[feature-proposal] Forgot password improvements

"Aurélio A. Heckert" aurelio at colivre.coop.br
Mon Nov 11 19:17:01 BRST 2013 

Nop...

If you can use a piece of CPF or telephone to find a user (as you can 
use a piece of the name) you can use brute force to discover a 
collection of CPF/Tel/* and the owner names.

I believe we must consider any privacy risk a tragic event, as "privacy 
destroying".

  Aurium

On 11-11-2013 15:24, Ewout ter Haar wrote:
> In case of n>1, just returning the complete name and maybe the avatar 
> for disambiguation should be enough and not "privacy destroying". This 
> is all public information in Noosfero: 
> http://social.stoa.usp.br/search/people?query=jose
>
> Off course, a rate-limit system that detects and blocks multiple 
> password recovery attempt would be nice...
>
> Ewout
>
> http://social.stoa.usp.br/ewout <http://stoa.usp.br/ewout>
> F. 30916696
>
>
> On Mon, Nov 11, 2013 at 4:08 PM, "Aurélio A. Heckert" 
> <aurelio em colivre.coop.br <mailto:aurelio em colivre.coop.br>> wrote:
>
>     Hey Wait!!!
>
>     This Facebook do not "returns back with the profile info (photo,
>     name etc) asking you to confirm if that's you." today.
>
>     That is a machine to destroy _privacy_. You can't display the
>     found profiles with some related data or someone can discover
>     sensible information with _brute force_.
>
>     Today Facebook asks for other information while it finds more then
>     one profile (if i understand it right).
>
>      Aurium
>

-- 

*Aurélio A. Heckert (aka Aurium)*
http://softwarelivre.org/aurium
*COLIVRE --- Coop. de Tecnologias Livres*
http://colivre.coop.br

*Inkscape* --- Desenhe Livremente
http://inkscapeBrasil.org
-------------- Pr?xima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20131111/c89a17ee/attachment-0001.html>
-------------- Pr?xima Parte ----------
Um anexo n?o-texto foi limpo...
Nome: logoColivre_p.gif
Tipo: image/gif
Tamanho: 5576 bytes
Descri??o: n?o dispon?vel
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20131111/c89a17ee/attachment-0001.gif>

More information about the Noosfero-dev mailing list