Forums
Hi folks--
Something came up the other day that warrants a general heads up.
We are reasonably confident that what happened is this: one of the folks here, whose computer is located in a publicly accessible spot, went to lunch leaving the computer unattended and either logged onto Dead.net or with the browser open to the remembered login so it was a matter of one click to get back on.
Person or persons unknown got on Dead.net as this person, and proceeded to post a pretty heinous link in the chat room. Drama, shall we say, ensued.
We don't think there's anything going on in this instance except opportunistic vandalism, essentially, but we wanted to take this opportunity to say a few words about basic security and not making it easy for the bad guys.
If your computer is located where anyone else can get on it and connected to the Internet, be sure to log off when you're done with your session here. (Closing your browser without logging off means that your session
Privacy Compromised
A link to my user user profile on dead.net resulted from Googling my real name.
It appears that our privacy is being compromised by Warner Music Group against their own privacy policy.
Try it yourself. If your name is common, try adding one of your interests from your profile or Grateful Dead to the search.
I await their response to my e-mail inquiry.
please point me
to the area of the user agreement where it says your profile will be kept private. To the best of my knowledge, everything you post here other than PMs is world readable. Certainly in the Very Few Rules that were in the initial TOS we warned against putting anything on this site that you would not want to read on the front page of the New York Times, which is only common sense in any Internet usage.
If, however, we are explicitly stating that your profiles are private, please point me to the statement in question. Thank you.
security
you folks had me worried for a while. But if you put your real name in your user profile then the search robots are bound to find it as the profile is accessible to anyone. If you are worried, remove your real name, but it could take Google etc a while to forget it.
Now if a search using your real name led to your Deadnet profile that did not include your real name, then that would be a serious concern, but it does not seem to be the case.
Privacy Compromised
1 - Check the link to Privacy Policy at the bottom of any site page:
"Profiles. We may provide functionality on the Site that allows you to create a “profile page” (your “Profile”) and post certain information and materials on your Profile. Please note that your Profile, including all PII available in your Profile, may be accessible to other users. We urge you to exercise discretion and caution when deciding to disclose PII about you, or any other information, in your Profile. WE ARE NOT RESPONSIBLE FOR THE USE BY OTHERS OF ANY PII YOU DISCLOSE IN YOUR PROFILE."
It is reasonable to conclude that this information will be available to other users and indeed it is if they know and search a user name or a link to user profile for those users logged onto the site. One cannot search for other users and access profile information on the site by using a full name provided by the user. However, a google search on a name reveals if a person is registered on this site and provides a link to their profile.
I know of no other web site for which I am registered where a google search on my name reveals that I am a registered user of that web site.
2 - From the Terms of Service on the page where you register for this site:
"The content of this field is kept private and will not be shown publicly."
There is no reference to the specific field but it is reasonable to conclude that this would include the Full Name field as it is Personally Identifiable Information as defined in the Privacy Policy. Which field is this actually refering to?
It should also be noted that the Full Name field is highlighted in yellow and it is therefore reasonable to conclude that it is a required field for registration as is your e-mail address and password. I do recognize that the Full Name is not marked by an asterisk nevertheless a yellow highlighting indicates that this information is being solicited to me as opposed to non-highlighted fields.
3 - Full User List.
Anyone can get a link to a full listing of registered users (usernames) containing links to their profiles from a Google search. I will not provide the search terms or link here. This is list consists of >1,800 pages, is a link to Dead.net and available to anyone.
4 - Conclusion
Dead.net (Warner Music Group) is not doing what appears to be standard operating practice by web site operators to reasonably secure personally identifiable information in user profiles. Full names provided in user profiles should not be so be unsecure such that that a google search can pick up this information. Once again, no other sight for which I am a registered user allows such global access to user profiles.
okay, I'll pass this on
However, just as it is wise to send emails in the sure knowledge that the NSA is capturing every keystroke to peruse at its leisure, and to speak on the phone as if it were bugged (and cell phones have even less legal protection than land lines), it is equally wise to assume that anything you post anywhere on the net will be trackable to your real self by someone who's determined to do so. Notwithstanding any privacy policy under the sun, there is nothing to physically prevent anyone in the known universe from copying and pasting anything on here wherever they like. For good or ill, that's just how the net works. (And that, returning to the issue that spawned this topic, is why it's good to make sure you're the only one using your account.)
Meanwhile, though, I will pass this on to see if the higher ups can address the ambiguity here, as indeed it is not just other users who can read your profile.
I ain't got secrets
The creepos bothering to spy on me already know there 's no money to be made with none of it,ha,ha,ha!!!
Oh yeah
I Googled my Dead.net username one day and found the link to my profile page...where my "full name" was sitting around with a stupid grin on its face listening to the Tapers Section. That was an eye-opener, so I changed the full name entry on my profile page...even though, to the discerning reader, it ain't that tough to figure out my (abbreviated) "full name" -- yeah, I know, whatever THAT means -- from said username.
I say "discerning" because a lot of people misread my username, all the better I guess. I have not been able link to this site by googling my full name, however, which is the good part. Of course, I get a googlezillion hits on my name, but none so far (a googlezillion is a lot of stuff to wade through) is linked to the "real me."
i've used my real name
even though " pear shaped hairy person " is more descriptive
google schmoogle led me to this
http://tattoos.intrepidbiped.com/profile/yesTHATccJoe/
more gov. spying I reckon.
I never even heard of any town named Langley neither.
peace.
one moye
one moye.
one love.
lets get together and feel alright.
( -:
***
a search of the NCIC 'O' files got more of me than I got inside of me anymore.
frigging computers.
) -;
cc joe; AKA:CC Giuseppe AKA: CC Zeppe; AKA:CC Jose; AKA:Jose Carlos Calio Hernandez Leal Delgado Sanz Fernández Luna Galván Los Muertos Agradecidos Pesce Bienvenuto; AKA: Joe Pesce; AKA: Jojo the Fish; AKA: Joey Fish; AKA Catfish Joe; AKA: Joe Bienvenuto; AKA: Joe Welcome.
peace.
One Moye Saturday Night
One Moye Saturday Night??
uhh ohhh, I sense a new song parody coming on....
cancelling account
hi, i have searched this before and wish to again, how do i terminate my username and registration...i find no link forum or info on this...
I can nuke your account
that's not a problem, if you want. However, everything you've posted remains. What issue are you trying to address here? Feel free to send a PM.
the place to report illegal distribution of the deads property?
I encountered a website attempting to charge money for the download the music, This truly pisses me off as the band has been so generous with it over the years and some jack ass is trying to turn a buck on it,
thanks. nmax
http://www.wolfgangsvault.com/grateful-dead/concerts/california-hall-ja…
Not sure if this is the…
Not sure if this is the right place to post this but this is the second time that my credit card info was stolen about a month after I place an order at dead.net. Good thing citicards notified me in time.
Any connection to possible crime at dead.net ordering department? Give them the benefit of the doubt but please investigate anyway. Hope no one else has had this experience.