Date   

moderated Re: Changing email address security issue #misc

 

My opinion: someone not part of the groups.io support team should not be able to change a member's email address, even if that member is only a member of that one group, and even if it's a premium group (unless you have some contractual obligation).

A group owner could be fooled by someone pretending to be the user in question, tricking them into locking out the real user.

There are workarounds.

1. Walk the user through changing their own email, if that works out.
2. Remove the old email from the group, and direct add the new email. (If this was a mistake, it can be easily fixed.) The account with the new email won't be able to do things like delete messages posted by the old email, but someone who can't figure out how to change their own email address probably won't be doing that, anyway.
3. Contact groups.io support. This can also be used for situations like "There are 500 users in my group from abc.com who need to have their domain changed to def.com following a corporate takeover."

Thanks,
JohnF


moderated Re: Changing email address security issue #misc

Bruce Bowman
 

On Wed, Feb 3, 2021 at 08:07 PM, J_Catlady wrote:
And isn't the basis of the whole take-over-someone's-group scenario that Mark originally posted about based on exactly that?
Yes, it is...and will remain so, as long as the "email me a link" sign-in function exists in tandem with the "change someone else's email address."

Honestly, I've been aware of this as a potential system hack for more than a year. For obvious reasons, to this point I've been reluctant to mention it here in beta. And as I previously stated, I knew that the notion of removing this feature wouldn't be a very popular one among group Owners.

But the cat's out of the bag now (no pun intended), so let's make sure we get this right.

Regards,
Bruce
Bruce


moderated Re: Changing email address security issue #misc

 

On Wed, Feb 3, 2021 at 05:01 PM, Bruce Bowman wrote:

Currently, a Premium group Owner can change any group member's address, log out, and subsequently request a login link to that address.
Yes. And isn't the basis of the whole take-over-someone's-group scenario that Mark originally posted about based on exactly that? Or I'm missing something here.
 
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Changing email address security issue #misc

 

On Wed, Feb 3, 2021 at 04:38 PM, D R Stinson wrote:
Additionally, only *premium* group owners have the ability to change email addresses.
Good point! So only premium group owners can hack people's accounts. ;)
 
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Changing email address security issue #misc

Bruce Bowman
 

On Wed, Feb 3, 2021 at 07:29 PM, J_Catlady wrote:
If they have your email address (assuming it’s really one of their own) they can request a login link and set one up. Right?
Correct.

Currently, a Premium group Owner can change any group member's address, log out, and subsequently request a login link to that address. That being so, anyone with $20 in their pocket and a few extra email addresses can set up a Premium group for a month and shanghai the accounts of everyone who joins it.

Restricting the vulnerability to such malfeasance to those who are neither Moderators nor Owners seems quite inadequate.

Regards,
Bruce


moderated Re: Changing email address security issue #misc

 

On Wed, Feb 3, 2021 at 3:46 PM J_Catlady <j.olivia.catlady@gmail.com> wrote:
Imagine some unsuspecting new member. They join groups.io and they (akin to the scenario in Mark’s original post here) run into some bad-actor group owner, having no idea that ANY group owner, of ANY group theg join, csn actually change their email address, which comprises the basis of their entire groups.io account and is the one piece of data that uniquely identifies them to the system. Of course that means, in the bad actor scenario, that group owner also has their login password.
There is no way for anyone, including me, to ever get your Groups.io password.

Mark

Additionally, only *premium* group owners have the ability to change email addresses. Ordinary group owners have never had that ability.

Dano

--
This email has been checked for viruses by AVG.
https://www.avg.com


moderated Re: Changing email address security issue #misc

 

If they have your email address (assuming it’s really one of their own)they can request a login link and set one up. Right?


