There have been more instances of this problem, seemingly beyond Admin’s earlier explanation, with no input from Admin as of yet on these new instances, captured with screenshots. Please see UEN’s earlier post for the situation, plus the new updates.
EDIT: Admin’s many locks and responses are reposted in comments below.
EDIT (by starrydesigns): Read about the latest incident here.
EDIT: (by Soap) - latest update here - click.
July 23rd, 2007 at 1:02 pm
oh jeez, it IS locked now. And they just repeated the line about it not being a security threat.
2 people got screen shots of someone else’s convos for gods sake, how is that not a security problem? I don’t want someone reading my convos. I guess it will take someone getting logged into rokali’s account or stella’s and reading all THEIR convos before they consider it a security threat.
July 23rd, 2007 at 1:02 pm
http://www.etsy.com/forums_thread.php?thread_id=5165598&page=13
sorry meant to include this link
July 23rd, 2007 at 1:04 pm
whoah and on page 10 or 11, ANOTHER user reports this happening!
How many is that now, I have lost count.
bevshuggables says:
I am getting the same … someone elses store!!!
July 23rd, 2007 at 1:05 pm
I agree JB.
July 23rd, 2007 at 1:11 pm
In case Etsy doesn’t get the issue, at a MINIMUM, it’s a breach of privacy if they have set up their site so an user can view any unrelated user’s private pages.
You know, people outside of Etsy in the industry reading / hearing about all that’s been brought up recently would probably be shaking their heads.
July 23rd, 2007 at 1:15 pm
And if it’s a matter of changing meta-tags as someone posted on the now locked thread AND Etsy’s been on notice of the issue (ie User #1 reading convos or other private info of unrelated User #2) since at least Feb, I would think they’d just change the meta-tags ASAP.
I’m no engineer but 5 months seems to be long enough to have *investigated* the situation. But I suppose, Chris dismissed the issue by posting basically that we can just pretend it doesn’t happen by not seeing it ourselves (ie don’t use accelerator).
July 23rd, 2007 at 1:15 pm
the admins didn’t even ask bevshuggables for more info, like whether she uses a public computer or a web accelerator. They haven’t asked any of the victims for more data. They just keep saying it’s not a problem and isn’t happening. This is crazy! It’s like they don’t even want to know and don’t want to see the proof. And why did they have stella reply instead of RD, he’s usually the one who moderates the bugs forum and he’s the techie.
What is the reason for locking the topic, anyway? No one was fighting, no one was breaking any rules. People are trying to share data and investigate the issue and look for solutions, the exact things that etsy is supposed to be doing.
July 23rd, 2007 at 1:18 pm
What disturbs me is that someone has a SCREEN SHOT of another person’s convos, yet the admin response is, “it is not possible to see any private data.” Are sellers actually going to have to send the screen shot to admin in a convo from the wrong account before they pay attention to this issue?
July 23rd, 2007 at 1:19 pm
“And why did they have stella reply instead of RD,”
In my opinion they have Stella chime in on controversial issues that they don’t really have an answer to or don’t want to answer to because Stella is perceived as popular and level headed. Everyone showers her with compliments and praise and no one ever attacks her like some of the other admins. I think they see it as a way to diffuse the situation.
July 23rd, 2007 at 1:19 pm
I hope the people who are seeing other people’s pages are taking screen shots and forwarding those to the other user. If someone saw MY info, I would like to hear that. The people whose privacy was breached probably have the most leverage to get something done.
Although you’d think Etsy wouldn’t want this kind of info floating around - the issue as well as Chris’ comment/attitude about it.
July 23rd, 2007 at 1:20 pm
“And why did they have stella reply instead of RD,”
That’s actually probably a smart move.
July 23rd, 2007 at 1:21 pm
Honestly, I don’t care if they respond in a forum thread BUT if they’ve KNOWN about this issue since FEB, they should be acting - or should’ve acted to correct the issues months ago.
THAT would’ve been reasonable, methinks.
July 23rd, 2007 at 1:30 pm
I don’t so much blame them for the initial bug happening, security bugs do happen and you can’t predict or test everything and sometimes there are holes. Sometimes you only find the holes when someone exploits them. That happens to every software company. But once you know about it, then it needs to be priority #1 to fix any security or privacy related bugs. Sometimes you can only lock the barn door after the horse has run away, but at least you can prevent any more horses from getting out. So I don’t blame them for the first time but I do blame them for the mishandling of the issue AFTER they knew about it.
July 23rd, 2007 at 1:37 pm
I wonder–is there any recourse against Etsy on a legal standpoint if a seller lost money due to this? ie. Someone happens to get logged into someone ELSE’S account..and changes the paypal email address to their own so any money going into the store will be deposited into THEIR paypal account instead. You don’t need a password to do that, nor do you need a credit card number–just an email address…
Do we have any way of “taking this higher up” if Etsy Admin refuse to even see this as a problem muchless do anything about it?
