Jump to content
You must now use your email address to sign in [click for more info] ×

Forum Security Alert: Important Information for All Forum Users


Recommended Posts

1 hour ago, ShelvsHOTpencil said:

Thank you for clarifying the need for collecting up address. However as mentioned above I would love to see 2fa implemented. And should I worry for my ip address leaking.

I can’t help but feel like I got a target on my back. Other than being vigilant, should I do anything else?

Data leaks are very common. It's an annoying hassle, but unique passwords are the only way to limit the scope of damage. If you have a secure location at home to lock up things, they do sell password books online that people can pencil in login details (per website/company). Most people don't follow this advice though. Anyway, much of our info is already out there in other ways.

When we sign up for anything online, there's always a chance that the service provider sells your info. It's difficult to track back to that signup unless you use a burner acct to narrow down which sites are doing this. I'd say appox 50-75% of signups do resell. (Edit: If you've typed out your email anywhere online publicly, it will also be scrapped by a bot, that's the other method...) I run my own email server, so I can just create a pop up alias that dumps into my main inbox for individual providers if I suspect they may sell my info. When I see that it's coming from that address, I can delete or block it easily and the mail server errors will usually get that alias scrubbed. Most of my signups go into a spam address anyway, since I already know that most sites can't be trusted.

It's not going to be a company like Serif that does the reselling of info. Usually a smaller website/web company that needs the bucks to keep their business running (since adblockers killed their revenue). I say all this to say, if you receive a significant amount of SPAM, your info is already out there in circulation. A vast majority of the SPAM that makes its way into our inboxes comes from the reselling of our information. So filtering what you sign up for is important. I recommend to use a spam acct for non-essential things. Even Amazon sellers we buy things from don't think twice to lift this information and use it to send us ads, etc. I receive phishing emails and "you have been hacked" stuff on a daily basis in droves for my spam accounts. In all the languages I speak. So unless we live on a digital island and we never sign up for anything, our info is being circulated in some way.

IPs are not as important unless you don't want anyone to know even your approximate location (usually city or nearby town). If that matters to you, use a VPN. Back in the day, some websites would actually display it publicly for tracking/accountability as a deterrent from trolls/users with multiple accts. IPs need tracking by server admins to prevent not just SPAM, but other forms of cyber attacks.

IPs are considered public information. When we email someone, our IP address may be going out with our emails. Depends on the provider and if we are using an external email client. Look up "email headers" and how to find IP-related info. You can easily spot out of country scammers this way by doing a geolocation lookup on the IP once you figure out which is the Sender IP...

Microsoft Windows 10 Home (Build 19045)
AMD Ryzen 7 5800X @ 3.8Ghz (-30 all core +200mhz PBO); Mobo: Asus X470 Prime Pro
32GB DDR4 (3600Mhz); EVGA NVIDIA GeForce GTX 3080 X3C Ultra 12GB
Monitor 1 4K @ 125% due to a bug
Monitor 2 4K @ 150%
Monitor 3 (as needed) 1080p @ 100%

WACOM Intuos4 Large; X-rite i1Display Pro; NIKON D5600 DSLR

Link to comment
Share on other sites

24 minutes ago, Nana said:

@Patrick Connor, any reason why we can enable 2FA on the forum account but not on the store account? One would consider the store account needing more protection as it's linked with licenses and personal details including postal addresses.

Reread Patrick's last post in this thread

To save time I am currently using an automated AI to reply to some posts on this forum. If any of "my" posts are wrong or appear to be total b*ll*cks they are the ones generated by the AI. If correct they were probably mine. I apologise for any mistakes made by my AI - I'm sure it will improve with time.

Link to comment
Share on other sites

  • Staff
4 hours ago, Nana said:

any reason why we can enable 2FA on the forum account but not on the store account?

the forums are off the shelf and have this already available. The Affinity Accounts/Store are propriety software and everything needs writing and testing ourselves, so takes time and consideration

Patrick Connor
Serif Europe Ltd

"There is nothing noble in being superior to your fellow man. True nobility lies in being superior to your previous self."  W. L. Sheldon

 

Link to comment
Share on other sites

  • Staff

@AdrianoCahete

To delete your forum account simply send an email to DataProtection@serif.com from the email address associated with your forum account. If you also want any personal data deleted (for example any Affinity Store account), state that in the email too.

