MFCSucks

[JerryBoBerry]

They don't do anything for their users. Just take their money.
During the years i got some experiences and now i started to write them down.
Specially the security thing is so important but they keep the doors wide open.
If we reach enough users, maybe we can change some things. *dreaming*

Curious. If you feel they didn't do anything for you and other users, why did you stay years?

 

[Jesse0328]

I am curious. Why go to this trouble on account of MFC? Bad experience?

Some people go through extraordinary efforts to tell the world how a particular company doesn't care because *their* issues or suggestions aren't being addressed.

They don't do anything for their users. Just take their money.
During the years i got some experiences and now i started to write them down.
Specially the security thing is so important but they keep the doors wide open.
If we reach enough users, maybe we can change some things. *dreaming*

Come on dude, you're being melodramatic. If the password issue bothers you that much, then take your money elsewhere.

 

[weirdbr]

And yet, you'd think that if their security was as lacking as all that, we'd have heard a lot more about actual accounts actually getting compromised from members who frequent ACF or from models who would certainly hear about it from their regulars.

We heard *a lot* about that last year - you do remember 'lindasogentle' and others, right? It wasn't that bad other than the spam because MFC doesn't save payment information (which would make easier for the hackers to get tokens for 'free' and transfer to other accounts), but the fact was that the way MFC (and other sites) handle password recovery is *really* broken.

 

[justjoinedtopost]

Come on dude, you're being melodramatic. If the password issue bothers you that much, then take your money elsewhere.

He really doesn't strike me as melodramatic. If he was on an over the top MFC bashing expedition, I could understand him better. But his last two blog entries are actually constructive suggestions. The pw issue, though stale, was news to me. The issue he raises with Google Analytics I can also sympathize with, but if you are going to complain about that, you might as well complain about the entire internet.

The small plug on his blog for MFC model FireFantasy has me wondering if this guy mfcsucks is actually a dude. I may have jumped to conclusions by prematurely assigning a gender. There is always the chance mfcsucks is a Romanian woman who enjoys cursing as she bludgeons pervs to death :lol: .

 

[mfcsucks]

Some people go through extraordinary efforts to tell the world how a particular company doesn't care because *their* issues or suggestions aren't being addressed.

I'm not an egoist and i know that i can't force anything with this little blog i wrote. But i thought it's worth a try.

Come on dude, you're being melodramatic. If the password issue bothers you that much, then take your money elsewhere.

It's not only about that password thing. You would know, if you had read my other posts. And yes, i could have changed the site, but do you think, this really helps?

There is always the chance mfcsucks is a Romanian woman who enjoys cursing as she bludgeons pervs to death :lol: .

No, you are guessing wrong, im not from romania and im also not a girl.

 

[justjoinedtopost]

No, you are guessing wrong, im not from romania and im also not a girl.

Well, I went to see FireFantasy because of your blog. But I had to look up profile for myself.

No one will tip her from your blog. I think putting that tip button there will only make people suspicious of you, and maybe her. Better, I think, to just post link to her profile.

But this is only my opinion. Other than that, blog seems ok to me.

 

[mfcsucks]

No one will tip her from your blog. I think putting that tip button there will only make people suspicious of you, and maybe her. Better, I think, to just post link to her profile.

I know. I was thinking if i should add the button or not, but then i decided to do it just for fun. Maybe i should add more models so it is clear this tip does not go to me.

 

[JoleneBrody]

For someone so concerned with security, I find it hilariously strange that you keep posting links to off site text expecting everyone to just clicky click away despite not having a clue who you are. :lol: Makes you look like a weird spam bot.

Just copy/past the text into your forum post. Hell, maybe even just explain what the link is instead of just dropping it there. That is not really good forum etiquette, leaving links, unless it is linking to information that you did not write yourself. I.E proving a point with facts.

 

[Jesse0328]

After OP is done with their crusade against MFC, they can start a blog to convince Werner Brothers to refresh the Space Jam website. That site hasn't been updated since 1996. The domain spacejamsucks.com is available.

 

[WickedTouch]

 

[Sevrin]

And yet, you'd think that if their security was as lacking as all that, we'd have heard a lot more about actual accounts actually getting compromised from members who frequent ACF or from models who would certainly hear about it from their regulars.

We heard *a lot* about that last year - you do remember 'lindasogentle' and others, right? It wasn't that bad other than the spam because MFC doesn't save payment information (which would make easier for the hackers to get tokens for 'free' and transfer to other accounts), but the fact was that the way MFC (and other sites) handle password recovery is *really* broken.

Does anyone know the account owners affected or come across anyone who claims his or her account was affected or was the cousin's dentist's brother-in-law of someone who heard his neighbour's uncle's account was affected? Someone brute-forcing every possible account trying "password" doesn't have anything to do with MFC's relative security.

