Birth dates and maiden names are personal information that could be used for identity theft in the wrong hands. Geni.com should encrypt all web pages using encrypted https: protocol so this sensitive information cannot be stolen. Geni, as you should know, displaying web pages using http: (and not https:) is not secure and all information such as birth dates and maiden names are transmitted across the internet in clear text which could be captured and used for identity theft. Geni, you have a responsibility to keep our information secure, not just on your servers, but as it is transmitted to your users across the internet. Please update your system to always use secure https: protocol. Thanks for your attention.
4 comments
-
Geni Support Team Hi Eric,
Although some of our technologies do not support SSL, please know that we take the protection of your personal information very seriously. Your login password and credit card information are always SSL protected.
I understand your concerns and in today’s world, information such as birthdays, etc. is easily accessible throughout the internet. Keep in mind that ultimately, what personal information you choose to share online remains in your control and that it is not any more visible than other similar services. -
Eric Peterson Geni, apparently you do not take the protection of my information seriously, since birth dates and maiden names are not protected by SSL. That information is often used to verify the identity of a customer by other companies. And by stating that with Geni "it is not any more visible than other similar services", simply shows that the similar services also do not take protection seriously either. If my webmail service can use SSL to secure my messages, Geni could do similar with family information. Would it really be that much more effort since Geni already uses SSL for passwords and CC numbers? SSL protection would be a selling point for Geni over other services if it DID protect our information with SSL.
-
Udi Pladott Amanda, I find your response not only dismissive and insulting, but also suggestive of a failure to understand the very essence of the service that Geni is providing. It is in Geni's interest to provide a platform where your users will build as rich a family tree as possible, because that will enhance your users' engagement with the site. A rich and informative family tree would naturally include both dates of birth and maiden names. Since even Facebook has migrated to https-only operation, the least Geni can do is follow suit.
-
Sue Douglass MyHeritage is a lot worse than GENI at protecting your privacy!
My SON, who is living, showed up as VISIBLE on the "smart match" feature on someone else's family page on My Heritage, even though I already changed the setting on my data to try to keep my private profiles private. I consider this to be a violation of the Privacy policy of GENI.com. I can't even contact the owner of that page to have her hide it without a $120/year subscription. I consider My Heritage to be an affront to the fact that I am already a PAID subscriber to GENI, and the MyHeritage records are all from publicly available sources, INCLUDING GENI, to begin with.
NO LIVING PERSON should ever show up on MyHeritage "smart match" at all, and there should be NO requirement to "opt out" to make people invisible on MyHeritage who are already INVISIBLE ON GENI because they are Living Persons.
The DEFAULT should be for all GENI PRIVATE profiles to remain invisible on MyHeritage.