and look under Hosting Team, to see who these ppl are. Not difficult at all, even a blonde can do it. If you want certain areas of your life kept private, I suggest you stop bringing the topics up. The members of this forum are all fantastic, friendly, helpful and respectful of each other's opinions and privacy. To many newcomers this is a shock as other forums do not operate with this high level of dignity. It’s a jungle out there, but I’m sure I don‘t have to tell you about it !! It is probably a good idea to first familiarize yourself with what all the buttons do and how everything works before you continue, as you seem to have some technical challenges, and a proper walkabout will solve it for you.

You need not worry about me PMing you ever again, really! You are going to have to find your own balance on who to trust and who not, I tend to go with my gut feel, and I haven't been wrong yet.

Good luck on the forum !

Greetings

SS

[Riekie]

Missy, thanks for posting your concerns in this section. I have also forwarded your Email to Hendie to investigate. If there is a security problem, you can be sure he will take whatever action is necessary. Although there's a number of hosts on the forum, Hendie is the only one who can make changes to the actual setup of the forum. If it is a matter to be decided on by the hosts, Hendie will put it to them and a decision is made based on the facts, which Hendie will action. Whatever the outcome, it will be posted here.

[Missy]

Thank-you Riekie much appreciated. It has been a fun afternoon though at times pretty strange too. Seems the ignore function is the handiest invention so far,some of the posters, well one in particular is totaly over the top and out of order. I wont be getting much time in the next weeks to look in here, but from time to time I will try.

It seems strange to me that you also have access to my e-mail address? I dont remember authorising any-one to have it, are you also a site administrator,how many are there? However as it is a hotmail account feel free to update me on the issue's of security. I am pleased to say I have had no further inquiries about my relatives in South africa, although I have blocked their mail address so I wouldn't know if they were still trying.

Regards

Missy

[Hendie]

Hi Missy,

Thank you for raising your concern. Please allow me to explain.

The only items that are required (compulsory) upon registration are in the left-hand column of the registration page (the one that is NOT labelled "Optional Information"):

1. Log In Username - you will use this to log in with
   
2. Display Name - this is the name people will see next to your postings
   
3. Password - also to log in with
   
4. Email Address - so we can verify that you exist, and can communicate with you
   

All the items in the right-hand, or "Optional Information" is ... optional and need not be filled in. So really, you have control over what you make "public" right from the point when you register. I hope that quells your fears and concerns, and that you would agree that security is not REALLY an issue, but rather that new members should take care to read everything on the registration pages (including the Forum Terms and Rules that they agree to abide by), and satisfy themselves that they are happy with what is required of them.

Regarding the "public" nature of your profile information: Only registered members can see your profile information. Guests who visit the forum (and there are LOTS of visitors) cannot access member information. This forum (and the two other sister forums in Canada and the USA) is different to other online forums in the sense that we actually encourage people to get to meet each other. As you read the postings on the forum you will come to realise that we are actually a very close knit community. But again, it is your choice on how "revealing" you choose to be. For obviuos reasons folks still in South Africa often choose to keep their true identity secret, so as not to raise suspicion in their home communities. We even honour that in our Coffee Club meetings, where discussions on the forum will refer only to people's display names, and keeping their real identity confidential. We keep a jealous guard on our members, and have various mechanisms to make sure everyone's honour is preserved and protected. We have the ability to employ a graduated warning system to get misbehaving members to "repent" and toe the line, and we can even ultimately ban someone from the forum if need be. Should you feel at any point that you are being harrassed, feel free to contact any one of the hosts, and we will gladly help you.

There are two means of communication open to members to contact each other. The most "secure" is the Private Messaging (PM) system, which is basically an in-forum mailbox, with which members can contact each other, and discuss private or off-forum topics. You can opt for the forum to send you an email notification when a new PM arrives in your forum mailbox, and/or elect to have a pop-up displayed to you when you are reading the forum and a new PM arrives. The second mechanism is email. Again, this is only open to members wanting to email other members. The email address of the recipient is not visible to the sender, and the email is composed via a web form. It is up to the recipient to decide whether to respond (via email, outside of the forum) and thus make their address known to the sender, or not. Of course when the recipient receives the email, they will be able to see the email address of the sender, that is the nature of email. A lot of thought has gone into preserving privacy and putting control over privacy in the hands of the member.

