S3Indiana 40 posts since
Nov 26, 2007

1. Re: Exposed email addresses Aug 29, 2008 9:09 AM

Pls. modify your username (duplicate post)...

PGTips91 19 posts since
Apr 7, 2008

2. Re: Exposed email addresses Aug 29, 2008 2:08 PM

in response to: S3Indiana

Thanks Ken, that answers my need to change my personal information so that my email address is no longer being shown.

However that address is now out in the wild and can never be recovered. Part of my complaint was that this has happened, due in some way to how the information was gathered in the first instance. I know that I would never consciously choose my email address for a user name that would be open to the world. It did happen to me once before, I can't remember on which forum, but due vigilance meant that it got corrected expeditiously. I don't think that it was a simple matter of editing myself, but took a request for change to an admin.

The fact is, that there are quite a few othes who have their email address as 'User Name' on this forum, for some reason, and, as it is not being actively used they may not be aware that this is so, even after I have posted about it here. That is why I also posted a heads-up over on the Freespire forums - it was not a duplication in my mind, just a notice to look here and get the problem fixed.

Paul

S3Indiana 40 posts since
Nov 26, 2007

3. Re: Exposed email addresses Aug 29, 2008 10:36 PM

in response to: PGTips91

PGTips91 wrote:
The fact is, that there are quite a few othes who have their email address as 'User Name' on this forum, for some reason, and, as it is not being actively used they may not be aware that this is so, even after I have posted about it here. That is why I also posted a heads-up over on the Freespire forums - it was not a duplication in my mind, just a notice to look here and get the problem fixed.

For the account to be displayed the username had to be logged in at CNR.com then access CNR Community (both must occur). There is documentation suggesting modifying the username to protect email information. The duplicate post comments were posted so that replies only occurred in one thread...

LioNiNoiL 26 posts since
Nov 27, 2007

4. Re: Exposed email addresses Aug 31, 2008 7:14 PM

in response to: S3Indiana

S3Indiana wrote:
Pls. modify your username

I modified my username some time ago, and my e-mail address is still on display.
Nice work.

JDoyle 208 posts since
Nov 27, 2007

5. Re: Exposed email addresses Aug 31, 2008 7:33 PM

in response to: LioNiNoiL

You can see it, because you are logged in as you. No one else can see it.

JD

Attachments:

email_hidden.png (45.9 K)

PGTips91 19 posts since
Apr 7, 2008

6. Re: Exposed email addresses Aug 31, 2008 9:53 PM

in response to: JDoyle

I can confirm that, after changing my log-in ID, the email address is hidden to anyone not logged in as me.

There are still quite a number of folks who have not made this correction. Maybe they should be emailed and encouraged to do so.

This does seem to be an artifact of the transfer of data from the old CNR Warehouse to CNR.com, and does not reflect the actual choices of the individuals concerned.

Paul

LioNiNoiL 26 posts since
Nov 27, 2007

7. Re: Exposed email addresses Aug 31, 2008 11:21 PM

in response to: JDoyle

JDoyle wrote:
You can see it, because you are logged in as you. No one else can see it.

Thanks, that wasn't made clear anywhere I could see.
We should note the following: back in the Lindows days, our e-mail addresses were required for login, and when the Lindows name was bought off by Micro$oft (for $20_million) those e-mail addresses were imported without notice to the CNR.com site and put on display for all to see (whose st00pid idea was that??) -- so it's hardly surprising that many former Lindows users (like me) have still not changed their usernames.

S3Indiana 40 posts since
Nov 26, 2007

8. Re: Exposed email addresses Sep 1, 2008 6:32 AM

in response to: LioNiNoiL

lioninoil wrote:
We should note the following: back in the Lindows days, our e-mail addresses were required for login, and when the Lindows name was bought off by Micro$oft (for $20_million) those e-mail addresses were imported without notice to the CNR.com site and put on display for all to see (whose st00pid idea was that??) -- so it's hardly surprising that many former Lindows users (like me) have still not changed their usernames.

In reality (posted elsewhere) the same database is used for both CNR and Linspire, so to be fair nothing was imported w/o notice...

