topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 7:19 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Would you trust this ... ?  (Read 17842 times)

joiwind

  • Participant
  • Joined in 2009
  • *
  • Posts: 486
  • carpe momentum
    • View Profile
    • Donate to Member
Would you trust this ... ?
« on: September 15, 2011, 05:36 AM »
Has anyone tried (I have and it works) using mail2web ... ? It looks really useful BUT would you give your email password to someone you don't know ?

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Would you trust this ... ?
« Reply #1 on: September 15, 2011, 06:23 AM »
...BUT would you give your email password to someone you don't know ?

No. Never.


Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #2 on: September 15, 2011, 07:17 AM »
I can't speak for them as of right this minute but I have used their service when I was overseas in the UK in 1997, 2000 & 2003.

I never had a problem with it and I've never had mysterious, unexplained weirdness with any email account I used via mail2web.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Would you trust this ... ?
« Reply #3 on: September 15, 2011, 07:56 AM »
It just seems weird to stick your password into some strange input box. :P
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

joiwind

  • Participant
  • Joined in 2009
  • *
  • Posts: 486
  • carpe momentum
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #4 on: September 15, 2011, 08:04 AM »
It just seems weird to stick your password into some strange input box. :P

Yes, that's what I thought - well, nearly ...  ;D

But on the other hand ... if this service is trustworthy then it's really useful.

More opinions ?


cmpm

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 2,026
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #5 on: September 15, 2011, 08:11 AM »
or would you trust this, with your cell phone number

http://www.wheresmycellphone.com/

via- http://cybernetnews..../find-my-cell-phone/

looks like a handy service if you have no other phone around

I've cut my land line and have misplaced my cell phone once,
here at home,
without anyone around to contact and call the number.

I found it, and now I find this site.
So I may have to use it one day...hmmmm

mahesh2k

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,426
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #6 on: September 15, 2011, 09:58 AM »
How this service is any different from thunderbird or any similar thunderbird like web interface software ?

jgpaiva

  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 4,727
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #7 on: September 15, 2011, 12:17 PM »
How this service is any different from thunderbird
In terms of security it poses a much larger risk, I think.
First of all, by default it doesn't use the SSL connection. That means that anyone can listen to you connection (think public wireless access points, for example) and get the username/password pair.
Even when you use the SSL login, the reward for hacking the server is large, the hacker would get access to a *very* large number of email boxes. Even if you trust the site, there's no guarantee that right this moment there isn't a trojan in their server logging every login.
The same could be said from your thunderbird, its binaries could have been hacked and be sending info to some third party. However, I believe that if this would have happened at least one of the millions (?) of people who use thunderbird would have noticed. The server situation is different: only the (few) server administrators can know what's happening with their server.

or any similar thunderbird like web interface software ?
I believe any web-based solution would suffer from the problem I mentioned above, and for me it would be the same situation as this. Like Renegade said,
...BUT would you give your email password to someone you don't know ?
No. Never.

daddydave

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 867
  • test
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #8 on: September 15, 2011, 01:10 PM »
Gmail can do this too, right? Or are their target consumers not supposed to know about web mail? I think you can even send from the non-Gmail SMTP address.

JavaJones

  • Review 2.0 Designer
  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,739
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #9 on: September 15, 2011, 03:07 PM »
Yes, Gmail does what this seems to do. The difference as far as I can see is they claim "no registration"? I certainly wouldn't use it, but then I *do* use Gmail so I don't need it. And I did give Gmail passwords for some other accounts...

- Oshyan

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #10 on: September 15, 2011, 08:27 PM »
Gmail can do this too, right? Or are their target consumers not supposed to know about web mail? I think you can even send from the non-Gmail SMTP address.

This service was started at a time when GMail, (and a lot of web-based mail), didn't exist and a lot of people used the email address provided by their ISP - many of which didn't provide a web interface to email.

EDIT: The part below is a general reply, not related to the daddydave quote above.  (Just thought I'd add that for the sake of clarity.)

Put it this way:

If you need to access your email and
a) you don't have your 3kg laptop with Thunderbird because it was stolen along with all your carefully downloaded private emails, and
b) you don't have an email service with a web interface, and
c) all you've got is is your portable version of Tor/Firefox on a USB stick and you're at some disreputable internet cafe in Nigeria....

What are you going to do?

It's your choice whether you trust them or not.

I don't have a problem given what they provided me with in the past and the subsequent problems that arose from that use, ie. none.

It was asked whether you would trust that particular site; for that particular site, my answer is yes.

If it's that much of a concern whether they have access to your email account; forward it all to another with a different address/password and access that one.

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #11 on: September 16, 2011, 02:11 PM »
I did use this service for a couple years back in 2006-2007. I had a premium account and it basically served as an Exchange server for me. It was pretty decent but then they changed their pricing structure and that chased me away.

Thank you.

Jim

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Would you trust this ... ?
« Reply #12 on: September 20, 2011, 01:22 AM »
Ahem... On the "let's give people the keys to the castle" note...

