Why is this site with all the security issues still online?
Frank__
Posts: 302
Why is this site with all the security issues still online?
(Just repeating the subject in case of this thread being merged into some other one)
Why am I listed online if I was denying this?
There are 2 logins there: the general one (shop and forum) and the one only into the forums, where you have the option to uncheck the
"Show my name in the online users list". The overall login may be a bug; but the unchecked "Show my name in the online users list" shouldn't show me in the "Active members" list on the bottom of the forum start page. Hey, I unchecked it! And this joke of a software still shows me?
Why does this system shows after almost two weeks of being alive the real names of members to other members?
This is the (not Hans Guck-in-die-Luft?). Showing the real names of members is not some "glitch" or "something, which is known and has to be worked on". It's simply a security breach: members trust DAZ to not reveal there real names because they can choose an alias. It's not some social network where you're forced by EULA to use your real identity. (Yeah, I know you can fake it there. That's not the point.)
Why was my credit card information carried over from the old shop into the new one?
After the security problem with Artzone sometime ago and the switch to the new shop before this new shop I decided not to store my cc-info in this possibly insecure environement. (I had those thing with another shop, changing credit cards, no other shop working etc. blabla). But after I logged in the first time into this new shop my credit card information, which I had denied to save, where suddenly there.
And: no, I'm not paranoid. My nickname is my first name and with my former alias (kentauros) and my location everyone could have found my real identity within two minutes; I don't have a problem being identified as a DAZ forum member; but I have a problem with all those insecurities here, especially my cc-infos. And others have problem with the other security issues.
And if DAZ were in Germany I would have filled in a complaint into the bureau of data privacy protection, because what DAZ is performing here since almost two weeks should be in no way tollerable ...
SHUT THIS SITE DOWN UNTIL THOSE ISSUES ARE SOLVED.
edit: And please implement paragraph breaks, so I'm not looking like some complete idiot.
Daz 3D is part of 
Connect
DAZ Productions, Inc.
224 S 200 W, Suite #250
Salt Lake City, UT 84101
Licensing Agreement | Terms of Service | Privacy Policy | EULA
© 2024 Daz Productions Inc. All Rights Reserved.
Comments
While it does tend to glitch and show you logged in as someone else, you are not logged in as them. If you were to click to see your account info, the info is your own and not somebody else's. The name is the only info you can get about this person. Yes, it would take next to no effort to obtain certain information, especially with the forum profiles, but the person's real name that shows up in the store, does not show up in their forum profile, so you have no way to put two and two together.
To get a paragraph break, hit enter-space-enter. It's annoying, but it's a workaround.
enter-enter-enter works too.
There's the problem: I'm really :) not paranoid but I have a friend which is an IT security specialist. And two years ago I was on someones 50th birthday party which usually includes people you won't already know everything about. So some people met again the next day, to kill the beer and meat leftovers and suddenly my friend came up a with a whole lot of information, alomost life spanning, about those two people which weren't before in our peer group. And he had nothing more than some harmless interests/hobbies and real names. I don't got paranoid on this, but I realized what is available with only slightest informations. So I still see DAZ at the moment as a security issue.
Love you for this.
love your for thisl
love your for thisl
Edit: I will never got those forums-html done; I'm just to old for Web 2.0.
Thing is, with so much social networking and things nowadays, it's really not difficult to find things out about people. I know there are paid websites a lot of people use for genealogy purposes, which are also useful for getting information about convicts and such for case purposes. =x
LOL you're welcome for the tip. :P
Of course, some people do, some won't.
I had some forum post in mind where someone (KickAir8something, I don't find the post ...) said, that even the slightest connection between her real name and DAZ could cause her some trouble. I don't know if this is a real treat but I can imagine googling a real name and only "DAZ" at this moment with real names exposed come up with some thread like the "Reby Sky"-thread or "Is DAZ-Studio only for the p...-thing". I wouldn't care, because I'm already beyond good and evil :) But some others may do.
(So, now I'm going to watch the last recorded "Shameless" episode and then go to bed, waiting for the answers I'll get later here ...) :)
Protecting personal details is mandatory in most countries and businesses usually have to publicly state they will protect your data.
I see Daz mentions they have a privacy policy in their terms of service but I didn't find the full privacy document. http://www.daz3d.com/shop/terms-of-service/
Privacy
DAZ 3D will use and protect your data, such as your name, email address, and in accordance with the DAZ 3D Online Privacy Policy, the contents of which are incorporated by reference herein.
Where is the option 'Show my name in the online users list'? I can't find that anywhere.
Ehhh.. I'm not finding it either, and looking back, I'm confused why he says there are 2 logins. The store/forum logins are integrated into 1 login. :gulp:
The Screen name fuield seems to have reset for some people who had changed their name during the life of the old forum, it's possible that it is also showing real names instead of pseudonyms in some cases for the same reason. I can edit screen names, for the forum at least, so if you are showing the wrong name please PM me with the name you should have (and ideally a couple of alternatives in case the name is already in use).
Ehhh.. I'm not finding it either, and looking back, I'm confused why he says there are 2 logins. The store/forum logins are integrated into 1 login. :gulp:
I can be logged into the forums but not the store, so either they are separate logins or the store is more borked than it first appears.
Given that some of us will go to the store and see other people's names Daz are failing to protect people's personal data. I'd agree with the OP, this site has got security issues.
