Loading Profile...
How do I protect from Identity theft?
It seems that to use ping.fm I need to give all my logins and passwords up to the system. So if I found my identity stolen, how would I be able to follow up? I can't see who owns the site legally. It looks great - but isn't this a fatal flaw?
I’m Paying attention to detail
1
person has this question
I have this question, too!
Tell me when someone answers.
The more people who ask this question, the more it gets noticed.
The more people who ask this question, the more it gets noticed.
Create a customer community for your own organization
Plans starting at $19/month
-
Inappropriate?It depends on what you mean by identity and identity theft. We do not ask or require any personal information at all, so it would be impossible for us to steal your identity.
If you mean identity as in the ability to post on your social networking site, that does not really meet the definition of identity (or possible identity theft) so the topic is a bit misleading. Of course we would not ruin our reputation by doing such a thing, but I understand your concern. We don't "want" your passwords, but to provide the service, we do need them. It would be nice if more sites used alternate forms of validation like we do with the application key.
Our domain is registered as public, but some lookups (such as internic.net) will not show .fm domains for some reason. We are also a legally registered corporation in the state of Oklahoma.
I’m Anonymous.
-
Inappropriate?"We do not ask or require any personal information at all, so it would be impossible for us to steal your identity"<<
- I can't see that. You'd have my Linked in details... which has my name and CV... You'd have my Facebook details that lists all my friends and family. These might even have personal messages or emails. The fact that you don't ask for my name is somewhat incidental if you have login details to every place where I DO have my name, wouldn't you say?
I'm not saying that the service is malicious - just that it is quite a leap of faith to give your inline identity to a complete stranger.
Maybe we should set up a self regulating validation service, where companies storing data like this can register and sign up to a code of conduct subject to scrutiny by the service? A "Verisign" for Mashup privacy, for example.
You wouldn't be anonymous if I had YOURT Facebook and Linked IN login details would you?
Still - EXCELLENT system. I am not complaining about a great idea, and you are not alone. Many web 2.0 apps need to share personal data to work. Something's gonna go wrong somewhere though!
I’m practical
-
Inappropriate?Identify theft is generally referred to as stealing money or committing fraud using someone else's identity. We do not ask for any information, such as social security number or credit card information, that is not required to perform our service.
Any of the social services you use through ping.fm also have the information you have given them. For most of this information, it is also available to anyone on the internet. As with any social networking site, it is up to user discretion on what data you enter. If you have information on your LinkedIn that you do not feel safe with us seeing, it is up to you to share your login information with us, and probably better to not enter it on LinkedIn to begin with.
We do what we can to keep your username and passwords secure on our system and we feel safe with it. We understand users will have their reservations about giving us their login information. I don't consider this a fatal flaw, it's just part of the service we provide.
I’m confident
-
Inappropriate?You are not required by any means to use the service or give them your usernames and passwords, but then you won't be using the service.
I’m not in a mood
-
Inappropriate?I don't know about all the networking sites, but Facebook allows a 3rd party app access to ALL your information, even the information you may keep private from other users. They have full access to all your lists, your email, phone number (if you store it there). Anything you can see, the 3rd party app can see.
Here's an article that talks about it:
http://www.cs.virginia.edu/felt/privacy/
Ping.fm may be honest. It is probably in their best interest to be so. Can they guarantee that all the 3rd party apps that hook into them are honest? How do they protect you if somebody hijacks your online identity and get's you sued for anything from racist threats to stalking? I'm not sure. My simple solution is "no thanks" until somebody comes up with a better API than the one Facebook uses, where I can release only selected information to 3rd party apps. -
Inappropriate?A few good points.
1.) There needs to be a better and standardized API paradigm that can and should be used by sites allowing third party access. It's impossible to maintain security consistency with all of the API schemas. Maybe someday one will exist. In the meantime, at least for us, we ensure data security. We go through multiple layers of security to protect sensitive data.
2.) Our third party developers are bound by a terms of service that prohibits misuse of our API. Also, the API doesn't expose any data to the developers other than your Ping.fm App key. If you find this to be compromised, you can easily reset they key yourself (http://ping.fm/key/). Now, we monitor usage very closely. If we suspect a developer to be using their access in a not-so-friendly way, we will not hesitate to destroy their account and any ties to the API they might have received.
And, on TOP of all of that, our staff personally reviews each app that is submitted. Only approved apps will have access to be distributed among other users. If you have any more questions or concerns, feel free to post here, or e-mail me directly. sean a ping d fm.
I’m
-
Inappropriate?First off, I think this is a great service with potential to become something bigger and better. A couple things:
1. When you refer to the need for a 'standardized API paradigm' for third party access, it's clear that you recognize the value of the data you're dealing with. (Thank you for using AES-256 to encrypt our third-party account authentication information between our browsers and your servers.) The closest thing to that standard API is OAuth [1][2]. Many services are beginning to realize that the liability of one lawsuit far surpasses the cost of implementing OAuth to protect users from malicious intent. I wouldn't want to hold that many passwords either.
2. Terms of Service are great. But telling hackers to 'behave' and relying on users to determine that their accounts have been compromised might not be the best angle to approach this from. It must be difficult to monitor API usage.
3. I would really like to use ping.fm to make my web life easier. I could see alot of value in a matrix listing the Service Name, OAuth Y/N, Plaintext Y/N, and Feedback/Contact links for each service. Users will help push third-party services to implement the appropriate protections for their data. Most services don't have great support like you have here, but an 'email your representative' link could go a long way.
[1] http://getsatisfaction.com/pingfm/tag...
[2] http://oauth.net/code
I’m two confident
EMPLOYEE
EMPLOYEE
