Potential Tapatalk privacy problems

Today I read an article about privacy concerns with Tapatalk:

Tapatalk-Plug-in liest Daten von Forennutzern aus (German)

According to the article, the plugin that Tapatalk offers to forum hosters may collect usernames and email-adresses of all forum users in order to send email notifications about "trending topics" to these users.

The article also states that the plugin collects data of users regardless whether they ever had the plugin installed or not.

If I read correctly, Tapatalk calls this a "Beta" program which is only active for selected sites. However, the forum that discovered that did not opt in to this feature, which Tapatalk described as a mistake on their behalf.

To make sure Tapatalk does not collect this kind of data, the article says to set the following value to "0":

mobiquo/config/config.php: allow_trending = 0

Since AFAIK the ED forum makes use of Tapatalk, the admins may want to check this.

so, how would you change that value on a mobile device?

so, how would you change that value on a mobile device?

As I understand it, there's nothing any of us can do, no matter how we visit the forum (desktop or mobile, Tapatalk or browser, doesn't matter).

The forum admin/webmaster needs to configure this setting on the server-side, so I'm hoping we'll get a confirmation from Const or another one of the PHP and server wizards. ;)

Thanks. This option was turned off.

Excellent, thanks! :thumbup:

I just got an email saying that someone attempted to access my account via anonymous proxy (locked out for 15 mins after 5 password attempts). I wonder if that attempt could be due in part to this vulnerability before it was squashed.

I just got an email saying that someone attempted to access my account via anonymous proxy (locked out for 15 mins after 5 password attempts). I wonder if that attempt could be due in part to this vulnerability before it was squashed.

I don't know for sure, but I don't think so.

The problem with Tapatalk was that, depending on the forum's Plugin-settings, Tapatalk might retrieve usernames and email-addresses from the forum and then send potentially unsolicited emails to some of the forum users.

I'm not aware of an actual leak of any of these data outside of Tapatalk, and also Tapatalk said their plugin only collected this kind of data for specific sites that had opted in (of course, in the case of the forum mentioned in post #1, the forum owner had not opted in, which Tapatalk described as an error on their side).

In any case, for all I know, no data was actually leaked to anyone outside of Tapatalk.

Quite possibly, someone's just guessing random usernames or tries to deduce login-names from the forum name.

Unless your actual password appears somewhere on top of lists of popular passwords ("12345", "aaa", "password", you know, stuff like that :smartass:), I wouldn't worry.

Unless your actual password appears somewhere on top of lists of popular passwords ("12345", "aaa", "password", you know, stuff like that :smartass:), I wouldn't worry.

Thanks for enlightening me on the issue. :thumbup:

:megalol:

 

Thanks for enlightening me on the issue. :thumbup:

Haha, awesome movie quote! :D