Ehhh.. I'm not finding it either, and looking back, I'm confused why he says there are 2 logins. The store/forum logins are integrated into 1 login. :gulp:
I took those two screenshots in two minutes while being logged out. Obviously the different logins use different cookies: on the first one my cart is empty, on the second one it's filed with 1 item (the freebie I "bought" and downloaded yesterday, so this is wrong, too).
I tried testing that last night after my post and HOLY CRAP did my logins mess up. I tried logging into the forums first, and was still able to access my wishlist in the store, but came across a looping login page when trying to access My Account. Not sure if the two are unrelated and I just had very bad timing.
I get the first login when I'm logged out and try to read something in the member's only forum. So maybe it's a thing only PC Club members see.
I get the first login when I'm logged out and try to read something in the member's only forum. So maybe it's a thing only PC Club members see.
You shouldn't even be seeing the Members Only forum link when you're logged out.
Since I am a PC member, I don't know what it looks like if you're logged in and aren't one.
You shouldn't even be seeing the Members Only forum link when you're logged out.
Since I am a PC member, I don't know what it looks like if you're logged in and aren't one.
Strange things are going on here ... :)
I'm a PC Member, too, and I'm more than surprised that I get to see other logins than other PC Members.
I have debated (with myself) about voicing my opinion on this subject, but the more I see it come up, and the more I see Mods and forumites claiming those with a legitimate concern are all Chicken-Littles, it made me reassess this whole situation.
So, here is my buck-fifty opinion:
I have been dreading all the forumites posting peoples real names in the forums. The OP is right, and so are some of the views on this situation (which may, or may not be officially resolved as of this writing). Some names are common such as "John Smith" (my apologies to any real John Smiths here), which to any nefarious searching leads to many results that would make it difficult for an unscrupulous individual to narrow down to the correct individual (though possible) and correct information.
Others, such as myself, have unique names, which once known to the public (with identifiers such as hobbies, or DAZ itself) make for an easy target, because any search results harrow in on correct info (not difficult with unique names) that can be used against someone.
Now, for those who are thinking I, or those like me, are Chicken-Littles, or even paranoid:
Have you ever been a victim of identity theft?
I have. Three very frustrating times, thank you...
Have you ever had a spouse, an "ex", or jaded lover hire people to put you in the hospital?
I have. Though, due to my survival skills, thankfully did not come to pass. Nonetheless, it was a real event in my life.
Point being; Am I really paranoid? Or am I just trying to be safe, and self-protecting?
I am glad (and at ease) that no one has posted my real name (yet?) publicly in these forums under the guise of "WTF? I'm not "so-n-so", why am I logged in as him/her?" I worked really hard to disappear from my former life, and if anyone from my past saw my name, even without knowing my alias, they would at least have a place to start searching for linking information.
This has been a security breach from day one, and I am sick and tired of those (including Mods, and DAZ officials) stating otherwise. Yes, it might not be a total breach, and might not reveal sensitive information such as credit card, addresses, or etc., but showing real names is definitely a breach. Show some respect. Own up to it. And, stop pretending, or backpedaling this whole fiasco is a figment of the paranoids imagination.
Not everyone is on Facebook, or participating on the internet with their real names. Some of us are incognito for valid reasons. And, no, I am not any kind of criminal who needs to hide my identity. I hide my identity because of real criminals in my walk of life (not yours; nothing to do with any of you. You have your walk of life. I have mine).
Sorry for the rant, take care all...
Ken
Ditto'ng this bigtime. >:-(
I'm glad that the problem's now fixed (assuming it's really fixed), but this went on for weeks, and we've little idea whose safety's been compromised or what the long-term damage will be. Maybe the other shoe'll never drop . . . maybe.
You're not the only one. I mentioned to someone I saw do it and said that the person to whom the name belongs may not appreciate it being thrown out there like that, even with the name issues. I kept seeing more and more people do it, and the mods say nothing, and figured I would've been fighting a losing battle. /shrug
Ditto'ng this bigtime. >:-(
I'm glad that the problem's now fixed (assuming it's really fixed), but this went on for weeks, and we've little idea whose safety's been compromised or what the long-term damage will be. Maybe the other shoe'll never drop . . . maybe.
Has it been fixed? Don't recall seeing it being announced - maybe it was just slipped in as a post amidst one of the other threads.
Has it been fixed? Don't recall seeing it being announced - maybe it was just slipped in as a post amidst one of the other threads.
There are new stickies about the fix in the commons:
http://www.daz3d.com/forums/discussion/1557/
Has it been fixed? Don't recall seeing it being announced - maybe it was just slipped in as a post amidst one of the other threads.
There are new stickies about the fix in the commons:
http://www.daz3d.com/forums/discussion/1557/
Thanks, ironically I had just posted on the last page of that ... ;)
It seems the fix isn't complete at the moment.
Regarding the mentioning of the real name in forum posts I wrote something there:
http://www.daz3d.com/forums/discussion/1557/P30/
Feel free to support my appeal in this thread, which is monitored by admins and DAZ-staff.
edit: sorry, not "stuff" but "staff". :)
Thanks, we have gone through removing the names that were posted in text and screen shots (as far as we can tell).
Not reading threads through, Simon ;-)
Thanks for going through and doing that. :)