Yesterday, the “Polish response to Facebook” was launched by government media owner Tomasz Sakiewicz - Albicla or “All Be Clear”.
Making the portal was not the pinnacle of professionalism, few key points:
-
The terms of the portal are copy-pasted facebook regulations within its fb hyperlinks
-
You can download the entire user base, because it is not protected in any way (a request was sent to the Personal Data Protection Office, but most probably nothing will be done due the fact the office is led by government representative)
-
If you want to post on the wall to a “stranger”, you can click rmb -> inspect element on the “publish” button (on your profile). Then you look for “input” in html which will open for you and change “Value” to the id of the person whose profile you want to write something on.
-
User password has no character limit, someone pasted the entire content of Pan Tadeusz (Master Thaddeus) polish poem as a password
-
Half the users are popes (its national treasure to post John Paul II memes everywhere)
-
The other half are fake accounts of government party activists, Trump and other famous figures,
-
Someone created an account called “login”, after clicking on his profile, you just log out
-
Someone else called himself “delete_account”, after clicking on his profile, you can delete your account (and currently it’s probably the only working method of deleting an account),
-
A lot of pedophile content passed through the night
-
barely some managed to receive an activation e-mail, the portal itself crashed after a few hours of operation
-
Others do not have a problem with it, apparently someone has already set up 500k multi accounts (even after a ban, you can register from the same email)
-
It seems possible to create an account without a name, without an email and without a password. In the source of the page, remove the required attribute from the input fields.
-
Sakiewicz is proud of his portal popularity
Poles literally trolled Albicla. No surprise tho, the majority of young people hate government and its tricks.
Also, you’re supposed to hash passwords, which turns them into a set length. So you only really need to worry about uploading and hashing passwords on login, so as long as someone doesn’t have a gigabyte long password, I don’t see the problem.
Even a 1 KB password might be enough to ddos a server if enough people do it, cause password hashing algorithms are very slow by design.
True.