(no title)
pstatho | 14 years ago
It's unfortunate that people are associating chat.youporn.com to the actual YouPorn.com site, but they are not affiliated at all. It was operated by a completely separate entity, which we've obviously closed as soon as we discovered it. The accounts on chat.youporn.com are different than the accounts on YouPorn. Though as was mentioned, it is probably that some have re-used the same username password combination that is highly unrecommended for all you folks out there (if you read Hacker News, you already know that).
As for password policies, I've been enforcing hashing of passwords ever since joining, though as we inherit a lot of old code and sites we correct issues such as that as we come across them.
I'll be around for a while, if anyone wants to ask questions.
rdl|14 years ago
By hashing, do you mean current best practice (bcrypt, scrypt, or possibly a pbkdf with high work factor), or something easily brute forced like MD5 and SHA1. There are issues with migration if you're doing the latter, but not a big deal.
Do you have any contractual recourse against the chat provider? Have you considered including such terms in future contracts with partners?
Do you have a security audit firm? There's plenty of value to in-house audits, but some kind of independent audit is probably a reasonable choice. You probably don't have PCI concerns (it's free, right?), but users might feel better about privacy otherwise. Just the existence of an account for a given user is probably an issue for some people, so even foolish things like using the same username on a porn site as on other sites could be a leak -- being able to verify that myhusbandinvirginiasportsfan is a valid user account on youtube would potentially make a divorce attorney very happy.
Would you answer general questions about the site/business, too? The whole porn tube thing seems like a big change in the industry (I was at SHOT Show in Vegas a few weeks ago, and stopped by the concurrent AVN event -- they really hate the tubes). I'm especially curious how you feel about the meta-tube sites (e.g. fantasti.cc) which seem to blatantly scrape youporn (and other tube) content. Preroll ads still show, but nothing else.
pstatho|14 years ago
We are currently in very close discussions with the 3rd party. In our official statement we purposely did not name them, we don't want to throw them under the bus. Of course we are reviewing all obligations.
We do deal with multiple security firms, and we regularly do security audits (both white and black box audits). We also deal with PCI, because we have paying sites as well, like Brazzers.
We can talk about the industry in general another time, but obviously we believe all types of sites can co-exist.
rplnt|14 years ago
csoghoian|14 years ago
Do you think that it was reasonable behavior to engage in without telling your users?
pstatho|14 years ago
We spoke to the owners about the issue and they are really some of the nicest people we've met. They really did not have malicious intentions.
That issue brought the privacy flaw to the forefront, and certainly the adult industry pushes those limits. We always strive to respect industry best practices regarding privacy, especially around cookie handling. We constantly review privacy policies around the world.
rhizome|14 years ago
pstatho|14 years ago
We've been focusing on the rewrite of the main site and are now cleaning up all the secondary dependencies.
ez77|14 years ago
There must be some level of affiliation then, right?
pstatho|14 years ago
HNatWORK|14 years ago
pstatho|14 years ago
zaidf|14 years ago
So you guys cut a deal with another entity to let em "rent" the subdomain chat.youporn? Just intrigued by how this works.
pstatho|14 years ago
Using chat.youporn.com is not that different than using ypchat.com, personally I would have preferred the latter for obvious reasons.
b00gizm|14 years ago
Sukotto|14 years ago
pstatho|14 years ago