StudiVZ had a big spy application in the past, but removed it. These
days you can always check if a friend has birthday soon or if she/he
changed her profile. The spy possibilitys is not as powerful as on
Facebook. You can't see changes on their wall or, as far as I know, new
photo albums. On StudiVZ you can't pretend users not to see your
changes (unlike the other services, they changed it, now everything is
hideable)
StudiVZ is a really smart company. They changed on February, 7th 2008 their
layout. Now all users have a visible unique ID. I don't want to know
where they don't check for it.
The changes from February, 8th include also the password login. And no,
you don't really want to know the change.... Ok, since this day, the
password transfer is unencrypted - again - after they learned their
lesson and forgot it again. Yes, unencrypted. Unsecure http connection.
https was yesterday. http is the new Web3.0 technology!
Yes, they got also the clue to give https access, including login, to
all pages. In the past only the login was effected.
After login from https://www.studivz.net/, including an insecure
password transfer/login, you get forwarded to http://www... You can add the "s"
of "https" manualy after signing in to get encryption working again but
when you are able to do this you still lost your password...
But hey, which student wile type "https://www.studivz.net/" anyway?
"www.studivz.net" is typed sooo much quicker. Changing the http part to
https after login? Too much more work again! And no, their is no information
about this new unsecure https feature. No link. Nothing. Oh, not to forget
to the wrong SSL certificate. Such a rich startup company needs to make
money. This include saving money. No valid certificates, they are too
expensive... Great job! That are all more feature of the new Web3.0
technology!
Perhaps the smart asses from studivz think that this way they can refuѕe
Mr. Schaeuble the access to the privat data of all the paranoid
"I-rename-my-name-in-StudiVZ-but-sign-in-with-my-emailadress-and-use-http"
students. This way he, and all the internet administrators in dorms etc,
can identify more easily the account owern and access the information by
sniffing the password and emailaddress from the networktraffic. Don't
ask how many years this basic security knowledge was announced the first
time...
Not that it wasn't possible before to get the private data. Cookies are
your biggest friend. But since 2008.02.08 its much easier - and now you
get the passwort for free. And I don't want to know how much of all the
"I-take-care-about-my-private-data-and-hide-my-name" students use the
same password for all their services.
Facebook has the most powerful spy application I have every seen. Gladfully you can block your friends from seeing changes. Like StudiVZ this page kinda sucks. You never know what they do with your data. So don't give this pages your data. On Facebook I noticed they are not checking the transfered challenge value, but it's implemented in the HTML source. Another hint that they have a bad/unsecure programmed website.
Xing supports from this week such a spy application, too. Gladefully they have some more clue as StudiVZ or Facebook and offer a RSS feed. Xing, as companys are, wants money for this extra RSS service. But if you don't want to pay, then its still possible like for the other two services.
To get changes automatically you just need to run automatically a script which fetches all the data and show you the changes. If you don't want to invent the weel new you can let urself notified of changes by other programms like Web Secretary (WebSec). If you want to do some work you can also split each file and build an RSS feed out of it. Sure, you have to take care that noone beside you could see this page or feed. Protecting it shouldn't take too much time.
It's just a proof of on-time notification of such services. That you should take care about your private data, online and in real life, you can read on many pages. You just need to google for it or the named site and will find a dozen articles about it!
studivz.sh (with full https support,
including password transfer)
facebook.sh
xing.sh