As for you confusion about moderators: this forum is managed by a host team. We prefer to call ourselves hosts since that is what we try to do: to host the forum, and to make you, the members, feel at home. All decisions about forum matters are made by this team, who are all volunteers who give their time for the benefit of the member community. There is no ONE person who has ultimate control, we are all accountable to each other. You will notice that the hosts all have titles, like Sydney Host, indicating the area of the forum that they are primarily responsible for, so do use the host list I referred to earlier when you have specific questions, to determine who would be best equipped to answer your questions. Hosts are also regular members, and actively take part in the forum, posting topics, answering questions, and just generally being part of the forum community - they are not "elevated" or "aloft", only to come out to dole out judgement or control.

Hendie

[Riekie]

It seems strange to me that you also have access to my e-mail address? I dont remember authorising any-one to have it, Missy

Missy - YOU Emailed ME and I used the "reply" button to respond.......?! Now I'm REALLY confused! What are you trying to say??

Hi Missy,

The second mechanism is email. Again, this is only open to members wanting to email other members. The email address of the recipient is not visible to the sender, and the email is composed via a web form. It is up to the recipient to decide whether to respond (via email, outside of the forum) and thus make their address known to the sender, or not. Of course when the recipient receives the email, they will be able to see the email address of the sender, that is the nature of email.

This is how I understood it as well...... (Hendie, thanks for clearing that up )!!

[Missy]

Yes Hendie that clears up some of the confusion as to how this forum operates, and granted that it is an amateur site, run by such there is an informality about proceedings that can be overlooked. However not the security issues.

I think the warning that any information given "can be used and is viewable" by the public members should be in red and should state just that. Not just be stated in tiny print in black, the words "optional info" as I for one didn't see it, and further more "optional" does not imply that this information is not confidential. On the question of moderators/hosts/members.

I have to say your Moderating "hosts" were not falling over themselves in welcome but seemed to be rather acting like suspicious sniffer dogs on the trail of blood. Most extraordinary behaviour for a forum, I was quite taken aback as a newbie at this surprising almost neurotic behaviour. As would you be.

While I have no knowledge of the history of this site, it is clear to me that it is a new site, and secondly that a lot of posters and "hosts" are bearing unneeded baggage. Perhaps a short 'history of our site" introduction might be appropriate so that posters can see what they are dealing with, before they are subjected to this kind of behaviour.

The so called tight knit community is rather too tight knit and somewhat less welcoming of actual posters. Surely the aim of the exercise is to get new people posting. It was only Dedrei that actually made me feel welcome at all, and this was only AFTER she had to intervene because the so called welcoming committee and tight knit community was so hostile. I was glad to see there is at least one partially impartial "host" in the background. Surely a forum like this should be based on information-sharing and not friendjies politic, this raises questions of accountability, not least because it is self regulating? Then the real issue, of how impartiality can affect the personal security of posters.

One of the so called "Host moderating administrators" is in fact very friendly with a public member, unusual on a forum, but given lea-way for your particular style, still has some questionable consequences. This member messaged me using my full name and e-mail address. Was I then to complain to the above mentioned 'host" I don't honestly see how this is possible, as she is operating under a clear conflict of interest. I think here it is not only a question of impartiality but more importantly one of confidentiality and personal security.

Not once in the whole afternoon did I have reason to e-mail using my personal e-mail address, any members of this forum. This is simple enough to confirm, just by following both of the threads in which I participated. I did however "return" reply to a "host" using the internal messaging function after the "host" private messaged me, after I, ironically, complained about SECURITY issues on one of the threads. This also easily confirmed by following the thread. This they can also confirm with the said mail if there's is still a record of it. Another puzzling thing is that there is no automatic record in my own message centre of this return reply?