Seems like Facebook is asking for my email address and password...

Screenshot - 2011-09-20 , 4_17_31 PM.png

Ahem... To make this a fun game of fill in the blanks, they can:

G_ f___ themselves.

Like really? WTF? Are they on crack?


Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

mahesh2k

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,426
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #13 on: September 20, 2011, 03:17 AM »
I'm getting google+ invite from those who sent me email just once in one of my gmail account. lol so as usual "G" is moar eveel :P

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #14 on: September 20, 2011, 04:47 AM »

Ahem... On the "let's give people the keys to the castle" note...

Seems like Facebook is asking for my email address and password...
 
Ahem... To make this a fun game of fill in the blanks, they can:

G_ f___ themselves.

lol!!   ;D

Like really? WTF? Are they on crack?

Aw c'mon! They're not asking for your blood... yet!  Plus, after all, this is for your friends?!?!  Maybe your mother's maiden name, then? Shoe size?  Anything???

Worse yet, they don’t give up!

Thanks!

Jim

daddydave

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 867
  • test
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #15 on: September 21, 2011, 10:21 AM »
LinkedIn is even worse, because they have a prompt like this that makes it look like you're logged out of LinkedIn. I've accidentally typed a password there and submitted a few times.

The right way to do this is use some kind of authentication where it redirects you to the third party's web site so you can at least see the URL and be clear you are giving your password into Google and not Facebook or LinkedIn. Of course, not everyone is on Gmail, but all the web mail services ought to (which means they probably don't) have something similar in my opinion. Yes, I realize that is 1000 times more work. And by the way, why are iPhone/iPod Touch apps so dependent on shared passwords stored in the app? Oh, because they're in the cloud man, security is for old fogies who still want to sync to desktop.

Ahem... On the "let's give people the keys to the castle" note...

Seems like Facebook is asking for my email address and password...
 (see attachment in previous post)
Ahem... To make this a fun game of fill in the blanks, they can:

G_ f___ themselves.

Like really? WTF? Are they on crack?



« Last Edit: September 21, 2011, 10:31 AM by daddydave »

Alk

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 6
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #16 on: September 25, 2011, 08:48 AM »
It's been over 2 years ago since I used the service. Very handy if your service provider doesn't provide webmail and you don't want to setup an email client for the purpose of just reading the emails (without downloading them to your email client). Also very handy as a troubleshooting tool to independently verify that the email account details are working correctly.

rjbull

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 3,199
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #17 on: September 25, 2011, 11:00 AM »
I too am in the UK and used the mail2web service for several years without problems, though not much in the last two years.  At one point my ISP (Plus.net) tried to set up their own Web mail service, made it insecure, and while they thought about improving it, recommended their customer use mail2web.

I was under the impression that passwords for e-mail were sent in plain text anyway.  Has SSL changed that?

Ath

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 3,612
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #18 on: September 25, 2011, 11:02 AM »
I was under the impression that passwords for e-mail were sent in plain text anyway.  Has SSL changed that?
An SSL connection is encrypted by default, so even though the password goes into the comms channel in plain text, because of the entire channel being encrypted, nobody but the receiving end can read it. It's just like with https vs http websites.

rjbull

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 3,199
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #19 on: September 25, 2011, 11:19 AM »
@Ath: Thanks!  I suspect 4wd's comment about mail2web pre-dating Gmail and other Web mail interfaces probably means it also pre-dates SSL, though they should now catch up and add it.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Would you trust this ... ?
« Reply #20 on: September 25, 2011, 01:52 PM »
An SSL connection is encrypted by default, so even though the password goes into the comms channel in plain text, because of the entire channel being encrypted, nobody but the receiving end can read it. It's just like with https vs http websites.
...unless there's a man-in-the-middle with a forged certificate... used to be "zomg tinfoilhat!" stuff, until the latest CA hacks (diginotar, anyone?). Also, HTTPS == HTTP-over-SSL.
- carpe noctem

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #21 on: September 25, 2011, 08:18 PM »
@Ath: Thanks!  I suspect 4wd's comment about mail2web pre-dating Gmail and other Web mail interfaces probably means it also pre-dates SSL, though they should now catch up and add it.

Already there, just use https://www.mail2web.com - if you can believe Wikipedia, HTTPS was created in 1994, (3 years before mail2web), by Netscape but not formerly specified until 2000.

rjbull

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 3,199
    • View Profile
    • Donate to Member
Re: Would you trust this ... ?
« Reply #22 on: September 28, 2011, 02:42 PM »
@Ath: Thanks!  I suspect 4wd's comment about mail2web pre-dating Gmail and other Web mail interfaces probably means it also pre-dates SSL, though they should now catch up and add it.

Already there, just use https://www.mail2web.com - if you can believe Wikipedia, HTTPS was created in 1994, (3 years before mail2web), by Netscape but not formerly specified until 2000.
Well, well... sounds like one more reason to trust mail2web after all  :)

Thanks!