Search Mailing List Archives
[liberationtech] Riseup registration process a bit odd...
alex.comninos at gmail.com
Tue Oct 29 05:47:01 PDT 2013
Thanks Andrew for clarifying this.
I always wondered if the actual URL was encrypted.
The link did expire very quickly (started to ask for a password in
under 15 minutes) after I tried it from multiple locations.
Sorry for wasting your time
On 29 October 2013 13:01, Alex Comninos <alex.comninos at gmail.com> wrote:
> Hi All
> So I am looking to make a #PRISMBREAK and get a riseup.net account. It
> will be no secret, as I am aiming for alex.comninos at riseup.net, and I
> will advertise this publicly.
> The registration process seems a bit odd. I get an HTTPS link to check
> my ticket.
> The link looks something like
> The first set of stars is the ticket number, the second is the email
> address used to register.
> I can I believe visit this link to monitor the progress of my ticket.
> However, any one on the network I used to register, and all the way
> along the internet to riseup.net can see this link, if I used TOR,
> presumably the exit node. The link reveals that I have a ticket with
> riseup and intending to register, the email I am using to register it.
> The link can then be followed by anyone who saw it along its way on
> the internet, and my ticket read with my possibly private motivation
> for doing so elaborated (does not require a login).
> My link was:
> Replace the words in square brackets with punctuation, and I invite
> you to read my motivation to open a riseup account.
> I am no information security professional, so please let me know if
> anyone else thinks the registration process may be a bit insecure.
> Kind regards.
> Alex Comninos | doctoral candidate
> Department of Geography | Justus Liebig University, Gießen
> http:// comninos.org | Twitter: @alexcomninos
More information about the liberationtech