Brad Smith (jesus_h_biscuit) wrote,
Brad Smith
jesus_h_biscuit

Frienditto - the new LJ evil? You decide!

Just what the hell IS this Frienditto crap anyway?
This site is an archive service that essentially has the ability to hijack your LiveJournal account, which is not beyond possibility. If you use the service, you risk that chance of compromising the security of your journal.

Who runs Frienditto, and why should I never use this site for any reason?
It's run by LJDrama people and, I assure you, they are fully capable of lying. The person who runs this site lists "Hacking" in his interests. Yes, this means they probably are storing your password if you are someone interesting to them and/or friends with someone interesting to them. They are fully capable of using such slimy means of acquiring information with which to troll, trash, torture and generally harass people. Nothing is sacred to these people, they have little respect for themselves - let alone for you. They glorify and revel in mocking the pain of others, and anything and everything is a target for mockery. Their entire aim is to exploit.

If you really need to archive your journal, consider ljArchive, which is currently being used by a few LJ staffmembers. If you have no reason to believe it is any more or less reliable than Frienditto, investigate for yourself and remember before bitching to me that you aren't being forced to do anything - it is simply my suggestion.

What does it really do?
If you provide the site with your username and password, at the same time you give it the direct link to an entry. That entry can be a non-public entry in your own journal, or a non-public entry in a journal that you have access to read (i.e. they list you as a friend). Then the site archives this post, and anyone can read it. The site does not automatically archive yours or your friend ofs' friends-only entries; you have to provide them with the direct URL to an entry in order for it to be archived. This means that if one of your friends uses this service, the only way that one of your friends-only entries will be archived there is if one of your friends decides to give the site the direct URL to your friends-only entry. And if they do that...well, some friend they are. :P

That said, even though the owners of the site claim that they don't store passwords, it's possible that they do, so it's still stupid to provide them with your password since they could, hypothetically, log into your account and do/read whatever they want there. Plus, they could archive any posts they want after they have your password. So I still definitely believe that it's stupid to give this site your password, even if you're just (for whatever reason) archiving one of your own friends-only entries.

There has been some concern over this site and security of LJ accounts. If you provide it with your login information for your LiveJournal you give this service permission to archive your friends only entries and ANY locked entries of your friends for which you have access. I can only recommend that you do not provide your username and password to any person or website to ensure the security of your account.

What is the big deal?
If someone gets access to your account, they can change your LJ email address. Not a big deal, right? Wrong. Because if they change your address to something they know (a 'hacker' address), and then change it back to yours... their address is still in the LJ databases.

With that 'hacker' email address on record in your account, they can come back years from now and change your LJ password -- they just have LJ send it to their 'hacker' address. LJ will send 'lost password' requests to ANY email address you've EVER had in your account, even those you don't know about.

You can remove the 'hacker' address at any time. As long as you still control an address validated before the 'hacker' validated theirs. If you've waited so long, or didn't notice so long, that you no longer control an earlier validated address... well in that case you are pretty much screwed.

http://www.livejournal.com/support/faqbrowse.bml?faqid=117 paragraphs 4 and 5 currently explain in more detail.

I accidentally used Frienditto before I knew what this was all about - what do I do now?
Begin with slapping the everliving SHIT out of yourself if you entered your login info for being stupid, and do it real, real hard. Then immediately change your password and post that you have used the site so that the people on your friends list who may now want just anyone having access to their journal can decide for themselves how to deal with your error in judgement. Have enough respect for them to not put them in a position of having their journal security compromised.

Should I be giving my password out to anyone for any reason ever? Should I change my LJ password?
General reminder: I do not recommend ever (and I do mean ever) giving your LJ password out to any third party site. My personal rule is: No matter how cool the tool/thing/site, it is not worth risking the security of my friends private and personal information. Remember people, it's not just about you; it's also about everyone who lists you as a friend.

General reminder the second: If your LJ password matches any other password for any other site you use, CHANGE THEM BOTH IMMEDIATELY. To something different from each other, you fool.

General reminder the third: If your LJ password matches any site that stores your personal financial information (ie: your bank, your credit card, PAYPAL), remove me from your friends list. That's just dumb and I dislike that level of stupidity in people. If you care about the security of nothing else online, you should care about your own financial data.

How do I choose a secure password? How do I keep my account secure?

Someone on my friends list used Frienditto, what do I do now?
If they gave their login info, it's a safe bet to remove them from your friends list immediately, change your password. Personally, I'd err on the side of caution if your journal is important enough to you. If not, then don't worry about it and let the chips fall where they may.

EDIT:
I knew it was only a matter of time, and today I received an abuse report filed against me for use of the Frienditto logo. THerefore, the banner is gone until or unless I decide to make another. Not likely, since I really don't give a shit about these people anyway, but I wanted to say what I wanted to say, because FUCK them.



Copy and paste the code below to add this link to your journal or website:

Subscribe
  • Post a new comment

    Error

    Comments allowed for friends only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments