Thank you to the alert Ancestry employee who alerted me to this recent
post on the APG mailing list.
From: apg-bounces@rootsweb.com On Behalf Of Suzanne Russo Adams
Sent: Thursday, April 05, 2007 12:23 PM
To: apg@rootsweb.com
Subject: Re: [APG] Ancestry.com blocked at LDS libraries
Dear Colleagues,
The Family History Library and Ancestry.com have used IP authentication for several years to help manage the access to the Ancestry.com experience to the library. Since Ancestry and the FHL started using IP authentication several years ago, patrons at the Family History Library have not been able to use their own personal accounts on Ancestry.com. With the changes in the FHL access to Ancestry.com effective on Monday, this has become more of an issue than it was in the past.
Ancestry learned a few days ago that patrons at the Family History Library had inadvertently used a deep link into Ancestry.com to bypass the IP authentication that made the computer unable to log out of a personal account, even if the user wanted to, creating a security risk. Ancestry closed that hole to protect our site security and customer privacy. Shutting down the deep link log in function on the FHL computers was not a direct or an intentional ploy to upset current Ancestry.com subscribers.
Ancestry and the FHL are currently exploring solutions to allow people to gain access to their personal accounts at the Family History Library while still protecting the privacy of customers. Rest assured that we (Ancestry and the FHL) are working on a resolution--but there is not yet a timetable for its completion.
SUZANNE RUSSO ADAMS, AG(r)
Professional Services Desk Manager
ancestry.com
Part of The Generations Network
You know things have gotten Ancestry's attention when they make a public pronouncement!
I've gotten a lot of information on this issue from inside Ancestry. It turns out what they're saying about customer privacy is true. When you used the hack to login to your personal account at the Salt Lake Family History Library (FHL), the cookies dropped by the IP authentication were not completely replaced. As a result, some of the website behavior of the website reflected personal account behavior, and some of the behavior exhibited FHL behavior. No testing had ever been done in this weird, hybrid environment.
But it only took a little testing to show very, large problems. On the one hand, there was no way to logout. On the other hand, there were several code paths that allowed one to change the username, password, and email address of that account.
There were several ways to see the account owner's private data, including credit card billing address, street address, phone numbers, and any genealogical data entered about living individuals. That means anyone could see the names, ages, address, and phone number for the account owner's minor children and name and ages for nieces, nephews, etc.
If you still think Ancestry was unjustified in blocking yesterday's hack, you're out of your mind.