Jump to content
Sign in to follow this  
luvemfast

Need for a locked section, for our own security/privacy

Recommended Posts

Is Gav on holidays or something? Or just deep in thought?

 

Bit of both, just saw this thread today. Have been on Holiday in Greece for the past week. I will give this thread a serious read tomorrow when I'm fresh and focused.

Share this post


Link to post
Share on other sites

haha...how can anyone focus after holidaying around the Greek islands  8)

IMHO I dont think a locked section is warranted, given whats transpired the last week or so. thats my 5 cents.

Share this post


Link to post
Share on other sites

Guys,

Another site that I post on occasionally has a "private forum" section that isn't visible until you have x number of posts.

 

I browse some sites as time permits at work. Because I don't bother logging in, as a guest I often can't view photos or attachments and that can get frustrating.

The beauty of an invisible section is that a newbie or guest doesn't know it's there, so hopefully won't get peeved by being locked out.

I don't know if this site supports that sort of thing, but it's an idea if you feel the need for security.

 

Pete

Share this post


Link to post
Share on other sites

There is lots of valid points raised in here and I'm almost sure to miss addressing half of it in my first reply. I'm kind of glad I was away on holiday because it's really given the community a chance to voice many concerns issues and get a good mix of responses. I fear had I been able to reply sooner perhaps many would have remained quiet and allowed me to speak on their behalf.

 

So if I were to summarise a few things:

 

1. There is some concern as to weather or not the forum software has the capability to provide some form of "locked" or exclusive section. I actually think the forum software is capable. But the workflow for such a locked section is another issue. For example do we lock it by membership status? i.e donating members only? My opinion on this is that it doesn't really provide much more security to me. If someone was willing to drive 100km out of Melbourne and case the joint then donating a 5er to get access to a member only section is not really an effective form of security.

 

We could manually approve users to a section based on critertia:

eg: number of posts, verified by other members, providing certain details like chassis no., licence no. , address details etc.. but then we introuduce a manual review process which is more overhead for myself and moderators.

 

I also don't like the idea of creating a "clicky" group and creating a division in the site between the newbies and the long standing members who might snub the newcomers. I've seen and experienced this before and that is really something I've tried hard to prevent here.

 

2.  There is the issue of what's available online. To give an example I was looking at wheels for sale in DriftWorks forum for my RX7 and I noticed a shop name in the background of the picture of the car that had the wheels currently on it. A quick search on Google Maps and I was able to streetview into that exact location. Pretty scary huh? In fact I have been able to locate other RX-7's on Streetview just by doing a bit of explorations of various areas on Google Maps.

 

When I went to look at my current RX-7 the previous owner met me at a public car park of a shopping center. I was a bit annoyed because I wanted to view the car from cold start, but obviously giving your address to someone you don't know is a bit of a concern. When signing the papers for the car the previous owner told me he was very cautious of what he posts online (we were talking about IT in general as we were both in the field). He had obfuscated his number plates in the original classified AD.

 

So I do think some of the onus here needs to be put back onto the poster. If you share certain information you need to realise ANYONE can see it. Having a private section may prevent some "would be" thieves but the really determined scum will still probably find a way to get this information. As I say if someone is willing to go to the effort of breaking into someone's place and going to all effort and taking the risk of being caught then a few clicks of a mouse is not going to stop anyone.

 

To truly have your privacy in this day and age you should probably send letters via the post. Since all digital information can be read and is being read by various organisations. Even your mobile phone calls and SMS can be read easily and has been. Look at Rupert Murdoch phone hacking scandal as of late.

http://www.google.ie/search?aq=0&oq=rupert+murdoch+phone+hack

 

To perhaps divert for a second, social media is a good and bad thing. Look at the revolutions going on in the Middle East right now. Sites like Wikileaks are the catalyst for this. Leaking information about Government corruption. All this classified information has been made public and sites like Facebook, Twitter, Youtube have allowed people to connect and organise protests.

 

On the other hand "heroes in their hotted up rides" often referred to as Hoons by the Australian media have been prosecuted and caught out due to posting videos of their idiocy on Youtube.

 

It works both ways.

