Jump to content

Looking for lots of opinions


Luckless

Recommended Posts

Hi all,

  If I wanted to do a puzzle cache and it involved playing a game on another website or doing some computations on another website to get he answer, would you be willing to do it? Would you be risking getting a virus or tracking cookies or malware? Would having an antivirus on your computer be enough for you to want to run it? Would it make a difference if it was a well used website by many others and not some flybynight?- maybe even get my own website, but not sure if I'd have protection with that? Am I even allowed to do that?

Link to comment

We run a Antivirus software and trust geocachers (Well, most of them), so I'd be willing to do it. I've done multiple puzzle caches that link you to a different website to get the coords. They tend to be pretty fun, mostly because you can do things you couldn't do directly on geocaching.com. 

Link to comment
47 minutes ago, Luckless said:

Hi all,

  If I wanted to do a puzzle cache and it involved playing a game on another website or doing some computations on another website to get he answer, would you be willing to do it? Would you be risking getting a virus or tracking cookies or malware? Would having an antivirus on your computer be enough for you to want to run it? Would it make a difference if it was a well used website by many others and not some flybynight?- maybe even get my own website, but not sure if I'd have protection with that? Am I even allowed to do that?

I would hesitate to use another site, even though I have a virus checker. I have not done some caches because of needing to go to another site that I don't know of.

  • Upvote 1
Link to comment
1 hour ago, Luckless said:

If I wanted to do a puzzle cache

 

"Do" as in publish, or do as in solve?


If the latter, and worried, just move on to the next puzzle.  If the former, I'd double-check the rules but you're probably okay.

 

Are we talking a hypothetical "standard" computer, say Windows 10 with expired trial anti-virus and generally non-geek users?  Probably safe; I think Microsoft has a decent anti-virus built-in nowadays.  As long as the game doesn't use Flash, a now obsolete and thoroughly dangerous plug-in that the latest browsers have definitively slammed the door on; there's newer and safer technology to take its place.

 

The psychology of a "standard" user as described above?  Who knows?  Some would, some wouldn't.  (Me?  I run a multi-layer hardened system, bring it on!)

  • Funny 1
Link to comment
4 hours ago, Luckless said:

If I wanted to do a puzzle cache and it involved playing a game on another website or doing some computations on another website to get he answer, would you be willing to do it?

Would you be risking getting a virus or tracking cookies or malware? Would having an antivirus on your computer be enough for you to want to run it? Would it make a difference if it was a well used website by many others and not some flybynight?- maybe even get my own website, but not sure if I'd have protection with that? Am I even allowed to do that?

 

The Help Center sorta tells what's allowed  or not.  Possible I guess that your thinking might be different than a Reviewers.  

If you didn't already, ask them.  :)

I don't click on anything I'm not familiar with, even though I'm pretty-much covered.  That don't want to test how good it's working kinda thing...

I used to get ticked off at members here just because they didn't say the link they included for a cache was pmo.  

Didn't want someone wondering why a guy six states over is looking at his carpy 1.5 traditional.  Of course that intrusive audit's gone now...

The Help Center says faceboook's okay (with the disclaimer), but I don't go on that or twiiter, and not about to join just to do a cache. 

 -   Maybe for others it depends on whether a single cache is worth it.  I don't.    We know people who had bad luck with dead drops too.

 

Edited by cerberus1
Link to comment
6 hours ago, HoochDog said:

No.  I don't install executables from sources I don't trust. Not worth it.
Build it as a web-app to make it more accessible. 

 

I don't think anyone's talking about installing executables. My take on the OP's suggestion is that it's something like a web-based game or puzzle where you click on things and get a visual or audible response. Stuff like Flash aside, which is now pretty much dead, buried and cremated anyway, I'd think modern browsers would be sufficiently sandboxed to prevent just looking at a website from downloading, installing and running a virus. I'm far from an expert on internet security, though, so I'll defer to those who have better knowledge of such things.

 

 

  • Upvote 2
Link to comment

The Mystery guideline says, "The cache page must provide information to solve the puzzle. The information to solve the puzzle must be publicly available."

We've all seen puzzles with links to jigsaw puzzle site, and as long they don't require flash, that's fine.

 

From the Mystery guideline, you get other links, probably the most germane,

6.9. Software, apps, and downloads

and links in cache pages, Cerberus1 post above.

