detailsme - a fundamentally flawed website.

Forums › Off topic › detailsme - a fundamentally flawed website.

richms

26413 posts

Uber Geek

Trusted

Subscriber

#50091 21-Nov-2009 23:30

Now, I am not the sort of person to encourage this, but did you know you can just pop in a name of someone on trademe, and then an email address of something insulting, and its just listed? There is no verification of the trademe accound, none of the email, none of the phone number - they just get listed. So if I wanted to really annoy someone (assuming the site gets popular) I can put a popular trademe sellers name in, and their number, and they would get loads of calls. Emails - same deal.

Richard rich.ms

1 | 2 | 3

26413 posts

Uber Geek

Trusted

Subscriber

#275059 21-Nov-2009 23:34

No privacy policy either.

Richard rich.ms

GoodSync

GoodSync. Easily back up and sync your files with GoodSync. Simple and secure file backup and synchronisation software will ensure that your files are never lost (affiliate link).

freitasm

BDFL - Memuneh
76382 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#275073 22-Nov-2009 00:15

You have the option to upload your own details - but the bit I didn't like on that page was "Upload details of traders you have dealt with in the past or details you gather in the future"...

I don't like the idea of anyone uploading MY email address there. A spammers paradise it seems.

Please support Geekzone by subscribing, or using one of our referral links: Dosh referral: 00001283 | Sharesies | Goodsync | Mighty Ape | Backblaze

freitasm on Keybase | My technology disclosure

richms

26413 posts

Uber Geek

Trusted

Subscriber

#275077 22-Nov-2009 00:35

the lack of any verification that it is your tm account you are claiming is more troubling to me.
http://www.detailsme.co.nz/search/show/118

Just added some crap as another address - no way to remove it, doesnt sanity check it. Someone with some sql knowledge want to have a shot at a drop on it?

Richard rich.ms

nate

6469 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#275078 22-Nov-2009 00:38

Interesting concept, poor implementation.

Wonder what TradeMe's legal stance is on it - do they own your nickname and details so can claim copyright?

richms

26413 posts

Uber Geek

Trusted

Subscriber

#275083 22-Nov-2009 00:59

Interesting...

http://www.detailsme.co.nz/search/show/132

This seems weird this place, its got lots of code behind it, a bit of thought into the graphical content, and yet it violates the most basic of things about sanitizing user input.

" onclick="alert('value')

as an email address, and it lets it run for page visitors.

Oh - my - god... Please tell me that this isn't the product of current "learn to make website" courses that are being taught.

Seems to handle into lt and gt - so no stylesheet fun, perhaps an external .js could be called, Im tired and it will probably be fixed or gone tomorrow. Someone should have some fun while it lasts.

Richard rich.ms

macuser

2120 posts

Uber Geek

#275111 22-Nov-2009 09:55

Oh, this site is much to funny. You can type alpha characters in the Phone Number boxes... :D

timestyles

424 posts

Ultimate Geek

#275114 22-Nov-2009 10:09

I added fake details for myself and my partner. Better safe than sorry.

nate

6469 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#275125 22-Nov-2009 10:43

c71931f: I'm guessing this is probably the site creator? http://www.detailsme.co.nz/search/show/1

Someone has added fake details to that first profile. They are using jQuery (common Javascript library) for validation, I do hope they are doing it server side as well, as anyone who turns off Javascript can easily get around this.

boby55

1539 posts

Uber Geek

Trusted

#275134 22-Nov-2009 11:23

timestyles: I added fake details for myself and my partner. Better safe than sorry.

too bad other users can still add details for you after you already have some.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#275185 22-Nov-2009 14:21

It'll be interesting to see what Trade Me's lawyers think of their logo.

While it may not necessarily breach an existing TM it's similair enough that people could believe there was an association with Trade Me. This in itself is enough to find yourself trying to fight a legal battle you probably won't win.

boby55

1539 posts

Uber Geek

Trusted

#275187 22-Nov-2009 14:26

c71931f: Lol just attempted to write a long amount of email addys etc..to be told the member name already exists.

search for your user then click add more contact details

Im currently at 50 emails

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#275201 22-Nov-2009 15:11

Looks like virtually everybody now has trashy comments linked to their accounts.

Big Fail.

Kraven

710 posts

Ultimate Geek

#275238 22-Nov-2009 17:56

Looks like it has been taken offline - prompts for username/password currently when you try to access it.

I did a bit of digging, and found the following trader name on TradeMe which is linked to the owner of the detailsme.co.nz domain name. Trader Name is: cartrader

I was just going to look up to see if he was listed on detailsme.co.nz...

The website is a totally bad idea for a whole lot of reasons IMO.

macuser

2120 posts

Uber Geek

#275240 22-Nov-2009 18:18

They didn't even have a contact page so you could tell them what was wrong. Sounds like they got the idea though.

timestyles

424 posts

Ultimate Geek

#275270 22-Nov-2009 19:59

The only 100% accurate way of setting up a website with this idea is either for detailsme to provide auctions on Trademe and for people to bid $1 using buy now, and then detailsme will know the accurate email address, or for people to register with detailsme, then they are presented with a code. They place this code on an auction that they run and detailsme links the two together. Why didn't they think of this?

By the way, this isn't the only website that is using Trademe to annoy people. Votemenot has been stealing forum data from Trademe's forums for the last year.

1 | 2 | 3