Forums Site Forums Site Technical Support
  • Topic: Site security

    Back To Topics
    (0 rates)
    • February 12, 2016 11:31 PM GMT
      • Post(s)
        201
      • Thank(s)
        0
      • Thanked
        1
      • cR(s)
        0 -1

      Untitled

      emily thanks x
    • February 13, 2016 12:09 AM GMT
      • Post(s)
        139
      • Thank(s)
        0
      • Thanked
        0
      • cR(s)
        0 0

      Untitled

      This really isn't about the site security is it.

      The site is secure, as secure as any other site of it's type. It uses a commercial available and tested framework that is updated, the servers are patched on a regular basis.

      If people want total security then they should unplug from internet.

      X R
    • February 13, 2016 8:22 AM GMT
      • Post(s)
        201
      • Thank(s)
        0
      • Thanked
        1
      • cR(s)
        0 -1

      Untitled

      being deadly serious now Emily, my comments might seem harsh to you but they are far from unfounded. Closet trans folk on the internet are quick to take offence at harsh realities, which given the trials and tribulations an 'out there' transsexual faces on a day to day basis quite irks me. I don't 'CD' Emily, I live this way. I'm not Malcom in the the morning Arrnold in the afternoon and Nigella at night. Try living and working as a woman and your views might change a little bit x
      This post was edited by Mia Wallace at February 13, 2016 8:23 AM GMT
    • February 13, 2016 8:41 AM GMT
      • Post(s)
        30
      • Thank(s)
        0
      • Thanked
        0
      • cR(s)
        0 0

      Untitled

      Yes, i think the way you describe and talk about cd's (though i'm Transsexual) comes across as sum what unnecessarily disrespectful and insensitive, and dare i say a bit stereotypical, because you seem to think that all Cd's are the same when they're not, and i've not just seen it in this thread, but on several occasions, so much so that it comes across as contempt to me, and if you don't Cd and are not within that category, that's all the more reason to try to be a bit more respectful to another group i would say.

      Perhaps you just speak your mind and don't see the harm in it but are unaware of how....insulting seems like a strong word, but is the nearest thing i can think of right now, you come across, or perhaps its very deliberate, i don't know, but all i can do is mention it and stress to you how you comes across.

      All that i would ask, is that you are a bit more mindful in your wording when describing Cd's, because as you say, we all have enough of that from society in general without getting it from people within the community as well, ya know?

      Thank you for taking the time to reply though xx
      This post was edited by Emily B at February 13, 2016 8:50 AM GMT
    • February 13, 2016 8:50 AM GMT
      • Post(s)
        201
      • Thank(s)
        0
      • Thanked
        1
      • cR(s)
        0 -1

      Untitled

      rightly or wrongly i say things how i see them. thats all. if what i say insults you then i'm sorry about that, but its how i feel
      This post was edited by Mia Wallace at February 13, 2016 8:55 AM GMT
    • February 13, 2016 8:55 AM GMT
      • Post(s)
        30
      • Thank(s)
        0
      • Thanked
        0
      • cR(s)
        0 0

      Untitled

      I am transsexual but do not live femme full time, but regardless, i fail to see how any of that changes the fact that your wording when referring to Cd's often comes across as disrespectful, and i don't think 'I just speak my mind' is really a viable excuse for describing others in what some might consider a derogatory fashion.
      This post was edited by Emily B at February 13, 2016 8:56 AM GMT
    • February 13, 2016 8:59 AM GMT
      • Post(s)
        201
      • Thank(s)
        0
      • Thanked
        1
      • cR(s)
        0 -1

      Untitled

      look i have no time for william wanking into his wifes wonderbra, and i wont make any secret of that.
    • February 13, 2016 9:06 AM GMT
      • Post(s)
        30
      • Thank(s)
        0
      • Thanked
        0
      • cR(s)
        0 0

      Untitled

      I really don't want to make too much of a thing of this, but that's exactly the kind of stereotypical kind of comment and distain i was talking about.. While i'm sure there are some people like that, many are not, and i find your generalisations and descriptions of Cd's quite derogatory on the whole.
      This post was edited by Emily B at February 13, 2016 9:13 AM GMT
    • February 13, 2016 9:11 AM GMT
      • Post(s)
        201
      • Thank(s)
        0
      • Thanked
        1
      • cR(s)
        0 -1

