General information concerning security

Spinchat is as safe as the internet in general. The following comments can thus be applied to any function of the internet; they are not limited to Spinchat. They are valid for all internet services.

Software

• We recommend that your computer is always running with the current version of its operating system; regularly check for security bug fixes for your operating system and - if there are any available - install them.
  
• We recommend that your computer is always running with the current version of a virus and trojan scanning software.
  
• For browsing we recommend Firefox by Mozilla.
  
• To be able to use the chat entirely you need Java. We recommend Java by Sun.

What does the cryptic entry in my web browser's location bar mean? What is a session id?
This entry - the so-called session id - identifies you to the chat, rather like a key.
That is why you should never communicate this line to anyone else. If you do, someone else will be able to temporarily assume your chat identity, chat under your name, read your mails, and so on.
You would not hand over your apartement keys to just anyone, would you :-)?

Often the session inadvertently is handed over when one wants to link to a board posting or a profile.
You can copy the complete address of a board/thread/posting to the clipboard by rightclicking on the corresponding link; a menu will appear; there click on something like "Copy Link Location".
To paste the address to the desired position just use the key combination CTRL V.
The link will look like this:
http://www.spinchat.com/session/cryptic signs/ext/forum/msg?some more signs

The safe method to link to a board posting - that is without the session id - is to just delete the part "session/cryptic signs/ext" from the link.
This would look like this eventually:
http://www.spinchat.com/forum/msg?some more signs

And a secure direct link to a profile would look like this:
http://www.spinchat.com/whois?user=username e.g.
http://www.spinchat.com/whois?user=foobar2, if it is the profile of user "foobar2".

Can anyone eavesdrop on private talks?
As far as the operator of this website is concerned, there is no feature enabling anyone (including chat administrators) to eavesdrop on private talks. Conceivably, legal authorities might order private talks to be logged; this has, however, never occurred yet.

Never forget that the internet was not set up with security as a main consideration. email (as an example) can also be sniffed, and with approximately the same effort, it is possible to listen in to chat transmissions - although the possibility of something like this happening to you (concerning either email or chat) is remote in practice.
Still, you should not transmit confidential information via the internet.

Those rare cases where somebody actually seemed to know what had happened in someone else's private talk have all found their explanation in the private talk partners' forwarding of private talk content. In even rarer cases, private talks and chats have been found to be compromised by "trojans" on the local computers (please cf. "Caution with data from unknown sources").

Do not be too trusting with your personal data!
Better think three times before turning over your phone number, address, or real name and place of residence etc. to somebody you do not personally know (in reality). It is none too rare for mischief to happen involving such data, and you would not be the first one to e.g. suddenly find your name and phone number in an online solicitation.
Always consider: What information would I confide to a total stranger I have just met in a bar?

Passwords, passwords...
You should regularly change all passwords for all services you are using in the web, say every two months.
Never use identical passwords for all services you are using - or do you actually want the owners of website XYZ to read your email just because you have been using the same password for both?
When in doubt, it is still safer to keep a written record of all your passwords in a place of safe storage than to use just one password merely because you may be unwilling to memorize more than one.

In case you once should forget your password for the chat, you can tell the system to resend it to the email address which is currently registered to your nickname.
The possibility to do so you can find in our several chats in the navigation under subjects like "Register", "Registration and passwords", "Everything about passwords", etc.

Caution with data from unknown sources!
Caution is generally advisable when receiving files from sources you do not know and do not trust, and then opening them. This issue currently does not really affect the chat, as Spinchat does not offer file-transmission routines to our users.

Make a point of always running the current version of a virus and trojan scanning software on your computer.

Be extremely careful with so-called file-access configurations for network users! Windows users have been known more than once to travel the internet offering free read-and-write access to all their drives to anyone interested.

Do not open email attachments whose sender you do not know or trust. On the same note, do not open them, if the file type is not known to you, the accompanying text sounds odd for the purported sender, etc.

Generally speaking, there are few file formats you can open with any confidence; these are GIF or JPEG pictures, text files with the ending ".txt", and HTML pages up to a degree. All other formats, especially Word (.doc), Shell Scrap (.shs), Visual Basic Script (.vbs), JavaScript (.js), Perl scripts (.pl), screensavers (.scr), and executable files (.exe, .cmd, .bat, .com) carry inherent risks and should not be opened!

Also be cautious with emails of senders you certainly know, but where subject and respectively content and the way it is written and the person which owns the email address do not match up.
If there is e.g. a link in such an email, which you are supposed to click, do not do it. Also do not open an attachment and ask the person, if the email really has been sent by her/him.
Anybody can use the name and email address of anyone for the sender.

What if I have managed to catch a virus or trojan?
First: It is impossible to contract a virus or trojan through chatting! You might just manage, though, by carelessly opening files other users may make available to you. In that case please do not come complaining to us - we have done everything humanly possible to forestall such contingencies. When all is said and done, security largely depends on the individual user - you (please cf. previous paragraph)!

To begin with, try and find out which virus/trojan you are dealing with (where possible) - also install a virus/trojan scanning software. This may enable you to clear the virus or trojan from your drives.

In case you are positively sure that the virus/trojan has been spread by another chatter, we will still be unable to bring him to account. We are not able to determine the rights of any such recriminations; i.e., whether your system was actually affected in the first place, or whether your suspicions of the person you think is responsible are justified.

What is an IP number? Help - somebody has got hold of my IP number!
An IP number, consisting of four groups of numbers separated by dots, serves to identify your system to the internet. If you are using an average provider, an IP will be granted to your system at random (from a range of numbers available) upon dial-up. In many company or university networks, individual computers carry a fixed IP.

Knowing an IP number will theoretically enable someone to contact your system from an external system - for as long as you are logged onto the internet with this IP; remember that you will normally be given a different IP for a new dial-up.

Masking one's IP provides no security at all. Because of the technical patterns of the Web anybody who knows how has access to the IP number:
You have just visited a friend's homepage? - 50% probability he has got hold of your current IP! You have been using Napster, ICQ, AIM, or similar services? - 100% probability your IP is widely accessible to anyone with the know-how to retrieve it!

Barring all else, IPs can simply be attacked by guessing them - even a random attack is likely to hurt somebody. Most attacks that happen to private computer systems on the web are not goal-oriented (means that someone wants to harm espcially you), but the attackers scan completely automatically for unsafe systems. The attackers normally do not care about possibly attacking your computer.

In a word:

• As long as your system security is rigorously maintained by installing the current security patches and running a good firewall (means not these dreadful personal firewalls - there are already integrated solutions for reasonable prices availabe like DSL modems with built-in NAT routing - get yourself something like this) knowing your IP number is completely useless to any attacker, since he will not be able to invade your system.
  
• As long as you do not rigorously maintain your system security you can mask you IP number as well as you can - 100% probability that within a year your computer will have been successfully hacked.

Via the IP number the authorities for criminal prosecution for example can trace chatters against whom one has made a report because of some suspiciously abnormal behaviour. As stated at the beginning nobody in this chat is online anonymously. Everyone can be traced and identified!
Especially people abusing the chat for whatever reason should realize this and refrain from doing so!

And finally...
If you are worried about attacks from the internet - do not place your trust in "Security through obscurity". Treating email addresses, IP numbers or the like as secrets is simply pointless.
Better see that your computer is always running with the current version of a virus and trojan scanning software, uses a good firewall (means real firewalls not these dreadful personal firewalls for windows), and is routinely upgraded with your operating system maker's current security bug fixes! It is the only way to keep your system reasonably safe.