This site was archived on 24 April 2012. No new content can be posted. The mailing list remains online and the site will stay in this archived state for the forseeable future. If you find any technical errors on the site, please contact Callum.



Security through lies

Most readers here know that the famous MDST (Member Dementing & Sensorship Team) deletes threads for “security reasons”. No, there are no security problems at CS. Never heard about thieves, molesters and similar stuff. Of course it’s a stupid way to “clean” the community, but at least it helps to sell out the company if the application for “non-profit”/”charity”-stuff in New Hampshire fails. (Or Casey just get bored of CS.) But that’s not the issue here.

Yesterday the news at CS announces:

Buggin’ Out!

Fixes to the “location bug” brings back functionality better than ever!
20. March 2008 Once again, the shining stars on our tech team have successfully tackled an error in the system to get things back to normal on the site for you.

You may have noticed the site was offline for a short while today. This downtime was scheduled so the tech team could fix the recent issues experienced with correctly reflecting members’ locations.

Check out what features are back for you!

* Nearby travelers on members’ home page will now actually be nearby!
* When you search for a couch in a city, you can now effectively search for members within a chosen radius of that city. Let’s say you want to CouchSurf in Gdansk, Poland but there are only a handful of CouchSurfers there. You can once again search for a couch within, say, 20 km of Gdansk. Hurray!
* Location map on member’s profiles will reflect the correct location. Members will no longer randomly be placed in Africa… unless you live in Africa!
* Recent member login location will reflect correct location as accurately as possible. (Click here for information on why it may not always be right) If you were logged in during the downtime, you may need to log out and log back in to show the proper location.

A round of applause for the tech team volunteers- job well done!

First of all: Great, they finally not only do something with the code they also announce it. I’ve also noticed, some minor bug fixes have been done (months after reporting) and some small improvement are online, most of them asked for again and again in the last years. But nothing really impressing. And here the good news already stop.

So let’s “check out what features are back” for us: All the four points mentioned in the news are based on one single topic: IP adresses and their localisation. As even CS explains at the linked page it’s not accurate. There are several reasons for that, like wrong settings from your ISP, using of company firewalls etc. This caused a lot of CUQs and cockroach posts when I was doing this kind of stuff. And it’s simply not to fix, the whole idea is a mistake.

If it works properly IP localisation is a serious threat against privacy. Your company sees where and when you login (during work time? from somewhere else when you call in sick?), so you may loose your job. Your stalking Ex is able to track you. At some places the nearby couchsurfer feature is widely used to annoy females with inapprobiate mails. Exact localisation while travelling is a useful information for criminals interested in your unguarded flat (this is especially useful if you’ve got a verified adress and CS places the the google marker in search exactly at your home).

But the main point is: IPs can easy be faked/changed. There are several services in the internet who offer anonymous access to webpages, there is software like Tor to hide your IP and makes it very, very difficult to trace you. At the moment CS tries very hard to block IPs from those services/networks but it’s a ridiculous attempt and doesn’t work if you accept some reloads while using the software. If someone does the work to setup a profile for abusing CS, hiding the real IP is no big deal. And still CS calls this a security feature. As at least the techno crowd must know that’s not true, so insisting on IP-Localisation as security feature must be called what it is: a lie.

When you know an organisation is lying to you about a serious issue, how trustworthy it is at all?

PS – There is a lot to do about security at CS:
- encrypted login (SSL), especially because a lot of couchsurfers use the page from unsecure, public computers/connections while travelling
- really delete information, not only hide it (mails, profiles, …) but don’t hide useful information (profiles from thieves)
- don’t say it’s privacy VERSUS security,  it’s privacy AND security

1 Response to “Security through lies”


  • wait a minute!!!

    The News says

    You may have noticed the site was offline for a short while today. This downtime was scheduled so the tech team could fix the recent issues experienced with correctly reflecting members’ locations.
    Check out what features are back for you!
    * Nearby travelers on members’ home page will now actually be nearby!

    From CASEY to his buds donna and mandy in their private mailboxes which they posted in the ambassador public group

    February 27th, 2008 – 1:40 am by OH DONNA from Chico, United States (Permalink)
    Dear Ambassadors
    I think something else that wasn’t really announced is that nearby travelers has been turned off until the geo database is stable and also the couchsearch radius has been disabled for the same reason. Both of these were causing undo strain on the system and as soon as the bugs are all worked out in the data base we will have these two features back at our disposal.
    I am forwarding the tech teams apologies for the problems, but assure you they are being worked on night and day.

    Donna

    Reason due the lOAD on the SITE.

    February 26th, 2008 – 5:28 pm by Miss. Moneypenny from Phoenix, United States (Permalink)
    This was in my inbox -
    Hi Teams,
    The site is still under heavy load. I am going to turn off a couple things temporarily to lower this load. The things I will turn off now are:
    1. How do you know this person list on each person’s profile.
    2. List of my groups on the home.html page
    There could be other things we have to disable too temporarily and I will let you know if/when we have to do this. We are currently putting a lot of time and attention into scaling and databases in general to
    ensure that as CS grows, we will be able to handle the load.

Comments are currently closed.