[liberationtech] Riseup registration process a bit odd...
Alex Comninos
alex.comninos at gmail.com
Tue Oct 29 05:01:55 PDT 2013
Hi All
So I am looking to make a #PRISMBREAK and get a riseup.net account. It
will be no secret, as I am aiming for alex.comninos at riseup.net, and I
will advertise this publicly.
The registration process seems a bit odd. I get an HTTPS link to check
my ticket.
The link looks something like
https://user.riseup.net/ticket/******/***************************
The first set of stars is the ticket number, the second is the email
address used to register.
I can I believe visit this link to monitor the progress of my ticket.
However, any one on the network I used to register, and all the way
along the internet to riseup.net can see this link, if I used TOR,
presumably the exit node. The link reveals that I have a ticket with
riseup and intending to register, the email I am using to register it.
The link can then be followed by anyone who saw it along its way on
the internet, and my ticket read with my possibly private motivation
for doing so elaborated (does not require a login).
My link was:
https://user.riseup.net/ticket/813773/alex[dot]comninos[at]gmail[dot]com
Replace the words in square brackets with punctuation, and I invite
you to read my motivation to open a riseup account.
I am no information security professional, so please let me know if
anyone else thinks the registration process may be a bit insecure.
Kind regards.
...
Alex Comninos | doctoral candidate
Department of Geography | Justus Liebig University, Gießen
http:// comninos.org | Twitter: @alexcomninos
More information about the liberationtech
mailing list