There's a very fine line between being cautious and being paranoid; but you don't have worry about that, because you've crossed it a long time ago.

FYI, I don't have, and have never had, a Facebook account, because I do value my privacy. But yeah, sure, an IP address and your GOG username, that's incredibly sensitive stuff. That can be abused in oh so many ways.

That IP part reminded me of a certain bash.org quote... (http://bash.org/?136504)

While I think it's right to always be a bit skeptical about such things, it seems to me that some bits of information in your brain are not shaking hands with other bits of information in your brain.

--As made clear in BM's initial posting regarding the establishment of GOGPM, he was not authorized by anyone to set this up. It was done with the full knowledge of GOG staff, but they are/were not involved in it in any way. The service exists only for so long as GOG staff accept its existence. At such a time as GOG.com sets up its own PM system, BM's work will become obsolete.

--No, there is no re-routing of information going on, here. The verification process relies upon a textual check wherein the GOGPM user must make sure the code GOGPM gives them appears in a particular posting. If the user does not have access to that particular posting (due to not being a specific user), then the process returns a FAILED result. You would know this if you read BM's previous postings.

--As also noted previously by BM, GOGPM information is stored distinctly from other GOGPM users. This means no one can access your GOGPM data except you and the admin, BM. Even so, you should never trust another person with sensitive information. even if he or she has a "GOG" title on the end of his or her name. This is why BM included the warning in his initial post and GOGPM signup webpage. As a general rule, you should never include sensitive information in your PM's, regardless of who you are communicating with and who is running the PM system. If you need a secure method of communication, use a phone call.



If you are truly a "cautious" person, you would not be sending sensitive information through any form of PM service (as noted, above). I understand that you're a new user, so I can see why this all might seem a bit "off" to you.

For starters, Barefoot Monkey is not "some random bloke." Check his profile and you may notice that he is a well-known member of the GOG community. Those of us who have been around since the beginning know him and his reputation as a trustworthy contributor to the site.

Second, any person with a minimal amount of common sense will not be sending sensitive information through ANY PM service, whether it's run by BM or the United Nations. If you want secure communications, use a telephone. Tapping a phone requires some effort and, in many cases, judicial permission. For everything else, watch what you say.

Third, unless you throw caution right out the window, there is no connection between GOG.com and GOGPM. They do not share information, nor is your "financial interest" at risk unless you make it so. Unless you decide to PM someone your account information, which is a major no-no and violation of various codes of conduct, nothing you include in a PM would have any relevance to your GOG account.

Sorry for repeating myself so many times, but it is important everyone understands the need to not include sensitive information in a PM. If people followed that advice, there would be a lot fewer accounts hijacked through the various PM/IM systems.

Being cautious is good, but being informed is also extremely important.


-Khalaq

I could've agreed with you, but this is where I stopped reading :-/

And why would these couple of words have changed the meaning of eveything else I'd said?

@ everyone else

I really do have to laugh... from your posts I can absolutely see you all sitting there in your smugness, being all quite happy with yourselves that you have spotted one of the 'tin-foil hat brigade'.. following each other in your inability to at least form a single mind as oppose to some kind of mocking hive colective.. it is so typical of ignorant human nature... you're like stereotypes.

..and FYI.. 'private' information isn't always qualified as a of earth-shattering importance.. just information you wouldn't be entirely 100 percent comfortable with were it to be posted publically.

Specifically @ bazilisek... are you so stupid as not to realise that the right/wrong type of person armed ONLY with your ip and username could in one way or another, relatively easily (as opposed to it not being possible) deny you of more that your account on this site..... you would seriously have to be a moron not to realise this.

..but yeah guys.. fire away.. you trust simply on face value who ever you want, with whatever you want.... but please allow me to do my own laughing at how dumb you are.

Oh, it certainly would not change the meaning of anything you wrote. But pretty much anybody who calls others "dumbasses" out of the blue lights up a warning light in my brain - "potential jerk, don't waste your time trying to discuss". I'm allergic to pointless arguments.

