Please use our links: LEGO.com • Amazon
Brickset.com is a participant in the Amazon Services LLC Associates Program, the Amazon.com.ca, Inc. Associates Program and the Amazon EU Associates Programme, which are affiliate advertising programs designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.
As an Amazon Associate we earn from qualifying purchases.
They are not ideal, but the forum has to pay for itself.
Anyway, here's the shocker: The content of my private messages got sent off to i.skimresources.com in a big JSON structure. Names, addresses, political affiliations, embarrassing admissions, Jack Stone is my favourite theme, whatever - it wasn't fussy about what it took from those pages.
@Huw, I think Skimwords needs to be removed from inbox pages.
Surely it only checks server side for the database of links and keywords.
(For anyone doubting this, try the URL https://bricksetforum.com -see what message you get)
I don't mind the skimlinks, only bother they give me is when trying to differentiate between links the author included intentionally (and therefore want you to follow). But that's kind of the point I guess!
As a measure of "'anyone' could snoop in on it pretty easily", please feel free to find the content of my last private message.
'anyone with the necessary skills and tools' (which are easily picked up online)
my point is, you should be more concerned with someone intercepting traffic than the skimlinks.
Incidentally, for anyone using gmail, yahoo mail, hotmail et al, this is exactly what they do with just about every email you send (hence why for personal correspondence I use my privately hosted email server)
No such thing as a private message on the internet I'm afraid.
(A quick search also reveals many hacks on Vanilla forums, which would presumably expose messages too)
Go on then?
No? Its really not that simple is it. Obviously they're not secure, anyone with access to the database can get them as they're plain text, depending on the config forum admins might be able to read them, cracking my password wouldn't be hard either. Those are much bigger insecurities than not using HTTPS between myself and the server. That content is automatically sent to a third party is a much bigger concern to me - not a problem with the forum posts as they're in the public domain anyhow - but messages have the impression of privacy.
But ultimately, although I work in IT, as I understand it @paul_merton works in internet security so I'll tend to defer to his judgement.
However, all the information from everyones personal accounts on many forums going to a server (assuming this is actually what happens of course) that is programmed to sort that information for specific strings of characters is more concerning. How hard would it be for it to also skim for bank account numbers etc. for example. It's pretty unlikely, but way more likely a target for someone than my pretty mundane personal messages.
So yes, you should be aware of sites not using encrypted connections and act accordingly - like using different passwords (ok, that ones Internet Security 101, but you'd be amazed how few people mix up their passwords)
Not trying to undermine the argument of passing data to a 3rd party - I'm a very 'personal data aware' person, but it's not the biggest risk to your personal data here.
It is never about what YOU think or know you can do.
It is never about what information YOU think is worth having.
It is never about what YOU think is worth doing.
It is always about what somebody else can do, and the ways they can think of using that information.
You can be, or think you are, the smartest cookie in the world, and the above is still true.
All I'm trying to say is don't be fooled into thinking the messages you're sending are secure (with or without skimlinks) - they're not, and don't pretend to be, a method of securing communication.
That said - @MattsWhat raised a good point, think people may send bank account numbers via messaging when buying/selling. If you're worried about these being passed through skimlinks, then again, you need also to be worried about these being sent over unsecured connections, and stored in plaintext.
This is why the indiscriminate collection by a third-party of everyone's private messages (evidently without their knowledge) is a much bigger issue.
Such a cool film.
"Now, the next part is very important. They are going to take your private messages."
I believe I corrected earlier today but it will now appear on all pages again.
Off topic, hope you enjoyed the event in Portugal, would love to hear a report on the workshops, particularly as this was the first of a new recurring event in the calendar? :o)