On Feb 3, 2021, at 4:03 PM, Mark Fletcher <markf@corp.groups.io> wrote:


On Wed, Feb 3, 2021 at 3:46 PM J_Catlady <j.olivia.catlady@...> wrote:
Imagine some unsuspecting new member. They join groups.io and they (akin to the scenario in Mark’s original post here) run into some bad-actor group owner, having no idea that ANY group owner, of ANY group theg join, csn actually change their email address, which comprises the basis of their entire groups.io account and is the one piece of data that uniquely identifies them to the system. Of course that means, in the bad actor scenario, that group owner also has their login password.

There is no way for anyone, including me, to ever get your Groups.io password. 


Mark 

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Changing email address security issue #misc

 

On Wed, Feb 3, 2021 at 3:46 PM J_Catlady <j.olivia.catlady@...> wrote:
Imagine some unsuspecting new member. They join groups.io and they (akin to the scenario in Mark’s original post here) run into some bad-actor group owner, having no idea that ANY group owner, of ANY group theg join, csn actually change their email address, which comprises the basis of their entire groups.io account and is the one piece of data that uniquely identifies them to the system. Of course that means, in the bad actor scenario, that group owner also has their login password.

There is no way for anyone, including me, to ever get your Groups.io password. 


Mark 


moderated Re: Report File -- "Content flagged as objectionable" #suggestion

 

On Thu, Jan 21, 2021 at 5:11 PM Andy <AI.egrps+io@...> wrote:
There is a feature to Report File by clicking the flag icon next to the filename.  It sends a message ("Content flagged as objectionable") from Groups.io to each owner/moderator.

We recently saw a file reported this way, because someone had a question about the file.  The right thing for him to have done, was to send a new Message.  But he saw the flag icon and used it.

Suggestions:

1. When someone reports a file, Groups.io sends messages addressed to each Owner/Moderator.  I think it should be addressed to the "+owner" address.  By addressing it to Owner/Moderator addresses, it looks like Spam.  (Indeed, my co-moderator interpreted it that way, especially because the sender's status was NMM.)

2. It leaves nothing behind in the group's "Activity" log.  Nor in the sender's "Activity History".  Nor in the sender's "+owner Messages".  It should.  All three.

3. When reporting a file, the description in the pop-up window is: "I think this file isn't appropriate for our Group."  Hmm.  I was thinking that is much too open-ended.  It's not the same thing as "objectionable".  But maybe that was your idea, to allow it to be used for any reason, leaving discretion to Moderators.  Yes?  Still, I wonder if it should be for things actually bad and objectionable.  I'm also wondering, because we have many group members not in the USA for whom English is not their native language.


There are now activity log entries for when someone reports a message, file or photo. These show up in the group activity log as well as when viewing a member's activity log. 

I didn't change how the messages are sent, as I'm not sure changing it to +owner is the best solution. For one thing, that would generate a new, now duplicate, activity log entry (such and such sent a message to owners). And also, these emails at some point will be changed to support app/push notifications as well (that setting is currently ignored for them).

Thanks,
Mark


moderated Re: Changing email address security issue #misc

 

Imagine some unsuspecting new member. They join groups.io and they (akin to the scenario in Mark’s original post here) run into some bad-actor group owner, having no idea that ANY group owner, of ANY group theg join, csn actually change their email address, which comprises the basis of their entire groups.io account and is the one piece of data that uniquely identifies them to the system. Of course that means, in the bad actor scenario, that group owner also has their login password.

No, Andy. I am entirely comfortable and confident in using grouos.io. But no, I’m not comfortable or confident with that scenario. 


On Feb 3, 2021, at 3:32 PM, J_Catlady via groups.io <j.olivia.catlady@...> wrote:

Andy,

I never said I’m not “comfortable or confident” using the feature. I don’t know where you get that. I think the feature gives groups inappropriate power over members’ groups.io accounts. 

As Bruce put it: we can’t change members’ profiles, but we can change their login info? 