Goodness gracious me, and all in one afternoons attempt at using a forum. Something is not right in the state of Denmark.

Thanks for your time.

And good luck!

Missy

Edited June 29, 2006 by Missy

[DesertDaisy]

If you aren't happy here, then you need not continue posting you know..... No one is forcing you.

[Missy]

And I think Hendie, that, that last post is self explanatory? Don't you?

[Riekie]

Missy, in fact I do have your Email (see below): For the purpose of this post, I have removed your return address which was displayed, as we do value the privacy of our members. No one is out to get you and your rage about the matter is completely off base. When you accepted the terms & conditions of your membership you have confirmed that you have read and agreed to it. I have yet to see a contract where the "fine print" is in bold red lettering........

From: "SAAustralia Forums" <b@h>

To: <riekie@saaustralia.org>

Subject: missy ( SAAustralia Forums )

Date: Wednesday, 28 June 2006 5:13 PM

Riekie,

Missy has sent you this email from http://www.saaustralia.org/index.php.

Riekie I have already banned the sender and put them on ignore, for the moment, as I am still a bit flustered by it all.

The problem seems to stem from the fact that when you register you are asked for your full name, birth date place of residence etc.

This information is them immediately open to all the members of this forum, until you remove it once you gain access to that area. On registration it should tell you that all your personal information will be viewable until you change it, and indicate exactly where this should be done.

The message it's self was quite innocuous, wanting to know if I was related to them or not because of my name. However to me it was a shock to see they new my proper full name in the first place. I have since removed my full name and place of residence.

Thanks for your time Missy

---------------------------------------------------

Please note that SAAustralia Forums has no control over the

contents of this message.

---------------------------------------------------

Regards,

The SAAustralia Forums team.

http://www.saaustralia.org/index.php

[Hendie]

I think the warning that any information given "can be used and is viewable" by the public members should be in red and should state just that. Not just be stated in tiny print in black, the words "optional info" as I for one didn't see it, and further more "optional" does not imply that this information is not confidential. On the question of moderators/hosts/members.

Interesting that you choose to use the word amateur here. My, you do have a way with words. If I was the suspicious kind, I may have thought that you are trying to provoke some kind of retaliatory emotion? Well Missy, in the four years that I have been involved with these forums, you are the first one to complain. We will have to agree to disagree on this matter though, and I hope that you will be able get over the initial shock, and relax, and enjoy our forum for what it is intended for.

While I have no knowledge of the history of this site, it is clear to me that it is a new site, and secondly that a lot of posters and "hosts" are bearing unneeded baggage. Perhaps a short 'history of our site" introduction might be appropriate so that posters can see what they are dealing with, before they are subjected to this kind of behaviour.

If you call carrying the burden of having family and friends subjected to horrendous crimes unneeded baggage then you must indeed be living in Utopia, and I suggest you stay put! Of course our members carry baggage! But calling it unneeded is just plain callous and unfeeling. I suggest you get off your soapbox and read about the sort of things folks here have endured that MADE them take the plunge to emigrate to an unknown land!

I don't think it is at all necessary to post a public notice of history, or "history of our site", since the mandate of this forum is clear to all who visit (and I can assure you we get WAAAYYY more compliments about how this forum is run, the quality of assistance offered, and the warmth of the members towards each other, than your (frankly) petty complaints) I see no need to have such a declaration or statement. How much clearer can it be to say South Africans coming to Australia in our logo??!!

OK, I admit: I have been provoked! Now sit down and behave!

Hendie

[NZHigh]

Now sit down and behave!

Hehe

And,

Hear hear!

[Missy]

Dearest Hendie,

Terribly sorry you are provoked but maybe I can reassure you, you had no need to be at all.

The word amateur, as used by myself and as defined by my very own copy of the New Collins concise English dictionary, is "a person who engages in an activity, esp a sport or a pastime out of love of the activity rather than for gain" or " a person who is fond of or admires something".

