| Blockbuster sites, amazing reunions

Share Tips

New Topic Reply Subscription Options  

Privacy and Hacking Concerns

Forums: General Discussion
Created on: 07/01/15 09:22 AM Views: 1071 Replies: 10
Wednesday, July 1, 2015 at 9:22 AM

I received the following message from a classmate who then did not sign up:

"I went to the site and started filling it out. Then I noticed I was putting down info that I normally wouldn’t broadcast (birthday, address, phone numbers) and noticed that the site is not secured by being https://.
Did you consider having this a secure site? Too many hackers out there!"

I sent him a copy of Privacy Notice from First Time Visitors.
What other assurances can I provide to him?
I am not familiar with the issue of "the site is not secured by being https://"
Does that create a security problem?

All comments welcome.

Wednesday, July 1, 2015 at 11:00 AM - Response #1

The personal data (Birthday, address, phone numbers) are not visible to regular classmates. Birthday can be available if the classmate desires other classmates to know about the birthdate, but the address and phone numbers are never visible except to an admin.

When a secure connection is needed (for passwords, credit card information for registering for the reunion, etc.) the website does use https://

Wednesday, July 1, 2015 at 11:05 AM - Response #2

I will pass this info along to my skeptical classmate and I am glad for this additional info just in case any other classmate raises this concern.
Thanks for the speedy response.

Wednesday, July 1, 2015 at 11:24 AM - Response #3

Well, this is not easy to explain but I'll try.

The difference is how HTTP works vs HTTPS

HTTP: Normally the data is just clear text. IOW if you put a monitor on a line going to your PC (and of course that could be anywhere in the world) you will see the text just as on your screen. Anyone can read it. However, they need to tap into the data stream which is not a trivial task. Normally the 'hacking' is done by insertion of virus/malware stuff into a system which then steals the data required.

HTTPS: is encryption of the data back and forth between your device and a server. You can't read anything without the magic passwords. (Technically even HTTPS can be decoded but you need the resources of big brother Evil or Very Mad )

So yes, a 100% HTTPS site is more secure than a normal HTTP site assuming that one's system itself didn't get hacked (which means they can directly get to your 'secure' data).

Getting a site with its own domain name to https means you have to buy a certificate. They range from $9/yr to $149/yr HERE.

Back to CC: Data on CC is https where required: Login and Paying.

So practically speaking the data is pretty secure and the most vulnerable area is actually fake classmates that join. Moreover, the address and phone number are not displayed and he can disable his birthday too.

After explaining the above, I just tell people to only enter what they feel comfortable with.

Short story: CC data is likely more secure than your own system when you browse around. Get good local system protection and don't open unknown emails Wink

(sorry it took me a bit to type this with details)

Edited 07/01/15 11:28 AM
Wednesday, July 1, 2015 at 11:33 AM - Response #4

Here's an example of how HTTPS is somewhat false security.

Facebook is HTTPS yet if you let a 'friend' join they can see everything you let 'friends' see.

So the only real thing HTTPS is useful for is securing the transmission of real-time transient data streams, not really for securing a site per se.

Wednesday, July 1, 2015 at 12:09 PM - Response #5

Have your Classmate consider just joining your website with his/her email and setting up a password. They do not have to volunteer any other information. That way they can access the various features of your website and other classmates can send personal messages via the website to them to make connections.

Only classmates who have joined can see certain classmate information (no addresses or emails - only Admins can see). If you look without logging in and you click on the Classmate selection, the names with have LOCKS next to them by default (Unless the classmate selects a public access choice - not recommended)

As an Administrator, I am truly vigilant to any name joining hack. That is, someone can select a classmate name who has not joined and then get access to the your website. Admins get all the joining information automatically. Admins can verify the joining person and if things aren't right, just delete the classmate and reset later. I believe there is an Admin option to verify the joiner before processing through the website, but would not recommend that while building your website and that adds complexity and confusion on the early website development.

If OPM and DOD and NSA can get hacked, who are we kidding about internet security. We must live our lives reasonably, but follow some basic behaviors to reduce hacking. I personally do not want to live in a cave to avoid hacking or identity theft.

Wednesday, July 1, 2015 at 1:47 PM - Response #6

Tom, your classmate may not be educated on the in's and out's of computers or understand much of the computer lingo that has been in the replies here.
I would suggest that if he still has concerns about the privacy of the website, he go to another class site, whether it be from your school or another, perhaps even in another town that uses class creator. [starting at the CC home page]
Have him send a message to a class website, and he can ask THEM if they have ever had any issues with privacy.
You might also point out to him the number of classes that utilize class creator, as well as the total number of members.
The sheer numbers should convince him to not have any major concerns.

Edited 07/01/15 1:57 PM
Wednesday, July 1, 2015 at 5:15 PM - Response #7

Thanks for your comments and suggestions.
I am mulling over just what to do to placate him. I may also explore whether there are some simple ways to make my site as secure as possible without also discouraging participation and messing things up for those who have joined so far.
Were that life were simpler.

Sunday, September 13, 2015 at 5:23 PM - Response #8

Kyle, I would like to 'make a motion' that the programmers place bold and bright text below and/or adjacent to EACH of the blocks for email address, phone, and other 'private' information in the Profile and Contact Information for each site member, indicating that this information is NOT visible to fellow classmates.
Wouldn't this avoid a lot of these questions in the future?
While many current sites/users MAY know this information is not visible, your NEW sites/users will have that information 'at hand' when they sign up.
We recently had a couple classmates finally join, and they contacted me regarding this very issue, e.g., privacy concerns, and yes, they had NOT read our PRIVACY CONCERNS page either.
Thanks, Steve

Sunday, September 13, 2015 at 10:13 PM - Response #9

Great idea

Sunday, September 13, 2015 at 11:19 PM - Response #10

Nothing on the PROFILE page is private (unless they have made their profile for "Classmates Only"), then all of the fields are private. I don't think anything needs to be done to the EDIT PROFILE page.

Almost EVERYTHING in the Contact Information page is private (admin use only). About the only exception is the BIRTHDAY field, which can be visible if the classmate allows.

I agree that it would be helpful if the EMAIL, STREET ADDRESS, PHONE NUMBER, (and possibly BIRTHDAY) had more colorful text (using text color or background color) saying that the fields are only for ADMIN use and not visible to other classmates. Currently, the phone(s) and street address have something similar to this "Cell phone number is visible only to Site Administrators and cannot be seen by your Classmates. ", but is not highlighted.

It is true that some classmates do not read the text below the input fields, so they might not see the current "private/admin only" text. If it were highlighted better, it might get noticed.

New Topic Reply  
Subscription Options: Have all new forum posts sent directly to your email.
Subscription options are available after you log in.