On Feb 3, 2021, at 2:56 PM, Andy Wedge <andy_wedge@...> wrote:

On Wed, Feb 3, 2021 at 06:35 PM, J_Catlady wrote:
Exactly, what Peter says. it’s risk vs benefit. Huge risk, negligible benefit.
If you're not comfortable or confident in using this function then just stay clear. Nobody is forcing you to use it. Some of us find it useful and use it carefully in support of members. If the account address being changed is subscribed to other groups then a warning message or prompt might be nice but I'd still want the function.

Andy

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Changing email address security issue #misc

 

Andy,

I never said I’m not “comfortable or confident” using the feature. I don’t know where you get that. I think the feature gives groups inappropriate power over members’ groups.io accounts. 

As Bruce put it: we can’t change members’ profiles, but we can change their login info? 


On Feb 3, 2021, at 2:56 PM, Andy Wedge <andy_wedge@...> wrote:

On Wed, Feb 3, 2021 at 06:35 PM, J_Catlady wrote:
Exactly, what Peter says. it’s risk vs benefit. Huge risk, negligible benefit.
If you're not comfortable or confident in using this function then just stay clear. Nobody is forcing you to use it. Some of us find it useful and use it carefully in support of members. If the account address being changed is subscribed to other groups then a warning message or prompt might be nice but I'd still want the function.

Andy

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Changing email address security issue #misc

 

> Moderators already cannot change the Role of owners.

Thanks Mark. I was made aware of that after I posted. As I commented to Bruce, keeping up with beta and GMF is much more difficult since the final exodus from Y!.
 
But I stand by the rest of my thought. Please continue to provide us the tools to help regular members. That was the primary reason I took several of my groups Premium in the first place.
 
I do think Andy Wedge's idea in the previous post, to send a warning message or prompt to the owners of other groups that the member is subscribed to, is worthy of consideration.
 
Dano
 

Virus-free. www.avg.com


moderated Re: Clarify Photo Album Owner Name #suggestion

 

Hi All,

I've removed the album owner from the /photos page and instead it's now displayed when you view a specific album, on top of the cover graphic.

Cheers,
Mark


moderated Re: Add DisplayName in the "joined" notification #suggestion

 

On Wed, Feb 3, 2021 at 9:57 AM Christos G. Psarras <christos@...> wrote:

Hi Mark,

It can be useful in certain situations if DisplayName is added in the mod joined notification text, i.e.


I've changed it so that for all mod notifications, we will display "DisplayName <email>" if we have it, instead of just DisplayName or email.

Thanks,
Mark 


moderated Re: Changing email address security issue #misc

 

On Wed, Feb 3, 2021 at 12:50 PM D R Stinson <dano@...> wrote:
 
From my viewpoint the problem is the user of the authority, not the ability. As noted above, taking away the ability to change an owner's or moderator's would avoid most on these risks. Added to this, I suggest that a moderator should not be able to change the role of owner. I see hijacking the ownership of a group to be a greater problem.
 
Moderators already cannot change the Role of owners.

Thanks,
Mark


moderated Re: Changing email address security issue #misc

Andy Wedge
 

On Wed, Feb 3, 2021 at 06:35 PM, J_Catlady wrote:
Exactly, what Peter says. it’s risk vs benefit. Huge risk, negligible benefit.
If you're not comfortable or confident in using this function then just stay clear. Nobody is forcing you to use it. Some of us find it useful and use it carefully in support of members. If the account address being changed is subscribed to other groups then a warning message or prompt might be nice but I'd still want the function.

Andy


moderated Re: Changing email address security issue #misc

 

I ran into the need for this just yesterday and have yet to actually use it. I have a member in one of my premium groups who applied for a new membership. Because I knew who the person was, I suggested he just change his email address so he stays connected with his content. I explained how he can change his email address, but it didn't work for him. We have been unable to ascertain why. I should add that he wants to change his email for all his groups.io memberships, as his old email is going away. 
 
