- This topic has 30 replies, 18 voices, and was last updated 16 years, 4 months ago by
.
-
Posts
-
Here at the triple B, we sometimes have trouble drawing the line when it comes to allowing useful versus exploitive programs. We’ve talked about this in the past with another app, but we’ve now come across a new program that has sparked some debate. I’m going to leave my feelings out of this, and ask you, the BigBlueBall member, what you think.
Here is the program in questions description:
Quote:Three in one, Buddy Spy ( find out whether a friend is hiding from you) – Secret Buddy Add (secretly add users to your friends list) – Buddy Deny ( remove your name from a users friends list)Now the real issue with this program is not the Buddy Deny, or even the Buddy Spy as we’ve certainly allowed programs of this nature to be posted in the past, the issue is with the Secret Buddy Add.
Do you approve of this program being permitted on our forums? Is it abusive and exploitive, or is it simply useful and informative. Does this violate your privacy? Other clients such as AIM allow users to add buddy’s without permission. We can still block or ignore users even if we’re on their lists right? Or is this just a promotion of potential harassment?
What do you think? Please vote and let us know your thoughts below.
Well, I’m new on these forums. I just discovered it recently when I was googling for ad removal solution. It has been very informative and useful for me. I’ve had some issues with harassment from couple of people. I made a bad choice and allowed them to add me to their list. I removed them and blocked them, but was still not pleased to know they still have me on their list. I was “in heaven” when I found out about Buddy Deny. I like the fact I can choose who can list me or not. It’s not just “you can simply block someone”. I wish to choose who can connect to me. I was not aware of Buddy Spy or other tools. I was always surprised that this guy whom I blocked IMed me promptly when I logged on, and I was invisible to everyone and my status was not shown on Yahoo pages, yet as soon as I logged in to check my offline messages I’d get a message. Thought I was going crazy.
Anyway, I think, and do note I said *I think*, it’s very bad idea to have such program. I don’t wish to be stalked and I don’t wish for some sick person to “stalk me”. I certainly want to know whom I add and who adds me to their list. If a person wants to talk to you, they will give you permission. If they don’t you get the idea. I personally don’t care about AOL and that it doesn’t ask for permission. It’s simply bad. MSN does, ICQ did when I used it. I’ve been using Yahoo excursively for 6 years now and love it. I am not too thrilled by newest release, but I liked the fact it did not have so many “holes” as in back in ICQ days when I could apply a patch and do whatever I want. View IP, add users without permission….In general – one of the main reasons I stopped using it. I never did something like that and wouldn’t want anyone to do the same to me. I like privacy. I don’t want anyone viewing my IP, add me without permission, IM when I’m invisible. If I want to talk to someone and be friends with…I’ll let them know.
Sorry to rant. I just find that program goes over the line and it’s too invasive. I doesn’t want people adding me and for me to keep filling my ban list. Why would I want to keep banning people just because I can’t. If they can’t add me, I shouldn’t be forced to do it in the first place. They would IM you, but they would get bored eventually because it’s not click and spam easy when they have you on their list.
I’m off now. And will gladly take bat beating from anyone. š I do realize there are just as enough people who couldn’t care less. I just like my privacy, that’s all.
Thanks for expressing your opinion Richter! I’d sure like to hear more opinions as well, no matter which side you voted for! (No bashing please!)
Well shifter,it is not good to add someone to your messenger list wihtout taking permission.Every person have a lot of privacy.It is ok for experts in yahoo that they can block the user but what happen with a new frnds that rercently join the the yahoo and have no knowledge that one can add them without taking your permission and they r in his/her or their frnd list.It is bad according to me for new user.The expert can handle them but for the sake of new friends,Please shifter dont put them on your site.If somebody need this type of s/w there is many availible on net,but u have decent site.Don’t make it as it open the privacy of someone.
sup peeps
ty hatedjelousy and shifter for creating this thread..the program in question was created by myself … some months ago in fact, and for the most part it was released to not many ppl.
Since Yahoo has patched p2p thus taking b.s. outta action i released it to the public in a bigger maner. Now the advantage of using a program to secretly add someone(like other clients allow), is that you dont need to scan someone to see if they are online if they went on your friends list.