July 23rd, 2007 at 1:40 pm
the only ones “higher up” than the admins are the investors, the board of directors if they have one.
Other than contacting them I guess your recourse is to stop using etsy. :-(
I really don’t wanna do that.
July 23rd, 2007 at 1:41 pm
yep
July 23rd, 2007 at 1:42 pm
Well I stumbled across this.
http://www.truste.org/ivalidate.php?url=www.etsy.com&sealid=101
From what I can tell from a quick glance over this webpage Etsy is a member of this oragnization that expects it’s members to meet strict privacy guidelines. I would assume what is going on now doesn’t meet their standards and there is a place to file a complaint with them. I’m going to go read it a little closer.
July 23rd, 2007 at 1:49 pm
http://www.etsy.com/privacy_policy.php
I think this only applies to info collected by etsy when you register like real name, email, credit card #, etc. They have to proimise not to sell that info or give it to anyone without your agreement.
However if someone gets into another user’s account info page
http://www.etsy.com/account_info.php
that does have real name, email, street address, etc
July 23rd, 2007 at 2:09 pm
I just looked at the account info page for the first time in a long time. That has our street address!!!! I find that VERY scary. Almost more bothersome than credit card info. Yeah, no one wants their money messed with but it IS just money. The LAST thing I want available on the internet is my home address! That is a personal safety issue. As far as I’m concerned my personal safety is more important than my credit cards.
July 23rd, 2007 at 2:30 pm
People can get it anyway when you buy or sell with them, and you never know who they might share it with. But you get theirn address too, so at least that is some comfort.
I agree I don’t want random people knowing my address. With your full name, address, phone number, and last 4 digits of your credit card, that may be enough for identity theft.
July 23rd, 2007 at 3:02 pm
The lack of decisive action is very unsettling, to say the least.
July 23rd, 2007 at 3:09 pm
i am unnerved.
my page also has addresses of family to whom i send giftsfrom etsy sellers - i’m now annoyed that potentially their details might be broadcast
are convos the only thing that have been seen so far or are there other details coming out too?
July 23rd, 2007 at 3:11 pm
New thread:
http://www.etsy.com/forums_thread.php?thread_id=5166279
July 23rd, 2007 at 3:37 pm
Stella replies:
stellaloella says:
We are definitely taking these reports seriously and are continuing to investigate the situation. Even though threads are locked, we have still cataloged the information. While there are multiple documented cases, this bug is a very difficult thing to reproduce (which I understand is a big part of bug-hunting on the engineering side of things).
At this time, we do not believe this glitch to be an actual security threat, but we do understand why people are concerned. We’ll keep you updated as more info becomes available.
Presently, while we need users to keep reporting these events, it is not beneficial for anyone to have a public panic on the forums (which is why previous threads were locked).
I’ll leave this thread open for those involved to report new information, but please keep it level-headed. Thank you.
I personally would like to apologize if it *seems* our attitude toward this is anything less than serious. I assure you we are not taking this lightly and are continuing to work on figuring it out and finding a solution for all those involved.
……………………………………..
The admonition to “keep it level-headed” and not start panic I find personally insulting. The locked thread was very level-headed and contained useful factual information. No one was screaming “the sky is falling”. If they have any dispute or disagreement with the factual or technical information presented, then they should correct it. Do not just paint us all as hysterical panic-mongers.
July 23rd, 2007 at 3:39 pm
“While there are multiple documented cases, this bug is a very difficult thing to reproduce (which I understand is a big part of bug-hunting on the engineering side of things).”
…
I can respect that because it is a sporadic bug not a consistent one. However It would be especially difficult to reproduce if one does not have a web accelerator installed. I HOPE that one of their QA staff has installed that software on a spare machine to conduct these tests. The first step to reproducing the bug is to recreate the conditions under which it occurs.
July 23rd, 2007 at 4:12 pm
Soap said,
July 23, 2007 @ 1:21 pm
“…BUT if they’ve KNOWN about this issue since FEB…”
——-
I’m not sure about that. sereneonion posted in March 2007 about accessing misocat’s Etsy bill. There was another comment in that thread that COULD have been a shared-computer problem, so I wouldn’t count on it being the same thing.
I saw related threads back before the V2 changeover. I don’t know what V2 changed, so maybe this is a different problem.
But yes, I’m also frustrated that they’re using loaded words like “sensationalism” and “panic” to describe our posts. Just this month, melisap, kitten59, and mygirlfine all have screencaps showing that this is an actual problem.
I hope they actually read through the threads. Looks like there’s a quick work-around by just retro-dating the meta headers.
July 23rd, 2007 at 4:26 pm
OK, my bad - I mis-typed, it’s MARCH. But that’s still been months.
