cancel
Showing results for 
Search instead for 
Did you mean: 

Avatars and security

jnwright
Grafter
Posts: 281
Thanks: 1
Registered: 05-04-2007

Avatars and security

Many people like the idea of using a username on the Community site which is different to their PlusNet member username for security reasons.
Right-clicking on their avatars and looking at the properties in many cases reveals the likely PlusNet identity of the Community forum user.  This is shown in the form http://www.xxxxxxxx.plus.com/avatar.jpg or similar, because in the Forum Profile Information they have selected 'I have my own pic:' and provided a link to their own PlusNet webspace.
By selecting 'I will upload my own picture:' it will be stored on the Community site and will only show properties in the form http://community.plus.net/forum/index.php?action=dlattach;attach=nnnn;type=avatar
So, to preserve your anonymity, upload your avatar, don't provide a link to it which may reveal your PlusNet username.
Perhaps PlusNet should consider placing a warning message on the Forum Profile Information page to prevent users from compromising their security when adding their avatars.
The same security loophole can apply when adding an image into a forum message such as chillypenguin did in his "glow" tag thread at http://community.plus.net/forum/index.php?topic=720.0
Seeing that he uses the same username on both, nothing was compromised!
Be aware!
7 REPLIES
lingbob
Grafter
Posts: 734
Registered: 05-04-2007

Re: Avatars and security

Good advice and well spotted  Cool
Regards .....
Community Veteran
Posts: 38,460
Thanks: 1,027
Fixes: 62
Registered: 15-06-2007

Re: Avatars and security

It rather depends how bothered you are about this.
Along with a lot of other people I use the same avatar on a number of forums and having it linked to a webspace is a very useful thing as I can change it on all forums simultaneously.
I did wonder about using one of my non PlusNet sites but decided it wasn't worth the risk as most of my PlusNet addresses get spam already and the others don't.
The new spam filter is doing a great job. It has even cut out the spam going to one address which was compromised by a recipient replying to one of those silly chain emails.
The only reason I changed my username is that I use this one on all the other forums I take part in.
Edit - because I am now trying IE7 and i haven't got a spell checker on that  Sad
jnwright
Grafter
Posts: 281
Thanks: 1
Registered: 05-04-2007

Re: Avatars and security

@lingbob
I think it was when I right-clicked on your avatar that I first noticed it!  I see you've changed it!
@Oldjim
I'm not bothered, but for those that are, I've noticed that you don't have to be logged in to retrieve the avatar, at least not when on a PlusNet IP - just tried it!
So anyone that was could possibly store the avatar at http://community.plus.net/forum/index.php?action=dlattach;attach=nnnn;type=avatar and use it on more than one site, still preserving their anonymity wherever it is displayed, i.e. on other forums.  A change at the Community site would only change all instances if the attach=nnnn in the storage is unique to the user and doesn't change when the avatar itself is changed.  Otherwise, changing the avatar would necessitate a lot of work changing it on other sites!  I don't know if nnnn is permanently unique to the user - I haven't tried that!  Perhaps someone at PlusNet already has the answer?!  If the Community site went off-line it would show up everywhere!
You and I aren't worried, but quite a few PlusNet users must be, as it as was pressure from users that allowed their identity to be hidden.
lingbob
Grafter
Posts: 734
Registered: 05-04-2007

Re: Avatars and security

Quote from: jnwright
@lingbob
I think it was when I right-clicked on your avatar that I first noticed it!  I see you've changed it!

Very observant  Wink
Regards .....
retep
Grafter
Posts: 182
Registered: 14-04-2007

Re: Avatars and security

Going off topic but ...
James_H
You can remove the user name from the reverse DNS - in the main plus.net  site search for reverse DNS and you get a the
Help Assistant Change my Reverse DNS configuration page
hamilton36
Grafter
Posts: 220
Registered: 13-08-2007

Re: Avatars and security

Quote from: Oldjim
The new spam filter is doing a great job. It has even cut out the spam going to one address which was compromised by a recipient replying to one of those silly chain emails.
Sad

Hi, OldJim,
I am flooded by spam on several addresses and my solution was to use Thunderbird as my main email client and set the filters to accept emails only from senders that are in my address book.  That does not stop spam messages, but it moves them to the Thrash folder.  Unfortunately, the spam messages are counted in my monthly download allowance.
I am interested in your comment that your spam filter is very effective.  Can you tell me what you are using?
Thanks,
Alex
Community Veteran
Posts: 38,460
Thanks: 1,027
Fixes: 62
Registered: 15-06-2007

Re: Avatars and security

Not mine - just the PlusNet one.
Only one got through recently and that was to check the login details for the bartenders guide.
Out of interest i clicked on the link which was a url and it asked me to download a component to view the graphic. A check on properties showed it was an exe file which is when I deleted the email.