unyk.com- is it a secure site? (monitor, email, server)

[BonVivant]

Someone I know sent me an invite to add myself to their addressbk at unyk.com. UNYK – Address book The site seems legit enough to my untrained eye, but a friend (not too reliable in such matters) said it never has 'https' in the url, on any page, so it's not secure. Thought I'd ask here before I signed up there, maybe one of you has used this site and knows better?

[swagger]

It's a Canadian site.

Quote:

Registrant:
UNYK Inc.
1010 De Serigny
Bureau 820
Longueuil, QC J4K 5G7
CA

Domain Name: UNYK.COM

I think your friend is taking you too literally when you say "secure". I'm guessing that you mean "legitimate" and "safe to use". If that's the case, then yes, it's fine. If you really meant "secure" as in "encrypted communication between your browser and the web server", then your friend is right and you need to see an "https" at the beginning of any such URL. Note that sites don't always use SSL (the technology behind https) for every page on their site. Actually, to do so would be somewhat foolish due to the overhead this creates on the server and the needlessness of doing it for every page on a site.

[Naptowner]

It's more likely that as soon as your friend imported his address book into the site, it sent everyone in it an email inviting them to sign up. The site is probably harmless enough, but the bigger question is whether it's worth signing up.

[thecoalman]

An https connection encrypts data being sent between your computer and the server so if it's intercepted in transit by a third party they can't read it. It does not necessrily mean the data is secure once the server receives it.

[unykally]

As a member of the UNYK team, allow me to respond to your various comments.
UNYK is 100% secure, legitimate and safe to use. We pride ourselves in our respect of our users' privacy and in the safeguarding of users' personal information. UNYK is certified TRUSTee, which is a guarantee that your data is safe (see our privacy policy for more details: UNYK – Privacy Policy)
As for the emails, UNYK does not spam. Every email that is sent through our server has been sent because the user has chosen to send it.
UNYK is worth signing up, and I encourage you to at least try it out. We already have 12 million users all over the world. Try us out and feel free to send your comments through our blog: blog.unyk.com.
Thanks!
Aurelie, Communications specialist, UNYK.com

[thecoalman]

Nothing is 100% secure and to suggest that is almost as foolish as starting a company to protect people from identify theft and publish your Social Security number to prove how good you are.

ID theft CEO has identity stolen - TODAY: People - MSNBC.com

From your Privacy Policy:

Quote:

We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security

.


--------------------------------

Quote:

UNYK is certified TRUSTee, which is a guarantee that your data is safe

I don't give much credence to any "certification", in any event as I understand it the TRUSTe certification is a non-profit that monitors how you use peoples personal data. They are not guaranteeing it is safe from hackers unless i'm mistaken and it would be foolish anyhow (see above).

I'm not suggesting your company engages in such practices but to further bolster my reason for not trusting such certifications here's an interesting article about a study from Harvard economics researcher Ben Edelman who specializes in such topics:

Researcher says TRUSTe-certified sites more likely to be deceptive - Ars Technica

Quote:

Harvard economics researcher Ben Edelman conducted a study (PDF) to determine if sites certified by TRUSTe, a nonprofit organization that analyzes privacy policies, really respect user privacy. Using MacAfee's SiteAdvisor tool to compare almost 1,000 TRUSTe certified sites with over 500,000 non-certified web sites, Edelman discovered that "TRUSTe-certified sites are more than twice as likely to be untrustworthy as uncertified sites."



According to Edelman, the problem is that private certification organizations are reluctant to lose potential certification renewal revenue by revoking the certification of a client. TRUSTe claims that it "systematically monitors the practices of seal program participants to ensure that ongoing compliance with posted privacy statements" and that it provides a Watchdog Consumer Dispute Resolution service so that individual users can post complaints about sites that violate privacy policies. According to Edelman, despite "the 3,416 complaints [about certified sites] received since January 2003, TRUSTe concluded that not a single one required any change to any member?s operations, privacy statement, or privacy practices, nor did any complaint require any revocation or on-site audit." Edelman also points out that "only two certifications [have been] revoked in TRUSTe's ten-year history."

Hardly reassuring. I'm not suggesting your site is insecure, I'm sure it's as secure as your server admins can make it. Nor am I suggesting you may use peoples data. What I am suggesting is you can keep the typical BS you'll hear from a lot of companies out of this topic.

[Don Quichote]

I also got this email - so said from a friend but in reality directly from UNYK. Any site that pumps all your contacts in Outlook without you knowing it is a dangerous spam generating site !I reported it as phising to MS but I don't think that will help. How can we stop this menace?

[BonVivant]

Quote:

Originally Posted by Don Quichote

How can we stop this menace?

Unfortunately I don't think we can. I still get these 'invites' every week in all my email accoounts, and for some reason despite reporting it as Spam, they still show up in my inbox!

[linicx]

I get none of those invites and I dump all junk mail unopened. That URL is an sart self-updating address book. I wouild not trust it for one minute. Get a Roladex. It's secure, it's personal and it is NOT on the internet. It's in your desk drawer.

[watcher66]

I do not see any reason why I should trust this site; one it does not use SSL, therefore, two, no certificates proving that a root CA trusts it. Just my $.02, but I wouldnt use it.