It was posted here is BBB a request for such a program .. and i delivered, hence why there is this debate current.
Its simple really, if you dont support such a thing than vote against it .. and if you like the idea and would like the program than vote for it.
When the thread is up and BBB says yay or nay i will either post the link again or i wont.
Choice is yoursP34C3
Having been a victim of certain booters and hackers this program was a godsend .It enabled me to see the booters when i secretly added them and take protective measures to prevent them and the hackers from booting and stealing my accounts.I now know when they come online and have removed my nics from their accounts as some were past friends and added me when i was naive . It has benefits.
well due to the fact i have all my names numbers and home address typed all over the rooms! (hacker and so called friends) i found it very useful so when i seen the account stealers i know who did it, when they come on line so i know to turn my pc off(who i secretly added due to this great program!) i dont have ppl stealing my accounts and details! anymore> so i vote for it too stay, its a awsome program,
Ok, please bear with me because I don’t understand half of the things people are justifying having/using this program.
I’ve been using Yahoo’s service since 1998. I have had plenty of emails with them and have never experienced hacking or account stealing. I am aware that malicious surfers are present and the things they can do. However, I haven’t seen anyone saying their accounts were high jacked. It makes me think that this is due to your personal inability to use strong password and/or leave it lying around instead of remembering it.
Now before anyone jumps down my throat, I never said this is not possible. I just don’t see it happening myself. Not being „hacker“ myself, I am unaware of any vulnerabilities in Yahoo’s system which allows stealing someone’s account. Of course, nothing is perfect, but from what I read here it seems like just like any john doe can steal your account. My only intension to steal anyone’s account would be due to content of an e-mail and/or personal data. All potentially interesting usernames have been taken ages ago, and I don’t see anyone stealing someone’s account and then using it. You can still retrieve your account by using secret questions or things. I don’t see the person who stole it changing it easily unless they know you personally and you used really obvious questions/answers. In which case, it’s again on you to secure your data.
I don’t see how can adding someone secretly help you retrieve your account?
How exactly do you know who hacked your account? I’m not trying to be pain. I just don’t know how exactly could you know who was that hacked your account, and then you protect yourself by finding their ID, adding them and shutting down YOUR computer? If you store your data on Yahoo, it’s on Yahoo’s severs and turning off your computer will not help you from hacker retrieving your data. That argument is totally senseless.
As for bots and stuff. This part is something I am not familiar with that much. I’ve heard this happening on MSN a lot, and yet I have never received a spam message, a virus or had my account hacked either. I don’t use Yahoo chat rooms and I don’t know “what’s out there”, but, I don’t see how can you tell a user from a bot or hacker? Do explain me the difference.
Besides, some options are “for people only my list” only, so how beneficial is to have someone you have no idea of know that you’re using your camera, that you’re playing games or some other things. Might seem like non-issue.
If Yahoo has holes which allows hacking and doing some things, I’d much rather see you reporting it to Yahoo so it can fix it. After all, by definition, aren’t crackers the bad guys? *Not referring to author of this software but rather speaking in general*
I know that only AIM from major IM don’t ask for permission, and that’s bad. It’s plagued with spam (from what I’ve been told) and it’s bad practice. Just because they do it, it doesn’t mean it’s right.
I know what I say doesn’t matter, because if it’s not released on this site, it will be released on some other: And if someone else but the author already has the code, I don’t see what anyone says here will matter.
Even if you add someone without them knowing it will only allow you to see if
they are online, their status message/s, and you still won’t be able to know if
they are online even if they are invisible. If you have your messenger set to
only allow people on your buddy list to PM you, the person that added you
without you knowing will not be allowed to PM you because they are not in
your buddy list. The only real advantage is they can see if you are online.In the end it all depends on how the person/s use the program. If they are
using it to keep track of the people that are booting them or the people that
might be trying to steal their account it could be concidered a good use. If
someone is using it for the purpose to just see when people are online or not
then it could be concidered a bad thing.It all comes down to each person’s individual opinion. Some will always find
something bad about it and other’s will always find something good about it.