      Untitled

      i'm sorry you have taken offence emily but i dont want to continue this with you. you will not change my views. i'm no lilly livered softy and i will continue to say things how i see them. please dont reply as i'm not interested
      This post was edited by Mia Wallace at February 13, 2016 9:12 AM GMT
    • February 13, 2016 9:13 AM GMT
      • Post(s)
        30
      • Thank(s)
        0
      • Thanked
        0
      • cR(s)
        0 0

      Untitled

      Charming... Well on the same token, i am also entitled to mention it if i feel that someone is being derogatory to others and will continue to do so if i see it, not just from you but anyone.
      This post was edited by Emily B at February 13, 2016 9:15 AM GMT
    • February 13, 2016 9:16 AM GMT
      • Post(s)
        201
      • Thank(s)
        0
      • Thanked
        1
      • cR(s)
        0 -1

      Untitled

      as Pauline said if you find me a problem please report me to the site moderating team
    • February 13, 2016 9:19 AM GMT
      • Post(s)
        30
      • Thank(s)
        0
      • Thanked
        0
      • cR(s)
        0 0

      Untitled

      I have, so i will leave it with them. Tc
    • February 13, 2016 12:26 PM GMT
      • Post(s)
        103
      • Thank(s)
        0
      • Thanked
        3
      • cR(s)
        0 0

      Untitled

      I've donated in the past, but would say people should show caution just now, as id guess that's what any hackers are after
    • February 13, 2016 2:48 PM GMT
      • Post(s)
        29
      • Thank(s)
        0
      • Thanked
        1
      • cR(s)
        0 0

      Untitled

      well i really didnt want to make any further comments on this but let me say i didnt start this ball rolling it was other members who flagged this problem/s up about third parties etc please read the early comments on this i think one is general forum then in the tech forum and with the site tech probs is it / maybe all connected like i say im not a techy but is it not worth raising concerns on issues to the mods/tech peeps .in my opinion this third party is a legit company and its big take look at what they do mmm and on the face of it is fine but what r its subscribers looking for and how far will they go into individuals data outside our site well it happens and for what purpose they aint gonna be all nice peeps as i said before all was trying to say it needs tobe checked and looked at just in case i thought that it would be of some use to the above peeps dealing with the current issues/tech probs they have. its also about u/me and every else on our site being/feeling secure. to a degree everyone has there own views on this id say but in conclusion ..i repeat did not flag it up in the begining i only see it from others msgs it may not be a problem at all but it was worth bringing it up for the attention of admin/tech guys just in case the admin tech r looking at this then maybe report their findings/views to everyone best rgds tina
      This post was edited by tina silk at February 13, 2016 3:08 PM GMT
    • February 13, 2016 3:13 PM GMT
      • Post(s)
        29
      • Thank(s)
        0
      • Thanked
        1
      • cR(s)
        0 0

      Untitled

      madam.. the site in question is legit and r not hackers its whos looking at the retreived data and what those peeps may want to use it for eg online shopping activities like i say that may not be the case at all take a look at what other info they gather.. wait and see what our peeps say tina
      This post was edited by tina silk at February 13, 2016 3:24 PM GMT
    • February 15, 2016 2:12 PM GMT
      • Post(s)
        7
      • Thank(s)
        0
      • Thanked
        0
      • cR(s)
        0 0

      Untitled

      Hi,

      Please bear with me, this post is very long, and hastily written.

      I haven't really back on Transtastic since I posted my question in the technical forums a few days ago, but thought that I would explain what my question was about and where it is coming from.

      As I am the person that probably first rattled the cage, I thought I would clarify some things.

      To summarise my concerns regarding the safety of members data on the Transtastic site.

      I am not particularly bothered that our membership user names passwords might possibly be hacked and our personal information obtained from Transtastic. Transtastic is as likely to be as secure as any other site. In my case, even if they got my credentials, they are unique to Transtastic and are of little use elsewhere as a login credentials.

