## anonymous one year ago jaynator495's extension is illegally tracking ur personal activities done in the browser, record ur ip address & personal messages and send it to his backend without our permission, he can use it then to find out where u live. thank god i didnt login in my acc under his extension for the safety of your OS usage, please remove the extension and report it on google web store (where u downloaded it), and hopefully google can take this virus down

1. horsegirl27

2. horsegirl27

And Jay doesn't care where you live. If he knew, what would he do? The mods all trust him enough to have it, so don't worry.

3. anonymous

the problem is there's no warning or whatsoever about him doing this when u download the extension, its all done without the user's consent

4. anonymous

but if u open chrome developers u can see all the creepy stuffs its sending to his server about ur activities in the browser

5. anonymous

jaynator i need a convincing explanation from u for why u tracking our ips

6. Abhisar

@leonardozz , Most of the website you open acquire your IP address so if his extension is tracking your IP then it's not singular. It's not that easy to track someone simply by knowing IPs. Most they can do is know your service provider and your city/state.

7. Abhisar

8. anonymous

@Abhisar you are incorrect, there is a lot of things a person can do if they know your IP. They can port scan you, see if you are running vulnerable software on a port, and if you are perhaps they can drop down a root shell or something else less favourable. (Not to mention the possible D/DoS attempts, etc.) @leonardozz your proof? I would start Wireshark or look through the source of the CRX however that seems boring. So you do it.

9. TheSmartOne

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @horsegirl27 OS mods get your IP address too... $$\color{#0cbb34}{\text{End of Quote}}$$ The feature that OpenStudy moderators have called "Ip Check" does not give the ip of the user. It only lists accounts that are associated under the same ip address, so there is no need to fear that a moderator can find out where you live. If an admin uses that feature, then I believe it will list the ip address over there.

10. horsegirl27

oki

11. pooja195

Smh.

12. Abhisar

@algorithmic , My comment was regarding tracking an individual by means of IP address.

13. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @leonardozz but if u open chrome developers u can see all the creepy stuffs its sending to his server about ur activities in the browser $$\color{#0cbb34}{\text{End of Quote}}$$ 1 No you cannot... this information is all private, as well as the fact the only information i get as far as ip addresses go is what files are accessed on my server, lets say you access the file "yolo.css" im going to have the recorded in a log stating that "this IP address tried to access so and so file at so and so time", this is a requirment by LAW to have this information recorded... As far as recording the codes that are entered, this is simply so i can improve the extension and add some of the codes that werent there yet, for privace reasons it only goes by username NOT IP for this...

14. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @Abhisar @leonardozz , Most of the website you open acquire your IP address so if his extension is tracking your IP then it's not singular. It's not that easy to track someone simply by knowing IPs. Most they can do is know your service provider and your city/state. $$\color{#0cbb34}{\text{End of Quote}}$$ This is mostly correct, but as i just said all websites must by law aquire the ip address, this is so hackers and such can actually be tracked in the event of someone stealing private information from a web server... There are other reasons why that is a law, but this is a big one...

15. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @TheSmartOne $$\color{#0cbb34}{\text{Originally Posted by}}$$ @horsegirl27 OS mods get your IP address too... $$\color{#0cbb34}{\text{End of Quote}}$$ The feature that OpenStudy moderators have called "Ip Check" does not give the ip of the user. It only lists accounts that are associated under the same ip address, so there is no need to fear that a moderator can find out where you live. If an admin uses that feature, then I believe it will list the ip address over there. $$\color{#0cbb34}{\text{End of Quote}}$$ Yes a admin sees the ip address of users...

16. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @Algorithmic @Abhisar you are incorrect, there is a lot of things a person can do if they know your IP. They can port scan you, see if you are running vulnerable software on a port, and if you are perhaps they can drop down a root shell or something else less favourable. (Not to mention the possible D/DoS attempts, etc.) @leonardozz your proof? I would start Wireshark or look through the source of the CRX however that seems boring. So you do it. $$\color{#0cbb34}{\text{End of Quote}}$$ the first part is true, however do i really look like someone thats going to do that? :/ as for the second part... The CRX file itself has practicly nothing, the entire extension is almost all server side (this is because its a lot faster to do updates and also its faster all around for people using the extension, if it was a larger extension it would slow down chrome, which is why i shrunk it down as much as i did.)

17. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @pooja195 Smh. $$\color{#0cbb34}{\text{End of Quote}}$$ i am to dont feel bad...

18. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @Abhisar @algorithmic , My comment was regarding tracking an individual by means of IP address. $$\color{#0cbb34}{\text{End of Quote}}$$ this is also true LOL

19. Jaynator495

And as for what was posted on my post... $$\color{#0cbb34}{\text{Originally Posted by}}$$ @leonardozz nice try janitor but u couldn't find my username on ur backend is bcz i didnt login with my account under ur extension ur extension is illegally stealing storing our OS user's personal information, record our IP addresses, and send them to ur backend without our permission, not to mention u use it to track our location janitor, provide us a convincing argument of why u do this $$\color{#0cbb34}{\text{End of Quote}}$$ Now lets go over this... It is not storing any personal information, The IP addresses are legal and ALL web servers do it... it is actually a LAW to record this information... And i do not track locations... So if you are done... ._.

20. Jaynator495

Okay I think were done here, you tryed to mess with me, but i'm not the one to mess with... Simply because of the fact i know what im talking about, and you are simply just an internet troll trying to make me look bad :P So now, if this is all wrapped up, anyone up for lunch? My treat LOL, you have to buy the plane ticket to vegas though LOL

21. Elsa213

cx

22. Elsa213

:O

23. anonymous

@Jaynator495 show me the proof where it says your chrome extension by LAW has to to have IP address recorded..."

24. Jaynator495

The chrome extension runs on scripts and css from my server, the data is brought from the server to openstudy, thefor that has to be logged... Its not the extension that is logged... It is the files it loads.

25. Jaynator495

If your really immature enough to need proof of the fact that the files it loads is whats logged... http://prntscr.com/7p5ls0

26. anonymous

@Jaynator495 first, you insist many times on there's actually a LAW that says chrome extension HAS to record IP? wtf? if you are not insulting viewer's intelligence show us that law

27. anonymous

if u can't, wrap up your extension and steal info from some other sites

28. anonymous

@Jaynator495 second, "The chrome extension runs on scripts and css from my server, the data is brought from the server to openstudy, thefor that has to be logged..." wow wait a second here, the data is fetched from server when extension activates, there's zero reason why u need the users ip addresses from any technical point of view, explain us CLEARLY why u have to log them

29. Jaynator495

Sorry about the wait, i had to go and do some yard work...

30. Jaynator495

i will continue the response i was typing soon, im going to go have lunch, have a laugh about this... then come back and finish my response... tbh im laughing at this now... its just such a bad attempt filled with impossible things that makes no sense aswell as stuff you couldnt be bothered to do reasearch into its just funny XD

31. anonymous

haha right, take your time to come up with a good excuse explaining why you are recording people's IP addresses as well their personal messages

32. Jaynator495

ok back, now to continue the message :P

33. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @leonardozz haha right, take your time to come up with a good excuse explaining why you are recording people's IP addresses as well their personal messages $$\color{#0cbb34}{\text{End of Quote}}$$ what part of no personal information is recorded do you not comprehend... you do realize that for a troll, im the one laughing right? i dont have anywhere to be, im intentionally trying to drag this out instead of just letting eric (e.mccormick) explain it... because honestly im having a good laugh here...

34. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @leonardozz @Jaynator495 first, you insist many times on there's actually a LAW that says chrome extension HAS to record IP? wtf? if you are not insulting viewer's intelligence show us that law $$\color{#0cbb34}{\text{End of Quote}}$$ There is a law, however it states access logs, once again because your to hard headed (btw, im not sure if you got this, but im legitimitly having fun trying to put you in your place :P if your trying to get a reaction out of me, you did get a few laughs, ill give you that) it is not the extension, it is the resources it loads from MY website... this exponentially speeds up the extension, while at the same time making sure it doesnt slow down chrome to file sizes, it fetches the files from my website, and executes the scripts and css, and in some cases the css is in the script... the website needs to log all attempts to access files... and even if i didnt i couldnt do squat about that part... #BuiltIntoTheWebServerOutOfMyControl... (i legitimetly couldnt breathe for a second there this is so funny x'D)

35. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @leonardozz if u can't, wrap up your extension and steal info from some other sites $$\color{#0cbb34}{\text{End of Quote}}$$ Considering ive been here since 2010, a trusted user, an ambassador AND a intern for openstudy, i think it speaks for itself that this extension doesnt do stuff it shouldnt, several os staff/moderators have gone through the code themselves with nothing malicious to be found... :P

36. Jaynator495

i am curious about who would give you a medal though LOL *checks his medal logs*

37. horsegirl27

Honestly Jay, I know you wouldn't abuse having information about people, and I know that if the mods can trust you, I can easily trust you. And tbh, you're having too much fun stating this D