There have been programs around that would allow you to add someone
without them know for a while now. I think people are more worried/excited
now because its more public. They really didn’t think about it much before
either because they thought it was impossible or wasn’t that big of a deal to
them at the time.There is not just one way to adds someone without them knowing. There are
a few different ways you can do it. I have seen a few programs that do it
differently then the other. This just means that a programmer didn’t want to
copy what another programmer did so they figured out their own method.In my opinion this topic will always come to a 50/50 on what people think.
I just forgot to mention previously. If the only purpose of such program is to see who’s online, why not just use Spy Buddy then? It’s generally accepted, and can reveal if someone’s invisible or not. This method is limited and the argument “just to check someone’s online status” for this particular purpose is, for me, not acceptable. SB does it, status is displayed on Yahoo’s pages…it does not justify adding someone without permission just to see their status.
Thanks Tim for clearing up some things. š
Edit: Sentence was way too long.
richter wrote:Ok, please bear with me because I don’t understand half of the things people are justifying having/using this program.You aren’t alone on that. š
richter wrote:I’ve been using Yahoo’s service since 1998. I have had plenty of emails with them and have never experienced hacking or account stealing. I am aware that malicious surfers are present and the things they can do. However, I haven’t seen anyone saying their accounts were high jacked. It makes me think that this is due to your personal inability to use strong password and/or leave it lying around instead of remembering it.Are you serious?:eek: (Yes, I’m shocked! lol :P) I’ve been on Yahoo! only since 2004 and i’ve heard plenty of stories of people getting their accounts taken. (just browse the forum here and you’ll find hundreds of threads about it) In the end it doesn’t always matter if your password is really strong or not, because if someone is out to really take it, and they know how, they can do it. But a good password does make it a bit harder on them.
richter wrote:Now before anyone jumps down my throat, I never said this is not possible. I just don’t see it happening myself. Not being āhackerā myself, I am unaware of any vulnerabilities in Yahooās system which allows stealing someoneās account. Of course, nothing is perfect, but from what I read here it seems like just like any john doe can steal your account. My only intension to steal anyoneās account would be due to content of an e-mail and/or personal data. All potentially interesting usernames have been taken ages ago, and I donāt see anyone stealing someoneās account and then using it. You can still retrieve your account by using secret questions or things. I donāt see the person who stole it changing it easily unless they know you personally and you used really obvious questions/answers. In which case, itās again on you to secure your data.Don’t worry, i’m not jumping down your throat, just making things clear to everyone and to you, so that we won’t have wrong information! š Once someone takes your account all they have to do is go in your account information and change your zip code, and that makes it impossible for you to complete the form to get to your secret question at all to change your password. So that’s when you have to go to the whole process of filling out an e-mail with all your original information to yahoo, etc… So again, it’s not about easyness.
richter wrote:I donāt see how can adding someone secretly help you retrieve your account?
How exactly do you know who hacked your account? Iām not trying to be pain. I just donāt know how exactly could you know who was that hacked your account, and then you protect yourself by finding their ID, adding them and shutting down YOUR computer? If you store your data on Yahoo, itās on Yahooās severs and turning off your computer will not help you from hacker retrieving your data. That argument is totally senseless.Yeah, i agree here, don’t see how it helps, since they can appear invisible to everyone aside from certain people. AND most smart booters use a separate name to boot you, so you don’t really know who it is for sure. Especially in game rooms, they use one for game room and a different one for messenger.
richter wrote:As for bots and stuff. This part is something I am not familiar with that much. Iāve heard this happening on MSN a lot, and yet I have never received a spam message, a virus or had my account hacked either. I donāt use Yahoo chat rooms and I donāt know āwhatās out thereā, but, I donāt see how can you tell a user from a bot or hacker? Do explain me the difference.There is TONS of bots in Yahoo! Chat and i know this even without going to a chat room oftenly (been there like once or twice.) There is a lot of porn bots, bots who send very bad links to take your account because they show phishing sites that show similar Yahoo! Log-in pages, links to download viruses, etc. The best way i’d think to check if it’s a bot is to check their profile because they usually have a link to what they advertise (especially the porn bots.) Secondly they always end up typing a link to you. And thirdly, they are redundant. Anyone feel free to correct me on this, but it’s what i saw the time i went.
richter wrote:I know what I say doesnāt matter, because if itās not released on this site, it will be released on some other: And if someone else but the author already has the code, I donāt see what anyone says here will matter.Of course what you say matters. Yes, you are correct that if we don’t release it on this site, it will be released somewhere else, but at least it’ll be one less site if choose not to put it with good reason. Instead we can inform people of what is going on and tell them ways they can protect themselves and things like that.
