Suck-O Time

Support us

Donate using PayPal


Your nickname:

Cry About Crypt

Our free, private and encrypted file- and media-sharing service!

Cry About Crypt

Latest posts

Our forums contain more than 72.000 posts in more than 10.00 topics at the moment.

Feel free to register for an account here.
Sunday, 25 March 2012 19:04 - the privacy disaster, or: security through lying. Featured

Written by 
Rate this item
(64 votes) - They claim to be a "safe haven" and even the "facebook for fetishists".

A few weeks ago I had to become member of that site to gather info about a specific user, that user deactivated his/her account after being confronted so I had to take a closer look at the site in order to see how I can retrieve info. And ok, I admit it was also fun to elaborate how bad the site is actually managed and designed (in a technical sense).


So, let's begin, first the maybe most severe violation of user rights:

--All your base are belong to us---

As user you can upload pics and videos of you washing your car, how you're knitting a scarf, or how you brutally murder your 90 year old neighbor with a soldering iron...the content is not reviewed. But wait, to view the videos of others you have to pay a monthly fee. Yes, you heard right, they demand money for providing material that is not theirs and share nothing of the gain. Tsk, tsk, tsk.

But ok, many people love to be ripped off, not my problem. But what I see as a big problem is that a user seems to give away any form of ownership for the uploaded material to fetlife without being told. I had a pretty ridiculous email convo with one of the "caretakers" (you can say what you want about the fetlife owners, but they seem to have a nice sense for sarcasm by calling them "caretakers", imo "not-a-shit-givers" would fit much better):


  • First I created a profile, uploaded a pic and deleted the pic again. It was gone from the profile but not from their CDN server. After a day the pic was still there, so I asked for an explanation about this.
  • Their reply: "pics are deleted after max. 48 hours, if not please let us know". Erm, what? What kind of answer is that? Either the pics are gone after "max. 48 hours" or not, smelled really fishy for me.
  • Ok, and as expected: 48 hours later the pic is still there. Another mail was send about this issue. answer: none.
  • Aaaand another email was sent by me 1 day later (pic of course still online), this time a little more harsh, reminding them about copyright violation, right of publicity, etc.
  • Got a reply this time: "it is still there because you access it, the timer is set back again every time". Ok, sounded kinda logic, just one problem: The pics are hotlinkable. So if a user deletes his profile but the pic is shown on another page (without permission of course) it would make the pic stay online. Is it just me or is this plain stupid? Anyway, I wanted to check out if they told the truth, so I uploaded another pic again, deleted it, waited 5 days (!) and, well, you guessed it: still there.
  • Sent another email about this, no reply anymore.


When reading the "terms of use" I stumbled over a strange paragraph:

"Woldwide 30 day license to distribute, reproduce and transmit"? And erm..."The license shall terminate 30 days after you remove your content"?

Ooook....forget that legal jibberish and name it: All your base are belong to us. Period. Geez. Was it that hard?

But hmm, in a not-so-hidden part (you know, one a user might really read) they show off with their privacy awesomeness:

"Information you provide us

Content: Anything posted on your profile can be removed at any time... it is your profile after all."

Sounds a little different, more "safe haven" like, than it actually is stated in the terms of use, right?


---We are secure, no, really!---

This one made me really laugh:

"Steps we take to protect your information

  • We encrypt your password
  • We use SSL to log in
  • We protect you from XSS vulnerabilities"


  • W00t! Encrypted passwords! Amazing what is possible today, isn't it? I bet my kinky fetish ass it's MD5, maybe salted. Just a little snack for my rainbow tables or mr. cats' GPU cracker. Ok, I think I take my W00t! back again.
  • SSL! Wow! Like banks? Bite my shiny metal ass, I'm so impressed. Well, ok, after a MITM attack maybe not that impressed anymore. Stop selling flawed standards as "security", geez.
  • No XSS! Really! But if you find one let us know. Duh. What about setting up a nice cookie-grabbing JS script on another server and use tinyurl links? Again: duh.


But hey, at least we use the latest techniques to protect the pics on the profiles!

Quiet you. Disabling the rightclick context via JS is not just really 90's it was already ridiculous back then.

But no need to deactivate JS, the direct link to the CDN can of course also be found in the source anyway.


Another "really secure" thing are their picture URLs. Want the big version of a pic but you can only see a thumbnail? No problem. Simply open the thumbnail, replace _60.jpg with _720.jpg. Done.


---Damn, ok, you're right, that site sucks! I will close my account!---

Not so fast young padavan. There is a 1 week waiting period. But hey, your account is deactivated instantly, all safe until it's deleted (ok, except for the pics and vids, but we own them now anyway).

Hm, ok, sorry, once again: bullshit. When you deactivate your account on a website, what do you expect? "It's not accessible anymore", right? Well, not on faillife..erm..sorry...fetlife.

When the account is deactivated there it still appears in the search results, and the comments you made (or others made about your saucy pics, shown on their profiles) stay online


So, you can simply copy the user profile URL from a comment (for example), then add one of the profile sub-pages, like /friends, and voila: Access to the "deactivated" profile.


---FFS! I will post this on their site, then they will fix it! HA!---

Dream on n00b. I have reported those issues and got banned for it. Funny thing is that the ones that are actually responsible for the site can not be reached on the site...well, ok, that's what they say (email the "caretakers"!), but when a user was pretty pissed off because he payed money and wasn't able to view the vids (paying money for porn, really?) one of the owners suddenly showed up. Weird huh? But if it's not about money the site is run by the users. Really, I am not kidding: by the users. If you are REALLY bored you can troll the site all day and not get banned until enough pissed off users sent complaint mails about you. New account: 10 seconds, no email validation.



Yarr!! Safe haven? Looks more like Pearl Harbor to me.


---A private note---

Just because you wear leather pants, like to stick needles through a girls skin, or call yourself something like "master" you are not superior to others, quit taking yourself that serious people, else you will only be good for laughs.

It is also no "lifestyle" to swing a whip and to be a member on "facebook for fetishists". May I quote Miss Jen: "I go to work for a living, that's my lifestyle." Amen.



Read 86686 times Last modified on Friday, 19 October 2012 11:37


Login to post comments