Apparently not on the internet, but you probably knew that already.
I have a pixel graphics subscription site - Doodlebug Pixels. I use a membership script called aMember Pro to manage my member area and to handle payments through PayPal. One of the first things I noticed when I installed aMember about 6 months ago was that there is absolutely no encryption on passwords, i.e. anyone with access to the admin panel can plainly read the password information of each member.
aMember is a very popular script with pixel subscription sites similar to my own. Those not wishing to pay the high price for it ($139.95 on SALE - it’s been at that “limited time offer” price since I purchased it back in May) and attempt to make sense of the broken English in the user manual use standard webprotect through cpanel, set up with login information provided by subscribers.
All in all, this makes for a lot of unsecured passwords floating around the pixel community and a lot of reliance on the morals of the website owners keeping them. Unfortunately not every person out there is ethical and a couple of days ago I heard something on the e-grapevine that I found very disappointing. Apparently a certain webmaster decided to take advantage of the smorgasboard of login details provided by her subscribing members and use them to login to other websites without the consent of the people belonging to them; essentially gaining free access to sites that her members had paid subscription fees to access.
This really pissed me off! Virtually every website that I own collects various forms of personal information from members. I would never, ever even consider using the personal information entrusted to me in any way that wasn’t intended to benefit my users. I certainly wouldn’t take advantage of my position and access to the personal information of my members for my own benefit.
After a bit of thought, I set up a quick page about privacy in the pixel community and why confidentiality is important - http://privacy.doodlebugpixels.com
Basically, pixel website owners wishing to show their members that they believe in confidentiality and the protection of private information can display one of the buttons I have provided on their site, linking back to my Privacy Protected page. In return, I add them to the list of privacy supporters. Simple concept, yes? Yeah, I thought so too until the woman that inspired this little project decided to submit her site and display the button on her site. Honestly, I’m baffled by the nerve of this woman. Her submission was swiftly followed by another email asking if I would trade memberships with her. Not likely!
Despite that little bump in the road, I’m pleased with the response this idea has received. I virtually had 30 supporters overnight and already have plans for more information to add…
Tom responded on 27 Nov 2007 at 9:11 pm #
Kinda laughable that the person whose behavior brought this about actually had the nerve to apply herself Requesting yet another membership trade was likely to add to her collection of misused private information, no doubt. At least you did not identify her here. Good to see at least some people online have some decency — even if she doesn’t deserve it.
casey responded on 27 Nov 2007 at 9:19 pm #
Unfortunately I can’t really accept the compliment about not identifying her :[
Earlier today I added a “blacklist” to the site. It’s not something that I really wanted to have to do because the site was intended to be about protecting members, not finger pointing. Even though I denied her request to be on the supporters list, she has not removed the button from her site. I think that allowing her to display the button along with the rest of the supporters that actually do believe in protecting their members makes the entire thing pointless.
So, I added a blacklist and the URL of her site is listed there. URL only - no names or other information.
Tom responded on 27 Nov 2007 at 9:44 pm #
Haha. Well, at least you didn’t identify her HERE. >_>
Yunie responded on 28 Nov 2007 at 3:28 pm #
LOL. I clicked the link on the Blacklist and it said ‘Piczo Website Not Found’. Did she delete it or something?
Congrats on getting so many supporters so quickly ^_^.
Tom responded on 29 Nov 2007 at 6:28 am #
Oh wow. She must have deleted it. It was still there last i looked.
I almost feel bad for her. Judging by her behavior, I’d guess (hope) she was young. She brought it upon herself. Maybe she will learn from this and start over somewhere else.
Fred Fredrickson responded on 30 Jan 2008 at 3:47 pm #
The best defense is to always use a different password on every new account and service you join.