And it contains something weird ... it contains the "crypted" email address of the founder - using this extremely secure rot13 encryption.

I can't say it's that secure. With the help of my 'munged' email address I can decode the email address of everyone else.

I don't think Ananas really thought it was anything even remotely like secure, he put the sarcasm tags just not prominent enough in this post.

It's what I said briefly im my first ticket (#409) and a bit more elaborate in my second one (#455) about this feature:
Either you use a valid email address to have the possibility ti change the data on the new projects where the team is autofounded, than it should not be made available to everybody who claims to have a BOINC project, and is perhaps just a email harvesting spammer, or you use some fake address, like me@there.org or such, and will never get access to your new teams on any of the new projects.

I have the impression that there are very different levels of conscience about what's private data that has to be secured first, even with severe loss of convenience, and what's just neglectable nice-to-have, but nothing to really protect.

Imho my email address is something of my core private data, that must not be shared with anybody without my explicit prior consent. And it's the duty of those who have it in their DB to protect it and nor give it away freely. The changing of policy in regard of private data is only possible with explicit consent, not just "S/he didn't complain, so s/he complied" but a new confirmed "Yes, I agree", silence must be interpreted as "No, I disagree".

---

Gruesse vom Saenger

For questions about Boinc look in the BOINC-Wiki

And it contains something weird ... it contains the "crypted" email address of the founder - using this extremely secure rot13 encryption.

I can't say it's that secure. With the help of my 'munged' email address I can decode the email address of everyone else.

I don't think Ananas really thought it was anything even remotely like secure, he put the sarcasm tags just not prominent enough in this post..

Agree. I now have the code that gives me freedom to decode every email address in there. Less than 5 minutes of work. Emailed my proof to David.

---

.... Emailed my proof to David.

I bet he already knew, Rot13 has never been a secret => Wikipedia entry, it has never been thought to be a secure algorythm for encryption. (p.s.: Any form of "munging" is thought to confuse robots, not humans)

If BOINC wouldn't be open source, the filename could probably be hidden for some time, but as everyone can peek into the scripts and sources, that isn't possible.


I don't see any possible fix for this anyway, everyone can create a BOINC project and pull the list so everyone potentially has access to the data.

The only solution I can see would be verified projects (which can only be done by a person) with a pgp key exchange between BOINC and the project. In this case the file contents could really be hidden from others.


Verified projects wouldn't be such a bad idea anyway, because more and more projects pop up and some who stumble across a new project will always sign up before asking what it is good for and who runs it. Sooner or later someone will create a project with a malicious application.

This situation is preposterous.

* My email address has (presumably) been given to Coordinador. I don't know whether Coordinador is a person or not.

* I now know Coordinador's email address but only because another very kind cruncher has decoded it for me. Since when was the ability to decode encryptions a prerequisite for crunching as a boinc team member?

* I only gave permission for my email address to be given to known team members already listed as team founders on the projects I crunch. So my email address has been passed on without my permission.

* Coordinador appears nowhere in my team's memberlists. (The one person with this name listed on BoincStats must be a different person.) So if I could not decode the encrypted email address, how am I expected to contact Coordinador to ask him/it who he/she/it is? From the boinc projects list I see C's details and a link to send a private message. When I click the link, I get 'Web page not found'.
http://boinc.berkeley.edu/teams//show_user.php?userid=126

* I am going to have to spend time contacting the real members of my team to discover who knows anything/nothing.

* I am saying to myself in Catalan Quina m*rdeta to avoid saying in Spanish Vaya j****a m**rda.

I am trying to use BOINC again after a few years being inactive. Aparently the system recognize my computer and went to the old account. I do not remember the old email nor the password. The only thing I can see is a computer number. How can I reset my account with my new email and a new password?
Johnny
j.rivera51@yahoo.com

I am trying to use BOINC again after a few years being inactive. Aparently the system recognize my computer and went to the old account. I do not remember the old email nor the password. The only thing I can see is a computer number. How can I reset my account with my new email and a new password?
Johnny

You should have some account*.xml files in your BOINC folder on your computer. In those files there is a tag called authenticator. This number can be used to log into the web site and change your email and password. The web site may call it an account key.

---

BOINC WIKI

BOINCing since 2002/12/8

Hello, mo.v
Please, if you have any question about Boinc Catalunya, contact www.boinc.cat
we also have two others sites www.canviclimatic.net and www.seti.cat for this specific projects.

Lluís Martí
Tanks in advance.

Thanks Lluis.