Here's a comment I got from a classmate's son about the security on our website. I'm trying to prevent his mother from making verbal claims about my site to other organizations saying they can link to it -- it is not her right to do that, especially if some classmates keep their profiles "unlocked." Really, the point is that they have no right to make those claims to begin with but....here's what he had to say -- would be interested in your comments back on it. I already know about the Google thing. I consider his comments a threat at this point. Pls. comment on that too.

"One has very little administrative control when their site is being hosted on someone else's servers. Anybody with a keyboard can claim creative control and anyone can link to anything. Google, for example, has already indexed all the keywords and metadata for your site. Give it enough time, and typing "charlie chancellor" into google will stumble across one of my designs... It happens. Do a search on the CHS site, and look at Google's cache... They store local copies. I mean, someone could crawl a website with a spider, download a duplicate, and make a mock-up with better SEO than the original site and redirect traffic to it, or anywhere else...

All right, I'll have a tough time answering this one because there's not enough details in most of these points to go on. But let me try my best anyway. I'll summarize the issues below that I see in this person's question and then address them:

1) "One has very little administrative control when their site is being hosted on someone else's servers": Most sites are hosted on someone else's servers. The Administrative control that you do have is what you see in the system.

2) "Anybody with a keyboard can claim creative control and anyone can link to anything." This is vague so I'm really not sure what this means.

3) "Google has indexed the keywords and meta data for your site." This is true. However, Google can NOT index any pages you've password protected or any Profiles that have been restricted to only members by your Classmates. If your page is public, then yes, Google is going to crawl it like any other web site.

4) "Give it enough time, and typing "charlie chancellor" into google will stumble across one of my designs": I'm unclear what he means by "my designs." If he means his Profile, the public cannot get into it if he has it restricted to fellow Classmates.

5) "Someone could crawl a website with a spider, download a duplicate, and make a mock-up with better SEO than the original site and redirect traffic to it, or anywhere else": This is indeed true, somebody could clone any public pages on your site. They could also clone any private pages on your site if they have a password to get in. And then they could attempt to create better SEO (which would be difficult) in order to get the duplicate site found (highly unlikely). Bear in mind if anybody actually did this the cloned site wouldn't actually work -- there would be no functionality. Thus nobody would be able to join it or anything else. To actually clone the functionality of the system would probably take somebody a couple years time and at least a half million dollars in programming capital. So suffice it to say it's never happened to a single site here nor would I have any concern about such a thing happening. Honestly somebody would have to be insane to try this and there's little chance of success anyway -- not to mention we'd quickly find out about it and sue them.

Hope this helps...

Thanks, Brad -- Yes, it helps! I especially am glad to see your answer to #5. I'd be right there with you in the lawsuit if something like that happened.

Number 2 has to do with an argument I am having with this kid's mom who is the 60th Birthday committee chairperson. I want her to knock off telling people that I'm going to add stuff on the website I don't want on it or have the time to do so I am essentially claiming "creative control" because she continually disregards my time and website rules and blabs to others without my permission. I am asking her to respect the work I have done here by at the very least trying to get my permission before others link to my site, if I can. She's been wanting to have one or more of our high school student groups do that. I used to work as a Tech Director in a school district and I know what kind of mischief these kids can do so don't want any links to our site without me knowing about it, again, if I can. Bottom line, I know anyone can link to a site if they want to, I just want to know who if at all possible is responsible for the group/organization with the link in case something goes wrong, although I realize little can. I especially want to prevent outsiders from getting info on Classmate Profiles that are not locked out from public view. Can I just go into those classmates profiles and lock them without them knowing? I've emailed them many times and they choose not to lock their Profiles so I certainly consider them vulnerable, especially now.

#4 - "his designs" means he did some work on our logo and has his own sites so perhaps he has it there -- no problem, it's used in countless numbers of places so that's not an issue for me. He also had a version of the logo on his own Profile on our site but he had sent me a very hostile email the other day so I deleted his profile as I don't want him on the site. However....his mom is still there and I'm sure he could get on our site that way if he wanted to. Unless I delete her too which I could do but she is the committee chair....I don't want this to devolve any further but...if she's out there and he uses her Profile then we'd be pretty vulnerable, wouldn't we? This is an issue of trust at this point. I don't trust either one of them now. Ugly, ugly, ugly.

