top | item 4688759

Tell HN: Bitcasa is leaking your emails

3 points| aaroncray | 13 years ago | reply

I'm pretty sure users aren't aware this is happening. The CEO was alerted a few weeks ago about this issue: https://twitter.com/aaroncray/status/253737089051541504/photo/1

click on any of the links in this search result: https://twitter.com/search/realtime?q=l.bitcasa&src=typd

3 comments

[+] rkjbnz|13 years ago|reply

Im more worried why they are using my password in hidden form fields in the clear on signup.

http://dl.dropbox.com/u/12035718/after-signup-source.jpg

It seems after the initial signup the server responds with with the question/answer form and pre-populates hidden fields with my entered password in the clear, which kind of make me wonder how my password is stored. Im hoping my password isn't stored like this and they are just passing it back as a response param, or perhaps the initial signup isn't hitting the server at all??

[+] lukebehnke|13 years ago|reply

Thanks for the feedback. I work at Bitcasa and we have discussed internally. We decided to remove it. Instead we will show the user's first name only, so the share is still somewhat "personalized". The push will go this afternoon. Thanks, Luke @ Bitcasa

[+] bmelton|13 years ago|reply

I think it makes sense that I would be able to see who invited me. If the link is public, then one assumes that they aren't terribly concerned with their privacy, or are weighing more heavily the incentives to their privacy.

Sure, it would be better if it just showed "f_name l_name" instead of email, but I don't think this is a terribly egregious offense. Maybe that's just me though.