Tapatalk and security, ethics and targeted marketing

[Sardine]

I have moved some discussions I started to general chat as its more appropriate.


all relating to a sale thread with another "0" minute declaration of interest which I feel is unfair to members who do not use or have access to Tapatalk.

also I'm very concerned about the number of unresolved security bugs and the ethics of the company who run Tapatalk to collect yours and our Database email address, targeted advertising and re-directs which many users of Tapatalk will be unaware of.

an excerpt from the licence thats agreed to when using Tapatalk.

In consideration for Tapatalk granting you access to and use of the Service, you agree that Tapatalk and its third party providers and partners may (i) place such advertising and affiliate links on the Service, and (ii) access your email database

------------------------------------------------------


just a question,

did you use Tapatalk to post your interest and have you set Tapatalk notifications to alert you in the Amiga hardware sale thread ??

its a personal nag for me and a reason why I would like Tapatalk removed (but im out numbered on this) that anyone not using Tapatalk has very little chance due to the (12:02) for sale and (12:02) interested.
we have a LONG thread in the staff area which basically got ignored discussing the unfair 1 and even 0 minute declarations.

because our current Dev uses Tapatalk as his main way to connect to amibay its here to stay...

its also a security issue for me as I've read on many forums Tapatalk does some illegal "hacks" to enable the forum to give you notifications so it has full access to the database without restrictions and generally ignores what setting you ask it to do (like disable a feature and Tapatalk just ignores that) , the reason why its not been given a clean bill of health from most forum software phpBB's developers.

I know this is out in the open but ive reported this several times via staff and nothing done,

thanks.

at other staff, sorry this is a mute point for me that's gone unanswered.


cut paste from another forum who removed Tapatalk for the above reasons.

I understand, we all like the convenience of Tapatalk. Like many admins of many forums, I had assumed they were doing it the right way so installed it because users were asking for it and everyone else had it.

After chatting with one of phpBB's developers on irc about it, he was saying there are all sorts of funny things going on in their code which is why they have not yet approved it as an official extension for phpbb 3.1. Not least of all directly reading and writing to the database as opposed to going via the established API (a huge no-no).

Until I can be sure Tapatalk isn't potentially bypassing the forum's security or ignoring the fact I disabled it in ACP, it will remain off the board.

Another thing to consider is that Tapatalk is now promoting monetisation and potentially looking to target advertising to users. I want to be confident that their plugin is secure before they continue to have access to this forum's members.

a bit more

Yup, which I consider it a serious security risk. I know the code of a such extension, forget it, don't use.
At the end of all, phpBB since 3.1 is pretty adaptive. The good question is: Why those developers at tapatalk don't submit their work here at the CDB?

Tapatalk. It's been uninstalled and won't be reinstalled, mainly due to the business practices of Mobiquo (the company who run it). It involves unauthorised harvesting of email adresses - and then there's the practice of redirections going via them, images being uploaded by default to their servers... it's not pleasant. The statement is also that all information within the Tapatalk app is considered to be "public", which implies that passwords are also not secret (they cannot be!).

and more

 

[Amon_RA]

@sardine

Without Tapatalk support I wouldn't be on Amibay or any other forum to be honest. Browsing each and every forum via a webbrowser is really cumbersome and slow, and not really something I would consider in 2017.

With Tapatalk I can check Amibay whenever I have 5 minutes free, wherever I am... Welcome the world of smartphones

I understand the notification "advantage" of Tapatalk, but there are many other ways to get notified as long as your forum is accessible via search engines... Banning Tapatalk will not solve that issue.

 

[alan.turner]

Can I just say I use a browser plugin to alert me of changes .. I can react much faster than tapatalk ... so I don't think it gives an unfair advantage just depends whether you have such an immediate interest


Sent from my iPhone using Tapatalk Pro

 

[Sardine]

this issue for me is security

the unfair 0 and 1 minute declarations is an issue for the Admins to sort out as we have had reported posts on the issue on the unfairness of the 0 minute notifications.

so basically use Tapatalk or miss out, is not good form and speaks to me of being forced to conform to a means to an end. so should I shut up, sit up and do as im told ?? hell no..

Tapatalk is run by a company, they need to make profit and I don't like their questionable practices with the information the mine and their backdoor tactics to shoehorn themselves onto the forum.



oh and.. I moderate the site from my Iphone during the day via a browser, doesn't feel cumbersome to me.. I wouldn't trust Tapatalk with my login details with the level of access I have.

 

[Amon_RA]

@sardine Nobody forces you to use Tapatalk, you can still open your phone's browser, open the Amibay site, enter your login details, and scroll, zoom, pan as much as you want. If you want to view another forum you can open a new tab in your phone's browser and restart the same cumbersome procedure again. Just don't save your login details in your browser, a 3th party (Apple/Google) might be storing them, and who knows what they'll do with your data

I'm not sure why Tapatalk is bothering you if you don't use it. You are trying to enforce your way of doing things upon others based upon your personal opinion of security. If people have no issue trusting Tapatalk it is their responsibility, not yours. If you trust Apple with your browsing details it is not up to me to judge it and force you to use something else.

Limiting people on how they should browse forums is ridiculous imo.

Everybody should be free to consult data that is freely available on the internet how they want... Via an Amiga webbrowser, via Safari on your iPhone, via a forum smartphone app , via Windows IE, Firefox, chrome, etc...

If Amibay blocks Tapatalk I will just not use it anymore and I'll switch to other forums, Facebook etc.

