Frienditto

Mar. 4th, 2005 01:39 pm
[personal profile] rm
From several of my friends -- all of this is via them, as I've had NO DIRECT CONTACT WITH THE SITE, but feel this meritted enough concern to repost here:

Watch out for Frienditto.

This site is an archive service that claims affiliation with Live Journal BUT DOES NOT HAVE IT.

There has been some concern over this site and security of LJ accounts. If you provide it with your login information for your Live Journal you give this service permission to archive your friends only entries and ANY locked entries of your friends for which you have access.

Please read the following answer to my support request regarding this site and be informed. More importantly, inform others.

Dear user,

Frienditto is not affiliated with LiveJournal in any way. As such, this website does not have access to any entries which are not publicly viewable. If someone provides them with their LiveJournal username and password, however, it gives this site access to all non-public entries that account would have access to. We can only recommend that you do not provide your username and password to any person or website to ensure the security of your account.

Additionally, if you believe anyone on your Friends list may have provided their login information to this website, we can only advise that you remove them from your Friends list. This website will have access to your Friends-only entries as long as any person on your Friends list has given the site access. If any content is present on Frienditto which you do not wish to be there, you will need to resolve the issue with that website.

Regards,

Scott
LiveJournal Abuse Team

(Emphasis mine)


If you are using this site I will remove you from my friends list. Additionally, I will be extraordinarily cross at you, either for being an idiot, or a malicious little freak.
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2005-03-04 08:28 pm (UTC)
From: [identity profile] delchi.livejournal.com
Not I said the Infosec warrior.

I would think that its obvious to anyone that giving away their LJ id/pw grants access to everything , but then again common sense is not all that common.

Date: 2005-03-04 10:35 pm (UTC)
From: [identity profile] eqe.livejournal.com
No kidding. Even people who're supposedly smart, like Joi Ito (http://joi.ito.com/archives/2005/02/03/apologies_for_spamming_friends_with_smsac.html), apparently have no problem typing their username and password into a website merely based on an email that appears to be from someone they know.

I shake my head over humanity, I really do.

Date: 2005-03-04 10:51 pm (UTC)
From: [identity profile] drstein.livejournal.com
sweet. Other Marillion fans. ;)

Date: 2005-03-05 04:27 pm (UTC)
From: [identity profile] delchi.livejournal.com
Absolutely! Think we have enough for a community?

Date: 2005-03-07 04:58 am (UTC)
From: [identity profile] drstein.livejournal.com
There isn't one already? There oughta be. I think there's enough. :)

Date: 2005-03-05 04:16 pm (UTC)
From: [identity profile] zibblsnrt.livejournal.com
The problem isn't that it gives access to the posts/etc of the user supplying the login and password. The problem is that it gives access to other peoples' locked posts by acting like the user's normal LJ usage. If all it did was leave the Frienditto user's stuff wide open, it would only be stupid. However, it's specifically intended to be used to display third parties' private posts.

Date: 2005-03-05 04:31 pm (UTC)
From: [identity profile] delchi.livejournal.com
The problem is, as I stated, that giving out your user id / password grants access to EVERYTHING that the owner has access to. Included in everything is their normal posts, locked posts, other peoples locked posts, user information , and so on.

Regardless of frienditto or any other 3rd party web site or service , when you give away your user id and password you have given away everything you have access to on that system. It's just plain dumb. This is on line with the survey whereby people gave out their passwords in excahnge for a cookie on the streets of NYC.

Date: 2005-03-05 06:31 pm (UTC)
From: [identity profile] zibblsnrt.livejournal.com
The problem is, as I stated, that giving out your user id / password grants access to EVERYTHING that the owner has access to. Included in everything is their normal posts, locked posts, other peoples locked posts, user information , and so on.

Yeah. I wouldn't be upset if it was just the original user's information - that would be self-inflicted harm, which I'm not known to be sympathetic over. It's the fact that it also publicises other peoples' stuff - and that is in fact the intent of frienditto - that's the problem.

Date: 2005-03-06 07:42 pm (UTC)
From: [identity profile] delchi.livejournal.com
Exactly.

Well put.
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

rm
IMDB

February 2021

S M T W T F S
 123456
789 10111213
14151617181920
21222324252627
28      

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Jan. 30th, 2026 04:34 pm
Powered by Dreamwidth Studios