Our first news! Security note, new features and Christmas wishes

Published: 2017-12-22
Last updated: 2017-12-22

Hello dear SwitchCounter alpha-users,

this is Cyan from CRNTech welcoming you to our first edition of SwitchCounter News!

With these mails we are going to inform you about the latest news and features around SwitchCounter.

Security note: Switches table on your public profile page

But without further ado, first for the most embarassing anouncement: Between November 26 and December 15 switches were publically visible on your profile pages. Since we only told a small select number of people about SwitchCounter for the current alpha testing stage, we don't think it's likely anyone accessed your data, but we can't tell for sure - another thing we found out is that our logs aren't saved on the server.

The problem occurred when we lost a condition that limited access to the switches table to only the correct user. Once we noticed we immediately replaced it.

We are super sorry about this!

In order to prevent mishaps like this in the future we improved our automated tests to systematically check user access rights. We also added more tests to check that switches are only visible for the right user. In addition we are looking into how to store and process the logs from Switchcounter in order to monitor for unexpected site accesses and inform you better in the future about effects of potential future bugs.

Over the months SwitchCounter grew from humble beginnings to a quite large code base written in Ruby on Rails and Javascript. If you would like to help us to perfect our code (as well as add new features), please drop us a line! We'd love to collaborate.

Features features features

But~ let me tell you a bit more what we have been adding other than bugs. ;p

News

We (as in the site admins) can now send mails to all our users - in shiny HTML, too! You can access all the news on the webpage as well. Check out the new news section!

switchcounter.science

Yes, we got a proper domain now. :D For the time being it's only forwarding to the current heroku-subdomain, but once we feel ready to share SwitchCounter with a larger audience it'll be properly reachable via the new domain as well.

Privacy settings

Do you know you can configure what others can see of you? Check out the "View privacy" and "Data privacy" tabs in your settings. Check out our user page to see what information are shared.

This is all from us for now. We wish you a merry Christmas and a great start into your new year! Cyan, Rainbow & Munin

Back