Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Riseup registration process a bit odd...

Alex Comninos alex.comninos at
Tue Oct 29 05:47:01 PDT 2013

Thanks Andrew for clarifying this.

I always wondered if the actual URL was encrypted.

The link did expire very quickly (started to ask for a password in
under 15 minutes) after I tried it from multiple locations.

Sorry for wasting your time

Kind regards,

On 29 October 2013 13:01, Alex Comninos <alex.comninos at> wrote:
> Hi All
> So I am looking to make a #PRISMBREAK and get a account. It
> will be no secret, as I am aiming for alex.comninos at, and I
> will advertise this publicly.
> The registration process seems a bit odd. I get an HTTPS link to check
> my ticket.
> The link looks something like
> The first set of stars is the ticket number, the second is the email
> address used to register.
> I can I believe visit this link to monitor the progress of my ticket.
> However, any one on the network I used to register, and all the way
> along the internet to can see this link, if I used TOR,
> presumably the exit node. The link reveals that I have a ticket with
> riseup and intending to register, the email I am using to register it.
> The link can then be followed by anyone who saw it along its way on
> the internet, and my ticket read with my possibly private motivation
> for doing so elaborated (does not require a login).
> My link was:
> Replace the words in square brackets with punctuation, and I invite
> you to read my motivation to open a riseup account.
> I am no information security professional, so please let me know if
> anyone else thinks the registration process may be a bit insecure.
> Kind regards.
> ...
> Alex Comninos | doctoral candidate
> Department of Geography | Justus Liebig University, Gießen
> http:// | Twitter: @alexcomninos

More information about the liberationtech mailing list