Hahahahaha ... I have always thought that they can do everything, except for fixing the bugs on this site ...
Sanchez is not one of the creators of this site =)
and no, you cant see other peoples messages.
Not only can they read everything, but they have special X-Ray scanners so they can see through the clothes in all of the photos that we post. Somewhere in the WLIB archives are 10,000,000 pix of all of us naked.
we also know the name of every members grandmother !
@Ted, pics or it didn't happen!
1: they have access to the database server of the website, so, yes, if they want to, they can read all of your messages.
2: the site is hosted in China, and as far as I understand Chinese internet laws, the government can pretty much at any moment require to inspect the data on your servers, so the government, if they want to, can also read all your messages.
3: this website's security is (was?) very poor. I was at a time aware of a security flaw that any one could use to gain full access to any account. This however (the flaw that I did know about) has been corrected now. It does not mean that there are no other flaws that could be used. And like Qwertyt said, everything can be hacked. If they could find a way to gain control of the Iranian nuclear plants, sure it's possible to gain control of this website.
4: it's very weird from Ted who is one of the people who make this website to come here and pretend that they don't have the ability to read messages. I know the exact message is "you cant see other peoples messages." but the question was not about "you" common users but about the people running this site. The answer is yes it is possible, and your terms and conditions of use of this website do not even warrant the users that you will not do it or only do it under special circumstances.
Saibo: my reply was directed to what Sanchez wrote.
Creators of a website can always read messages of the users, its our code, our database, even if the messages were encrypted we would hold the key to decrypt them.
But! We DO NOT have a system where we can easily read users messages, we would have to manually write SQL queries into the database to pick out messages and this is something none of us have the time or interest in doing.
Only if we suspect a user using the site for illegal activities we would
go into the data of that user.
About the security aspects, and also the bugs on this site.
We are a small team of developers that have developed this platform
for many years. Technologies come and go and we need to keep up with them
while at the same time maintaining a HUGE code base.
We are right in the process of porting big parts of the code base to new enterprise technologies and bugs will appear when we do this.
We are thinking long term, instead of short term. With a strong foundation the bugs will be automatically dissapear one by one.
Hahahaha ... Ted ... stupid questions:
1. When you "keep up", how do you handle old and outstanding bugs?
2. I have asked this same one a few times in the past ... with what, and how, are you maintaining the code? Though it does not seem to happen much these days, quiite often in the past, fixed bug(s) would re-appear when new features were added ...
Saibo ... even more stupid question ... to whom if you might have told about the "backdoor"? I am just curious ...
Saibo told us about the possibility of doing cross site scripting on the site which we are very grateful for. It already fixed but I would not be suprised if there are some places of the site where its still possible.
Some bugs are not prioritized, we are working on a lot of things that need to be taken care of for big sites like this.
advanced distributed datacaching, backend to frontend security, admininistration tools, single sign on, etc..
Right now we are more likely to replace a whole module instead of fixing the small bugs in the existing one.
I'd like to add that this is the case on any given website. Facebook, Google, Renren.. they can all access all your data - if they really want, and are willing to (probably) break company policy and international/local privacy laws.
However, I think most developers are more focused on obtaining a level of security that prevent anyone to access data, than actually sneaking around reading private messages.
Even though I'm one of the creators and (frontend) developers of this site, I dont even have any program installed for managing the database. And I can assure you that the rest of the team has no interests of reading your messages.
You should be more concerned about getting hacked on a open network at any given restaurant or café where you hook on to a open network. Then it's fully possible for anyone on the same network to sniff your login and password to ANY site. There's even a firefox plugin that does it for you - and another plugin that adds a patch so they cant sniff it :)
Alright.... *back to work*
Do I care? Not really. WLIB privacy would be the last thing I care on my 'I Care' list. It's not like this is my paypal or something. But I do think they can read our messages, and I would
do the same thing if I could because it's kinda fun and it doesn't do any harm.
@DingDang: I reported the flaw directly to some Kent or Ole, or Pete, can't really remember. (Only after I made an entire copy of your private messages, and wow! there's dirty stuff in there haha! ;-)
But just as Ted said, the only way that your messages would be completely secure from the owner of ANY website that stores them would be that the data in their database would be encrypted and encrypted with a different key for each user and the user would have to provide the key everytime he wants to read a message. BUT no matter how, there is a moment where the message would be clear on their (not WLIB, ANY website is the same) side before they send it to you. So you'll never be able to hide a message from someone you gave the message to.
And you know that if they can hack banks to get credit card numbers (which happens ever year), or the Iranian nuclear power plants, then if someone really wants to, he'll find a way to get your messages from any website just the same.
I think hacking anyone's Hotmail account will cost you no more than $20 if you dare buy this kind of software for example.
Hahahahaha ... unless you are talking about some girls' MSN and phone numbers, or that who told me they need to be on a diet when they are already fairly slim, if you should find anything really "dirty", it most likely can be washed away with a good piece of Lux soap ...
Maybe we should send a usb stick with all your messages to wikileaks and see which leak starts a war first ;-)
They already have 250 000 US emails to deal with, it'll take time before they can go through the more than a million message from DD!
Hahahaha ... I am sure I dont have that many ...
Jenny&King, if you are texting about certain content that is frowned upon, the party may do all kinds of things with your phone. Remember, unlike this website, the party actively reads every text message that you send (although mostly using computers, I assume). I had a friend whose phone was mysteriously locked shortly before she was forcefully deported.
Q: Can the WLIB creators read your messages?
A: Partly correct. Only developers with direct access to the database on our servers can do this. The other's cant.
Q: Are the developers reading my messages?
A: No. Our developers have way more important things to do than sneaking around in people's private messages. Seriously, why should they?
Q: If I don't believe you! what can I do?
A: Well... You can stop using the internet. Even facebook can read people's messages if they really want to. There's no site on earth where this is not possible.
Q: Anything else I should know?
A: Yes. Stop worrying, you have no reason to be paranoid :-)
SELECT userFrom, userTo, messageText FROM privateMessages
It's not exactly hard, and like everyone said, it's not like the DB people who run basically ANY website can't do this.
SELECT userFrom, userTo, messageText FROM privateMessages WHERE privateMessages ~ 'sex' OR 'naked'......
its used for searching texts that contains certain strings.
if you have a text that says "Im so funny"
and your query goes
...WHERE column_name ~ 'm so f'
will find it
ohh and its postgres :P
Hahahahaha ... now I know why that looked unfamiliar ... I mainly use(d) the Microsoft stuff ...
Well, I did ask my boyfriend, who is one of the founders of this site, that if he can find out my password and check all the messages I've got. He told me it is possible, but it is not that easy and he doesn't have time to do so. It is true that people who are working for WLIB are very busy with their work. They really want to make this site better and better so everybody can have more fun here :)
You should be more afraid of people who can read your MIND. Like me.
You're thinking about dicks.
I actually don't have any IT background, so I cannot tell you in details what they have been busy with. All I can tell you is, there are bugs, in your words, more and more bugs here because they are changing the whole site to a new language/ system (see, I have no idea how to explain it~~), and after the project completed, WLIB will be so much more stable. The team is also working on developing more applications so people can have more fun here :)
You're clever. I suppose in the case of your mind, there's more than enough room for the balls, too.