Patrick Connor
Serif Europe Ltd

"There is nothing noble in being superior to your fellow man. True nobility lies in being superior to your previous self."  W. L. Sheldon

 

Link to comment
Share on other sites

Password is the SAME on STORE and FORUM ! Not working for me with 2 separated passwords into Chrom with Passwordmanager.

I have changes my password!!

 

When i change here password, the STORE pw will be change to.
Why you say i not the same?

regards

Link to comment
Share on other sites

  • Staff
36 minutes ago, Anmalo said:

When i change here password, the STORE pw will be change to.

Not true at all. You may have used the same password but they are changed independently. Your Chrome password manager may be confusing the issue. The passwords/databases are 100% independent.

Patrick Connor
Serif Europe Ltd

"There is nothing noble in being superior to your fellow man. True nobility lies in being superior to your previous self."  W. L. Sheldon

 

Link to comment
Share on other sites

Yes you have right, the Chrom cant be handle, you sould be change the login field names or chookies not the same as the store.

I think it is the same code on forum and store...

Now i have change the email adresse to an other, then it is functional with chrom.

regards

Link to comment
Share on other sites

This is one of the reasons why I use SimpleLogin to create a unique alias for each internet account. It took even less time to generate a new alias and disable the old one than it took to update my account settings here. No organisation has my canonical email address other than, obviously, the provider of it.

Link to comment
Share on other sites

Thank you for taking the time of day. I do understand that this type of issues are part of the online digital life. 

On 4/17/2023 at 4:12 PM, debraspicher said:

Data leaks are very common. It's an annoying hassle, but unique passwords are the only way to limit the scope of damage. If you have a secure location at home to lock up things, they do sell password books online that people can pencil in login details (per website/company). Most people don't follow this advice though. Anyway, much of our info is already out there in other ways.

When we sign up for anything online, there's always a chance that the service provider sells your info. It's difficult to track back to that signup unless you use a burner acct to narrow down which sites are doing this. I'd say appox 50-75% of signups do resell. (Edit: If you've typed out your email anywhere online publicly, it will also be scrapped by a bot, that's the other method...) I run my own email server, so I can just create a pop up alias that dumps into my main inbox for individual providers if I suspect they may sell my info. When I see that it's coming from that address, I can delete or block it easily and the mail server errors will usually get that alias scrubbed. Most of my signups go into a spam address anyway, since I already know that most sites can't be trusted.

It's not going to be a company like Serif that does the reselling of info. Usually a smaller website/web company that needs the bucks to keep their business running (since adblockers killed their revenue). I say all this to say, if you receive a significant amount of SPAM, your info is already out there in circulation. A vast majority of the SPAM that makes its way into our inboxes comes from the reselling of our information. So filtering what you sign up for is important. I recommend to use a spam acct for non-essential things. Even Amazon sellers we buy things from don't think twice to lift this information and use it to send us ads, etc. I receive phishing emails and "you have been hacked" stuff on a daily basis in droves for my spam accounts. In all the languages I speak. So unless we live on a digital island and we never sign up for anything, our info is being circulated in some way.

IPs are not as important unless you don't want anyone to know even your approximate location (usually city or nearby town). If that matters to you, use a VPN. Back in the day, some websites would actually display it publicly for tracking/accountability as a deterrent from trolls/users with multiple accts. IPs need tracking by server admins to prevent not just SPAM, but other forms of cyber attacks.

IPs are considered public information. When we email someone, our IP address may be going out with our emails. Depends on the provider and if we are using an external email client. Look up "email headers" and how to find IP-related info. You can easily spot out of country scammers this way by doing a geolocation lookup on the IP once you figure out which is the Sender IP...

 

Link to comment
Share on other sites

On 4/17/2023 at 8:42 PM, Patrick Connor said:

No, most applications on your phone send your actual location constantly, your IP itself isn't very useful information.

Phone location tracking is the most invasive privacy breach since it can basically reveal thru inference where u live, where u work, where u shop, etc, etc. And when u combine the locations data of multiple users u can get their relations graph like friends, family, coworkers, lovers etc : > And all this data only with 2 variables : a timestamp and a location.

Fedora Workstation 37

Link to comment
Share on other sites

  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.