 

[Timtheloon]

Hi Sardine

As we discussed previously I do use Tapatalk. Has for this post I can't see the signature, but I might of edited it out when I added the words "pending pictures"

I find Tapatalk is good for when I'm on the go except for when I'm at work because there is no signal within the ship

I find Tapatalk is a nicer way to view Amibay on a mobile and it makes it so much easier to upload pictures




Sent from my iPhone using Tapatalk

 

[Sardine]

I have no issues with anyone using Tapatalk, I disagree with its "instant" notifications so a member can within 60 seconds declare on an item before the average member even knows the thread exists
This is unfair because not everyone wants to use or has access to Tapatalk.

the security issue is not about "you" thats your decision on how you use the web, its about Amibay's Database of members personal details and how Tapatalk mines the information indiscriminately ignoring the ACP (admin control panel) settings.
Tapatalk ignores the structured API's and directly access the database (this should be a BIG NO NO, giving an APP basically Dev level access to your database and hoping it behaves, I mean why wouldnt you trust a targeted marketing company's APP that bypasses the forum controls ??? its there to see and proven "unauthorised harvesting of email adresses".)

Tapatalk is all over the web with it's aggressive behavior trying to push itself to every web page it visits. (and know to redirect your "clicks" to tapatalk.com)

its in the licence agreement here is an excerpt.

In consideration for Tapatalk granting you access to and use of the Service, you agree that Tapatalk and its third party providers and partners may (i) place such advertising and affiliate links on the Service, and (ii) access your email database

like I said in a previous post Tapatalk is owned by Mobiquo a target marketing company and not out of the goodness of their hearts to help you browse Amibay or any other forum.

 

[Thelemorf]

With the current state of forum adaptation to mobile browsers not using Tapatalk is no option at all.. Even though it has its downsides..

 

[Amon_RA]

How are "instant" notifications unfair if any webbrowser can do exactly the same thing via plugins? Are you going to block browsers using plugins too?

Do you propose other more secure smartphone apps that allow "safe" browsing of Amibay? Please don't say the webbrowser on your phone because that is really not an option for anyone who seriously browses multiple forums in a convenient way on their smartphone (= the reason why Tapatalk is so popular).

 

[fatbob_gb]

I briefly used Tapatalk and decided to ditch it.

The instant notifications thing doesnt really bother me too much but the access to the Forum email database does.

 

[Timtheloon]

We also understand that tapatalk is not doing a free service, tapatalk make money by having the odd advert now and again, and if you don't like the adverts you pay to go Pro.

I don't think tapatalk is bad for Amibay because it give members another way to view the forum and in the end it is the end user who has to agree to there terms and conditions so if they are not happy with them don't use it.

has for the instant declarations of interest there are more apps and programs than tapatalk out there which will aid users getting a notification of a new thread and has Buzz says "Fastest finger wins the points"

an improvement for Amibay would be a way to give members preference over guests when the server is busy, many a time I've been booted off with the site saying "sever too busy" and you look at who's online and the ratio is more guests than members.

 

[Amon_RA]

I'm a paying Tapatalk user (no ads), beta app tester, and an overal happy customer of their service. Tapatalk is the only way for me to stay up to date with all the different forums directly from my smartphone.

 

[commodorejohn]

I've always held that if a forum is going to support Tapatalk, it should at least censor those gorram "POSTED FROM MY WHO CARES WHAT PHONE YOU HAVE" blurbs out.

 

[Templar]

I never used Tapatalk in the past, nor even now. If you don't want to see any ads, then unlock your phone and install AdAway... and say goodbye to ads in every app.

 

[Sardine]

How are "instant" notifications unfair if any webbrowser can do exactly the same thing via plugins? Are you going to block browsers using plugins too?

Do you propose other more secure smartphone apps that allow "safe" browsing of Amibay? Please don't say the webbrowser on your phone because that is really not an option for anyone who seriously browses multiple forums in a convenient way on their smartphone (= the reason why Tapatalk is so popular).

you're misunderstanding what im saying

from a "User" point of view it all great and happy sailing.

from a forum point of view its like inviting a vampire into your house as long as he/she promises not to eat anyone. (buy you agreed to the terms before you invited the vampire in that he/she can if they wish check all your house members and eat anyone of them at will).

thats how I see Tapatalk from my point of view as a moderator and reading up on the bugs i report to the devs, but just because its convenient for the members the security issues are just ignored and brushed away.

the below excerpt from Tapatalk's own terms and the way the app has full access to the database says it all for me.

In consideration for Tapatalk granting you access to and use of the Service, you agree that Tapatalk and its third party providers and partners may (i) place such advertising and affiliate links on the Service, and (ii) access your email database

 

[Trapshot]

Hiya, I've been watching the thread with interest primarily from my secular role as a Security Architect, as it was interesting to see the security Vs. usability point of view.

I decided to do a bit of digging on Tapatalk (5 minutes worth), and found the following information, which I wondered if either the users or the admins were aware of.

Firstly I found this discussion thread on the Tapatalk Support Group Forum, whereby some of the support staff answer the security query regarding e-mail database access and interaction. They mention in their posts that the e-mail interaction had been deprecated/removed back in 2015. The user in question was mainly referring to the XenForo plugin for their forum, so I looked at the change-log for the Tapatalk vBulletin plugin (which correct me if I'm wrong, this forum uses), and found that in the change log for the vBulletin Tapatalk plugin, their Sep 2015 update also removed "e-mail engagement functions".

Not wishing to wade in on behalf of the Tapatalk case, as I actually haven't ever used it as an end-user, but I thought I'd highlight what I'd found, A: because it shows that the Tapatalk devs appear to be at least responsive to some concerns, meaning that this forum could (and should) enquire with them regarding plugging/disabling/enabling features that they feel protect their members and details, and B: because it is possible that the concerns you have rightly raised may not be an issue anymore.

I hope this helps a little bit.

Ben

 

[Amon_RA]

@ben Thank you for clearing that out.

Tapatalk is used by so many forums, if there would indeed be a serious security issue Tapatalk wouldn't be able to survive.