Slashdot Mirror
42% of Web Users Sneak Onto Others' Online Accounts
An anonymous reader writes "In an online survey, 42 percent of Internet users admitted to logging into other people's email and social networking accounts without their knowledge. The poll doesn't ask if passwords were found, granted, or stolen — which would make for further interesting results. The write-up summarizing the results defines the respondents as part of an "educated tech-readership" and questions the ethics of logging onto someone else's account, and whether those differ depending on the person and relationship."
I knew this chick who got her boyfriend's password by looking over his shoulder. She used it well after their relationship ended, out of some mix of jealousy, spite, and hope that they'd be together again. She would make letters from other girls disappear, know when to make inconvenient calls/appearances, and whatever else it is that a manipulative, batshit insane, ex-girlfriend does. It was pretty funny. Point is, I suspect most breaches of passwords are of this sort of nature rather than really sensitive commercial stuff, so it's all lulz and it's all good.
does bugmenot count?
Ask me about repetitive DNA
Like all surveys that want to portray a 'shocking' result, it all comes down to the wording of the questions. It is very easy to get a respondent to tick yes on a question that asks "do you log in to other people's accounts" by first baiting them with a whole bunch of rubbish like "do you help others with their IT issues" and so on.
Without the actual survey, the results are, in my opinion, just as good as made up.
Dan. -- So what if it's spelt wrong, nobody's perfect
According to YOU . I don't give my passwords out to anyone. I catch anyone using one of my accounts I will prosecute to the fullest extent of the law.
You may not value your privacy, but it is a little bit arrogant and presumptive to assign the same value to everyone else's privacy.
I actually caught a previous girlfriend cheating once by using a packet sniffer!
I was living with her and things went all wonky (no sex, she started crying all the time, etc.). One day she went to visit her 'friend' who was flying in, he'd only be on a six hour layover and she was going to keep him company. This is no big deal to me, since I would be expected to be able to do the same.
Long story short, I was learning Wireshark at the time, and was already logging all sorts of traffic from common protocols (DHCP, WINS, AIM, etc.) at the gateway just for fun. A week later when I was going over the logs, now with a bit of curiosity since she was acting very -odd- after her return from the airport, I saw that she started an IM session with her best friend as soon as she got back from her visit. The contents included details on some kissing, and a plan to 'stick with this guy until the other guy is heading out again in six months, then leave with him'.
That relationship ended that night.
"Sometimes, I think Trent just needs a cup of hot chocolate and a blankie." -Tori Amos on Nine Inch Nails
or "auto-saved" in their web browser.
Yea, auto-forwarding someone's gmail is easy as pie.
Gmail should require you to re-enter the account password before allowing an auto-forward address to be saved.
[Fuck Beta]
o0t!
Heh. I've never caught anyone cheating on *me* that way, but I did once use the ULOG target of iptables to help a former roommate catch her boyfriend in adult chatrooms on Yahoo. He was impersonating a black man with an 18-inch penis, and fantasizing about simultaneous penetrating pregnant woman and her unborn fetus, with lethal results for the fetus.
I needed to wash my brain out with bleach after that one. Amazingly, she stayed with him two more years.
"That relationship ended that night."
The look on her face must have been classic. Good for you man!
Download free e-books, lectures, and tutorials at bookgoldmine.com
My ex used to get mad because I absolutely refused to give her any of my passwords besides my WPA password.
Those people annoy. A lot.
She didn't understand security at all. Later I found out she had been reading her boss' private email
That kind of thing lands people in actual jail with actual bars.
I"m glad I don't trust anyone.
I have people I'd trust with every bit of credentials I have, yet I don't give it up to them either. There is simply no need. If it arises, I can reconsider -- or SIMPLY give them their own login.
Always log out of public computers, never allow them to store private information. It's a good idea to clear private data or reset the browser on public computers as well.
I don't consider public computers safe, at all. You have no idea what their security policies are, you have no idea who has been tampering with it, you have no idea whether there is a physical keylogger attached somewhere, you have no idea whether the box has a rootkit, etc.
It's fine for browsing, but only if you don't care that anybody finds out what you are browsing for.
If you live with other people or have guest over you should password protect your computer.
100% agreed. Especially on occasions like parties. If your computer provides the entertainment (music), make sure you have it in your sight always -- or make a user account specifically for that, with all other access blocked. Yes, your friends will snoop on you, think it's "funny" to read your mail, mail something from your mail, put something on your website, chat on IRC under your name, snoop around in your cache, look for porn on your computer, etc. I don't know why that is, but even friends I'd call upstanding, usually responsible people can sometimes give in to this.
The flipside is that I know user credentials for, probably, dozens of people -- or knew them at some point. People do give up their login info, their "standard" password, etc. easily if you help them fix their computer, fix their problem, or show them stuff. I make a point of forgetting them (and never using them outside that incident), but in some cases that's just not possible (you probably know "that guy" who uses a simple password for everything from his user account password to his homebanking PIN ...). I suspect many people in support positions are in the same position. That's a lot of trust and responsibility which is easily (and often untracably) abused.
Then think of system administrators -- do you know who has root on all the mailservers your mail may be passing through ? System- and Network-administrators can untracably read pretty much everything that is going on on their network. Often, people do not even realize that this is the case. I suspec this is why end-to-end cryptography is just not a hot topic with many, many people -- they simply do not realize who all has access to their (private) stuff. And if they do, they might still use the same password for their GPG passphrase as their POP3 account as their various forum passwords. Whoops.
A student I failed on a course did that to me once, using my email address to set up a sale on ebay that they then screwed buyers over with, to try and cause me trouble.
I didn't think to use password recovery, but I did send ebay an email detailing the account, and the fraud.
No idea what happened after that, but the emails from 'customers' stopped.
A learning experience is one of those things that say, 'You know that thing you just did? Don't do that.' - D. Adams
At my job, we have a secure database where each person has their own credentials to get in. As a troubleshooter for my work site, I have an administrative set of credentials that allows me to access everyone's records in case they run into problems that they want me to fix. The system logs changes to the records, so if they change something it tracks to them, and if I change something in their records it tracks to me.
My administrative credentials are not under my control, i.e. I can't set my own password. The people at the next level up can do this, but I cannot.
This seems wrong to me, but when I try and explain this to people they don't see the same issue that I do. Namely, a password is pointless if someone else knows it. Whatever my superiors can do with my login, they can just as well do with theirs. I've known them for a while and have no reason to suspect any malfeasance, but that's not how you design security.
My sister is in a similar situation at her work where the IT department determines everyone's passwords. I was trying to convince her that this was less than ideal, and she just boggled at me. She works in politics and there's a lot of potential for spying from a rival party. If IT sets and can retrieve anyone's password (which they can in this instance), they could easily frame someone else for this kind of espionage by impersonating them. That's not to mention that if passwords are stored someplace on the system in an easily readable format, that's certainly a flaw in the security design.
Maybe I'm alarmed over nothing, but I don't think so.
When the axe came to the forest, the trees said, "Look out - the handle was once one of us."
That's disgusting. And I'm not speaking of his very private sexual fantasies, but using packet sniffing intending to "catch" your partner in adult chatrooms. I'm glad that your friend seems more sensible than you.
:wq!