38. horsegirl27

*XD

39. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @leonardozz @Jaynator495 second, "The chrome extension runs on scripts and css from my server, the data is brought from the server to openstudy, thefor that has to be logged..." wow wait a second here, the data is fetched from server when extension activates, there's zero reason why u need the users ip addresses from any technical point of view, explain us CLEARLY why u have to log them $$\color{#0cbb34}{\text{End of Quote}}$$ This is incorrect, this process is automatic to ensure server security, for example lets say someones scanning through my server, they wouldnt get anything because i can identify that they're trying to scan it and block it from finishing its scan automaticly... There is many reasons why this is required. :P

40. Jaynator495

TBH, im sorta glad your doing this, because all your really doing is getting my extension more installs and publicity, because people actually know i wouldnt do that... :P so thats who gave you a medal :P http://prntscr.com/7p6sw7

41. horsegirl27

Of course!!!

42. Jaynator495

notice the z on both of there usernames? :P

43. Jaynator495

Good lord im getting so many medals for this ._.

44. horsegirl27

Good.

45. Jaynator495

46. horsegirl27

come on jay, language puh-leaze

47. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @horsegirl27 come on jay, language puh-leaze $$\color{#0cbb34}{\text{End of Quote}}$$ i didnt use any foul language ._.

48. horsegirl27

I'm being annoying and saying hell is a bad word xD

49. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @horsegirl27 I'm being annoying and saying hell is a bad word xD $$\color{#0cbb34}{\text{End of Quote}}$$ and yet, its not blocked off... imagine that :P

50. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @Jaynator495 $$\color{#0cbb34}{\text{Originally Posted by}}$$ @horsegirl27 I'm being annoying and saying hell is a bad word xD $$\color{#0cbb34}{\text{End of Quote}}$$ and yet, its not blocked off... imagine that :P $$\color{#0cbb34}{\text{End of Quote}}$$ i need to get out of this habbit of using qoutes... ._.

51. horsegirl27

Yeah. You do.

52. Jaynator495

so, on a scale of 1-10, how much did i win this argument here? :P

53. horsegirl27

On a scale on 1-10... hmm... $$\Huge 1000$$

54. Jaynator495

LOL

55. Jaynator495

@sleepyjess wanna have a laugh? :P

56. horsegirl27

Now uh, since I have the extension... SQUIDWARD

57. Kash_TheSmartGuy

lol, this argument gave me laughs too. I have the extension too. @Jaynator495 I trust you. I know you wouldn't do that stuff. @Jaynator495 is awesome and he knows what he is talking and doing.

58. Jaynator495

thanks ^_^

59. Kash_TheSmartGuy

Well, you deserve at least that!

60. TheSmartOne

Jaynator495: 100 leonardozz: 0

61. TheSmartOne

the last huge reply was the winner though xD

62. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @TheSmartOne the last huge reply was the winner though xD $$\color{#0cbb34}{\text{End of Quote}}$$ indeed... i was saving that because i wanted to have some fun before ending it x'D

63. horsegirl27

LOL oh and TSO, you messed up those scores BIG time. Jay: 10000 Leonardozz:-100000

64. Jaynator495

OH i just noticed your 75ss horse, congrats LOL

65. horsegirl27

FINALLY!!! Thanks :D

66. Jaynator495

Im almost 90, by the end of summer i should be 89 with luck LOL

67. horsegirl27

A LOT of luck I say ;P

68. Jaynator495

What can i say, i dont worry about my ss, ;P

69. horsegirl27

LOL mhmm that's what they all say as their hearts shatter ;)

70. TheSmartOne

Lets stop spamming this post...

71. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @horsegirl27 LOL mhmm that's what they all say as their hearts shatter ;) $$\color{#0cbb34}{\text{End of Quote}}$$ You realize ive been here years and still im not 90... does that say anything? (then again all the warnings and suspensions doesnt help my situation... :/)

72. horsegirl27

x'D

73. horsegirl27

And TSO... NEVER

74. anonymous

all openstudy activities you've been on under the extension are purposely tracked down and sent to @jaynator495 for him and his underwear to creep on if you enjoy letting a 16 year old fapping furiously on your browser history while writing pelletty javascript that freezes your browser plz continue using his extension

75. EclipsedStar

@leonardozz You think Jay Jay here is 16+? You're sadly mistaken. Nice guess though. LOL. He is a young, looked-up-to technical masterminded genius, an overlord of codes and scripts. He's also the one contributing to making the Andriod app for this site! I trust his extension, and plus, I haven't had any problems with my browser except from some laughs with his ingenious codes work. I had quite a good laugh reading some ironic points on this post...

76. TheSmartOne

@Jesstho.-. thank you for your concern, but I think you should just drop the issue as it isn't look pretty on your side lel

77. anonymous

@Abhisar you can track someone via their IP easily as I said in my earlier post it all still applies. Instead of a root shell just think of a RAT, which can screenshot your screen, and keylog your information. A lot more than knowing ones service provider, and their city, and state is possible.

78. nincompoop

two cents

79. nincompoop

80. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @Algorithmic @Abhisar you can track someone via their IP easily as I said in my earlier post it all still applies. Instead of a root shell just think of a RAT, which can screenshot your screen, and keylog your information. A lot more than knowing ones service provider, and their city, and state is possible. $$\color{#0cbb34}{\text{End of Quote}}$$ Tracking IPs isnt as easy as you think, you cant just go poof and get someones pinpoint location, in 90% of cases you need a warrant and need to fill a aplication to their internet provider for them to eventually release the location of the client, and even then they often dont... no exceptions, not even for government... :/

81. nincompoop

:) alright it is safe... let us test it. all of you who think it is safe, list your valid IP addresses here.

82. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @nincompoop :) alright it is safe... let us test it. all of you who think it is safe, list your valid IP addresses here. $$\color{#0cbb34}{\text{End of Quote}}$$ Ok, that would be a invasion of privacy because then the IP addresses can be linked to a username, the way i have it, it is annonymous data, no usernames from os are associated with them...

83. nincompoop

84. Jaynator495

I could have very easily associate it with os usernames in 5 minutes, but i didnt because some people prefer not to lend out their ip address, and since their are so many users... it is unlikely to actually be able to pair any with os usernames without adding the code neccessary to do so

85. nincompoop

I am extending the concept of collection and dissemination of information and notice of both.

86. nincompoop

how am I invading privacy when I am letting people display their IP addresses instead of my collecting without their knowledge?

87. nincompoop

it's just an IP address, correct? It would be difficult and a person would need to jump through hoops (unbelievable and almost impossible) just to be able to gather one's relative information. Let us test how true this is.

88. Jaynator495

If you ask them to display it, it is no longer annonymous, because they are posting it with their os username... thats how... Plus with that logic eveyr website in the world will say somewhere that they collect ip addresses...

89. nincompoop

so what is the violation you claim? how then am I invading.. it is not an act of invasion, but a clever way of social engineering.

90. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @nincompoop it's just an IP address, correct? It would be difficult and a person would need to jump through hoops (unbelievable and almost impossible) just to be able to gather one's relative information. Let us test how true this is. $$\color{#0cbb34}{\text{End of Quote}}$$ location wise, for people who can hack could use these IP addresses to invade someones data aswell...

91. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @Jaynator495 $$\color{#0cbb34}{\text{Originally Posted by}}$$ @nincompoop it's just an IP address, correct? It would be difficult and a person would need to jump through hoops (unbelievable and almost impossible) just to be able to gather one's relative information. Let us test how true this is. $$\color{#0cbb34}{\text{End of Quote}}$$ location wise, for people who can hack could use these IP addresses to invade someones data aswell... $$\color{#0cbb34}{\text{End of Quote}}$$ The likelyhood of someone actually doing this is slim to none though...

92. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @Jaynator495 $$\color{#0cbb34}{\text{Originally Posted by}}$$ @Jaynator495 $$\color{#0cbb34}{\text{Originally Posted by}}$$ @nincompoop it's just an IP address, correct? It would be difficult and a person would need to jump through hoops (unbelievable and almost impossible) just to be able to gather one's relative information. Let us test how true this is. $$\color{#0cbb34}{\text{End of Quote}}$$ location wise, for people who can hack could use these IP addresses to invade someones data aswell... $$\color{#0cbb34}{\text{End of Quote}}$$ The likelyhood of someone actually doing this is slim to none though... $$\color{#0cbb34}{\text{End of Quote}}$$ Plus once again, with that logic go sue openstudy because they have a log just like mine, listing ip's along with date file accessing, all to PREVENT invasion of privacy... -_-

93. Jaynator495

should i put in big bolded letters on my home page "HEY WE COLLECT IP's BECAUSE WE HAVE TO!" no... -_-

94. nincompoop

when you collect information, even for technical use or for improvement of service or some sort, you need to be able to lay out a way how you would protect those very information. Otherwise, collection of information (IP address) cannot be allowed for the cause they were laid out. If solely, we give in to blind trust, then third party-users (such as you) on this website will be difficult to be held accountable should there be a breach of privacy. It will be difficult to track where the breach came from and would require a very extensive investigation. To finally put an end to my two cents, how are you protecting the information you're collecting?

95. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @nincompoop when you collect information, even for technical use or for improvement of service or some sort, you need to be able to lay out a way how you would protect those very information. Otherwise, collection of information (IP address) cannot be allowed for the cause they were laid out. If solely, we give in to blind trust, then third party-users (such as you) on this website will be difficult to be held accountable should there be a breach of privacy. It will be difficult to track where the breach came from and would require a very extensive investigation. To finally put an end to my two cents, how are you protecting the information you're collecting? $$\color{#0cbb34}{\text{End of Quote}}$$ Well lets see, a ssl certificate first of all, plus the information is secure through first a major website, then amazon, unless you know someone who can hack amazons server farms, this information is secure.

96. nincompoop

we can talk about security clearances next if you want to expand this conversation to something more tangible. I am not here to accuse anyone :) I am here to provide something to think about.

97. nincompoop

SSL certificate means nothing these days.

98. Jaynator495

Yea well, still... unless you know someone who can hack amazons server farms... ._.

99. anonymous

@Jaynator495 an ssl certificate is to secure your information when transmitted to a website you dumbfk

100. nincompoop

the end of last year alone, an estimated 13000 Amazon accounts were hacked.

101. anonymous

the question is to prove that you are actually capable of protecting the ip addresses you are collecting, when stored on your server

102. Jaynator495

thats accounts... never before has their main server farm been successfully hacked....

103. Jaynator495

then again the serverfamr is releativley new...

104. nincompoop

correct, the SSL certificate is for the transmission of information across machines, not a way to protect saved data.

105. Jaynator495

ill be back in about a hour... ._. *dishes to do and switching computers*

106. Jaynator495

and lets face it, your not gonna win this argument >_>

107. nincompoop

who is going to win an argument when the losers will be the people whose information are breached?

108. nincompoop

it is not about you or him

109. anonymous

110. anonymous

@TheSmartOne What?

111. kohai

I didn't even know there was an extension... Must be out of the loop...

112. TheSmartOne

o.o

113. nincompoop

I don't think the use of EC2 is fully understood in this discussion. It will be a good topic to raise in conjunction to securing collected information.

114. Jaynator495

$$\color{#0cbb34}{\text{Originally Posted by}}$$ @Algorithmic "Tracking IPs isnt as easy as you think, you cant just go poof and get someones pinpoint location, in 90% of cases you need a warrant and need to fill a aplication to their internet provider for them to eventually release the location of the client, and even then they often dont... no exceptions, not even for government... :/" @Jaynator495 why would I want to track IPs? I though this was about tracking users via their IP address. As for getting some ones exact location via their IP address is usually not possible although certain services usually get it correct within a 30 meter distance, with some social engineering I am sure one could obtain a person's exact location. (Everything below this line is off topic fun_) I cringe at the usage of SSL, surely you mean TLS. Anyway even with SSL or TLS if the machine is compromised via an extension or add-on or some other executable code so is your privacy. I am not sure of Chrome's extension policy, but the Mozilla add-on site mandates that if your add-on collects personal information like IPs, cookie hashes, etc you must define such behaviour clearly, so that the user who installs your add-on is fully aware. (I would think Chrome would have something alike.) The idea a person has no real threat if his IP is made to known to the world is a amusing. Nmap + Given IP + RAT (preferably something coded for the older .NET frameworks, so version 2.0) = A common method of exploit. (Assuming someone is running a vulnerable version of Skype or some other application that uses UPnP.) $$\color{#0cbb34}{\text{End of Quote}}$$ i never said if it was made known to the world it would be safe, infact in about 17 minutes depending upon your network security if everyone in the worl knew it, someone would already be seeing your information... you know what, its honestly not even worth it, you keep misunderstanding what im saying -_- :P

115. Jaynator495

And fine if it makes you feel better, where it says permsions i will put in this extension uses cookies and collects IP's for the purpose of server security when it is fetching certain files it requires to run from my server, these IP's are secure and are not distrubited... All you had to do was really ask me to put that there in the next client side update :P

116. anonymous

@Jaynator495 see where I wrote: "(Everything below this line is off topic fun_)" /off topic/ means it was not a dialog between me, and you but the whole thread. So you are mistaking what I am saying.