Guild Wars 2

Since, I don’t really know if such thing exist; I’ve made a Guild which, if it spread enough on the varius EU world it will work as LFG tool for the Fractal of the Mist.
Someone pointed @ http://gw2lfg.com/ altho, as security precaution, and data mining prevention.. I rather use the ingame provided tool.
So, Guild name is indeed Fractal of the Mist [ FOTM ] if you are willing to use it, just send a whisper and i’ll add you, more the better. Also, keep in mind that it require ppl to work, so is not yet really active and cannot yet be used as LFG tool.

Data mining prevention ? What valuable information can possibly be obtained that can be used to any negative goal via data mining gw2lfg.com ?

Not the right place to discuss, anyhow just a fine example can be found here; http://arstechnica.com/security/2012/12/how-script-kiddies-can-hijack-your-browser-to-steal-your-password/

We have developers’ approval of gw2lfg.com
https://forum-en.gw2archive.eu/forum/game/dungeons/STOP-lf1m-posts-use-lfg-site/first

Tekla.2139:

Not the right place to discuss, anyhow just a fine example can be found here; http://arstechnica.com/security/2012/12/how-script-kiddies-can-hijack-your-browser-to-steal-your-password/

You’re getting a bit paranoid.

Well, call me either paranoid or realistic. Altho, a mere comment followed by sticky doesn’t imply that ArenaNet is currently aware on how that third party site is currently managed and/or exposed to exploit’s.
So, thanks.. but, i rather use the in-game tool provided within the game client.

Do you even know what data mining is?

if you mean they can collect your ingame usernames.. well.. then they can do same in this forum, or just collect from map shouts. therefore that data mining “threat” in gw2lfg-dot-com is invalid.

Previus web page, search history ect ect.. whatever.
See if i care answering more usless post.

Tekla.2139:

Previus web page, search history ect ect.. whatever.
See if i care answering more usless post.

That’s not data mining, in the slightest.

Data mining is looking for patterns in large data sets. It’s discovering NEW information in a given data set. It’s not finding existing data.

A simple “NoScript” type add-on is all you need if you’re that worried. In the mean time, the website is a great tool until ANet does finally create a LFG tool in game.

Take it from an independent professional web developer, the gw2lfg.com tool is perfectly harmless. You don’t need an account on the site to use the thing, meaning they aren’t phishing for passwords. The only personally-identifiable data they collect could be used, at worst, to produce statistics about what dungeons you prefer, and that data would be considered flawed and inaccurate at best due to the lack of integration with solid in-game sources.

If you play on two different characters, the tool couldn’t even know that they’re related if you clear cookies in between LFG postings. Their cookies are standard Google Analytics cookies, a session cookie (that I’ve mostly decoded—it contains nothing personally-identifiable), and two cookies that contain information only about the state of the table that displays LFG information (they have to store your search preferences somehow, and given the lack of a login requirement, cookies are the obvious answer).

As far as the requests made by the browser, there are the standard image/Javascript/CSS requests, a Paypal button or two, and a ping to a performance monitoring tool that provides real-time statistics about the performance of an application to the developer. Nothing even remotely malicious.

Your Ars Technica article is completely irrelevant to the lfg tool. It deals with a phishing scam that is extremely specific—it only works in Chrome, and only on people looking to see if their password is in a list of supposedly compromised passwords. It also isn’t a “browser hijack”—it’s a clever use of Javascript and CSS to perform a perfectly normal function in a way that the user does not expect, deceiving the user into giving away potentially private information. The phishing attempt would be nearly useless in any scenario aside from that exact one. Zeppelin is also correct—running NoScript will completely prevent the phishing attempt in that article, as well as a great number of other attempts. It’ll also prevent Google Analytics from tracking you, if you’re really that concerned.

Google Analytics is by far and away the most intrusive thing on that site—it collects information about what browser and operating system you use, the last page you visited (and only one page—if you open a new tab and go straight to gw2lfg.com it won’t even get that information), how long you spend on the page before navigating off, and other information. However, it anonymizes and aggregates the information with hundreds or thousands of like requests. The developer using Google Analytics to review traffic on their site has no way of even seeing an individual request, much less tracking it to a specific person, IP address, or any other personally-identifiable information.

In short, that level of paranoia is neither healthy nor productive. Take some basic security measures (or even some more powerful ones, like using NoScript) and learn what the signs of a real threat are, and you’ll be both safer and happier.

*Edit: I accidentallya space

Although I do believe that the OP is paranoid, it doesn’t change the fact that the general non-IT savvy population does indeed think that any 3rd party website would in fact “hack” their in-game accounts.

Pretty much all that means is that ANet needs to hurry up and implement their in-game LFG system so we can stop having these threads pop up every other day.

ANet is working on it, and I’d much rather they don’t hurry. If they hurry, it will be sub-par, and I’d much rather wait an extra month and get something worth using than have to deal with broken and sub-standard functionality in the meantime.