Peripheral Neuropathy Support Group
 of the
DC Metro Area

No Cure
No "Race for a Cure"
But Hope, Advice, Info
      Mutual Support &
      Being Heard?
Yeah, We got that.

DC Peripheral Neuropathy Support Group

<meta name="google-site-verification" content="rnynLe2vn0ze14KzMXKQbTDqutSiL2j-WGRUn6hJxUA" />

Member Security      Op Stuff page   How to page  Site Status Page
Last update: 2/10/2017
Passwords and Security
7/31/18 NOTE: This page has NOT been updated to reflect changes made by our host service to improve the security of your sign-in process.

To use the membership features of this site, as described in the Membership How To page, the member must use an email address and set a password.

PRIMARY RULE: Use a totally unique password. Do not use one that is used somewhere else.

WEBS staff assures me that the email address and password you type is encrypted (technically, it "uses SSL").
Some browsers, particularly Firefox, are rather picky about the way a system handles entry of such email/password combinations. Firefox is not happy with the way it is handled by the WEBS system and issues a warning like this
           This connection is not secure.
           Logins entered here could be
           compromised. Learn More

The "Learn More" link takes you to a page that explains that certain kinds of attacks (Man-in-the-Middle) could reveal your password to someone else.

  1. Depending on how WEBS has configured its login system, its software might or might not be subject to such an attack. I'm not able to prove that it is or is not. Hence, despite the WEBS claim, it is probably best to act as if your password could be revealed to a determined attacker.
  2. Man-in-the-Middle attacks are not easy to do when the email and passwords are encrypted by SSL. No one is likely to try it unless there is money to be made. There is no money in this site, so it is highly unlikely that anyone would bother to try.
  3. Suppose there was a bad person who got your password? So what would that do on this site?  Well, the bad person might write some nasty words while pretending to be you and get folks mad, but that would be settled quickly. If we ever establish a mechanism to collect charity contributions (WEBS supports a PayPal interface), the bad person might try to give some of your money to us (assuming he also knew your PayPal password).
  4. THE REAL DANGER WOULD COME if the user used that same password (or something close to it) on another, truly sensitive site, such as a bank or AMAZON.
       
REPEAT:
PRIMARY RULE: Use a totally unique password. Do not use one that is used somewhere else.
Secondary rule #1: make use of the password helper built into modern browsers to use (perhaps even generate) some weird long password.
Secondary rule #2: Count on the ability to easily change your password - if you want you could change your password every time you use this site.
Misgivings

  • Google, Firefox and the internet generally are pushing hard for all websites to move to encrypted Websites (those that use HTTPS instead of HTTP). WEBS, the company that we use to edit and support this site, has shown no inclination to support HTTPS (it takes more server resources to encrypt)
  • WEBS (a subsidiary of Vistaprint) has a poor reputation for support to its clients (our DCPN support group is the client). I've had no issues with the support we have gotten. Services such as WIX have better reputations, but I am not sure there is a comparable capability to support membership.
  • WEBS apparently (I have no inside info) uses Google back-end services and servers to operate, and Google has shown no inclination to be aggressive at protecting the privacy of the public. Google may change for the better. I suspect that WEBS minimizes its net costs (in a very competitive business) by allowing Google to aggregate and use member data to improve its advertising, and not using HTTPS.
  • WEBS started in 2001 (under the name Freeweb) and has been a site support ("hosting") company since its inception, with literally hundreds of millions of sites.  I'm not sure how many site owners are still paying customers. I suspect WEBS is not a huge money maker, which may be the source of its support complaints. But, except for no HTTPS support and its ties to Google, I have no complaints. 


Should I try to move our website, now that we own our new name (dcpnsupport.org), to a different service? It is a question I frequently ponder. For now, its membership service is just too attractive and its edit tools too easy to use.  I try to keep the site content backed up, but it's time consuming.

Privacy


I don't know much about the privacy of what is posted or used with private emails (email messages sent directly from one member to another, without revealing the email address of either) on the membership features of this site. A February support message from WEBS confirmed that there is no PERMANENT way to delete private email messages, though they are still visible only to the particular members involved. There may be security reasons for this. As far as I can tell, everything else a member posts can be deleted.


However: Our site privacy link (seen when a member goes to the Sign-In page) takes the user to the Google privacy page. That suggests to me that the data on this site might be part of Google's normal operational model - suck up and mash up as much data as possible to further customize its advertisements.


Of course, there are no ads on our site, but the Googles of the world still like to know what we are doing so they can sell stuff.