PRIVACY ISSUES

1. Your online activity can be easily tracked down, even by people who are not your chess friends, members or logged in and it is very simple. When someone knows your account's nickname, he can visit https://www.chess.com/member/NICKNAME and by this method he will see when you were online last time. This way can help him to gain a details about your daily regime. And that can be used for stealing from your home or stalking for example.

2. Every game stores chat history separately without expiring (so far I see), which is not very secure too.

3. I saw a claim that this platform is private and secure, but i don't think it is a true. If you want to improve privacy of this platform, you should implement E2EE to your chat and onion clone of this site could be nice too.

What kind of things are you chatting about on a chess site that would require that much security?  How much would you be willing to pay for such features?

There's no way to track an account to a real person unless you provide those details to someone. If you have a unique username and don't provide personal details, a random person can't do anything.

With mobile devices, that can be used anywhere, knowing when you're online or not online isn't very useful either.

Finally, only Daily chat is saved, only you and your opponent can see it, and if you're not sharing personal details, you have nothing to worry about. Live chat can be seen, but isn't saved.

Daniel 2340

This platform is like social network and I know, from my ownk experience, that people are discussing a lots of different and personal things here.

And I am not going to pay a penny for using this platform, because there is only monthly option and they are not even accepting cryptocurrencies I am contributing by my own way, by helping to develop this portal with my own time and knowledge.

Martin_Stahl

It is not true. They can see your nickname easily, when you're playing for example, or someone else who knows your nickname, can provide it to unwanted person. Ex-boyfrend, players which are ussualy plaing with you, or someone can pull it out from your friend list, or list of daily games, when they know, that you're sending challenges only to your friends. And it's not just about tracking account to a owner. It is about being tracked by people who already knows the account owner And thats far more dangerous.

And it is very dangerous, when people can figure out your daily routines, or see when you are currently online. It can be missused by many ways. I know that very well, because I am a security researcher and I know about lots of examples about this stuff.

Daily chat is saved and it is not very good practice It should be erased after some time. Only you and your opponent can see it and everyone who got acces to that database. Of course there's no problem when you're not discussing a personal things, but it could be problem when you do, so you must be carefull and it is not very comfortable.  And how you can see a chat history if it is not saved ?? It is a nonsense.

I am a security researcher and I know this is a security and privacy issue for sure, while solutions are pretty simple. At least, they should add an privacy option to turn off my online status. I don't want my former friends and other people to track my online activities.

Consider if you will. Everyone connects from a server that's up to one or two hundred miles from them (except proxies and VPN) And most use a fake avatar.

Most people think they are protected just because of what they say.

The only thing that protects you is you (don't chat do not tell friends who you are or where you live) A VPN can hide your public IP you can disable your web browser from leaking your devise IP (you do use Mozilla Firefox)(because Microblow Edge can't)

but nothing can protect you from what you say.

ericthatwho

and what if I am playing with people I know , they know me, and thats the reason why we play together ?? Think about it One simple option could solve the problem. I don't need to expose my daily regime to peple I don't know and even to those I know. For example, FB is privacy nightmare platform and still noone is able to track your activities, i you don't let them. And being able to do that even without need to create an account is sick

Just don't tell them anything.Just because you know someone does not mean they are good.Besides if there your friends they would not come over.

Say nothing to anyone online

Not 100% sure this is still possible, but it has been in the past.

https://support.chess.com/article/2017-how-can-i-pay-with-cryptocurrency

Again, the only meaningful tracking is if your op sec allows it.

• If you're that concerned, you won't connect to anyone you know in real life, or if you do you won't let them know it's you. 
• You won't provide any data about yourself that is trackable in any way; not on your profile, not in messages, not in chat

As I said, Live chat is not stored, and if you're really concerned about Daily, don't share information you wouldn't want tracked. The database discussion isn't a valid one. If someone gets ahold of the databases, they have much more information and aren't likely going to be concerned about a specific person to be parsing the Daily chats for information.

The simple fact is you shouldn't share any personal information if you're that concerned. Being anonymous is fairly easy, if that's what a member wants to do and it starts and ends with the member.

Regarding your last suggestion, I believe that may be something that is going to be added at some point.

Martin_Stahl

Your advice is very limiting and thats the reason why it is stupid, while solution is very simple. I want to connect with people which I know from the real life in a first row. And what if I am playing in public places or while working ?? I repeat, your solution is very limiting, while security of this platform should be improved instead of stupid excuses. I saw some quotes on this page about how it is private and obviously it is not true I know, now you are going to tell me, that if I want to be really secure I should not play at all. }XD XD I don't care about such a useless advices, while this platform is flawed ..

calling people st**** takes a low class act. On that I'm gone

ericthatwho

I was not calling anyone stupid, I was calling that advice stupid and useless, because telling someoene to not share their personlal info, while that person is trying to improve a platform's security is really useless and stupid excuse

If you want to remain anonymous online, you don't share any identifying information online. It's as simple as that. You also minimize your exposure as well by practicing good operational security, such as making sure no one shoulder surfs your screen, use unique emails for services, use VPN, etc.

Your information is as private as you make it. The site isn't showing anyone private communication and isn't forcing you to post any private information.

Martin_Stahl

OMG. That stupid advice again. Why you are still repeating these nonsenses and useless excuses ?? I want to play with people I know and it is a same case for most people using this platform, so this is not  solution at all. And how you want to protect well known grandmasters by this way ?? Should they play their tournaments anonymously as well ?? btw. if I know someone's daily regime, I can use it to gain advance of his early or late games. It is a better chance to win when I know he just woke up, or I'll see he is already tired because playing whole day. And I must ask myself why is that nonsense even there. Why should someone else know when I was online last time. What is it good for, how it helps to improve my game or my joy of it. These are just rhetorical questions. It is good for nothing. It is absolutely useless and it exposes my privacy, for no reason. Trash function. "The site isn't showing anyone private communication and isn't forcing you to post any private information." In fact it is forcing me to share information about my online activity without any option and that is a private information. So your claim is false again. With this access to security I doubt, they can even protect data on their servers
And I don't need your lectures on opSec, because I know lots of about it, while it is obvious that your arguments supports security flaws on this platforms. You should put these lectures on that page, where are the false claims about the security and privacy of this platform instead And I doubt you want to watch your back all the time while playing chess. It is a just another stupid advice, which is reducing your focus and quality of your game and it is very limiting again. I ussually play at my work place, while sitting at a crew room. Should I turn off the screen every time when someone else enters ?? By that way I will lose lots of games.
Solution is pretty simple. One extra option in privacy setting or disabling that useless function at all.

So please, don't waste my time with these absolutely useless advices. I have no use for it. I am just trying help to improve security of this platform and thats the reason why your advices are completely useless. Most of the people using this platform want to play with people they know, so it won't help them either

red

problem is not about giving up the adress, most of it is about protection from people you know

Nice troll. 

I'll try to hit the salient points that I've left. Titled players have to provide their details to the site, but can remain anonymous (by not sharing any personal information on their profile, chat, etc) if they want to, and in fact, many do. There are plenty of topics with people posting speculation about who a particular player might be. Now, if they want to play in some events, such as Titled Tuesday, they do have to have that information in the open.

The online function is there so people know when a player is on, so they can play games or chat. Again, it's my understanding that a privacy option is in the works to hide that when online, but don't know when it will be available.

Also, most people on the platform that want to remain anonymous don't share personal details and probably don't play at work

Finally, most of my posts are not the stance of the site, just my informed thoughts on the posts.

How is Martin still not triggered by this troll

Martin has the patience of Job...