 

I think the best way forward here is to create a stick post on the forum that helps members stay safe and reduce the risks.

 

3. Open Vs Closed Community

 

I'm all in favor of being Open. It is what allowed this site to grow in the first place and just because someone is a guest or a forum lurker does not make them a thief. As other have stated having to sign in to view pictures / threads is a major PITA. There is also 1 other consideration and that is search engines. They find and index information when it's open. Locking it down will result in search engines being blocked and unable to find information. This seriously restricts traffic to the site from search engines.

 

Blocking various email addresses / hosting services is also a PITA for genuine users. I do make an effort to block various hosts that continuously deliver spammers to the site though and these are often fairly obvious and rarely delivery genuine users.

 

As many also stated they joined this site due to the open nature of it and I think we have more to loose by being closed off.

 

4. Sending PM's is good, but even I can't guarantee your information is not going to be accessible by a 3rd party who wants it bad enough. If someone were to hack the site they could potentially read anything stored in the database. Same thing happened to Sony recently when hackers managed to get credit card details from playstation users.

 

http://www.google.ie/search?sourceid=chrome&ie=UTF-8&q=sony+credit+card+theft

 

Bottom line is nothing is 100% safe so the best protection is to be cautious with the information you post to any website not just Auszcar.

 

5. It seems from what I've read that Peter's thief was a previous customer, an Auszcar Guest (we haven't confirmed member) and possibly was following him on Facebook. So it could be the info on this forum or a combination of all 3 that led him to find Peter's place.

 

So am I ruling out a private section. Not yet - I do think it could work but I'm not sure exactly how we could regulate it or ensure we only get genuine members in that section?

 

If you have a member rides section then I think it would pay to review what you have posted in terms of how that information may be used. I think we can get the community to put some best practices together on how to protect yourselves. I do believe 99.9% of our community are the good apples it's just the 0.01% we have to watch for.

 

I know myself that I will be reviewing information I've posted online about myself (and do from time to time). But in light of this event I may edit some information I've posted to other websites in the past.

 

You can never be too careful. For example I'll never sign into my online banking from a computer I don't know because of a device called a key logger.

 

http://www.youtube.com/watch?v=kiq2fSUJ7W8

http://www.youtube.com/watch?v=jqic_aY3TqQ

 

For many other scams see Scam Watch from the BBC and The Real Hustle both great shows that demonstrate how easy it is to get something if you want it bad enough.

 

I think this thread is a good debate and I'm open to hearing more opinions / suggestions. The last thing I want is for members such as Peter to stop sharing such great detail / information with the rest of us.

 

 

 

 

Share this post


Link to post
Share on other sites

He had obfuscated his number plates in the original classified AD.

 

Is there any free software that could be linked in the sticky to allow members to do this?

 

2.  There is the issue of what's available online. To give an example I was looking at wheels for sale in DriftWorks forum for my RX7 and I noticed a shop name in the background of the picture of the car that had the wheels currently on it. A quick search on Google Maps and I was able to streetview into that exact location. Pretty scary huh? In fact I have been able to locate other RX-7's on Streetview just by doing a bit of explorations of various areas on Google Maps.

 

 

 

I recently search a landline number, via google, for a 260z that was advertised in WA. Although the name with the ad was different to the listing I was able to find the house and see the 260z in the drive on google maps. The bad part is that the owner has been away for the past two months and anyone could do what I did and take advantage.

 

Maybe sticking to using mobile numbers would be a good idea. Might be harder to track.

 

I'm no expert, just a few ideas i had.

Share this post


Link to post
Share on other sites

Is there any free software that could be linked in the sticky to allow members to do this?

 

Yeah, Paint. I know it comes with every installation of Windoze on this side of the pond since Windoze ME...

 

I recently search a landline number, via google, for a 260z that was advertised in WA. Although the name with the ad was different to the listing I was able to find the house and see the 260z in the drive on google maps. The bad part is that the owner has been away for the past two months and anyone could do what I did and take advantage.

 

Maybe sticking to using mobile numbers would be a good idea. Might be harder to track.

 

I'm no expert, just a few ideas i had.

 

While you can see the car on Google maps, that doesn't mean that it is still in the same location. The pictures are usually 6 months old at least.

