Casting aside the debate on big brother, I found it very interesting that the new website, which will allow the public to register to became a government paid voyeur, is in itself insecure. Internet Eyes fails to employ even the most basic security controls to protect its users.
- The registration page does not use SSL. This means that an attacker could monitor the information you enter, including your username, password, name, address, email and paypal email. There is also mention that you may need to provide financial information to receive payment, so that info would be available for the attacker as well.
- If you attempt to browse to the equivalent SSL page, you see a huge browser warning that the SSL certificate is both expired and also only supposed to be used for a site called feedthelake.com
13. Your information is stored on our servers located in the United Kingdom. We treat data as an asset that must be protected and use a number of tools (which may include encryption, passwords and physical security) to protect your personal information against unauthorised access and disclosure.However, I think the next few sentences of item 13 really take the cake.
However, as you probably know, third parties may unlawfully intercept or access transmissions or private communications. Therefore we do not promise, and you should not expect, that your personal information or private communications will always remain privateActually, I didn't know that. In fact, good security controls are supposed to be implemented to prevent this very issue. Though, judging by the security on your site, or lack there of, I guess you do have a valid point.
My advice, stay away from this site. Any user registering with this site will be putting their personal and financial information at significant risk.