Online Privacy does not exist
Everyone that thinks that online privacy exists, raise your hand.
Regardless of whether or not you raised your hand, you are partially right and partially wrong.
Online privacy does exist in the sense that websites can promise that they will not share your information with the general public. But think about this. They are promising that they will not share your information, but just because they won’t share it doesn’t mean they don’t have it. In fact, there is a book that talks about how much Google knows about you.
On many forums, they have what they call Private Messages. This is a misnomer. Your Private Messages are about as private as a conversation to your friend in a coffee shop. Those within earshot can hear everything you are talking about in the coffee shop. Likewise, the administrator (probably) can, and so does anyone with access to the database.
What happens with most forums is that they store everything, including posts, threads, and private messages in plain text. This means that anyone that opens the database can read your so-called private message in whole. The people running the forum might be honest people and decide not to read your message. But what happens when the site gets hacked? What happens if the people running the site are not honest?
Think about your email. If you are using GMail or Yahoo! or (god forbid) Hotmail, your email is in a database so huge nobody will bother reading it. But what if it is on a corporate mail server? Corporate mail servers should get few enough emails daily to make looking through them a feasible task.
No matter how private you think something online is, it is not. It is stored somewhere, and the chances of it being stored in plain text are very high. You might want to watch what you say, eh?
That's a good point. Although I bet at least 95% of the general public does not know how to access the database in that way. Or else there would be no point even trying to give passwords and user accounts. Also it gets much worse than that. Every connection over the internet and phone is logged for government use. Have fun with that.
HI BIG BROTHER!
I don't have anywhere near the mental capacity to think about the whole internet security thing at the moment. I'll probably leave a slightly more intelligent comment tomorrow
LOL, dude btw nice blog.
how much are you paying for the domain?
And also, most of the big forums encrypt pm's (md5 or TripleDES) in their databases, but a lot of the small ones aka Lynbrooksd do store them in plain text i think. Hopefully we dont send out too much info on small sites.
Akshay, you can’t
md5Private Messages.md5is a one way process, meaning that you can’t get it back.While there exists hacking tools like rainbow tables for hacking
md5-encrypted texts, they are only useful when the hash is in the table.What forums are you talking about where your private messages are so important that a public exposure would cause problems?
I think Daniel's estimate is way too low. I would say at least 99.5%. Of all the hundreds or even thousands of people I personally know I'm sure only 20 or so have ever even heard of "how to access the database in that way." Obviously for you who flock with birds of your feather the percentage of people with that knowledge would be high, but you are not normal.
Quelque chose qui ne veut rien dire...Hi, good post. I have been wondering about this issue,so thanks for posting.
I think you made a good point on this site is that database security is first thing.Many companies,organist ion, have their store their data in databases.So database security will be must.Most of peoples done database security by providing "user name and password".Bit now in modern world daily new technology is coming due to which some peoples trying to crash those user name and password.So I think database will be more secure to save the data.
Wow! i agree! i’ve been searching for so long for a site where i could find everything that i want, and i’ve just found it!! really, i’ve visited your blog, and it’s amazing, i will keep visiting