Share this post


Link to post
Share on other sites

Just want to reiterate that I haven't ruled out a locked / members only section.

 

However I see 2 issues:

 

1. How do we manage / qualify a member and allow them access to this section?

2. Is the purpose of such as section for security? Or is there some other need for such a section?

 

In terms of security I think we can address this via education and helping members stay safe by being a little more cautious with the information they present in a forum.

 

I know a couple of members feel strongly about a member only section and I hope my post above doesn't come across as "no because I say so".

Share this post


Link to post
Share on other sites

1. How do we manage / qualify a member and allow them access to this section?

2. Is the purpose of such as section for security? Or is there some other need for such a section?

1. A certain amount of posts? I'm a member of European Car Club Australia, and they have a 50 post rule.

Perhaps a verified email address and details? Not really a fan of making peeps pay for this, but donating is still encouraged.

 

2. It is security now, moreso than before. But just a little bit more privacy for our investments/passions.

As has been highlighted

 

Share this post


Link to post
Share on other sites

1. A certain amount of posts? I'm a member of European Car Club Australia, and they have a 50 post rule.

Perhaps a verified email address and details? Not really a fan of making peeps pay for this, but donating is still encouraged.

 

2. It is security now, moreso than before. But just a little bit more privacy for our investments/passions.

As has been highlighted

 

+1

Share this post


Link to post
Share on other sites

Personally if none of the sections are locked, and you are only interested in looking, what would be the point of joining up, so less people to help pay for the site, personally not a good decision.

In my own case I googled and found this site because I wanted to sell my 240z, the only reason I joined up was to post that, after that I had a look around and liked what I have seen, The sale fell though and this site has given me the encouragement that I may one day finish my project and decided to keep it for now until I finish the house.

 

I also have a 306 Cab for the lady, I needed to know stuff and found another forum that was locked, no big deal I joined to get the information I wanted, and have stayed and have a read most days, yet another site would not accept my only email address a yahoo account which I have used for years,I have never bothered with applying again with another address.

 

This site is the only one I belong to that doesn't have a members only section.

If it makes members feel safer can't see the problem.

But security is in the hands of the poster.

Share this post


Link to post
Share on other sites

Exactly... How hard is it to rack 50 posts if you are keen to make a few bucks?  It segregates people and makes people look elitist.

Share this post


Link to post
Share on other sites

Yeah, Paint. I know it comes with every installation of Windoze on this side of the pond since Windoze ME...

Oh yeah of course. ;D

While you can see the car on Google maps, that doesn't mean that it is still in the same location. The pictures are usually 6 months old at least.

 

Photos posted online matched the google maps pictures. I had a job around the corner and drove past to see if anyone was around and the car was still there. The point is its pretty easy to find out where a car is, even for a simple tradie like me.

Share this post


Link to post
Share on other sites

i often don't bother to log in while checking out the latest posts etc - i'm sure others are the same?

 

Post count requirements are annoying, having to be a paying member doesn't ensure anything as if i was intending to steal some expensive stuff from someone, who cares about spending $20...

 

The only way that a trustworthiness type system could work is if an administrator approves them, or say 3 'trustworthy' members, so that way a mate can't just approve his mate, who in turn approves his dodgy mate. We could have a thread dedicated to people asking to be approved to save it constantly coming up everywhere

 

Although I know i'd be annoyed if say hybridz implemented such a system...their interesting and rediculous builds is the reason i go there

Share this post


Link to post
Share on other sites

But then that still prevents legitimate people (and 99% of them are) from contributing and just because they may be new to the scene/forum/internet, doesn't stop them from having valuable input. 

Share this post


Link to post
Share on other sites

And I have had issues over at HybridZ due to my post count. I would frequent the site but never really contribute as I felt those guys were far more technical than I. Then I came to post something (can't remember what section/for) and couldn't due to my post count. I felt like a member as I had signed up years ago and regularly visited the site but as I hadn't actually contributed enough information to the site I was excluded.

Share this post


Link to post
Share on other sites

And I have had issues over at HybridZ due to my post count. I would frequent the site but never really contribute as I felt those guys were far more technical than I. Then I came to post something (can't remember what section/for) and couldn't due to my post count. I felt like a member as I had signed up years ago and regularly visited the site but as I hadn't actually contributed enough information to the site I was excluded.

