Mr. Duckford wrote: » Hello, First off, sorry if this is the wrong forum (again?), wasn't sure which one too choose from. I assume since my first post was removed from the "After Hours forum", it was the wrong choice? If there is something wrong with this post, please let me know rather than deleting it without me knowing why. I'm a web developer and back in 2012 I signed up on the dating website anotherfriend.com. Back then I noticed the absolutely poor security quality of the website. The company stores all photos by naming the photos using consecutive numbers, so that all photos are publicly accessible. Even photos that users specified to be "private" are publicly available. On top of that, photos that users "delete" from their dating profile, are not being deleted from the server. Same applies to photos from deleted or deactivated accounts. Once uploaded, all photos are permanently kept (unless it violates their T&Cs). They have roughly a half a million photos on their server, many of them suppose to be deleted or private, but nope, all accessible by the public. This is unacceptable on every level. I reported this issue to the anotherfriend.com back in August/September 2012. Support replied by saying they will forward this issue to their developer. Now almost 3 years later and nothing has changed. I find this totally unacceptable, especially because this is not a bug in their system, but very poorly designed system. Image names are suppose to be what is called "hashed", so people cannot guess the file name. They claim to be Irelands biggest dating website, but have a system in place that a 16 year old web developer could design better. Seriously, this company seems to have absolutely respect towards user privacy. Here is a script I quickly wrote in a few minutes, demonstrating this massive privacy issue. [link removed] How can one report this when the company itself does not take this serious and just ignores it?
Sheldons Brain wrote: » Talk to the Data Protection Commissioner. the 2012 report claims an "inspection" of Anotherfriend.com.
Mr. Duckford wrote: » Seriously, this company seems to have absolutely respect towards user privacy.
Gordon wrote: » I presume you mean 'no' respect towards user privacy? If so, I find it surprising that you've publicly posted all of these private photos by posting a link to your script. Please don't do that again.
Other than [sensitive personal data], which is covered under the Privacy Statement, any material that you transmit or post to this website... will be non confidential... The company will have no obligations with respect to such material...
Information we collect from you... during your membership of the Site is used... to provide you with the anotherfriend.com dating service. By submitting this information you are expressly agreeing to us processing that information in accordance with this Privacy Statement. Please remember that due to the nature of the membership of the Site, any information that is disclosed to anotherfriend.com can become public information... ...all information which you submit for inclusion on your profile will be publicly available on the Site. Anotherfriend.com will not disclose any personal data of a sensitive nature without your express consent, except in so far as you have included it on your "Profile"... Personal data includes Photographs of yourself which you may post to the website. Please take care to either post to the public or private gallery...
The data shall have been obtained for [a] specified, explicit and legitimate purpose, [and] shall not be further processed in a manner incompatible with that purpose...