inherit
141562
0
Jul 30, 2009 21:06:02 GMT -8
TheSmoothieOfDoom
6
June 2009
daimakaicho
|
Post by TheSmoothieOfDoom on Jun 21, 2009 21:22:00 GMT -8
Let's say that on my forum, I am the programmer for it and I wish to add a PHP based tracker. It would track all members and guests, showing their usernames, IP address, and where they are on the forum. It would only be viewable to those I give the password. Is this allowed?
|
|
inherit
141700
0
Jun 22, 2009 1:02:29 GMT -8
ASimpleName
16
June 2009
shirogake
|
Post by ASimpleName on Jun 21, 2009 21:28:27 GMT -8
This specific tracker is also hosted on a separate website, and is also linked to an automatic threat detection system I will let TheSmoothieOfDoom describe. I am not certain of the details of this system, but I believe that, with a little modification, it could also track people off-site.
|
|
inherit
141562
0
Jul 30, 2009 21:06:02 GMT -8
TheSmoothieOfDoom
6
June 2009
daimakaicho
|
Post by TheSmoothieOfDoom on Jun 21, 2009 21:30:22 GMT -8
If a user is on any URL that is not allowed to non-staff or attempts to modify the forum or a staff member, it sends an alert to the forum users via a Green, yellow, Red, or Black light that is located in the news flasher and many signatures. I would get a text message if it gets to red or above.
|
|
inherit
141700
0
Jun 22, 2009 1:02:29 GMT -8
ASimpleName
16
June 2009
shirogake
|
Post by ASimpleName on Jun 21, 2009 21:32:09 GMT -8
Well, it's more specific than that and the minimum alert for a text is yellow, but that's basically it. Also, there is a "threat reason" image, which shows vaguely what happened to trigger the threat. For the programmer specifically, it also shows the IP and username of the person who triggered the threat.
anyhow, back to the main question. Is this alright with the ToS?
|
|
Kami
Forum Cat
Posts: 40,064
Mini-Profile Theme: Kami's Mini-Profile
#f35f71
156500
0
Offline
Jul 24, 2021 11:48:29 GMT -8
Kami
40,064
July 2010
kamiyakaoru
Kami's Mini-Profile
|
Post by Kami on Jun 21, 2009 23:16:37 GMT -8
I'm about 99.9% certain the answer is no, at least for the 'where they are on the forum' part. As far as I'm aware, ProBoards considers knowing where a person is on the forum [aside from the anonymous 'x viewing' text on a board] as a violation of privacy.
As for the other stuff...I don't understand what the alert is?
|
|
inherit
141700
0
Jun 22, 2009 1:02:29 GMT -8
ASimpleName
16
June 2009
shirogake
|
Post by ASimpleName on Jun 21, 2009 23:22:06 GMT -8
Here is a link to the forum in question. Threat level: Threat reason: Thank you for your response. The livetrack (as we have taken to calling it) system will be removed shortly, I'm sure, once we can contact someone with some access to the headers and footers.
|
|
Kami
Forum Cat
Posts: 40,064
Mini-Profile Theme: Kami's Mini-Profile
#f35f71
156500
0
Offline
Jul 24, 2021 11:48:29 GMT -8
Kami
40,064
July 2010
kamiyakaoru
Kami's Mini-Profile
|
Post by Kami on Jun 21, 2009 23:26:27 GMT -8
Here is a link to the forum in question. Threat level: Threat reason: Thank you for your response. I understand what it accomplishes, thank you. I was meaning to say, what does it consider a 'threat'? According to the post, "If a user is on any URL that is not allowed to non-staff or attempts to modify the forum or a staff member, it sends an alert to the forum users via a Green, yellow, Red, or Black light that is located in the news flasher and many signatures. I would get a text message if it gets to red or above. " However, if a URL is accessed that a non-staff member cannot access [set through forum settings] the member will receive an error message stating they are not allowed to access that particular URL, and they CANNOT do anything on it. If the member attempts to modify the staff, or the forum, and they are not staff...well, they can't. That option will not be available to them. If they're doing it, they have access to the account of a staff member that does, and they are ON that account, not their own. Therefore, the tracker wouldn't flag it as a threat, as the account itself is fine. It wouldn't do anything.
|
|
inherit
141700
0
Jun 22, 2009 1:02:29 GMT -8
ASimpleName
16
June 2009
shirogake
|
Post by ASimpleName on Jun 21, 2009 23:32:06 GMT -8
This also applies for staff. We have had several renegade staff/brute force attacks/etc, etc on our forums, so this was added.
