by Simon 226 Replies latest watchtower scandals
Personal inquiries and requests for help and support:
Tylin, why did you create a link to JWN's homepage with the word "support" when it is not there on the AWAA website? Just curious.
That is not a link I inserted. I believe it is forum software that adds those word association links. Simon?
One immediate concern with the new setup:
There is a signup page for facebook: http://aawa.co/join-us-on-facebook/
It is risky asking for any contact information (such as Email or whatever) and using those to contact a person. All contact should be through facebook to verify that they own the account. Having other contact info around in the request like Email risks someone using that to check if the person really wants to join. This would still allow anyone to then have a 3rd party added.
Once the account ownership has been verified, then they can ask for additional info and policy agreements etc...
Also, they appear to be overreaching in the amount if info they are asking for, especially things they have no way of verifying (e.g. other forum identies). Once linked, even if incorrect, it could be acted on in future which gives people an avenue for malicious activity. If you have no way to check the info and no clear reason why you need that info or how you will use it and protect it then you should not be asking for it.
Things like this are a risk.
AAWA: You really need to stop throwing things up without proper consideration - get more input, preferably from those with some expertise.
That is not a link I inserted. I believe it is forum software that adds those word association links. Simon?
No, unless you accidenally pressed some key-combo in the efitor?
"This is a test that support isn't auto-linked"
Simon, another poster stated their concerns on this when they gave them their personal email addy. The request was then made of other identities on other boards. I'd hate to see another CF again
I should also add, long forms are also offputting and can be a barrier.
Better to explain the process and have it initiated by them from their facebook account. i.e.
"here are the risks and what info we'll ask you for if you want to join, to request access send a request from your facebook account to ..." then you reply to the facebook request with the forms etc... before giving access.
Simon, another poster stated their concerns on this when they gave them their personal email addy. The request was then made of other identities on other boards. I'd hate to see another CF again
Yes, the cynic in my wonders if they have really learnt anything or just want more info from people so they can "retaliate better".
AAWA: trust is low, you need to do things properly. Who's come up with this idea? Do they have expertise in this area? If not, get someone else.
I would warn anyone against sharing their identity on there with another site like that, you will then be linking your real identity to everything you have posted on this site.
Having other contact info around in the request like Email risks someone using that to check if the person really wants to join. This would still allow anyone to then have a 3rd party added.
How would a 3rd party receive and respond to confirmation emails?
I do agree the Websight invitation should be streamlined. The questionaire is a bit foreboding.
I agree Simon. You have a tight clamp on security issues which u update. Others may not be as diligent
I would warn anyone against sharing their identity on there with another site like that, you will then be linking your real identity to everything you have posted on this site.
Don't think #3 this is a good idea at all. Maybe they want to identify the famous "peanut gallery". (nothing implied on my part)
How would a 3rd party receive and respond to confirmation emails?
So, I give my email address and your facebook account. They email me checking that I really do want to be added and they then add you.
They either need to implement OpenID / OAuth on their site to let peolpe identify their facebook account OR only ask from their facebook account OR they only contact that person through facebook (which won't work for people without public profiles).
Asking for email (plus other things) is unecessary and a risk. You should only ask for and trust information once someone has been authenticated.