If the website requires account creation, no.

If it could be considered a 'competing game" no.

  • Upvote 2
Link to comment

I'm just thinking about the time I downloaded some music into a well used website and told someone to look at it. They got back to me and said to send it to them in an email. When they went to the website all kinds of bells and whistles from their antivirus went off. I know if I go to a website without the "s" on https in the URL my antivirus tells me I could be heading for trouble- not that there is trouble- only that the website could be compromised because there is no security "s". The program I want to use is run as .html. I don't now how to make an app- not that computer savvy.

Link to comment

I have done several mysterys, which involved going to a website programmed by the CO and doing all solving all sorts of puzzles there. Most of them were a lot of fun, and I'd do it again any time.

I hope that with the normal built-in protection of my Win10 system (i.e. Microsoft Defender etc.) and my up-to-date web browsers, the worst thing a website can do without my intervention is to crash the browser tab. My assumption is, that malevolent hackers, who use bugs in web browsers to circumvent security and install malware on my system, don't use geocache puzzles as their vehicle. If this assumption is wrong, I might be doomed ;).

  • Upvote 2
Link to comment
23 minutes ago, Luckless said:

I'm just thinking about the time I downloaded some music into a well used website and told someone to look at it. They got back to me and said to send it to them in an email. When they went to the website all kinds of bells and whistles from their antivirus went off. I know if I go to a website without the "s" on https in the URL my antivirus tells me I could be heading for trouble- not that there is trouble- only that the website could be compromised because there is no security "s". The program I want to use is run as .html. I don't now how to make an app- not that computer savvy.

 

All https means is that data sent in between a client (your web browser) and server is encrypted before sending it across the internet.  That's important for sites which require a login an password.   It doesn't protect a user if the contents of a site are nefarious.  Although Groundspeak allows puzzle caches which use external web sites, there are restrictions.  One of them is that the site can't require a login.  Html isn't a program, but just a markup language.   Web pages that appear to be interactive more most likely using "javascript", which *is* executable in a web browser.  It's not inherently bad (the geocaching.com site contains a *lot* of javascript),  Flash and Java Applets are two other mechanisms for executing code in the browser and both are risky.   Downloading and installing something from a web site is the most risky and Groundspeak won't allow a puzzle to be published that requires such a download.  

Link to comment
4 hours ago, NYPaddleCacher said:

 

All https means is that data sent in between a client (your web browser) and server is encrypted before sending it across the internet.  That's important for sites which require a login an password.   It doesn't protect a user if the contents of a site are nefarious.  Although Groundspeak allows puzzle caches which use external web sites, there are restrictions.  One of them is that the site can't require a login.  Html isn't a program, but just a markup language.   Web pages that appear to be interactive more most likely using "javascript", which *is* executable in a web browser.  It's not inherently bad (the geocaching.com site contains a *lot* of javascript),  Flash and Java Applets are two other mechanisms for executing code in the browser and both are risky.   Downloading and installing something from a web site is the most risky and Groundspeak won't allow a puzzle to be published that requires such a download.  

NYpaddlecacher-  This website I'm thinking of using is java enabled and is probably used to run their games. I wonder if there is someone at headquarters who could look at my the webpage  before I publish it. Don't know about running it by a reviewer- would they be able to tell me whether or not it's a good idea.

Link to comment

Your local Community Volunteer Reviewer can help you in determining whether a particular website is acceptable, after looking at the page(s) you want to use.  We confirm that there is no account creation required, that there are not too many advertisements, etc.   A number of frequently used sites, like for online jigsaw puzzles for example, are already on a "whitelist" available to all reviewers.  Similarly, there are sites with lots of advertisements that are already on a "blacklist."  Anything not already decisioned can be reviewed under the published guidance linked earlier in your thread.

  • Helpful 3
Link to comment
2 hours ago, Keystone said:

A number of frequently used sites, like for online jigsaw puzzles for example, are already on a "whitelist" available to all reviewers. 

 

Is the list available on the Wiki somewhere, for CO's? That might save on double handling if a CO creates a puzzle on site A and is told it's not a suitable site, and they should do it on sites B, C or D.

  • Funny 1
  • Love 1
Link to comment

No, the guidance provided for Reviewers is not available publicly on a website by website basis.  There are many reasons why this is the case.  For example, maintaining a public list of competing geolocational gaming websites would serve as unintentional advertising for those other game sites.  For other sites, the guidance is conditional, meaning the answer can vary from one case to the next.

