[OSM-talk] Fwd: Why doesn't OSM ?

John Smith deltafoxtrot256 at gmail.com
Sun Dec 27 12:19:12 GMT 2009


2009/12/27 Aun Johnsen <lists at gimnechiske.org>:
> Taiwan, Sri Lanka, Morocco, Israel, Palestine, Russia, all of these are

Then there is China and Iran and various other countries that love to
jail their dissidents...

As I said before, until any of this has a direct negative effect on
people personally they don't see what the big fuss about security and
privacy is all about.

> implementing SSL for login would to some extent prevent them from harvesting mail addresses, which can reduce the amount of SPAM in some of our users mailboxes, just to mention one real threat.

Some may claim you can use a nickname to log into the site instead of
an email address, but during initial signup and on various pages the
email address is exposed, and thanks for bringing up this threat, I
hadn't considered this but spam is one of the basic attacks OSM
already suffers.

Also OSM leaks email addresses, you can type an email address only
into the signup page and it will tell you if that email address is
valid in OSM, but I don't see any brute force protection to prevent
this, a simple capture would at least slow things down before telling
others that the email address is valid or not.




More information about the talk mailing list