I agree about the patronizing language - if people’s addresses can be viewed, that’s a problem. Or private communications, or whatever.
Bottom line - reproducible or not, there’s been multiple reports from multiple unrelated users and now multiple screenshots. If it’s something that can be done reasonably quickly using industry standard (like past cache dates), why are they delaying?
July 23rd, 2007 at 4:27 pm
I just had a brainstorm in the shower. Instead of testing this and that and trial and error, why doesn’t etsy just ASK google what to do? Just contact them, and ask what code they need to use to prevent google accelerator from caching the pages. Don’t accuse google, don’t say “why are you ignoring my no-cache headers?”. Just politely ask for the optimum configuration of their meta tags that will definitely work on GWA. I am sure they know the behavior of their own software and have a template of meta tags that will block it.
Now there may be other accelerators and other ISP that use proxy caching and inline caching, and those may behave differently so that won’t be the cure-all for everyone. But at least it will work on the most obvious culprit.
July 23rd, 2007 at 4:33 pm
Because that’s too simple, apparently.
July 23rd, 2007 at 4:45 pm
Heavens. I have a lot of thoughts about this - not many of them complimentary. And I do take exception to the admin characterization of our concerned posts as “panic” and “sensationalism”. Below is a copy of some of the thoughts that I have shared with another Etsian (hope she doesn’t mind):
The real panic, I believe, must be on the admin side. This phenomenon truly has grave implications. It will only take one malicious opportunist to reveal just how serious this breach is. I do hope that they are, in fact, doing all they can to trace this out - but, even more importantly, they ought to be taking *pre-emptive* measures, such as the ones suggested in the last locked threads, to prevent further incidents. In fact, I’m going to keep my eye on the fora for new reports. If there are any, I will immediately inquire whether new safeguards have been implemented - and if not, then why. . . At this point, will all they do know, and the possible fixes to choose from, this should be, in my opinion, an issue of the past.
An ounce of prevention. . .
July 23rd, 2007 at 4:46 pm
If this is a continuing problem then one quite effective - and very professional - place to complain is the Better Business Bureau - http://www.bbb.org/complaint.asp
If several people file complaints, with evidence, it is pretty much bound to be taken seriously.
The trouble is that even a suggestion like this seems to be taken by Etsy admin as a threat. It isn’t intended to be, it’s just a good fall-back to know about if there seems to be no other way of getting the problem resolved.
July 23rd, 2007 at 4:49 pm
will = with
ooops
And I, too, find it quite odd that admin are not soliciting more details about these logons. You’d think the more info they have, the better they’d be able to track down and isolate the cause(s). Whenever there are viewing issues, or treasury problems, etc. RD and jared always ask for specifics. But not here.
July 23rd, 2007 at 4:50 pm
I am unable to read teh new thread because I keep getting this stupid error which was supposedly fixed yesterday according to RD. I’m SICK of the lies!!!!!
FAILURE: Exception occured Traceback (most recent call last): File “/home/svnuser/Projects/Etsy/trunk/emid/emid/MethodCaller.py”, line 86, in __call__ data = method(*args) File “/home/svnuser/Projects/Etsy/trunk/emid/emid/SQLInterface.py”, line 155, in wrapped results = SQLInterfaceFunc(tmpl, a, Pool) File “/home/svnuser/Projects/Etsy/trunk/emid/emid/logutil.py”, line 109, in new_func res = func(*a, **b) File “/home/svnuser/Projects/Etsy/trunk/emid/emid/SQLInterface.py”, line 325, in getOneRecord desc, results = procSQL_return_one_record(sql, args, Pool) File “/home/svnuser/Projects/Etsy/trunk/emid/emid/Resources.py”, line 156, in procSQL_return_one_record conn = Pool.getconn() File “/home/svnuser/Projects/Etsy/trunk/emid/emid/thirdparty/pool.py”, line 149, in getconn return self._getconn(key) File “/home/svnuser/Projects/Etsy/trunk/emid/emid/thirdparty/pool.py”, line 88, in _getconn raise PoolError(”connection pool exausted”) PoolError: connection pool exausted >
You are on webserver
Time July 23, 2007, 8:46 pm
This should be a momentary issue — please try refreshing this page in a few minutes!
July 23rd, 2007 at 4:53 pm
Well, alex, I suppose that is always an option. Unfortunate. I hope that is not what it will take to get the admins to not only take this - and the users - seriously, but to stop patronizing us with false or misleading info.
July 23rd, 2007 at 4:58 pm
A question for you seasoned Etsians: I joined late in 2006, just prior to the V2 switch. Were there as many issues with the Beta version as there have been with this one? How were concerns dealt with? Were the admins more, or less, receptive to user concerns and input?
Okay, three questions. But I’m curious.