 

Probably a good thing anyway. You would have just likely been told to search, "It's all be answered before."  ::)

 

Sometimes I really hate that site, and other times I know it's the site that will be easiest to access the info I'm looking for.

 

Screwed if you do, screwed if you don't...

Share this post


Link to post
Share on other sites

Exactly... How hard is it to rack 50 posts if you are keen to make a few bucks?  It segregates people and makes people look elitist.

 

I'd have to agree with you, also if Auszcar was like this (post counts, locked sections) when I was looking to join it would have put me off, clubs/forums can be very odd places for non regulars. I like the way everything and everyone is accessable on this forum and thats our biggest drawcard I believe.

 

I've been a member on here now for many years and this is the first time I can recall this happening, hopefully first and last! Is all the extra security worth it at the cost of potential new members  :-\

 

There's always a few dirtbags that spoil it for the rest of us!

Share this post


Link to post
Share on other sites

All that's needed for certain information to get passed on to the wrong person is for a friend to mention it to another friend then gets over heard by someone else then for that individual to do some "Googling" to find out all that he/she needs. No matter how much you lock out of the forum, the scum of the earth will always find a way. Best thing you can do is secure all your prized possessions, (alarm, CCTV, insure etc) and as one smart teacher told me "C.Y.A......Cover Your A$$)

Share this post


Link to post
Share on other sites

I'm with Gareth on this, i know it wont happen to me again as i have fixed the shed .. i love the site as it is, it would be horrible if its friendly nature was changed because my shed was broken into....

Share this post


Link to post
Share on other sites

While reading this noticed 48guests and 3 members. says it all.

 

hmmmm disagree there a little....I suspect its more like 18 guests & 30 regulars who dont login because there is a glitch with their settings not remembering their username....Im lucky as I only have to re-enter my login details every 6 months or so.

Share this post


Link to post
Share on other sites

hmmmm disagree there a little....I suspect its more like 18 guests & 30 regulars who dont login because there is a glitch with their settings not remembering their username....Im lucky as I only have to re-enter my login details every 6 months or so.

 

Well the forum software will only show guests and regulars based on their logged in status. Google Analytics however will show me activity on the site based on those who have signed in (within the last 2 years) compared with those who have never signed in.

 

I can tell you that less than 1/3 of site activity is from members. The rest is from guests who are potential future members.

 

I don't want to detract from the current topic though.

 

Also as far as I know the having to re-login issue should not be present still? Unless people still have this problem? I often browse the site not signed in either from work at elsewhere as I'm sure members do.

Share this post


Link to post
Share on other sites

2. It is security now, moreso than before. But just a little bit more privacy for our investments/passions.

As has been highlighted

 

I don't know if a locked section will really provide much more security though.

 

For example let's say a "member" with access to a locked section can see images of your project and decides to send a link directly to the image to a friend or post it on another forum thread elsewhere on the web. People are going to see this image.

 

For example your avatar image is here:

http://www.viczcar.com/forum/index.php?action=dlattach;attach=12498;type=avatar

 

Now I could lock down all "hot linking" to images, and I have considered this due to the bandwidth it can use. However sometimes this can be a good way of attracting traffic from other sites and threads to this site.

 

You would be surprised what other websites and forums link back to Auszcar.com I've gone through various logs and seen sites and conversations about topics on Auszcar discussed elsewhere.

 

So whilst the thread itself may not be visible to outsiders the images could still be viewed. I assume that it's the images that people are most sensitive about?

 

Other things people could consider from a security perspective.

 

1. Don't include street signs in images (if you take a photo outside your house). That includes house number etc..

2. Cover the licence plate using image editing software. Unfortunately I don't know of a good tool that can do this automatically. I think it would be a good feature for Google Picasa to do (since it already has face recognition) recognising a number plate should be easy.

 

3. Be deliberately vague about your location. If you prefer use Victoria or S.E Suburbs. This is a tough call because often it's helped members network.

 

4. I'm sure there is more but this is just a few ideas.

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×