Sunday, September 4, 2011

Stolen Camera Finder Redux


In April this year I wrote about this interesting site.

This programmer by the name of Matt Burns has written a search engine that lets people find their stolen camera by submitting an unedited photo taken by the lost camera!  It's magic ;)

After giving it a go, I was impressed by what Matt is trying to do! But I did have a few concerns.

Well, I received a response from Matt himself yesterday!


Matt Burns said... 
 
Thanks for the write up. I wrote stolen camera finder and am always looking for ways to improve the site.

I ask for "Original" images because some image processing software effectively corrupts part of the exif data. Some software does not corrupt it and so isn't a problem.

Entering your details in a missing camera report is purely optional and not required to perform a search. You simple had 0 search results on the previous page. The report is just a way for me to contact you should my web crawlers discover your missing camera being used on the internet.

You mention concerns about security. Would you prefer if I secured the page with https?

Cheers,

Matt 
Thanks for that Matt! You are doing a great service to the communities!! And YES, please secure your site with https!

Famous Last Words...

For the benefit of those who do not know, I would like to quote this from

What is HTTPS - Why Secure a Web Site by , About.com Guide.

"Most Web customers know that they should look for the https in the URL and the lock icon in their browser when they are making a transaction. So if your storefront is not using HTTPS, you will lose customers. But even still, it is common to find Web sites that collect money including credit card data over a plain HTTP connection. This is very bad.

As I said above, HTTP sends the data collected over the Internet in plain text. This means that if you have a form asking for a credit card number, that credit card number can be intercepted by anyone with a packet sniffer. Since there are many free sniffer software tools, this could be anyone at all. By collecting credit card information over an HTTP (not HTTPS) connection, you are broadcasting that credit card information to the world. And the only way your customer will learn it was stolen is when it's maxed out by a thief."

I am a bit paranoid about logging into none HTTPS sites, even Gmail has gone "secure" a while back :)  And when I log into Face Book, I prefer this: https://www.facebook.com/login.php?login_attempt=1

Better safe than sorry?   ;)

No comments: