re: sends password + email in cleartext to a third-party server - cjbeauchamp

Yes, and I am changing statuses across the globe.

I would like to say that this information is never recorded or seen by anyone. Here is why it is done: the code to parse all the facebook data lies on my servers - true. It is hosted on my servers and not your local machine because facebook is always changing, as is the code. To avoid having to download an update every week, I can update the code, on my servers, to accommodate the facebook changes. This widget is safe, along with your information, and I apologize for not clearing this up sooner.

Reply to This

Monday, July 16 2007 @ 10:57 AM PDT

re: sends password + email in cleartext to a third-party server - johnjacobjingleheimerschmidt

Given that facebook does sometimes ask for credit card information or cell phone numbers, I would regard cleartext passwords over the wire an inexcusable security hole. There is no shortage of easy-to-use openssl implementations.

I haven't downloaded the client myself, but if the installer doesn't specifically state in a terms of service document that user logins and passwords will be stored on a third-party server, might there a violation of privacy acts in certain parts of the globe, including the US and the EU? I wonder what kind of evidence is used to file search warrants and seizure of computer equipment when someone chooses to sniff passwords off the wire, "just for fun"?

--not that Mac users have a history of excessive ligitations filed or anything.

Cheers.

Reply to This

Sunday, July 22 2007 @ 11:06 PM PDT

re: sends password + email in cleartext to a third-party server - lensovet

The problem, however, is that this information is not disclosed anywhere and violates both the website Terms of Use and the developers platform Terms of Service.

Apart from that, you can tell me as much as you want that the data is "safe".

Reply to This

Wednesday, August 08 2007 @ 01:19 AM PDT