July 23rd, 2007 at 5:14 pm
I can’t get into the Etsy forum either, so much for it having its own database. *rolls eyes*
Green Mamba, I joined a bit prior, in February 2006. As I recall, there were not as many technical issues with the Beta version. There were stability problems, but no security issues that I am aware of, and technical issues were dealt with pretty well. There were bandaid solutions to some problems that have since actually been fixed well. But overall I don’t see V2 as much of an improvement, sadly. As well, the non-technical issues that concerned me (resellers, non-handmade goods, etc.) haven’t improved much. It seems to me that Admin have become less responsive to people’s concerns, probably because the user base has grown so much.
But these are just my opinions. I’d like to hear other people’s thoughts on how Beta compares to V2 as well.
July 23rd, 2007 at 5:17 pm
retroattic I am getting that same error for about the last 10 minutes.
refreshing has not resolved the problem for me.
I think all the locking of topics and labeling completely rational threads with loaded words like “panic” and “sensationalism” is trying to discredit all the victims and other posters as unreliable witnesses. It basically has a chilling effect so that other victims of the bug will be afraid to report it and perhaps also get labeled or blacklisted as troublemakers.
I also think that when they wait days to reply to these threads, they are hoping that the longer they wait, someone will get frustrated and will say something rude or a fight will break out . Then they will have justification to lock the topic.
Everyone, do not allow yourself to be manipulated. Keep your posts on etsy as stoic as the sphinx, focused, respectful. If a cheerleader tries to bait you with something dumb like “if you hate etsy so much why don’t you leave?”, don’t take the bait. People have every justification for being frustrated and alarmed, but when they express that, etsy has an easy “out” and can just dismiss us as hysterical troublemakers.
July 23rd, 2007 at 5:29 pm
Deja Vu said,
July 23, 2007 @ 5:14 pm
“Green Mamba, I joined a bit prior, in February 2006. As I recall, there were not as many technical issues with the Beta version. There were stability problems, but no security issues that I am aware of…”
———-
I went skimming through the archives earlier. There were at least 2 different threads during V2 about logging into the wrong account. One of them referenced people posting in chat under the wrong username.
Again, I have no clue what changed in V2. This might not be the same problem at all. That’s why I’ve never brought it up on the forum.
I deeply resent Etsy’s accusations of panic-mongering.
July 23rd, 2007 at 5:34 pm
I’m getting the ‘failure’ notices, too. *sigh*
Your points, JB, are probably right on the mark - and quite distressing.
And façade, wasn’t there also a much more recent incident of chat confusion?
I wish I could understand the hesitation of admin to not only acknowledge this problem, but to simply get cracking on a solution. It is in their best interests to keep things running as smoothly and securely as possible. What possible motive could there be for (initially) denying, then dramatically downplaying this bug? What benefit is it to them to let the issue continue and escalate? Sorry - I just can’t wrap my mind around it at all.
Don’t they realize that members will respect them much more for an honest and prompt response - even if it’s to say “we goofed but we’re getting to the bottom of it ASAP”? I guarantee that they are losing not only respect, but also credibility with their current attitude.
July 23rd, 2007 at 5:35 pm
Sorry, mistyped in my last post.
wrong:
“2 different threads during V2″
should read:
“2 different threads BEFORE V2″
July 23rd, 2007 at 5:38 pm
GreenMamba,
I have no idea about recent chat confusion. I don’t really pay attention to chat bugs because I figured it didn’t affect me. I’ve gone into the rooms all of twice.
July 23rd, 2007 at 5:44 pm
There were incidents even before the misocat one in March, which spurred Soap’s original post.
I remember several last year where at least two different users logged into Ramona’s account and posted about that on the forums.
I DO wish everyone had the foresight to take screenshots.
July 23rd, 2007 at 6:09 pm
One of the many accusations leveled at me was panic-mongering - bringing important issues up (and keeping them in the spotlight) simply for the purpose of causing trouble.
Glad others are willing to “panic-monger” (i.e., hold accountable) without me. Careful, though.
July 23rd, 2007 at 6:12 pm
Kate,
I thought I saw posts pre-dating the March one by sereneonion but I suppose I’m not as organized as Dyno. Maybe I’ll look for them later.
E,
Have you not regained your forum posting privileges?
July 23rd, 2007 at 6:14 pm
The chat and treasuries are flash applications are may possible handle cookies and authentication differently than the rest of the site. One user had 2 treasuries made with her name, which she didn’t make. A user appearing to be logged into the wrong account may not be able to do actions like editing listings or sending convos, on the HTML portion of the site. (they can apparently read the other user’s convos, but probably/hopefully can’t send convos)
But possibly they *can* post as someone else in chat, or comment on a treasury or create a treasury as someone else. Chat may not authenticate each action by checking the cookie. These are all things that need to be tested.
