BARBELITH underground
 

Subcultural engagement for the 21st Century...
Barbelith is a new kind of community (find out more)...
You can login or register.


Underground > Policy & Help >

Hmmnnnn.... email address leakage?

  
 
Cloned Christ on a HoverDonkey
03:24 / 17.03.03
I recieved a piece of spam a few days ago, addressed my Barbelith username, "Chillblain Supernova".

This spam advertised pictures of large appendages "stretching" the female recipients they were intended for. This is the only forum of many that I use this particular username for, so I'm forced to conclude that my membership details have somehow been leaked to a rather unscrupulous advertiser from Barbelith.com.

Is this standard policy? Has the user database been hacked? Has anyone else had any emails similar?

Just wondering.....
 
 
The Return Of Rothkoid
09:10 / 17.03.03
That all depends. Do you use it anywhere else? There's no record of the DB being hacked; Tom and Cal are pretty security-keen, so I doubt very much that it's come from here. Elsewhere, mayhap. I've never had any Return Of Rothkoid spam, except on the hotmail account I set up specifically for use here; I think that Hotmail's books are pretty open, so if it's a freemail account you're using, that'd be your answer, rather than this end.
 
 
The Strobe
09:59 / 17.03.03
Well, I had a junk email which in the field where they stick the username addressed something to me as "mordantcarnival" which was odd to say the least. I think something's trawling Barbelith, but not very successfully by the looks of things.
 
 
Kit-Cat Club
11:12 / 17.03.03
I think it's more likely to be that someone has trawled the pages listing member names and info than that there's been a major security leakage - I have never had anything, but then my email address is hidden and they couldn't have got it from that page. Hide your address! If people need it they can PM you for it...
 
 
Baz Auckland
17:37 / 18.03.03
I think there are programs that occur on the internet that will check the cookies in your browser for info. If you don't log out when you're done, there will be one with ('Barbelith', 'Username=Chillblain Supernova', 'Password=xxxx') on your computer...

...it may help if you also set your browser to clean out the temp internet files after you close the browser.
 
 
w1rebaby
19:32 / 18.03.03
That shouldn't be possible, surely, unless the cookies have been defined very insecurely indeed. The domain won't be right so your browser won't tell them.
 
 
The Return Of Rothkoid
04:54 / 02.04.03
Figured it out. Trawling across Google, I discovered that the member directory's been cached. Presumably someone just spidered and got the addresses from there - so if your email address is visible, they could get it.

Third down, here, for example.
 
 
tom-karika nukes it from orbit
17:37 / 23.04.03
I too have started getting spam with mey Barbelith-Only username. The list of email adresses is accessible Here
and is visible to anybody, anywhere whether they be members or not. It is also Google-indexed. My email adress is now hidden, but for some time it was world-visible. I don't mind sharing my adress with other members (like it says in the profile options:'
Allow other members to see my email address') But would rather it wasn't shown to the rest of the net. Can I please make some suggestions about how this could be changed to be more secure and spam-bot proof?

1. Make the members list page visible only to registered members. I don't think a spam-bot would bother to sign up.

2. Make the members page email adresses harder to read with a spam-bot; for instance by replacing the @ sign with _at_, and relying on the person sending an email replacing _at_ with @. Lots of othere sites use this. (Instructions to this effect at the top of the page?). Other ways include adding [REMOVETHIS] at a strategic point in the adress, or something similar.

3. Clarifying the wording in the profile editor, from '
Allow other members to see my email address' to 'Allow my email adress to be displayed on the publicly viewable list of members'

I'd like to be able to share my e-mail adress with other members, if only because it means that people don't need to p-m me to ask for it. I suppose it makes me more answerable should I (accidentally) say something that offends someone or is particularly contentious and they want to e-mail me personally about it. But I don't like spam either.
 
 
Cloned Christ on a HoverDonkey
13:36 / 27.04.03
Thanks, Tom-Karika - I think I'll re-make my email address available to lithers, but with a [removethis] type inclusion.

Good thinking.
 
  
Add Your Reply