So it seems our understanding of our common language is to blame here. A fair enough mistake on your part. Still provoked? No need at all, surely? No harm done then.

Secondly the "baggage" I referred to, was not that of the personal lives of the posters or "hosts" but rather that of previous forum activity which I have no privy to at all, being new here and all that.

The "history of this site" too which I of course by extension am referring, is that of the previous forum activity and not the sites philosophy or intentions. I hope that clears that up for you and somewhat lessens your provocation.

Communication can be seeped in good intentions and yet still be miss understood and cause for alarm. May I ask if you are South African? Quite often these common-language problems occur, across cultural differences, but are easily corrected with a little bit of patience.

On the issue of security. I no longer have any problems with this issue. I have solved the problem by myself, simply by removing my personal details. It will however be of concern still for other new forum members, as will any impartiality problems be.

As you can see the mail I sent to one of the "hosts" was internally sent from saaustralia.org/index.pttp, thank-you Riekie for displaying the evidence and in such good faith , but the poster who E-MAILED me used my personal E-MAIL address and not the internal one. This my service provider will be happy to confirm, as well as to confirm any posts I might have sent externally from my PC to this organisation, this wont include my original letter of confirmation on registration.

However on this issue again I am also satisfied as I again solved the problem myself, by having her removed from having access to my e-mail account, here I should also like to thank my service provider for being so prompt and professional. For them security issues are a daily battle and one which they dont take lightly.

Thank you for your time,

Kind regards

Missy

Edited July 1, 2006 by Missy

[DesertDaisy]

Look, I suggest that everyone just ignore Missy unless she has a question relevant to the aims of the forum, and its strong tradition of helping out potential and new immigrants.

Any other behaviour on her part can quite possibly be considered "trollish" (thats internet speak for a person who purposefully attempts to provoke arguments and fights on internet forums). And we do not want to stoop to that level ourselves, no do we.

[Lmari]

[Caroline]

I'm so glad I came to visit just in time to catch up - I can't miss out on all the fun!

[Hendie]

Missy,

Ek is so Afrikaans as kan kom, en die feit dat jy moes vra laat my nogal goed voel oor my Engels! En op daardie punt, ek is deeglik bewus van die betekenis van "amateur", die punt wat ek eintlik wou maak ... aaaag wat help dit tog! Maar gaan lees tog in jou Collins die betekenis van "innuendo" ook op ?

Jou poging om ons te kry om vuil wasgoed (lekker ou anglisisme!) uit te hang met 'n geskiedenis van die forum se ontstaan uit RainbowNation se onvermoë om swak gedrag te beheer was heel duidelik (snaaks dat jy so skerp dié "baggage" optel, en nie ander sosiale "clues" nie). My antwoord het eintlik gepoog om jou te sê dat ons hier is om ander te help, en nie ou koeie uit die sloot te grawe nie.

Oor jou verduideliking van die sekuriteitssaak gaan ek nie eers antwoord nie, jy het duidelik baie meer ervaring in Internet tegnologie nodig. Ek HET probeer verduidelik hoe PM en email werk, maar jy kort duidelik agtergrond om dit te verstaan. Miskien moet jy jou ISP vra of hulle nie 'n kursus het vir gebruikers oor Internet goete in die algemeen nie? Hulle sal vir jou kan verduidelik dat hulle geen beheer het oor wie vir jou na jou Hotmail rekening toe email nie, jammer Sannie. Met jou soort inkomste behoort jy maklik die vlug Hong Kong toe te kan bekostig.

Hendie

[Dreamcatcher]

DesertDaisy

Once again we are on the same vibe. You said what I was thinking. The problem is just that we try and answer the questions, and then our answers are twisted, ridiculed and thrown back. Like others, I'll be starting to use the ignore button, whatever it does.....

Greetings,

Dreamy

PS: this will be MY last response to this topic.

