Beware - MCBans.com may compromise your privacy!

Discussion in 'Bukkit Discussion' started by maystorm, Aug 10, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    maystorm

    Warning: If you happen to start a conversation with staff members of the site MCBans.com (owned and run by the developer(s) of the Bukkit plugin "MCBans") then you may soon find your private messages published an publicly accessible sites such as Pastebin.com readable by everyone in the world!

    Proof of evidence:

    This is a screenshot of the original posting addressed to a staff member of MCBans.com:

    [​IMG]


    This is the contents of a.m. private message uploaded to Pastebin.com just a few minutes later:

    [​IMG]

    This was detected just by accident. Immediately contacting Pastebin.com ensured that the IP address of the uploader could be identified and is recorded now for furher investigation.

    More dubious practices from MCBans.com to come soon (e.g. publishing ban appeals again on Pastebin.com, denying to remove personal data from their database upon request etc).
     
  2. Offline

    bradgillap

    If this is truth, you can sort of see how this happens. I happen to use this service and don't plan on leaving it because of this incident btw. I am happy someone is not sliding this under the rug either. We should all be accountable to each other.

    The scenario I imagined in my head goes like this. Purely speculation.

    mcbans people on IRC

    mcbansdude#1: This guy is saying some stuff that I need feedback from you other mcbans people on.
    mcbansdude#2: Yeah, send me an email
    mcbansdude#1: ahh it's not sending
    mcbandsdude#2: just put it on pastebin then
    mcbansdude#1: There it is.

    If my scenario is even close to the truth then you are correct. The MCBans people need to express more caution toward privacy. I'm not saying they need to encrypt messages with a 256 bit AES key but you know. Sharing user information with a service that isn't geared towards public consumption would be a good start.

    The other part of me just thinks.. It's frigan minecraft, get over it.

    Remember when nobody on the Internet had rights? lol
     
  3. Offline

    dark_hunter

    Even so, its still wise to get permissions to start posting information like that over the Internet.
     
  4. Offline

    maystorm

    Thanks for sharing your thoughts. However, after having confronted the uploader with this evidence he told me to "fuck off" and that "nothing can stop him to do this again".

    I could post his message as a proof here, however, I would than break his privacy. :(
     
  5. Offline

    Fob_Upset

    Stuff his privacy, post it.
     
  6. Offline

    maystorm

    No, I won't.

    If I am asked by the owners of the Bukkit forum to justify my claims I will show it to them.
     
  7. Offline

    Drakia

    I see nothing wrong with it, they used Pastebin to convey a PM to another mod most likely, and you happened to stumble upon it. It's not like they're posting links to them on the forums. It's the internet, expect anything you put on it to be public at some point or another ;)
     
  8. Offline

    bradgillap

    Everyone should practice this all the time.
     
  9. Offline

    maystorm

    Well, yeah, a private message is, uhm, private?? :'(

    What would you say if someone publishes a letter from you (yes, a real letter on a piece of paper ;)) on Pastebin.com or similar? What's the difference to a PM on a forum?
     
  10. Offline

    Drakia

    Posting a real letter takes FAR more time, nobody would go through that ;)
    Also to me they are "conversations" between two people, either one of which has the right to release said conversation. Then again, I'm in Canada where the conversation-recording laws are just that, as long as one person knows what's going on it's perfectly legal.

    It would be a completely different story if there were a page you could access with ALL PMs on it.
     
  11. Offline

    maystorm

    @Drakia:

    I fully respect your personal opinion, however, it seems to me that you are not familiar with laws in effect regarding privacy in countries like the US and those in Europe (I don't know the exact situation in Canada, granted, but in the forementioned countries I am quite informed, so to say ;)).
     
  12. Offline

    spunkiie

    MCBAns.com = crap

    That said, stop using it.
     
    Torrent and poiuyt580 like this.
  13. Offline

    Drakia

    And you have a better system? Or a better implementation idea? Didn't think so, so until you can actually give a real reason for it "sucking" or can provide a better implementation, be quiet ;)
     
    frej93 likes this.
  14. Offline

    spunkiie

    any bukkit plugins search for the word 'ban' will return alot of better options ;)
     
  15. Offline

    Supersam654

    Have either one of you checked out CommunityBans? There is a link to the WIP thread in my signature. Basically, it uses the same concept of a community ban list that MCBans uses, but the similarities stop there. CommunityBans will only allow you to make a community ban (you might call it a global ban) if a protection plugin (such as LogBlock, NoCheat, BigBrother, etc.) has enough information that it feels like the user has done something wrong. This information is automatically sent with the ban so every single ban on CommunityBans.com has publicly available proof backing it. And (as a CommunityBans dev) see no problem with keeping the IP of the server that issued the ban private seeing as nobody really SHOULD care what server issued the ban when cold, hard proof is publicly available.
     