Now regarding the IP - the situation gets a bit more complex when you factor in DHCP, proxy servers, or NAT. I suppose people disclose more sensitive information in the "List your Birthday" thread.

You can take all you want, but not my delicious pie!

Tormentfan, you have may have seen through my evil plot, but it is too late to save the others. Mwahahaha!

Seriously though, it's fair enough that you have concerns. I'll try to address them as well as I can.


I made the website of my own initiative without asking anyone for permission. I have been upfront about that.

I'm not entirely sure what you mean by that, but the answer is most likely "no". The only interaction between GOG and GogPM (other that HTML links, of course) is when you tell GogPM to look at a post in this thread to prove that you have the username that you claim to have.

The second condition does not apply, and there is no other information to route. To use GogPM you don't tell it anything about yourself, you don't give it access to your GOG account, and you don't even give it your email address. I'm not interested in any of your personal information - I just wanted a way to communicate directly with other GOG users.

I did launch GogPM with my full name in the URL, and it stayed that way for a couple of days until I registered the barefoot-monkey.org.za domain. So I certainly haven't been hiding my identity, but I don't see why I should be under any obligation to advertise it either.

I'm not asking you to trust me. You don't have to use GogPM at all - it's just there for you if you do want to use it. If you want to use the service but distrust me and want to be completely safe against anyone reading your messages, then you could always PGP encrypt everything that you send.

If you have any more questions about GogPM then feel free to ask. Oh, and read Khalaq's informative reply if you haven't already.

Thanks to bazilisek, Miaghstir, and Khalaq for speaking in my defense. TehMarv... good link there :)

Fair enough... you have attempted to belay my corncerns as you see the situation...

However.. just so you understand.. never at any point was my statement a PERSONAL inference the you yourself were not trustworthy (not knowing you I am unqualified to make such a staement).. it was a statement of no trust in general of independant, faceless people on the internet attempting in someway to rope me in to their 'service'... and your clarifications have in no way changed that opinion.

Would I trust private communication and an ip linking me (directly or otherwise) to something I had a financial interest in to go through the hands of someone I had no knowledge of and against whom I had to redress....No... Do I deride those who have so little caution as to themselves allow it (especially on the cesspool that the internet has become) ... most resoundingly YES.

Is this a personal opinion.. YES... Do I think it invalid in anyway compared with an opposite opinion.. NO... Do I think that you should not be allowed to do it .. NO... Will I cease extoling my opinion in any media that merits the situation.. NO (like every other opinion I have).

I trust the matter has been clarified for us both.

You don't HAVE to use it, you know.....and the money to run it is coming out of their own pocket. So unless they're forcing a gun to your head and telling you to use this system and you start paying for it yourself I don't think your rants hold much water and your points become moot.
1. Having trust in everything is foolish, but having no trust in anything in a particular venue or avenue of communication/etc without at least weighing all the info provided on such and just avoiding such things altogether is foolish at best, paranoid and harmful to one's mental health and social skills in that venue at worst.

There's also a big difference between an unknown user on a site advertising a service they've started and a well known and trusted member of said site advertising a service others have tried already without issue.

2.With proxified ip addresses, tor/freenet usage on even mundane "normal" websites, and other security measures, such worries about ip leakage is kinda pointless and unfounded worrying if you've taken the proper steps to secure your connection and data.

3. Your opinion is invalid as it's been proven to be rooted in seemingly deep paranoia of internet communications. As such, your opinion is heavily biased and skewed by fears and other opinions and not many facts it seems, meaning our opinions(based on more experience with said creator of said site and various facts) weigh more heavily than yours in this case and thus your opinion is rendered partially if not fully invalid.

My GogPM confirmation code is 38861290635600

Speaking only for myself, I don't put anything in a PM that I wouldn't post openly on the internet.

It seems you have completely ignored my own message, however. That's too bad, but it's your prerogative.


-Khalaq

My GogPM confirmation code is 56401290787299

My GogPM confirmation code is 84891290823876

My GogPM confirmation code is 31741290887294
My GogPM confirmation code is 12141290887491
My GogPM confirmation code is 10421290887596
My GogPM confirmation code is 54061290887784