« Rearranging the languages/ folder
Hardening admin security
A few things about the alpha and its bugs... »

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Hardening admin security
« Reply #15, on November 6th, 2012, 01:57 AM »
That assumes you can figure out the carrier from the phone number. Oh, and it doesn't work on all carriers. Mucho headache involved. (Been there, done this.)
When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest. | Game Memorial

MultiformeIngegno

  • Posts: 1,337
Re: Hardening admin security
« Reply #16, on November 6th, 2012, 01:58 AM »
I know, I was referring to tracking when I said iframe or JavaScript. I think I know a lot about Google's tracking. I saw 1+ hour of a conference of a guy called Matteo Flora, who studied for a while Google's tracking methods and published a lot about it. Summing all Google's method to track users, he ended up that 99,7% of all the websites are "analyzed" by Google in some ways (Analytics, Adwords, google DNS, Firefox's search bar and a lot of others). So, it's almost no info for Google that X user admins X forum, they already know it! And, likely, in the domain WhoIs there's also your home address :P

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Hardening admin security
« Reply #17, on November 6th, 2012, 02:01 AM »
He said that '99.7% of all the websites are analysed', what does that even mean? It doesn't actually mean anything, because it's not about the sites, it's about the users...

And it's also not about what you think it is... so what if Google has my home address from my domain records? That's of no use unless you can validate that it is me browsing, or that the person browsing from a given IP address (or with relevant cookies) is a certain person, whose habits you already know and can serve up appropriate ads. What information you think you have and what you give Google is almost certainly not what you think.

If you genuinely understood the risks that Google poses to privacy, you wouldn't be recommending them at all.

godboko71

  • Fence accomplished!
  • Hello
  • Posts: 361
Re: Hardening admin security
« Reply #18, on November 6th, 2012, 02:02 AM »
Quote from Arantor on November 6th, 2012, 01:57 AM
That assumes you can figure out the carrier from the phone number. Oh, and it doesn't work on all carriers. Mucho headache involved. (Been there, done this.)
Oh I know, though since its for admins it could be a phone number field and a dropdown with supported carriers. Would have to be a plug in (not for you to make just a general thought haha) though not core to much to keep up with and not a wide enough support net to worry about being in core.
Thank you,
Boko

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Hardening admin security
« Reply #19, on November 6th, 2012, 02:03 AM »
*shrug* I gave up worrying about this being in core earlier this thread when I realised the hassle it would actually cause, because if I make it core, it's going to screw users over who shouldn't be using it, and it's only going to lead to more of the above in this thread, namely 'Why don't you use <third party service>' which would send any sane administrator running for the hills.

MultiformeIngegno

  • Posts: 1,337
Re: Hardening admin security
« Reply #20, on November 6th, 2012, 02:11 AM »
Quote from Arantor on November 6th, 2012, 02:01 AM
He said that '99.7% of all the websites are analysed', what does that even mean? It doesn't actually mean anything, because it's not about the sites, it's about the users...
It's actually the same. They just need you to be logged in on one site they have their code in and they can easily associate your IP with some data (username, name and in their best case, email).
Posted: November 6th, 2012, 02:08 AM

I'm just saying this:
If you're concerned about your data, you can switch back to "normal authentication". If you're already using some Google service and/or a smartphone with location services and/or adding your data to a website that use Adwords, Analytics and so on, it's not a big deal to tell google you're the admin of X forum. If you're using these services/sites and you're concerned about your privacy, you should rethink your way of being online

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Hardening admin security
« Reply #21, on November 6th, 2012, 02:13 AM »
No, it's not the same. Apart from the fact you have no idea whether he's referring to pages or entire sites or not, or his sample size - 99.7% of 1000 sites polled might reveal interesting results depending on what the 1000 sites were, assuming he even went to 1000 sites to collect that data.

I'm also pretty sure Google doesn't track me very well, because I value my privacy... Getting a little off topic but I'm willing to keep arguing about this if you are.
Quote
If you're concerned about your data, you can switch back to "normal authentication". If you're already using some Google service and/or a smartphone with location services and/or adding your data to a website that use Adwords, Analytics and so on, it's not a big deal to tell google you're the admin if X forum.
Or you could just not install this in the first place since there was precisely zero chance of it ever becoming core using Google, slim enough chance of even the lesser variety being a core feature, but I value a simpler life, so maybe someone else can implement this idea instead of me.

Anthony`

  • Posts: 53
Re: Hardening admin security
« Reply #22, on November 6th, 2012, 02:18 AM »
In my opinion, I don't think implementing Google Authenticator as a core feature is really appropriate. If anything, a plugin would probably be more suitable.

MultiformeIngegno

  • Posts: 1,337
Re: Hardening admin security
« Reply #23, on November 6th, 2012, 02:25 AM »
Quote
If you're already using some Google service and/or a smartphone with location services and/or adding your data to a website that use Adwords, Analytics and so on, it's not a big deal to tell google you're the admin of X forum. If you're using these services/sites and you're concerned about your privacy, you should rethink your way of being online
I think that it's important to understand what implies what. It's important that people know how to protect their privacy. I'm saying this:
if you're concerned about some info, nowadays you have to have some technical knowledge. I don't know the % of gmail market share, but it's huge. Now think about the normal user, they go to google, search for something always from the same pc, than maybe use youtube or their phone to look for a route. Google already started gathering your data (about location too if you use your phone).
Also if you use google without logging in on one of their services, then maybe you login on a forum that use adsense, they won.
What I'm saying is that it's really DIFFICULT to hide.
You should be an aknowledged user to do that! And an aknowledged user would know how to disable this method with the manual way.
« Rearranging the languages/ folder
A few things about the alpha and its bugs... »