      I am more concerned about the bigger picture about the protection of our other data. The data that members don’t explicitly provide, but is potentially collected during our activity on the Transtastic site.

      I need to break into techy stuff (sorry Mal), but I will try and keep it as light as possible

      By using Jainrain as the authentication (login) mechanism, Jainrain will have a unique identifier for each member account being authenticated (usually using something like the OpenId or OpenAuth web technologies). All standard stuff and is used across most social media platforms.

      As a member of Transtastic, if you already use the single social media login facility (Twitter or Facebook buttons), then those other sites already have your openId and WILL track you over their own sites, collect the metrics of your preferences, behaviours, favourites, along with all the things that they can collect and sell about you. They can collect the data directly themselves (e.g. Facebook) and also using 3rd party companies such as Jainrain.

      When it comes to Transtastic, what I am interested in is, besides the login system, what other Jainrain software hooks does the Transtastic code use?

      Just using Jainrain as a simple login and logoff provider does not provide much in the way of shared identity - browser tracking cookies and others technologies such as the so-called adobe flash supercookies (supercookies are generally stored outside of the browsers cookie mechanisms) will track you, as on any other site on the web, but by being careful in how you surf the web, your activity will not reveal much about your identity.

      I do not question that Jainrain is a legitimate and professional site; whether such technologies are ethical is another matter - Facebook has just lost a French case and about to lose another data tracking case in Germany.

      The question I have for the Transtastic IT team is; after the one-off login/logoff, what other Jainrain software calls are made? This is where individual member's movements over/through/around the Transtastic site are reported directly and indirectly to Jainrain.

      What I would like to know is what is allowed to be tracked by the by Transtastic itself via software - read web library – that is to say software calls back from the Transtastic site to Jainrain. For example user state can be saved; for example, along with a whole bunch of other stuff, you can call into Jainrain to remember the last page visited and return the user to that page at their next login. Nice toolkit and feature to have on your website, but the data is saved onto Jainrain servers. Transtastic no longer has ownership of the data, it is held by the 3rd party. This would be considered storing user’s data directly onto Jainrain.

      If Transtastic makes a Jainrain authentication call before each action (for example 'check authenticated-user before posting an image', or 'check-authenticated user before liking a photo', 'check-authenticated user before reading the forum'), then this authentication allows Jainrain to implicitly build up user activity even though Transtastic does not directly share this data with Jainrain.

      As such, if you only have a single-identity login on Transtastic via an email login (my user name, password and email are not used anywhere else on the web) then this may seem to protect my Transtastic identity from my real life identity, but as I explained earlier, if you use a single-click social-media login button, then your activities are already shared with other social media sites.

      Google, Facebook etc. say that any data they hold is anonymised. Whilst in practical terms this is true, in practice it offers little or no protection once the meta-data is shared.

      So having a single-identity (unique email login), used only for Transtastic, does not necessarily protect me and my identity. As someone else on this thread has already mentioned, industrial data-mining algorithms are used every second of every day to capture a user’s meta-data and activities. Services like Jainrain provide (sell on) your unique openId identifier along with your web activities. By data mining, and some relatively simple statistical algorithmics, it is possible to cross-correlate the profile of one unique openId to other unique identifiers. So from just being Halina on Transtastic, they can map me as being GeorgeWolf on my Google sign-in, my flirtyShirtSimon account on Microsoft, and essentially map me and Transtastic identity to any other account that I use anywhere on the web. However, to be able to do this, they need to share meta-data so that they can then use datamining and identity-matching algorithms. That is to say, if they don’t have any meta-data to map against, they cannot perform the matching.

      For example, Google, Facebook et al keep a database of openId identities and a statistical hit-list for comparing and linking identities. That is to say, person with ID=1231321d234234 may have a 85% certainty compared to ID=8723423423kh. As your surfing goes on, these stats change. It is said that based merely on surfing habits, Google and Facebook can in less that 24hrs cross identify user accounts with other unique identities (e.g. openID number), but they need the your surfing-activities’ meta-data for these statistic algorithms to work.