Perhaps etsy is defining “security threat” differently than we do, when they say there is no security threat. Even IF someone can’t make any changes or do any actions with my account, (which hasn’t really been proven one way or the other) just the fact they can SEE stuff they shouldn’t see is enough reason to take action.
July 23rd, 2007 at 6:17 pm
Yes. But I am limited in that about which I may post.
July 23rd, 2007 at 6:19 pm
Elizabeth that panic-mongering accusation against you is completely out of line. You are always so focused and professional when you bring up bugs and issues. I have seen people try to bait you and make personal attacks in your threads, and you keep your cool and keep your focus on the issues, not the personalities. You don’t hit below the belt and when you make a criticism it is against something etsy has DONE (or not done), not against the people themselves.
I wish etsy staff could be as unflappable and professional in the forums as users like you and facade.
July 23rd, 2007 at 6:21 pm
You’re not allowed to discuss any perceived issue with Etsy?
/hijack
July 23rd, 2007 at 6:23 pm
You’re very kind. I have a, um, challenging approach to issues, no doubt. ;p But I do try to keep from making things personal. Etsy does not see my input the same way. So be it.
July 23rd, 2007 at 6:28 pm
Soap, it’s complicated. But basically, yes, unless I use a predetermined “voice.” The more I talk about it, the more likely I am to lose privileges permanently, which shows, I guess, how little I’m starting to care about that. But I should probably stop here for now. I had a super-rough day at work, and I don’t want that frustration to leak over any more than it has.
/REALLY end hijack
July 23rd, 2007 at 8:11 pm
You’re even monitored for what you say OUTSIDE of etsy, you have to use this predetermined voice here?
un-freakin-believable.
sorry about your bad day at work. :-(
July 23rd, 2007 at 8:32 pm
I have hunted high and low through the Forum archives and can’t find any issues of people logging into other’s account pre-V2. Does anyone have links to any of those old threads?
While Beta had issues, I think that V2 has worse issues (as well as features I love, it’s a real love-hate thing). But the problems seem bigger.
July 23rd, 2007 at 8:47 pm
hijack
Really? Even OUTSIDE of Etsy? (just nod or shake head)
Well, I’d just have one thing to say about that - click on last picture and zoom:
http://www.etsy.com/view_listing.php?listing_id=6205431
:)
/hijack
BBL
July 23rd, 2007 at 10:06 pm
I just hearted those cards.
I know several people who deserve them.
Also, I know their address.. and I’m not afraid to send them.
This topic is out of control. I can NOT believe that something hasn’t been done about this, and that it is continually brushed off as a “non-issue”.
July 23rd, 2007 at 10:08 pm
“What possible motive could there be for (initially) denying, then dramatically downplaying this bug? ”
Etsy is their baby. And they are parents in denial. Admitting there is a problem is like admitting their child is not perfect. As a teacher I know WAY too many parents who can’t handle it when they find out their kid has problems and issues. As long as Etsy denies everything they don’t have to take it personally and they can pretend that they are on the cutting edge and reinventing the wheel flawlessly. I think this is why so many of Revolving Dork’s posts are so snarky. He takes every bug complaint as a personal attack on him.
July 23rd, 2007 at 10:22 pm
Sorry to hijack things but while we’re talking about what Elizabath is and isn’t allowed to do, has anyone checked out her new shop??? She has some lovely pieces!
http://www.etsy.com/shop.php?user_id=5180851
July 24th, 2007 at 12:17 am
Deja Vu said,
July 23, 2007 @ 8:32 pm
[quote format edited by soap]
———-
(How do I make indented quotes on here?)
Just to be sure: V2 was November 2006? And when did Etsy start the Beta version? Because the threads I found (update: 3 of them) predate that by months. Would it help or muddle things for me to post them?
But regarding current V2 problems — Soap was right; I was wrong. There were a couple of wrong-account bug reports back in February 2007. Neither one got any response from admin. In fact, it looks like no one at all noticed the second.
stellabelladesigns: February 12 2007
http://www.etsy.com/forums_thread.php?thread_id=5035871
“my etsy isn’t really mine??”
hazelwoodhill: February 17 2007
http://www.etsy.com/forums_thread.php?thread_id=5039045
“I log in and get another sellers store”
July 24th, 2007 at 12:21 am
facade, i’ll block quote your post above for you - i emailed you instructions.
July 24th, 2007 at 12:23 am
Thanks for finding those posts. I thought I saw them but didn’t bookmark them. :)
July 24th, 2007 at 1:09 am
retroattic, whether it’s a proprietorial or parental feeling - or something else entirely - I do not think that Etsy can afford the luxury of adopting that stance. This issue is one with legal ramifications. Etsy is obligated to do what it reasonably can to protect the security and safety of user information.