LioNiNoiL 26 posts since
Nov 27, 2007

9. Re: Exposed email addresses Sep 1, 2008 11:57 AM

in response to: S3Indiana

S3Indiana wrote:

lioninoil wrote:
We should note the following: back in the Lindows days, our e-mail addresses were required for login, and when the Lindows name was bought off by Micro$oft (for $20_million) those e-mail addresses were imported without notice to the CNR.com site and put on display for all to see (whose st00pid idea was that??) -- so it's hardly surprising that many former Lindows users (like me) have still not changed their usernames.

In reality (posted elsewhere) the same database is used for both CNR and Linspire, so to be fair nothing was imported w/o notice...

If you're trying to tell me the old Lindows database was not imported without notice to the CNR/Linspire sites for display, then you're wrong.

PGTips91 19 posts since
Apr 7, 2008

10. Re: Exposed email addresses Oct 16, 2008 10:28 PM

in response to: LioNiNoiL

I have received an email from Support, saying that the problem has been fixed. However, I think that the problem remains. Some are still joining up and giving
their email address as the log-in ID and, since this is used as the
name of the account, it is exposed to the Internet, even when shown as
'hidden'.

See this example taken tonight 08/09/08 9:45 pm NZST : --
Recently added member
Hidden email address still showing as name

Some warning needs to be given on the page where people are signing up,
and perhaps a script that checks for the '@' and refuses to accept the
data.

S3Indiana 40 posts since
Nov 26, 2007

11. Re: Exposed email addresses Sep 8, 2008 9:15 AM

in response to: PGTips91

PGTips91 wrote:
I have received an email from Support, saying that the problem has been fixed. However, I think that the problem remains. Some are still joining up and giving
their email address as the log-in ID and, since this is used as the
name of the account, it is exposed to the Internet, even when shown as
'hidden'.

See this example taken tonight 08/09/08 9:45 pm NZST : --
Recently added member Recently added member
Hidden email address still showing as name

Some warning needs to be given on the page where people are signing up,
and perhaps a script that checks for the '@' and refuses to accept the
data.

If the account previously existed in the database with an email address as the username, then when someone visits the CNR Community the email will be displayed as username. The flip-side is that the account could have been created to expose the email address

...

PGTips91 19 posts since
Apr 7, 2008

12. Re: Exposed email addresses Sep 10, 2008 4:58 AM

in response to: S3Indiana

Clicking on the link to 'modify' the user name leads to this : --

[code]

HTTP Status 500

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

javax.servlet.ServletException: Could not instantiate Seam component: userDataBean

javax.faces.webapp.FacesServlet.service(FacesServlet.java:256)

org.tuckey.web.filters.urlrewrite.NormalRewrittenUrl.doRewrite(NormalRewrittenUrl.java:195)

org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:159)

org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:141)

org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:90)

org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:406)

org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)

snip

note The full stack trace of the root cause is available in the JBossWeb/2.0.1.GA logs.

JBossWeb/2.0.1.GA

[/code]

PGTips91 19 posts since
Apr 7, 2008

13. Re: Exposed email addresses Sep 9, 2008 9:19 PM

in response to: S3Indiana

The bottom line is, that as of yesterday, new members of these forums are signing up in such a mannor that their email address is shown to the world, even thought they have chosen to keep their email address hidden.

You can verify this by going to http://forum.cnr.com/people?view=newest

which as of now, 10/09/08 4:15 pm NZST, still shows email addresses with (Hidden) next to them!

I estimate that there are currently 500 email addresses in this category.

Paul

S3Indiana 40 posts since
Nov 26, 2007

14. Re: Exposed email addresses Sep 9, 2008 11:35 PM

in response to: PGTips91

Modify link works here...

PGTips91 wrote:
which as of now, 10/09/08 4:15 pm NZST, still shows email addresses with (Hidden) next to them!

FYI that's a default setting in the account that the user might not even know is set...

This Question is Not Answered

Exposed email addresses

Aug 29, 2008 3:19 AM

HTTP Status 500

JBossWeb/2.0.1.GA

Actions

More Like This