Comments?

#2: Realistically you can't control who links to your web site. The web is a public place of course, so if somebody creates a link, then you've got an incoming link. If you'd like I can hit a magic button on this end to auto lock down all Profiles without any possibility of anyone being able to make them public ever again. Let me know if you'd like me to do that, just bear in mind you'll be taking away people's option of sharing their Profile and photos with non members, such as family, friends, co-workers etc.

#4: I'm not sure what you're vulnerable to exactly, other than her doing more things you don't approve of. All I can really say about this question is it's your web site. You started it, you've maintained it, you own it, it's your baby. You have the right to run your site as you see fit, including policing it in accordance with policies you have set if necessary. Sometimes you have to lay down the law in order to keep the type of environment your other Classmates need for your site to be a continued success. If that means having to boot somebody then clearly you've taken that action for the sake of your site and your Classmates. I understand you know this already and it doesn't make it any easier to deal with these types of scenarios. When you're a Webmaster sometimes you've gotta make hard decisions and that's the way it is.

#2 Yeah, I know I can't control links to the site but I should be told at least who the chairman is talking to about it and encouraging it and why but I realize I can't control her mouth either. It's really odd because most of my pages are password protected anyway, so what's the point of a link anyway? Before I ask you to lock the profiles down, I'll send another email to the classmates who haven't protected their Profiles to let them know why they should consider doing it. But I'm glad to know that's an option for us!

#4 - Yes, there are hard decisions to make sometimes. They really do not understand I have the right to run the site the way I want, I'm sorry to say. The vulnerability I mentioned has to do with her son (very knowledgeable about tech and security) getting onto her profile and attempting something like #5 if he wanted or other mischief but hopefully that won't happen. They really do not understand I have the right to run the site the way I want.

Thanks so much for answering me tonight -- this should all blow over after the event a month from now so I'll just sit back and see what happens next....if anything.

Elaine

Elaine,

I noticed you don't have the NEW CLASSMATE VERIFICATION option turned on. I have it turned on for my website. Then when I verify each classmate, I also check the box for their profile to be password protected. I have had some classmates come in and uncheck the box, but initially it is checked so it is locked.

If your website is linked to and someone wants to see any password protected page, they just choose a classmate who is not signed up and assume their identity (click the JOIN NOW button). Then they can view any password protected page they want. That is the reason I chose to turn on the NEW CLASSMATE VERIFICATION feature.

To turn on the VERIFY CLASSMATE, look for this section in the PREFERENCES page:

NEW CLASSMATE VERIFICATION

Which option should I choose? How do I verify Classmates? Get help.

       ALLOW new subscribing Classmates to immediately see any password protected areas of the web site, access any Profiles that have been restricted to viewing by only fellow Classmates, post messages in message forums, and display new Classmate's Profile information.

       DO NOT ALLOW new subscribing Classmates to view password protected areas of the web site, access any restricted Classmate Profiles, send or receive emails, post messages in forums, participate in Live Chat, and hide Profile information from other Classmates until the new Classmate's identity has been verified. (Note: If you select this option, a new "Verified" field will appear in the Classmate's Profile area that only you, the Site Administrator, can see. When a new Classmate joins your site and the Classmate's identify has been confirmed, toggle the "Verified" field to "yes". The default will remain "no" until you do this. Once toggled to "yes" the new Classmate will be granted access to restricted areas of your site.

Hi Kyle, Thanks. I have been considering doing just that given what's been going on lately for the extra protection for classmates (especially if Brad can go in and protect the ones not locked now). Makes sense. How do you actually verify your classmates if you have a question about their authenticity? Compare personal data you already have for them first? I'm wondering because I've had a lot of classmates whose address/phone/email address has changed -- do you just send them an email and ask or what? Elaine

Read Questions 1 in our FAQ Privacy section, here.

I updated the wording to make it more accurate.

Duh, thanks for the reminder...I remember seeing that with the last incident we had. I'm sure I'll be doing this. Thanks, as always, for your and Kyles stellar assistance!