So trust me, all opinions matter. And thanks for sharing yours! š
Edit: Oh and richter, if you read HERE, buddyspy and all on-line checkers got patched by Yahoo! so they are currently not functional. So which is why that reason is a valid one, if you exclude stealth settings people use. š
hatedjealousy,
Thanks for your kind reply.
hatedjealousy wrote:Are you serious?:eek: (Yes, I’m shocked! lol :P) I’ve been on Yahoo! only since 2004 and i’ve heard plenty of stories of people getting their accounts taken. (just browse the forum here and you’ll find hundreds of threads about it) In the end it doesn’t always matter if your password is really strong or not, because if someone is out to really take it, and they know how, they can do it. But a good password does make it a bit harder on them.And yes, I was serious, but not in a way you might have interpreted it. I just wanted to point out that in 8 years of usage I have yet to experience any issues, thank god. I realize that if hacker wants to do something bad to you, god knows password will not help you. If there is security hole in Yahoo’s severs it (I’m just guessing) length/strength of password will probably not matter. That wasn’t what I originally meant. While I personally have never been a victim of hacking on Yahoo/MSN, my friends informed me they have. I’ve been asked many times how to hack someone’s Yahoo/Hotmail account. It’s usually boyfriend/girlfriend thing. It has nothing to do with person X, lurking around the net and “accidentally” picks on my account. I merely pointed out that it’s possible to have your account hacked, but several accounts (like user posted)…it just sounds so… and totally unrelated to this program. It will not help you if someone’s got a thing for you.
hatedjealousy wrote:Don’t worry, i’m not jumping down your throat, just making things clear to everyone and to you, so that we won’t have wrong information! šThanks for correcting me. I did not mean to imply it’s easy. Real hacker will probably secure his way of you not getting your account back, but to your jealous bf/gf the zip code is probably the last on their mind. *not trying to make a point*
hatedjealousy wrote:There is TONS of bots in Yahoo! Chat and i know this even without going to a chat room oftenly (been there like once or twice.) There is a lot of porn bots, bots who send very bad links to take your account because they show phishing sites that show similar Yahoo! Log-in pages, links to download viruses, etc.
Thanks for bots explanation. I received tons of spam via ICQ when I used it. Never on MSN/Yahoo though. I am just lucky or maybe because I have never used Yahoo chatrooms so my ID somewhat “safe”. Then again, If there are too many bots, adding them to list is again not a good thing and not excuse for using this program.hatedjealousy wrote:Of course what you say matters. Yes, you are correct that if we don’t release it on this site, it will be released somewhere else, but at least it’ll be one less site if choose not to put it with good reason. Instead we can inform people of what is going on and tell them ways they can protect themselves and things like that.The thing I’m not pleased is that this site appears to be popular and mainstream. One thing is to have those exploits and programs circle around sites which are unknown to john doe and thus the fact that you can add someone without permission is almost insignificant because 99% (I’m speculating, but how many users could possibly know about hack sites), would not know how to obtain such software or even know that it existed. Then if it is released and available on highly known site such as this one, it’s no longer “for select only”. I sincerely hope BBB encourages privacy to some extent and/or provides info how one can keep it should user have option to do so.
hatedjealousy wrote:And thanks for sharing yours! šI do hope my posts are not taken the wrong way. I am new to this forum and I am not familiar with great majority of users here. I don’t know much who’s who. I am private person and hence my reaction. Though, it’s not meant to be malicious against anyone. I appreciate all corrections and explanations.
hatedjealousy wrote:Edit: Oh and richter, if you read HERE, buddyspy and all on-line checkers got patched by Yahoo! so they are currently not functional. So which is why that reason is a valid one, if you exclude stealth settings people use. šThanks for buddy spy link. I will have a read. While I am minority, I’m certainly glad that BS is not working for at the present. The thing is adding someone for online status is same as going to their profile page (legal). I’d much rather bookmark profiles and simply with a click open them to see who is on and who is not, rather than encourage using this tool for this purpose. I know, user can disable feature not to display its status on Yahoo pages, but that’s their right and they have choice so why go against it?
