|
|
|
|
|
|
by nona
4589 days ago
|
|
|
my impression is the OP is a bit loose and ambiguous in the some of the terms used like "plain text" and "local" etc; and the TC article makes the confusion worse. So just for the record, are these all of the actual issues? - no SSL verification means it's trivial to MITM
- exposure of other player's emails/bio/birthday/location/exif data in pics
- address book data is sent unhashed to the server
- signup emails expose the cleartext password (is this right?)
All important issues, and I'm assuming you've corrected these.But the way I understand it, there's no reason or way to protect the client from the user him/herself - custom CA install, decompilation, etc are all ways for the user to get to their own data, or their own communication with the server. So I'm a bit at a loss why the TC article is hammering on the "… and the local file which contained user information did not require any decryption to read." The OP also mentions the FB tokens being exposed and such - I'm assuming these are only sent over SSL, and other people won't have access to it (with the caveat of the SSL fix), right? |
|
|
- We haven’t stripped EXIF data from uploaded pictures, although this is on the roadmap. Sensitive fields from user profiles have been stripped from all endpoints. This was done before the news hit TechCrunch.
- We were never saving contact lists, just using to cross reference our user database. In the next update we will compare hashes, not plain text emails.
- No passwords are ever stored in plain text, but they are transmitted over SSL during signup and login. We are considering ways to further obfuscate this, but strengthening SSL goes a long way. Please contact me at jokull@plainvanilla.is if you have comments or questions about our password policy.
You are right about the Facebook access tokens. The tokens are sent over SSL and we are not breaking any usage guidelines from Facebook. Access tokens can of course be invalidated by the user, or by Facebook. We are open to further enhancing the security of our OAuth flow, but currently it has not been exposed to any security weaknesses.