Loading Profile...
Poken website lacks security
Why isn't your site HTTPS secure when I enter my private data. DO you not care about users data, or too lazy to setup SSL?
I’m disappointed
5
people have this question
I have this question, too!
Tell me when someone answers.
The more people who ask this question, the more it gets noticed.
The more people who ask this question, the more it gets noticed.
Create a customer community for your own organization
Plans starting at $19/month
-
Inappropriate?Hello, here is the SSL version of the site: https://www.doyoupoken.com - Don't hesitate to use this version if you feel uncomfortable with the non SSL version.
-
Inappropriate?Answer: C, none of the above! We do care about users' data and we are working on automatically using SSL whenever sensitive data is being entered. Thanks for the feedback, though; it validates that the initiatives we are working on will be valuable for our users!
-
Inappropriate?The following qik video proves that you do not use security functions automatically when users enter "sensitive" information.
http://qik.com/video/1162082
RE: "we are working on automatically using SSL"
First impressions regarding security are long lasting, and the message you have given me and many others (who are savy about internet security) is that Poken does not place a high priority on user security. Poken could have implemented automatic SSL before launching their product.
Poken says that "We do care about users' data and we are working on automatically using SSL whenever sensitive data is being entered."
I believe you care now, but why don't you care from the very beginning?
I’m not convinced
-
Inappropriate?We have cared from the very beginning, which is why, as Gabriel pointed out, there has always been an SSL site available. We care about many things and we use tools like this to understand what our users care about.
-
Inappropriate?Bryan,
Thank you for your quick response.
You said: "We do care about users' data and we are working on automatically using SSL"
This use of SSL should be automatic now. Users should not have to think about appending an "s" to the end of http in order to obtain a secure connection. Furthermore, most users are probably not literate about security issues and it is (in my opinion) Poken's "moral" responsibility to inform users of this option to use SSL very CLEARLY on the Poken portal.
Security = establishing trust
You need to establish trust in order to assure the success of Poken!
Good luck!
mark
(I wouldn't be spending time critiquing Poken if I did not see potential in your product / service. I honestly wish you success.)
-
Inappropriate?I also like the basic idea behind poken but not having SSL and expecting users to put in their social network passwords (best: all of them) is really poor.
I’m sad
-
Inappropriate?We are in agreement with you! In the meantime we encourage you to use the https version of the site.
-
-
-
Inappropriate?Hey all! I'm pleased to report that the Poken website has featured mandatory SSL for many weeks now! Happy pokening!
I’m happy
1 person says
this answers the question
1 Comment Add a comment
This answers the question
-
If I directly login on http://www.doyoupoken.com I get no redirect to an SSL page.
If I open my Start_Poken.html I don't get any redirect either (would be only make sense if auto login is disabled).
So what does "featured mandatory SSL" mean?
EMPLOYEE