I realize that if hacker wants to do something bad to you, god knows password will not help you. If there is security hole in Yahoo’s severs it (I’m just guessing) length/strength of password will probably not matter
Most people that steal account are not hackers.
A hacker is a microcomputer user who attempts to gain unauthorized access to proprietary computer systems.
Someone who steals or trys to steal a yahoo account is not a hacker. They are
not trying to gain access to your computer. What they are doing is simply using
a collection of pre-made passwords, a list of usernames, and the program trys
each password in the password list with the first username in the username list.
Then is successful or not successful with any other the password it will move on
to the next name in the list. The reason someones account could be stolen is
simple, they simply didn’t make their password a good password. The most
most common password for people are 12345 or 1234567 or something easy.A common password list will usually start off like this
123
1234
12345
123456
1234567
12345678
123456789Then you also have the other common way of stealing someone account
which the person makes a site that looks like a Yahoo site with a login.
The user is then tricked into entering their username and password which
is then sent to an email address of the stealer’s choice with the person’s
username and password. Its easy to tell if the site is really a Yahoo site or
not. Yahoo will not use a geocities address for there Briefcase or Photo
websites. Always look at the address bar and make sure its an offical Yahoo
website.Yes there are ways a actual hacker can steal your account, but most people
don’t hack someones account. The most people actually use the methods
above to try to get someones account.A little more on topic, adding someone without them knowing is not a hack
either. Information in the add request is added, taken out, or changed from
the actual add request. The program used to add someones name without
them knowing does not gain access to the person’s computer to do so.Tim, you are completely correct. I apologise for using term hacker/hack so viciously. I understand the difference between hacker/cracker and other terms. I was interested in those things when I was a teenager and read about it. I would hardly call someone who hacks (breaches into) someone’s account a hacker. I’ve been receiving several emails a week which are „forgot password“ related for my Gmail account. Someone, probably with same first name, wants that e-mail address that he’s been trying to reset my password and brute force it (what you described above) for more than a year now. I always get e-mail since Google doesn’t not initiate secret question/answer routine until you start it from e-mail received. And it’s hard to brute force it since you only have 3 tries before it starts asking to type in security code which is annoying and, to my knowledge, has to be entered manually. I wish Yahoo had same protection. I would also try to bruteforce someone’s password. Something simple – first name, last name, birthday, names of their kids, gf/bf, spouse or some important dates. That’s not hacking. I’m surprised Yahoo allows you to try to enter wrong password for many times (last time I checked). I’d like it to disable login page for an hour for the account after 5 wrong entries, or something like that.
I am familiar with dictionary type of attack against passwords. That’s what someone like me would try, and someone who knows you would try some things they know about you – because that’s what’s used the most.
I’m sorry – we’re way off topic now. This is not program related.
I do wish to note that I used term hack wrong. I did not mean to imply this program is a hack (not in real sense of the word). It’s also used for modifications so it doesn’t necessarily have negative conationation. However, I don’t see that bypassing a function of program or using a hole in protocol as something that is justifiable for something like this.
I do appreciate posters and mods here. So much useful info, so I’m just going to stop before you guys I get labelled as notorious pain in the a++.
I just hope if this program is released that mods will do their best to make extensive info on usage and define situations in which such program would be useful.
I don’t make a stand on most things, but the day bbb gives links to our members being able to download ways to add people on yahoo or any other IM will be the day I hang up my shirt!
I get that we have buddy spy that’s not a big problem to me, if some wants to spy if I am on line but invisable then so what!
I do not use Yahoo messager much. I like that on MSN I KNOW who has added me! My view is if MSN can let me know who has me on their list why can’t Yahoo ….:cool:
- You must be logged in to reply to this topic.