  16. Offline

    draeath

    You should probably note that pastebins usually have a private option, which means you have to have the URL to access (eg it doesn't show on the ticker)...

    Between that and setting a meaningful expiration makes it fairly close to being private, and the chances of it being exposed to an unintended recipient is very low.
     
  17. Offline

    Celeixen

    Sounds strange to me but i hate MC Bans, luckily i am not on the list. I dont like the idea of an annoying admin being abke to affect the chances of you being able to join another server.
     
  18. Offline

    OrtwinS

    Extremely sloppy, especially if his responce is something like 'fuck off' it seems that he did it on purpose.
    Not the way they should deal with people.

    I use a local ban plugin anyway, people start with a clean slate on my server.
     
  19. Offline

    Kaikz

    You do realize that the pastebin is the entire PM, including BBCode? Why would anyone get the BBCode too? You need to be the recipient to reply and/or the admin to get the BBCode.
     
  20. Offline

    AndyPandy89

    Hey Maystorm,
    This whole story started when you were banned from my server for griefing. Here's the ban appeal/dispute:
    http://www.ultimateminecraft.net/dev/yey.html
    (This is not in any way a violation of your privacy, as you can clearly see that no confidential details are revealed in the dispute, other than the fact that you were griefing).
    After you lost the dispute, you went on with legal threats towards MCBans, saying you'd sue MCBans unless they removed your name from their database. MCBans does not have your name in their database, only your username "Maystorm", which is open and available for anyone to see through Minecraft.net, it is not copyrighted or owned by you.

    Here's the pastebin which you have blanked out btw, there's no confidential details in it either so I don't have a problem with posting it,
    http://pastebin.com/Pjgt2muq

    MCBans is a system where servers that are willing to do so shares their ban lists so other servers can be warned about user's behaviour. It is perfectly legal, you're just mad because you were caught griefing.

    Andy
     
    Samkio, ryanclancy000 and frej93 like this.
  21. Offline

    sukosevato

    Lmao,
    Maystorm, you made my day XD Good luck sueing Mcbans ;) I'll be rallying on the sidelines for you while laughing my ass off lolz

    Better luck next time griefer ;)

    edit: ooh god it gets even better. I'm reading the appeal process XD
    Hell yes, that's what i think :p Seriously.. lol

    edit2: oooh ooh another good part
    You obviously aren't from IT your self, aren't you? Nor have you managed a server, right? Sure stuff may get corrupted, but its pretty easy to tell if its corrupted. Stuff gets wiped / does not work or it just does work. Its not like magically your name appears in a database stating you did some 1337 ass stuff which you didn't do. That's not how stuff works lol.. If it would have been corrupted he'd probably have no logs at all ;) ooh god this is sooo funny to read :p

    edit3: LOLOLOL
    You sir, are a hero. Damn fine comedian!

    edit4: another great part XD
    Seems like you made a great investment =D one which others can void XD

    Oooh please reply btw, i'd love to see / know on how many things you're gonna sue me now for mocking you XD
     
  22. Offline

    Pencil

    Wow. You are freaking overreacting.... It's only your god damn minecraft name why the fak would you care?
     
  23. Offline

    clone1018

    Stop being lazy and ban people yourself.
     
  24. Offline

    frej93

    I lol'd.
     
  25. Offline

    Drakia

    Stop being lazy and code your own minecraft API. Oh, wait, that's fracking stupid, just like your suggestion.
     
    Pencil likes this.
  26. Offline

    Brain

    Perhaps a circle-of-trust approach might rid us of these ugly ban disputes, the whining and threatening with non-existing lawyers.
     
  27. Offline

    andrewkm

    -_-
    lol @ thread
     
  28. Offline

    Firestar

    Which mcbans now has :D
     
    frej93 and AndyPandy89 like this.
  29. Offline

    Brain

    The reputation modifier? Doesn't seem very circly to me. The only choice I see here is either trust mcbans or don't.
     
  30. Offline

    ledhead900

    Is this getting sticky posted?
     
Thread Status:
Not open for further replies.

Share This Page