Site security

    • 197 posts
    January 13, 2015 1:33 PM GMT
    Nearly every time I log in to this site, using Chrome, the icon on the address bar is a lock with a cross which means, according to Google, "Your connection to the site is encrypted, but Google Chrome has detected mixed scripting on the page. Be careful if you're entering personal information on this page. Mixed scripting can provide a loophole for someone to take over the page. This could be content third-party scripts or videos embedded on the page. If you're connected to the Internet via a public wireless network, mixed scripting is risky especially because wireless networks are easier to tamper with than wired networks."

    Advice please.
    This post was edited by Mal Ware at February 10, 2016 7:58 PM GMT
    • 29 posts
    February 10, 2016 7:52 PM GMT
    i agree with you there is third party involvement on here i have been told and it seems to recover info for what use i dont know but but it sounds like there subscribers can access this info and yes google / icon bar does what u say as i been getting it for 6 months this site has not got a cert either my anti virous flags up probs to about unauthorised info gathering i guess its this site i said about im only passing on what i have seen/ been told about so dont shoot the messenger id say its not from outside its with in the site that problem evolves id be worried as to whats going on and what info they r getting from individuals data
    • 866 posts
    February 10, 2016 11:08 PM GMT
    Mal and Tina,

    Thanks for red flagging this. As I said on another forum I'm not aware of this issue, I use the site with multiple devices (right now via an IPad) and have never had the security issue you describe and google chrome is my usual browser even when using MS software.

    In the early days (5years ago) we had issues with spam, but they were solved.

    Right now Katie is not available for family reasons, but she will be as of Monday, and I will bring it up with her as a serious issue.

    If, and it's a big if, people are harvesting data from this site then clearly we need to stop it.

    Pauline xxx
    • 139 posts
    February 11, 2016 10:29 AM GMT

    I'm still here for a while. I use Chrome (and others) and I have the green lock - the site uses SSL and the data connection is encrypted. There might be some instances where there is an external script being used, but this is rare. What I would say is that Transtastic is not a bank - there is not a great deal people would want from the data is they wanted to hijack a connection wireless or otherwise. Also the personal data on the site is very limited - NOTWITHSTANDING - security on the site has very important to me and to the members and access to data is secure on the servers with complex encryption and passwords. Of course any systems that are available on the internet are open to hacking - and no site is every going to be 100% secure.

    Take care

    • 197 posts
    February 11, 2016 12:30 PM GMT
    Sod's law. I've got the green lock at the moment which is quite unusual.
    This post was edited by Mal Ware at February 11, 2016 12:50 PM GMT
    • 29 posts
    February 11, 2016 1:10 PM GMT
    thanks pauline its hard to sort out the probs and it looks like a nightmare i think it maybe that you need to take a look at halina selfs post about this third party issue it names a site called
    • 29 posts
    February 11, 2016 1:35 PM GMT
    her msg is in general forum and has details of this site and how it performs and what it does is it anything to do with our site and does it allow others to get into our site and hack/ steal etc info not related to this site eg details in peeps computers the problem with this is what info have they got on peeps and whos looking at it, what you dont want is someone whos a member but there partner doesnt know about there dressing etc then gets something happen and it opens up a can of worms for them im not saying thats going tobe the case but it could happen but im not a techie some peeps here tranny life has tobe very private and you dont want it all over the net i dont know but it looks like this is tied into other comments made by members who have concerns about whats going on and what they are finding rgds tina
    This post was edited by tina silk at February 11, 2016 1:36 PM GMT
    • 29 posts
    February 11, 2016 1:48 PM GMT
    hi beckie i agree with you but like i said above it can go a lot further and have nasty implications for members across the board even peeps that are out/open about their life you see i have been getting warnings for a good while about third party activity on this site and things have been blocked so far and stopped and this site doesnt have a cert like others i have to say that this site has lots of probs and its a nightmare trying to get it sorted everyday im getting different probs crop up the latest is chatting to others not in chat and viewing adult pic forum
    This post was edited by tina silk at February 11, 2016 1:54 PM GMT
    • 201 posts
    February 11, 2016 2:24 PM GMT
    WTF is a hacker going to want with a picture of some fella, lying about how old he is, dressed in age inappropriate clothing who isnt even showing his face?
    This post was edited by Mia Wallace at February 11, 2016 2:26 PM GMT
    • 197 posts
    February 11, 2016 2:26 PM GMT
    • 201 posts
    February 11, 2016 2:28 PM GMT
    for a can of white ace, a packet of rizla, 10 lambert and fuckin butler and some tesco value tippex fluids?
    • 29 posts
    February 11, 2016 2:33 PM GMT
    further to the above i have looked at janrain they are big and are based portland usa they look to be a third party data gathering outfit and thats just one of many activities they have going on firstly i dont see what they want with a site like ours apart from individuals data on site or outside this site i looks as though they gather info and there signed up members eg companies/ individuals etc can access there info they have gathered .2 are hacked in to this site.3 how far do they go in gathering individuals info 4 who can access it and for what means is it being used 5 are the admin team aware of this company possibly using our site for data gathering 6 this is only a concern from me and others if this is the case can it be sorted and stopped like i say im not a techy so i my concerns maybe unfounded in conclusion are the members happy that this sort of thing is perhaps taking place and do they know about it at all any views and opinions from others may help the admin team sort the site probs out as im sure we all want a safe and great site again tina
    • 201 posts
    February 11, 2016 2:42 PM GMT
    identitiy theft is a big problem. seeing as nearly everyone on this site shares virtually no personal data as its all about fantasy alter egos means hackers arent going to get much to go on. peoples addresses arent on here. their dates of birth arent here, their names generally arent on here. their credit card details arent on here. their mothers maiden names not even here, nor the name of their first pet ffs and where they work isnt on here.