[Missy]

Dearest Hendie,

Thank-you for your reply, I am glad you understand where I am coming from at last. Your previous take on my word baggage, well, daar heb ik geen kaas van gegeten. I had thought you might be in fact American and not English, because of your misunderstanding of the context in which I used the word amateur. No harm done. Innuendo I personally believe is best left to the experts, on "carry on films" and the like, what a shame that they dont make them any-more, my grand parents thankfully have wonderful archives of these charming old films, starring our very own Sid James from Durbs by the sea. Ou koeie uit die sloot te grawe nie? Priceless, I love it! Perhapse you forgot one or two bovine ghosts from xmases past.

Any-way this "rainbownation" site that you speak about could be briefly mentioned in the "history of our site" it could help to set the tone for decent behaviour towards new comers in general? It certainly seems to have left a lingering legacy?

I am sorry that I am unable to answer you in your mother tongue, the irony is that I am married to a very nice boy with the same mother tongue. However as I had to study at Leiden university for four years I also had to learn the Dutch language. My husband no longer speaks Afrikaans as no one can understand him, and he needed to learn English more than I needed to learn Afrikaans. This crash course in Dutch ruined my std5 level Afrikaans for ever. Maar als het je beval, sal ik dan over gaan tot het Nederlandse taal? Het woord order is absoluut niet te verstaan, en het woordenschat is anders, selfs het gebruik van het dubble negative is er niet.

You are both right and wrong on your assessment of my computer skills or understanding of e-mail technology. However if you think that, sy kannie bokkem braai nie, you would be very wrong. Ever since a student and the need for pages and pages of graphics I have been a techie' and apple mac expert. To use one in those days, not too very long ago, you had to be an expert.

As far as security issues go Apple macs are almost completely free of them. I have never had a bug, virus or worm ever. However I now know what to look out for, as I recently also bought a PC whilst in HK, that still has as it's service provider the one in HK, as I needed a continued flow of my e-mail. Quite practicle if you have to move around a lot on short assignments between institutions. But also for the general public contemplating a move. Tip of the day. Don't mention it.

Ik weet, of lieve denk het, dat dit site niet heeft de bedoeling om de public in het warring te neem over het mogelijk bedrieglijke gebruik van persoonlijke info, maar dat kan dan ook duidelijk n misdaad wordt, al is het niet de bedoeling in het eerste omstantie. Als dit dan nou over n hotmail rekening gaat of niet. Trouvens ben je dan duidelijk dat ik dan n hotmail adres heeft neer geschreven in het "optional" maar niet "veilig" vakje?

Maar in so ver dat ik dan dat kan sien, is dit maar n' duidelijke eenvoudige probleempje om optelos. Maar dat weet je toch? Of niet soms?

Dank u voor u tijd,

Missy

Edited July 1, 2006 by Missy

[SASydneysider]

Missy!!

I always thought it to be bad manners to respond to someone in a language they do not speak or can't understand.

On THIS forum we all speak and or understand ENGLISH and AFRIKAANS!

Who are you trying to impress? Backoff!

SAS

[Missy]

I suppose that post by SAS'sider is not considered badgering??? Luckily I never allow myself to be provoked. That particular little self indulgent luxury I have learnt to control. you kids!

Besides you are wrong, "on this forum we all speak and or understand English or Afrikaans" I know of at least three Dutch speakers here and I myself can speak four languages. The world is a far smaller place than you think?

Edited July 2, 2006 by Missy

[Die Kotze's]

Hierjy Australia!

I get the feeling that you guys have just been "Borissed." Boris is a guy who occasionally pops up on SaCanada, baits people mercilessly until they loose their cool, and then gets himself banned. Methinks your newest member is a Boris-type, or even Boris himself. Why?

1. There is no "ethical reason" why a doctor/surgeon/whatever is not allowed to tell you exactly what it is they do.

2. Females are not really recruited or encouraged to work in even liberal Dubai, not even as surgeons.

3. People who work in pediatric reconstructive surgery do not have time to rits around in Porsches, or spend hours on a forum criticising security.

Relax, people, and don't let yourselves be baited.

Love from Canada.

Charlene