Basically, if someone attempts to delete or modify a high staff account, or delete or modify major boards or categories, it will automatically warn the forum and the person may be banned. This has already been proven helpful when our administrator tested our defenses with several brute force attacks. We successfully changed all of our passwords and temporarily demoted the high staff members until the threat had passed. None of the attacks managed to enter.
Anyhow, one case that does set it on red alert, but would be basically useless, is if someone using the admin account went to the "delete forums" page. It would trigger a red alert, but the forums would be basically gone by that point anyway.
To summarize, this isn't defense against non-staff, but defense against staff and brute force attacks.
|
|
inherit
141562
0
Jul 30, 2009 21:06:02 GMT -8
TheSmoothieOfDoom
6
June 2009
daimakaicho
|
Post by TheSmoothieOfDoom on Jun 21, 2009 23:32:14 GMT -8
Indeed. However it still sends an alert. Also, it is considered "tampering with security" and is a bannable offense for even triggering it.
|
|
inherit
141700
0
Jun 22, 2009 1:02:29 GMT -8
ASimpleName
16
June 2009
shirogake
|
Post by ASimpleName on Jun 21, 2009 23:36:17 GMT -8
Well, a temporary ban and a 50% warning, but that is unrelated to whether it is against the ToS to have one. It makes use of the knowledge of what pages people are on, but it is anonymous to all except the very high staff members, and even they can only see the username and IP of the person that triggered it.
|
|
Kami
Forum Cat
Posts: 40,064
Mini-Profile Theme: Kami's Mini-Profile
#f35f71
156500
0
Offline
Jul 24, 2021 11:48:29 GMT -8
Kami
40,064
July 2010
kamiyakaoru
Kami's Mini-Profile
|
Post by Kami on Jun 21, 2009 23:37:21 GMT -8
Indeed. However it still sends an alert. Also, it is considered "tampering with security" and is a bannable offense for even triggering it. I don't think you'd be able to, due to TOS - if they're accessing a URL, then the tracker is sending information about where they are, which is an invasion of privacy and therefore against TOS. If they're attempting to modify an account that's not theirs, or the forum itself, the tracker wouldn't be able to flag it as inappropriate, as it's from an account that's allowed. Well, a temporary ban and a 50% warning, but that is unrelated to whether it is against the ToS to have one. It makes use of the knowledge of what pages people are on, but it is anonymous to all except the very high staff members, and even they can only see the username and IP of the person that triggered it. invasion of privacy is invasion of privacy, no matter how few or many people can see it. =]
|
|
inherit
141700
0
Jun 22, 2009 1:02:29 GMT -8
ASimpleName
16
June 2009
shirogake
|
Post by ASimpleName on Jun 21, 2009 23:40:21 GMT -8
So, they are both against the ToS?
Thank you for the information. The debates can be settled now. Now we just have to get it removed before the forum is deleted...
|
|
Kami
Forum Cat
Posts: 40,064
Mini-Profile Theme: Kami's Mini-Profile
#f35f71
156500
0
Offline
Jul 24, 2021 11:48:29 GMT -8
Kami
40,064
July 2010
kamiyakaoru
Kami's Mini-Profile
|
Post by Kami on Jun 22, 2009 0:49:39 GMT -8
So, they are both against the ToS? Thank you for the information. The debates can be settled now. Now we just have to get it removed before the forum is deleted... The 'where people are' thing would be. The tracker inofitself is not, provided that it doesn't tell you where a particular user is at a particular time. EDIT: Lol, fail. xD I thought it was. To track who attempts to modify a profile or the forum, again, it'd be absolutely useless.
|
|
#eb7100
1480
0
1
May 17, 2024 2:20:01 GMT -8
Craig
208,892
September 2001
cmdynasty
|
Post by Craig on Jun 22, 2009 1:03:13 GMT -8
That's fine
|
|