And, yes, I also understand the occasional legal necessity for taking a somewhat neutral stance, especially in the interest of damage control. But to outright deny there is an issue, then later pretend it is not serious in the face of mounting evidence to the contrary - that seems to me to be treading on thin ice. Obviously, Etsy has not taken adequate measures to curb this phenomenon - it is obvious from the forum trail that this issue has been around far. too. long.
Picture this: a member, upon login, finds her/himself accidentally inside another user’s account. They are at first surprised, then, out of curiosity, start looking around, clicking to see just how far the can penetrate into the tiers of information. This person finds that they are able to view not only billing and account info - such as full name, address, phone number, paypal e-ddress, etc. (already documented, by the way) - but transaction and receipt details as well (not noted or documented, to my knowledge). While perusing the sales info, they notice that one of the buyers is someone they have a dislike for, or a grudge against. They jot down the real name and address of this buyer before logging out. Or, they simply take screen shots of every possible bit of info - including personal identity info, convos, receipts etc. They then log out but keep the screenshots for possible exploitation down the line. . .
You get the picture, which is, at this point, purely conjecture. Such an extreme situation may not be able to occur under the current accidental logon glitch. But, because Etsy does not in fact *know* that it *can’t* happen, it should be assumed that the worst case scenario *is* a possibility - and precautions taken accordingly.
It is not my intent to ’sensationalize’ this issue. Which is why I have saved such remarks for this forum - I don’t want to spark any sort of ‘panic’ or flame-war on Etsy, which would be completely counter to what we are hoping to achieve by keeping this issue in the spotlight. Surely those of us posting here are not interested in starting an uprising - but we do want the matter taken seriously. Or at least more seriously than it seems to be at the moment.
E, it is truly disturbing to think that Etsy can influence postings on this - or any other - site outside of its domain. Quite disturbing, indeed. I am very sorry - and alarmed - that your proactivity has had such drastic and far-reaching repercussions. I am not a ‘panic-monger’ but I will suffer the title willingly if that is the price of demanding accountability. In truth, like you and all the rest who have commented here, I have a great fondness for Etsy and the opportunities it provides as well as the enticing potential it harbors. If I didn’t, I - and I suspect many others as well - wouldn’t bother getting involved.
I continue to be mystified by many of the actions (or often inactions, as it may be) and the defensive postures of some Etsy admins. Aren’t we all on the same side?
July 24th, 2007 at 1:12 am
(sorry for typos - it is late and I’m a virtual zombie just now)
July 24th, 2007 at 1:12 am
wow I never saw those 2 cases before. That brings up a question: Why are there *any* bug reports in the forum without an admin reply? I know that in the help forum and buying and selling, most of it is users helping users, they are the same questions again and again, and not every post needs an admin reply. But in my opinion the bug forum should have 100% coverage, an admin should be reading every single thread and unless someone else has already answered the question (I mean resolved it), they should be replying to every thread too.
The bugs forum does not move as fast as other forums, there’s usually only about one new page of posts per day. It wouldn’t be impossible for a staff member to go through it once a day and check anything less than 24 hours old. That would only take about an hour a day. It wouldn’t need a whole new staff person or anything drastic.
Too much is slipping through the cracks.
February 12 2007
stellabelladesigns got into katiejohnson’s store
I can’t actually find any account by that name but maybe she spelled it wrong? It was a jewelry shop.
possibly katejonesjewelry.
February 17 2007
hazelwoodhill gets into another user’s shop repeatedly- the other shop is not named.
http://www.etsy.com/forums_thread.php?thread_id=5166279&page=4
melisap has continued to get logged into the other user’s shop, always the same user. She could not get any further than the first tier (your etsy), could not get into account info or other personal data.
July 24th, 2007 at 1:51 am
*****
JB said,
July 24, 2007 @ 1:12 am
Why are there *any* bug reports in the forum without an admin reply? I know that in the help forum and buying and selling, most of it is users helping users, they are the same questions again and again, and not every post needs an admin reply. But in my opinion the bug forum should have 100% coverage, an admin should be reading every single thread and unless someone else has already answered the question (I mean resolved it), they should be replying to every thread too.
*****
Excellent point. Why, indeed?
July 24th, 2007 at 2:13 am
GreenMamba, I agree with you 100%. I was just stating how I perceive the situation. I think the stance they are taking is completely ignorant. I also find the use of Stella to diffuse these threads very insulting. Anytime a controversial issue arises Stella comes to the rescue, everyone gives her great praise and the issue at hand is forgotten for the time being. Admin know that in most users eyes Stella can do no wrong and they are using that like we are children who need a lollipop to shut us up. Unless something drastically changes (which I don’t see happening) I believe this sort of thing will be Etsy’s downfall. They can bury their head in the sand all they want but everyday there are more and more digruntled users and Etsy’s reputation will gradually spread by word of mouth. I have already seen many people talk about Etsy’s poor customer service and buggy site being discussed on other crafting forums though I have not witnessed this personally.