 

[JubalCobb]

Hi.
I've seen your posts over on /r/myfreecams and your reply to me in the mfc's advertising post on reddit.

a few thoughts.
1. the domain name is kind of fishy to most people. I ran a securi sitecheck on it, checked it manually with a web based text browser. And even with it looking ok on both of those checks, I still used a VPN, and used firefox with noscript enabled the first time I visited the site.
A little late to change it up now, just telling you what went through my mind.

2. have more content when you're first trying to get people to your site.
When I first went there was one article, and the front page wasn't really looking good. Not really going to build an audience that way.

3. Jolene kind of covered this one. On a lot of forums, its considered bad form to "pimp" your own content.
Posts that do nothing but drive traffic to your site aren't cool, particularly for a newb.
Participate in the community. Start conversations. Put the link to your site in your sig.

4. The username and thread subject you chose are unnecessarily inflammatory.
You start out with two strikes being a nube here. The models, because of experience, are paranoid and kinda rude to newbies. The username and subject just make things worse.
Obviously you dont think this is a problem because thats the name of your blog. It doesn't sound to me like a place to discuss what could be improved on mfc.


Dont know if you're familiar with the site plaintextoffenders.com. It has a nice faq for users and devleopers about why plain text password storage is bad. It names and shames plain text offenders. MFC was posted to their list in November 2012.

 

[weirdbr]

Does anyone know the account owners affected or come across anyone who claims his or her account was affected or was the cousin's dentist's brother-in-law of someone who heard his neighbour's uncle's account was affected? Someone brute-forcing every possible account trying "password" doesn't have anything to do with MFC's relative security.

IMHO that whole mess wasn't necessarily brute-forcing (or brute-forcing only) - with the high level of password reuse across services, I wouldn't be surprised if by now there's user/password lists available for those with the right contacts. Plus, (ab)use hotmail and you can retrieve a lot of passwords for people who let their hotmail.com accounts expire.

And MFC's relative (lack of) security does have an impact on the effectiveness of brute-force attacks - I bet the site doesn't implement simple features like login rate limiting and/or captchas after multiple failed logins, no blacklisting of IPs sending a high number of failed login attempts per unit of time, etc. The password form doesnt seem to enforce any restrictions in terms of minimum length or complexity as well, which makes it even easier to brute-force the site...

 

[mfcsucks]

Hi.
I've seen your posts over on /r/myfreecams and your reply to me in the mfc's advertising post on reddit.

a few thoughts.
1. the domain name is kind of fishy to most people. I ran a securi sitecheck on it, checked it manually with a web based text browser. And even with it looking ok on both of those checks, I still used a VPN, and used firefox with noscript enabled the first time I visited the site.
A little late to change it up now, just telling you what went through my mind.

2. have more content when you're first trying to get people to your site.
When I first went there was one article, and the front page wasn't really looking good. Not really going to build an audience that way.

3. Jolene kind of covered this one. On a lot of forums, its considered bad form to "pimp" your own content.
Posts that do nothing but drive traffic to your site aren't cool, particularly for a newb.
Participate in the community. Start conversations. Put the link to your site in your sig.

4. The username and thread subject you chose are unnecessarily inflammatory.
You start out with two strikes being a nube here. The models, because of experience, are paranoid and kinda rude to newbies. The username and subject just make things worse.
Obviously you dont think this is a problem because thats the name of your blog. It doesn't sound to me like a place to discuss what could be improved on mfc.


Dont know if you're familiar with the site plaintextoffenders.com. It has a nice faq for users and devleopers about why plain text password storage is bad. It names and shames plain text offenders. MFC was posted to their list in November 2012.

I'm not a professional web publisher or so. Thats why i did not prepare a lot of content and then make it public.
Maybe i'm just to stupid to understand how it works.
Of course, i'm looking for some traffic to have my thoughts in public, but as i have written already, i didn't want to spend money in a domain or so. So i had to take what my hoster offered me.

I'm kind of unsure if i should go on writing the blog. As i have seen after this short time, most of the people do not really care about their passwords.
But the blog is not only about the passwords, as you have maybe seen. Maybe it's still worth to invest some time.

 

[justjoinedtopost]

Hi.
I've seen your posts over on /r/myfreecams and your reply to me in the mfc's advertising post on reddit.

a few thoughts.
1. the domain name is kind of fishy to most people

4. The username and thread subject you chose are unnecessarily inflammatory.

These two in particular. When I threw caution to the wind and clicked the link, at best I expected an angry fuming rant. Not things like "it would be nice to have a feature where we could give models birthday presents" :lol: . I love this guy.

 

[Alexandra Cole]

I'm kind of unsure if i should go on writing the blog.

