Tell HN: Bitcasa is leaking your emails
I'm pretty sure users aren't aware this is happening. The CEO was alerted a few weeks ago about this issue:
https://twitter.com/aaroncray/status/253737089051541504/photo/1
click on any of the links in this search result: https://twitter.com/search/realtime?q=l.bitcasa&src=typd
3 comments
[ 5.2 ms ] story [ 21.7 ms ] threadSure, it would be better if it just showed "f_name l_name" instead of email, but I don't think this is a terribly egregious offense. Maybe that's just me though.
http://dl.dropbox.com/u/12035718/after-signup-source.jpg
It seems after the initial signup the server responds with with the question/answer form and pre-populates hidden fields with my entered password in the clear, which kind of make me wonder how my password is stored. Im hoping my password isn't stored like this and they are just passing it back as a response param, or perhaps the initial signup isn't hitting the server at all??