    if i was bright enough to be a hacker i'd at least taget somewhere where i would have a chance of obtaining that kind of information, instead of some bloke waving his cock about whilst wearing his wifes tights who claims his name is mary sissykins. so who really gives a fuck?
    This post was edited by Mia Wallace at March 12, 2023 6:34 AM GMT
    • 29 posts
    February 11, 2016 2:44 PM GMT
    this isnt some hacker playing around and perving this is a big company with lots of members using its site or potential info on you/ me/and others how far can they go for info/data outside the site on us
    • 866 posts
    February 11, 2016 2:45 PM GMT
    Hi Tina,

    I was about to post asking for specific details instead of links to Halina Self (who has never made any claims other than double albums) on the technical forums. Plus until your last post (above) all you have given any of us is rumour and innuendo.

    Any concrete information that you have on this website supposedly hacking this site would be useful, and I would suggest you send that in a private message to Beckie and Katie, so they can investigate it thoroughly.

    I am sure you realise that all 3 of us have always taken security on Transtastic seriously - any scammers or spammers on here get banned and hard deleted, and always have done.

    Your concerns will be thoroughly investigated and the more information that you can provide the easier it will be to get to the bottom of this and resolve it. I don't have the technical skills to do that, which is why I suggested that you send a message to B and K.

    Pauline xx
    • 29 posts
    February 11, 2016 2:47 PM GMT
    i understand what you are saying but i dont agree its how far they will go to get info outside the site etc
    • 866 posts
    February 11, 2016 2:53 PM GMT

    Just please do what I asked instead of all this whataboutery and stoking people's fears. I have told you that we will investigate - what more do you want FFS?

    The earliest you and anyone else will get an answer on Jainrain is next week - so can you please stop stoking the flames and give the technical experts time to investigate.

    Pauline xxx
    This post was edited by Pauline Smith at February 11, 2016 3:20 PM GMT
    • 201 posts
    February 11, 2016 2:54 PM GMT
    i wouldnt have even indulged her with that reply Pauline but I understand your role as site mod
    This post was edited by Mia Wallace at February 11, 2016 2:55 PM GMT
    • 29 posts
    February 11, 2016 2:57 PM GMT
    thanks pauline no the msg is in the general forum im only passing on my general concerns about things that have flagged up and its not like you have suggested above i mean i didnt even know about it until i saw the info posted on here im only trying to help and inform well i guess id better not say anymore about it then tina
    • 201 posts
    February 11, 2016 3:03 PM GMT
    no harm in people informing people about things if they have an informed opinion. however someone who doesnt have a clue what they are talking about, giving out 'information' and 'advice' to others is disingenuous at best. so tina you not saying anything else about it is probably the best input you have had so far on this thread x
    • 7 posts
    February 11, 2016 5:28 PM GMT
    I am not intending to stoke flames here or scare people and I certainly am not critical of Transtastic, which I think is great. I do though think it's a bit unfair to shoot Tina down because anonymity concerns are a growing issue across social media. They key terms of interest are big data + data mining + data aggregation + profile triangulation. To personally identify someone, their name, DOB etc. are not required everywhere. There are industrial algorithms that can compare stats like location, browsing history, browsing behaviour and even the semantics and grammar used in posts etc.. and using probability make a reasonable guess as to which data belongs to which profile. This is then accessed by individual sites that do have the individual's personal details, and subscribe to the aggregation services to parlay the data profile held by the aggregator. This is then used to target ads, assess insurance, evaluate job interview candidates etc.. Since Google, Facebook and co collect vast amounts of our profile data anyway it's a case of accept it or cut your internet connection unfortunately .. or start paying for social media with cash rather than with data.
    • 201 posts
    February 11, 2016 5:37 PM GMT
    thats all true rachel, which means folks that its ill advised to go underwear shopping on a pc used by your wife (thats unless shes a fan of buying saucy knickers online)
    This post was edited by Mia Wallace at February 11, 2016 5:39 PM GMT
    • 866 posts
    February 11, 2016 6:03 PM GMT
    Hi Rachel,

    We are treating this very seriously, Beckie made a statement about it at 10.29 this morning on this thread. I have done a preliminary analysis of Jainrain, who are a reputable software company with clients like FB - all of that is in the public domain; FYI my business career included competitive intelligence analysis.

    I have forwarded Tina and Mal's concerns to Beckie and Katie, together with my findings and they will examine whether or not a reputable software company is actually hacking this site.

    As I said earlier in this thread they will come back with an answer next week. Having been a site administrator and moderator since Transtastic started 5 years ago I have always treated site security as highest priority. So far I have spent about 5 hours today on this issue and changed my personal plans to get to grips with it.

    Yes I was tough with Tina, but she would not let go of the issue. And neither I nor Beckie nor Katie is trying to stop people voicing their concerns - all I asked for was time for the technical people to come back with a professional response rather than having to answer whataboutery issues.

    As to Google and FB - anyone who has a modicum of intelligence realizes that they and HM Government know most of what we do., and through our mobile phones and tablets etc they can see where we are (if they care). After all thats what the wikileaks showed 2-3 years ago, whether the data they get ever becomes useful information is a different question.

    Pauline xx
    • 7 posts
    February 11, 2016 6:05 PM GMT
    I did get ultra cheap car insurance with sheilas wheels this year after they sent me a random email so it's not all doom and gloom either
    • 7 posts
    February 11, 2016 6:07 PM GMT
    Thanks Pauline, it's all appreciated. Security is always a difficult and sticky issue x