You should. The name isn't great, but your feedback's fair.

 

[ACFFAN69]

What is to gain from hacking a members account? Nothing, so you wouldn't hear it happening to them for that reason.

What about a models account?
1) Identity theft - in which case the model wouldn't know how the member got that information so wouldn't know to complain about the plaintext password issue. In fact she wouldn't even know she was hacked.
2) Someone could get information that could allow him to stalk or dox a model - a model would only know someone was able to get her info, she wouldn't know she was hacked.
3) To troll a model. Messing up her profile page, the hacker going on her cam, etc - There isn't a lot to be gained doing this. Especially for the amount of work it would take (the hacker would actually have to leave his house and travel to a public event).

So it is no surprise that we wouldn't hear about it much.

 

[bsurs]

One of my fellow regulars in a room had his account hacked last year. It took MFC about 4-5 days to give it back to him. I'm not sure if he ever found out how it happened.

 

[mfcsucks]

Some models set up a minimum for tips in their room. I never understood what this is good for, but it exists.

There are two ways to tip a model. You can click on “Tip” to open the tip window or you just type for example “/tip 20″ to the room as explained here (must be enabled in Personal Options).

But here the pain starts. MFC does not tell you if there is a tip limit and if yes, how high the limit is set up.

Read more: wp.me/p5YIS9-1w


PS: Better? :-D

 

[mfcsucks]

Dont know if you're familiar with the site plaintextoffenders.com. It has a nice faq for users and devleopers about why plain text password storage is bad. It names and shames plain text offenders. MFC was posted to their list in November 2012.

Looks like the website is not updated since a long time and the posts linked at facebook are deleted.

 

[Sevrin]

Dont know if you're familiar with the site plaintextoffenders.com. It has a nice faq for users and devleopers about why plain text password storage is bad. It names and shames plain text offenders. MFC was posted to their list in November 2012.

Looks like the website is not updated since a long time and the posts linked at facebook are deleted.

Not all that long ago.

 

[JerryBoBerry]

Dont know if you're familiar with the site plaintextoffenders.com. It has a nice faq for users and devleopers about why plain text password storage is bad. It names and shames plain text offenders. MFC was posted to their list in November 2012.

Looks like the website is not updated since a long time and the posts linked at facebook are deleted.

Not all that long ago.

That's SO 5 minutes ago! :character-blues:

 

[justjoinedtopost]

Some models set up a minimum for tips in their room. I never understood what this is good for, but it exists.

But here the pain starts. MFC does not tell you if there is a tip limit and if yes, how high the limit is set up.

Read more: wp.me/p5YIS9-1w


PS: Better? :-D

Again, it seems you have raised another good point. I have not seen this for myself, but I will look.

 

[Nordling]

Some models set up a minimum for tips in their room. I never understood what this is good for, but it exists.

There are two ways to tip a model. You can click on “Tip” to open the tip window or you just type for example “/tip 20″ to the room as explained here (must be enabled in Personal Options).

But here the pain starts. MFC does not tell you if there is a tip limit and if yes, how high the limit is set up.

Read more: wp.me/p5YIS9-1w


PS: Better? :-D

So minor a "problem" that it doesn't really need to be posted about. You encounter it once and then you know...you lose what? 2 seconds? No site is going to be perfect, and the programming needed to fix this may far outweigh your "pain."

 

[PunkInDrublic]

What is to gain from hacking a members account? Nothing

I don't know about this. I could see a list of member accounts being way more valuable than a list of model accounts. At least with camsites that have the one click purchase option. Model accounts are only really valuable to the model. Nobody would want to buy them. Member accounts would probably be much easier to sell really quickly. Would also be way faster and easier to get money from the accounts of members. Hacker sells the list and the buyer does the dirty work. Buyer has plenty of options after he finds the accounts with active credit cards attached. He could set up an account with a looped video, find a model to be his partner in crime, try to sell the good accounts from the list for a higher price and probably a bunch of other options. Would be a race against time for the buyer to get as much money as possible before the member and model accounts involved are banned or until the card is declined. Or he could try to just take small amounts and hope the person doesn't notice. I bet a decent amount of the guys that have fraudulent charges on their cards at pornsites just take the loss and either close the account or change passwords. Too embarrassed to dispute the charges. Chargebacks would still be the buyers biggest worry with most options I'd guess. Buyer could even just sit around getting privates all day until he runs out of accounts. Pretty wacky sounding hypothetical situation but who knows, I'm sure stranger shit has happened in the camworld at some point.

 

[JerryBoBerry]

Some models set up a minimum for tips in their room. I never understood what this is good for, but it exists.

There are two ways to tip a model. You can click on “Tip” to open the tip window or you just type for example “/tip 20″ to the room as explained here (must be enabled in Personal Options).