July 24th, 2007 at 3:08 am
GreenMamba, thinking of worst case scenarios is not sensationalism. In fact, prudent web designers and programmers should do this when designing any site.
For example: Lots of people would like to use trackers like google analytics or sitemeter on their etsy shops. Or on their myspace pages. me among them.
But those third-party trackers use javascripts. Those trackers are benign and harmless, but if etsy and myspace allowed javascripts, then people could also use malicious scripts which can do things like steal your session cookie, redirect you to another site which looks like etsy/myspace but isn’t, etc. Or javascripts can do harmless but annoying mischievous things like replacing text on the page with other words, replacing images, etc. That’s why neither etsy nor myspace allows javascript.
Javascripts have some very useful and harmless uses, and some malicious and dangerous uses. You can’t assume that all users are nice people, you have to think about the worst case scenario even if it’s only .001 % of users who have the knowledge and skill and motives to use malicious scripts. Prudent designers build their site with worst case scenarios in mind at all times. At my work, any time the programmers have assumed users are not smart enough to figure out how to exploit something, they are proved wrong and it’s often a 15 year old kid that finds the loophole! If there is any hole, someone WILL find it and the worst case scenario WILL happen eventually.
Even if 99% of etsy users are nice and wouldn’t mess around in my account, it’s the 1% of evil users that you have to design around. Unfortunately, this happens all around the world and all through life, the minority of bad people ruin things for the rest of us but that is life. It’s not sensationalism to bring attention to the “what ifs”. It’s better to think of those “what ifs” before they happen, then try to clean up the mess after they happen!
July 24th, 2007 at 7:16 am
Facade, yes V2 was implemented November 2006 (the 11th or so). Prior to that, Etsy was in Beta from conception (June 2005).
I am really curious to see those threads you mentioned. If you don’t want to post them here, perhaps you could forward them to me via convo? Honestly, the technical problems I recall about Beta were more about stability than anything else. But I don’t remember details very well, (life moves too fast for me lately).
July 24th, 2007 at 7:53 am
GreenMamba said,
July 23, 2007 @ 4:53 pm
Well, alex, I suppose that is always an option. Unfortunate. I hope that is not what it will take to get the admins to not only take this - and the users - seriously, but to stop patronizing us with false or misleading info.
________
Well, one would always hope that going to the BBB wouldn’t be necessary. But it’s useful to know that it’s there and can help if it’s really needed. I’ve used them once before - two or three years back - and they are effective.
Of course, if Etsy take this seriously and resolve it that would be the best solution all round.
July 24th, 2007 at 12:30 pm
retroattic, I understand the frustration you feel at having very complicated and/or technical issues addressed by an Etsy admin who may not necessarily have the expertise to comment. I don’t personally have an issue with stellaloella - she is a pleasant and calming presence. But (and this is my personal opinion) I do feel she is used, perhaps unfairly, as a buffer - or shield - between the members who are seeking real answers, and the admins who prefer to be virtually tight-lipped.
I find it to be quite unfortunate that, when admin gleans new staff from the Etsy membership, it can result in that member sacrificing a great deal. Stella, for instance (according to her shop announcement), has had no time to pursue her potterycraft, etc. since joining the Etsy team. So, the very thing that attracted her to Etsy is now, in a sense, denied her. It must be equal parts joy and nightmare to be in such a situation. (Pure speculation on my part. That is simply how I am sure I would feel in such a position.)
A few days ago, during the brief commotion over the changing of shop names, I commented in one of the threads regarding RD’s often inappropriate forum responses. I did not name him, but I think it was obvious whom I was referring to. This is what I wrote:
>> One concern: perhaps it would be best, when such delicate issues come to light in the fora, that only certain designated admins make a response - or at the very least, that the responding admin has consulted with and gotten official approval for said response? When the hint of inconsistency and misinformation appears - accompanied by an admin badge and a hasty lock - it has the potential to stir up contention, conjecture, strife and ill-will. Whereas a carefully considered and forthright comment can - even if the comment isn’t what the masses want to hear - help foster good relations between the powers-that-be and the Etsy membership.
Consistency is key.
Posted at 1:18 pm, July 21 2007 EST
July 24th, 2007 at 12:38 pm
(My post was cut short - which has happened before. I must be doing something wrong?? Or could be my connection – I’ve had DSL issues for weeks now. In any case, here is the rest.)
Of course, there is no way of knowing whether my recent comment had any influence on the way admins respond, or who is delegated to tackle which topics. But I certainly did not mean for stella to be used as the middle-man. It would be helpful, and appropriate, to have seasoned, knowledgeable techies or programmers or engineers give comments in their respective areas of expertise. It does rankle to be treated as “children who need a lollipop”. And I, for one, do not feel comfortable fussing at stella, who is, after all, simply doing what she’s told. No one wants to come across as, or be accused of being, a bully. So, I suppose the admin strategy of calming the masses is at least partially successful. And very frustrating.