  • Upvote 1
  • Helpful 1
Link to comment
6 hours ago, Luckless said:

This website I'm thinking of using is java enabled

 

Possibly you meant JavaScript (generally fine), not Java (problematic).  They're quite different things, and years back some idiot decided to name one after the other.

 

Anyway, reviewers are probably your best resource for this, especially since they make the final judgement.  :)

  • Upvote 1
Link to comment

I have a cache that utilizes a website and a mystery theme to obtain coords, etc.   The site gets lots of geocache traffic.  So I guess plenty of folks think it is safe.

 

However, I don't interact with sites that do not show the padlock icon in the url bar.  The padlock indicates that the site uses encrypted data and you will usually see on ecommerce and banking sites.  Still, a questionable site could also show the padlock.  But having a secure site costs the site owner money to offer that level of protection.  The fact that the owner has posted the url on the geocaching site AND has paid precious $ to obtain the secure site encryption "padlock" is good enough to make me think that  visiting the site is not too risky,  and of course, download nothing.

 

If you want to know more about the security on the site, then click on the padlock to gain some insight.  

You can turn off acceptance of cookies in your browser before visiting a site for the first time.as another level of protection.   

Since you posted on this site, you must have had a level of trust.  Go ahead and click that locked padlock icon and then you can see the security certificate as well as the cookies that are set because you visited.  By viewing the cookies that are set, you can also make some decisions about the real purpose of the site.

 

Also visit this url published by Chrome to learn more about gaining knowledge about a site's safety.

https://support.google.com/chrome/answer/95617?visit_id=637478363619220888-2985360332&p=ui_security_indicator&rd=1

 

You could also copy the url and paste into the dialog box at this site to obtain possible nefarious content such as malware.

https://transparencyreport.google.com/safe-browsing/search?url=

 

And despite what precautions you may take, crooks will still find a way to get in your house.  Just do an appropriate level of due-diligence.

 

 

Link to comment
8 minutes ago, Chipper3 said:

However, I don't interact with sites that do not show the padlock icon in the url bar.  The padlock indicates that the site uses encrypted data and you will usually see on ecommerce and banking sites.  Still, a questionable site could also show the padlock.  But having a secure site costs the site owner money to offer that level of protection.  The fact that the owner has posted the url on the geocaching site AND has paid precious $ to obtain the secure site encryption "padlock" is good enough to make me think that  visiting the site is not too risky,  and of course, download nothing.

 

My personal website supports https and shows the padlock but I don't pay any extra for that, it was just all added free of charge by the hosting service I use when browsers like Chrome started insisting that sites consisting of just plain html text and images had to be encrypted. Unless the site is dealing with passwords or money, it's pretty meaningless and doesn't imply any extra commitment or honesty on the part of the website owner.

  • Upvote 2
  • Helpful 1
Link to comment
12 hours ago, Viajero Perdido said:

 

Possibly you meant JavaScript (generally fine), not Java (problematic).  They're quite different things, and years back some idiot decided to name one after the other.

 

Anyway, reviewers are probably your best resource for this, especially since they make the final judgement.  :)

 

As a point of clarification, neither javascript nor Java is inherently problematic.  Both can execute in the browser (Java as an Applet) and be benign.  Both can also be used for nefarious purposes.  About the only thing I see java applets being used for anymore are those in browser jigsaw puzzles.  

  • Funny 1
  • Surprised 1
Link to comment
On 2/1/2021 at 1:38 AM, Luckless said:

Hi all,

  If I wanted to do a puzzle cache and it involved playing a game on another website or doing some computations on another website to get he answer, would you be willing to do it? Would you be risking getting a virus or tracking cookies or malware? Would having an antivirus on your computer be enough for you to want to run it? Would it make a difference if it was a well used website by many others and not some flybynight?- maybe even get my own website, but not sure if I'd have protection with that? Am I even allowed to do that?

 

Absolutely. It is done all the time, not least with JiGiDi puzzles. And there are various caches based on JavaScript programs. It is not very different from googling for answers to a mystery.

 

What I would not do is to download a binary to run on my computer. Then there are no safety barriers to my data and not even a virus checker would help.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...