But here the pain starts. MFC does not tell you if there is a tip limit and if yes, how high the limit is set up.

Read more: wp.me/p5YIS9-1w


PS: Better? :-D

So minor a "problem" that it doesn't really need to be posted about. You encounter it once and then you know...you lose what? 2 seconds? No site is going to be perfect, and the programming needed to fix this may far outweigh your "pain."

Yeah, as soon as you try to tip less than the minimum amount the model has set, it tells you what the minimum is. Non-issue there.

 

[HiGirlsRHot]

What is to gain from hacking a members account? Nothing

I don't know about this. I could see a list of member accounts being way more valuable than a list of model accounts. At least with camsites that have the one click purchase option. Model accounts are only really valuable to the model. Nobody would want to buy them. Member accounts would probably be much easier to sell really quickly. Would also be way faster and easier to get money from the accounts of members. Hacker sells the list and the buyer does the dirty work. Buyer has plenty of options after he finds the accounts with active credit cards attached. He could set up an account with a looped video, find a model to be his partner in crime, try to sell the good accounts from the list for a higher price and probably a bunch of other options. Would be a race against time for the buyer to get as much money as possible before the member and model accounts involved are banned or until the card is declined. Or he could try to just take small amounts and hope the person doesn't notice. I bet a decent amount of the guys that have fraudulent charges on their cards at pornsites just take the loss and either close the account or change passwords. Too embarrassed to dispute the charges. Chargebacks would still be the buyers biggest worry with most options I'd guess. Buyer could even just sit around getting privates all day until he runs out of accounts. Pretty wacky sounding hypothetical situation but who knows, I'm sure stranger shit has happened in the camworld at some point.

I'm curious does MFC store members email address, and real life addresses, reward points as plain text? In addition to the credit card scams, just having a contact info of members with lots of reward points (aka whales) would be quite valuable for somebody starting up any type of camsite or sex industry info. Of course if you have their password info than you can always log on and get it.

 

[HiGirlsRHot]

They don't do anything for their users. Just take their money.
During the years i got some experiences and now i started to write them down.
Specially the security thing is so important but they keep the doors wide open.
If we reach enough users, maybe we can change some things. *dreaming*

Curious. If you feel they didn't do anything for you and other users, why did you stay years?

I feel the same way. I stay because I like watching camgirls and I like the social aspect. As bad as MFC is, it does two important things right. It pays the models a reasonable amount, and it actually pays them on time for the most part. On time payment seems to be something other camsites have trouble doing it. It also provides a platform that lets models get creative, and that results in all kinds of creative entertainment. I understand why models are loyal to MFC, they enable many of you to make a good living and have a ton of flexibility in your life.

However, as far as members goes it really does nothing. I've been a been member for just over 3 years, and I'm still waiting for being able to do something with the tens of thousands of reward points I've accumulated. "our Reward Points never expire and never get used up. We look forward to offering more features that will utilize Reward Points.' I spend more on annually MFC than I do with any other company except for Costco (I seldom go to grocery stores). I'm routinely delighted with Costco's costumer service, as well as other companies like Amazon and Schwab that I do a lot of business with. MFC is like your cable company, or United Airlines, generally awful service but you are often stuck with them.

Of the 1/2 dozen models, I first visited/tipped regularly only one is still camming three years later. So I am in fact likely to be more valuable to MFC over my lifetime, than all but consistent top 250 models. Frankly it piss me off that unless I am intending to tip, or talk, I am always better off perving as guest than as premium. I do get better support as somebody with high reward points than a 0/20 (I think), but that just raise the level of MFC support from awful to uneven. Sometimes I get good help, often my questions etc go into a black hole.

But my whining about lack of special privileges is nothing compared to the serious privacy and security holes, MFCSuck has talked about on his blog.

 

[justjoinedtopost]

Some models set up a minimum for tips in their room. I never understood what this is good for, but it exists.

But here the pain starts. MFC does not tell you if there is a tip limit and if yes, how high the limit is set up.

Read more: wp.me/p5YIS9-1w


PS: Better? :-D

Again, it seems you have raised another good point. I have not seen this for myself, but I will look.

Ok, now I have seen for myself. As some have said, it is a rather small thing. But you are right mfcsucks. This could be improved. There should be a way to let people know ahead of time the minimum tip.

 

[mfcsucks]

Flash is dead – Use HTML5

MyFreeCams uses the Adobe Flash Player to show their videos and make the chat run. But we all know, that the Flash Player has many security issues. Adobe – and you! – have to update the software many times every year. If you are using Google Chrome as browser, the Flash plugin is part of the browser and you get this updates when you update your browser. But not all reported bugs get fixed in time.

Read more: http://wp.me/p5YIS9-B