At this point I don't know what the problem is. The group activity doesn't show me anything. And because his old account is going away, there is a certain desire on his part to do this right away. The obvious solution to me is to change his email address for him. And yet I am hesitant for all the reason to just jump to this for all the reasons we've talked about in the past.
 
If this ability goes away, it's going to add a burden to support's load. I see an obvious need for the authority. But it tends to be those operating in the right hand lane who need that assistance. I would suggest disallowing the ability to change owners' or moderators' addresses, who are more likely to be able to do that on their own anyway. But for the sake of avoiding more work for Support, leave the ability for owners to help regular members who tend to be less technology savvy.
 
I can also see a need for the ability to merge membership accounts. I have had a number of members who rejoined as a new address, leaving their old accounts orphaned. I would welcome the ability to merge their old email account into their new one to maintain content control.
 
From my viewpoint the problem is the user of the authority, not the ability. As noted above, taking away the ability to change an owner's or moderator's would avoid most on these risks. Added to this, I suggest that a moderator should not be able to change the role of owner. I see hijacking the ownership of a group to be a greater problem.
 
Dano 
 
 
J_Catlady  wrote:
> I would ask those members to reapply with the new email address. Or you csn simply add the new email address. If necessary, you can merge their old topics once they start posting.
>
 

Virus-free. www.avg.com


moderated Re: Disallow concurrent "special notices" and "following only" #suggestion #bug

 

BTW, we forgot the member list page, another spot which may or may not (for now) need tweaking.

If left the the way it is it still works fine, and since it has also been suggested to enhance that screen with more sorts/filters, we could just leave it alone for now.  The absence of FO badges indicates/implies All Messages, with the exception of Special Notice only and NoMail.

But one easy way to make it consistent with the "new" methodology, is to add something to explicitly and visually indicate All_Messages.  Creating a badge for it (even if toned-down/light greys for less visibility) wouldn't work as the list would still get too badge-busy & dilute the big picture and other badges.  But we could just add some text to the delivery method text and call it done, maybe " - ALL", " - All", " (ALL)", or something similar; it's still there but not "in your face":

NewUserSettings_memberlist.jpg

Either way would work really.

Cheers,
Christos


moderated Re: Disallow concurrent "special notices" and "following only" #suggestion #bug

 

>>> Where’s the “hit self over the head” option?
 

I didn't include it 'cause wasn't sure if it was for all groups or paid groups-only; but in the spirit of bigroupship, why not?  Here, Power to Everyone!

 
NewSP.jpg





moderated Re: Add DisplayName in the "joined" notification #suggestion

 

This is a feature that I would wholly support. During the initiation of a new group of now over 100 members, about 75% did not add a ‘Display Name.’ I had to send out an addendum notice to tell them they should do that, and guide them on how to do that. This was even with a caution/note added to the Invitation that it was the group insistence that everyone be readily recognizable and no one be ‘Oldhoseroller’ et.al.

 

‘Forcing’ a Display Name’ to be entered during the sign-on would be helpful.

 

Thanks,

 

Dan Tucker, Groups.io  AFDRetiree’s Group Founder/Owner/Moderator

 

From: "main@beta.groups.io" <main@beta.groups.io> on behalf of "Christos G. Psarras" <christos@...>
Reply-To: "main@beta.groups.io" <main@beta.groups.io>
Date: Wednesday, February 3, 2021 at 8:57 AM
To: "main@beta.groups.io" <main@beta.groups.io>
Subject: [beta] Add DisplayName in the "joined" notification #suggestion

 

Hi Mark,

It can be useful in certain situations if DisplayName is added in the mod joined notification text, i.e.

This is to notify you that DisplayName ...@... has joined your group...

or alternatively,

This is to notify you that ...@... (DisplayName) or [DisplayName] has joined your group...

Even without the bracketing it would help catch if someone (user or mod) forgot to add a DisplayName on the profile (when this is a group policy), and especially when working with a multi-mod group in such group.

Thanks and Cheers,
Christos

1141 - 1160 of 29214