      There is a reason I don't have any photos or face on Transtastic. A potential employer could who map my tranny life to my drab life would fuck up my career, given the sort of work I do. Your answers regarding data privacy and the collection of activity on Transtastic is very important to me personally.

      When I joined Transtastic, when I read the terms and conditions, there was the usual clauses about cookie use, but nothing regarding how Transtastic shares its data with 3rd parties. I think that the site terms and conditions need to be updated to reflect what data, if any, Transtastic is sharing, either directly or indirectly with 3rd party companies.

      A year or so ago, there was a case of a Gay Social Media website, and after some beneath the hood changes to the forum, the members, thinking that they had ring-fenced their private identity to the gay forum, started to be targeted by adverts from gay sex sites onto their main public Facebook, Twitter pages, personal emails and the like. The change was due to the forum implementing a 3rd party authentication system. Such is the power of datamining information that is collected and sold by third party companies. This cross-identification process and the sending of spam and adverts isn’t even done by humans, it is all automated.

      Sorry if I have shaken the Transtastic cage and got the residents a bit agitated, but I do believe that this information is important for the members to know, and more importantly, for the Transtastic Site Ownership to know. While some members couldn’t give a flying-f**k about their identity being public (you know who you are ;-) ), there are many others who want to keep their Transtastic life away from everywhere except Transtastic.

      It strikes me, and I hope I am wrong, that outside of the data that Transtastic is knowingly in charge of, Transtastic may have been coasting along without realising as to how its member’s data may be being collected. You will only really find out after the code has been inspected. I do not for one moment blame Transtastic in any way, in fact many a website has been caught out and unknowingly sharing important member data without realising that they were doing so.

      Thanks,
      Halina
      Hugs, x
      This post was edited by Deleted Member at February 15, 2016 2:19 PM GMT
    • February 16, 2016 8:58 AM GMT
      • Post(s)
        57
      • Thank(s)
        0
      • Thanked
        10
      • cR(s)
        0 0

      Untitled

      Apologies for being away recently. My father in law was very ill for a few weeks so we had to drop everything and go to him at the other end of the country. We've been living out of a suitcase and my only way to keep in touch has been via my iPad mini and a really slow internet connection.

      Unfortunately he passed away so we then had to arrange a funeral. It's not been an easy time and unfortunately it has coincided with me taking over from Beckie here.

      Anyway, let me try to alay your fears. I have looked into this as best I can from my suitcase and I can tell you that as far as I can see this site has not been hacked. It looks like we do have a Janrain account although I don't have access to it yet. It seems to be for obtaining site statistics so we can tell how many visitors have passed through, how many have logged in, which countries they were from, the busiest times of the day, week, month and year and so on. Janrain also makes it possible for people to log in using their Facebook and Twitter accounts instead of having to register.

      It's all about ease of use and there is nothing sinister going on. This is the kind of thing you would find on any social networking site.

      So please don't be alarmed. You are not being spied on by us and the site is as secure as we can make it.

      Hugs, Katie
      This post was edited by Katie Glover at February 16, 2016 8:59 AM GMT
    • December 9, 2019 11:38 AM GMT
      • Post(s)
        34
      • Thank(s)
        7
      • Thanked
        4
      • cR(s)
        3 0

      Untitled title

      Relax, you are only going through a stage we all go through. We get to a stage when it seems to be known to all that we are different. Secrets only keep for a short time in this world, I keep getting emails from people and someone has my address. I just delete them now. If someone sends an email without proper address or at least hello this is ......
      I just delete them. Being too secret only leads to not knowing what you want us to do. I have seen the reply addresses and I do not just send a reply email to anyone.

    Icon Legend and Forum Rights

  • Topic has replies
    Hot topic
    Topic unread
    Topic doesn't have any replies
    Closed topic
    BBCode  is closed
    HTML  is closed
    You don't have permission to post or reply a topic
    You don't have permission to edit a topic
    You don't have the permission to delete a topic
    You don't have the permission to approve a post
    You don't have the permission to make a sticky on a topic
    You don't have the permission to close a topic
    You don't have the permission to move a topic

Add Reputation

Do you want to add reputation for this user by this post?

or cancel