Wow. Was that a hijack or what?
July 24th, 2007 at 3:45 pm
I think stella is perfectly fine and I have no problem in her replies in the ideas, help, buying and selling forums. It’s only the bugs forum that I would prefer someone with more technical knowledge to reply, when technical knowledge is needed.
And by reply, I mean: ask pertinent questions, collect information, speak to users as the adults they are, and give updates for ongoing bugs and issues. I don’t mean say there’s no problem and lock the thread.
In general, bug reports is a specialized area of customer service. You don’t necessarily need developers moderating it because they don’t always have the best people skills and are better utilized in fixing the bugs. (they generally make a LOT more money than CS too, so you don’t want to waste their time!) Also, developers usually like to have their data presented in very compact, formal nuggets. They are used to reading technical specs and they communicate differently than normal humans. Most users present data in a “messy” format, with lots of irrelevant info, telling their feelings, etc. The facts are often there, but they are buried in a narrative. Developers do not like narratives.
You can have customer service staff moderating bug reports, but they should be trained on how to collect information, what questions to ask, etc. They need to sift through the narratives and collect the pertinent nuggets of data. Then they compile the information in a nice clean organized format and present it to the developers. Customer service staff are the liaisons between customers and developers- they are almost translators, if you will. But they need to know both languages fluently, to be good translators. They need to know how to speak human, and how to speak developer. Stella is clearly fluent in human, but I’m not sure they have really trained her in speaking developer. I’ve not seen her asking the types of questions that need to be asked, but perhaps that is being done privately through email.
July 24th, 2007 at 4:26 pm
JB, once again you have clearly articulated some excellent points! Thanks!
July 24th, 2007 at 4:39 pm
I want to make it clear I have no problem with Stella. She seems to be a smart, intelligent, reasonable and well spoken person. I’m sure she is just doing her job. My only problem is that because she has these wonderful qualities she is being used for the reasons and in the ways I stated above.
July 24th, 2007 at 6:16 pm
http://www.etsy.com/forums_thread.php?thread_id=5167747
Haim has some updates on current bugs, including this one
- The cookie/login issue
We’ve found a bug in how we generate random data that could possibly result in login “collisions”. It’s our theory that user A would login and get his random data token. Sometime thereafter user B would generate the exact same random data thus grabbing user A’s session. We’ve got a short term fix in the works that will highly decrease the chances of that happening. It’s our goal to have that fix pushed out early Wednesday AM EST. In addition we’re working on a larger long term fix to better handle cookies in general.
…
It’s very interesting.
I’m concerned it doesn’t include anything about blocking web accelerators from caching private pages, since GWA was definitely a factor in at least *some* of the cases.
July 24th, 2007 at 6:28 pm
I’ve said it before and I’ll say it again…Etsy slowly keeps shooting themselves in the foot on a lot of things.
That BBB thing is good knowledge to have should it become productive to utilize it.
And, as far as EMC goes—I can’t believe that Admin should have the audacity to outright censor people as far as their participation on the forums AFTER their punishment has already been served. It’s one thing to try to redirect someone to be “nicer” or whatever–but to (I’m assuming) come out and state what one can and cannot speak about on the forums is not only alarming but exceedingly childish.
Etsy Admin isn’t taking everyone’s reports of this “bug” seriously—RD has said a couple of times on the forums that there’s “no known issue” when locking threads about this. It’s a serious breach of privacy, and can cause further damage down the road…people can see personal emails, home addresses, personal business discussions through convos, as well as alter the paypal email if they should choose so that any money is directed into THEIR account.
I wonder if Admin realizes all of the other crafting forums that are literally laughing at Etsy.com?
July 24th, 2007 at 6:36 pm
Well Haim does say there is a known issue now, something to do with the random data token. Random doesn’t always mean unique, so 2 users can have the same random token and then get their wires crossed.
This may account for the cases where people didn’t use GWA. I don’t think it accounts for all the cases, and the behavior of the bug, i.e. how much you can access, may depend on which variation of the bug you have. I now think it’s actually TWO bugs with similar symptoms.
July 24th, 2007 at 6:39 pm
ok, update to this issue is here.
July 24th, 2007 at 6:40 pm
oops, sorry JB didn’t read your post above. :)
July 24th, 2007 at 11:02 pm
“I wonder if Admin realizes all of the other crafting forums that are literally laughing at Etsy.com?”
I have heard other people say this. Would you be willing to share some of these locations where Etsy is being discussed? I don’t really frequent any other crafting forums but I would love to check some out and see if there are any I like. Also, I would obviously love to see where Etsy registers on the radar with other crafters. If you would prefer you can send me a convo on Etsy. If you don’t want to share at all I understand. Thanks!