?suspicious request for access

jo_b · March 22, 2021, 9:20pm

I am admin for our project. I received a TRAP-NZ-generated email request from a person asking to join our project. It was name we didn’t know, so did a quick Google search to find he had a blog site with what I regard as dubious content. I suspected hacking or address harvesting…, not inclined to grant access.
Now I log on to TRAP.NZ and there is a well written, reasonable request for trapping data for a uni project from this person. Now, the request looks legitimate, & I can grant access on that basis.
But it raises several questions.

How secure are the names and addresses within TRAP.NZ? I presume, within-project, all members can “see” each other. Can members harvest a list of names and email addresses?
I recognise that there are different levels of security against hackers, but are these identifiers reasonably well protected from external attempts to access?
I’ve noticed that I cannot go back and edit my own name. When you’re just new to the site maybe you’ve not aware of how/when the different identifiers are used. It would be good to be able to edit them.
Thanks.

Wak_Trapper · March 24, 2021, 1:17am

Hi,

By default users with no roles can only see and edit their own traps, this is the default we use in our group. The locations of other members traps isn’t really needed, unless its a shared line maybe. But then the admin could allocate traps to members.

But this article explains it better than I could:-
https://trap.nz/help/managing-permissions

Thanks…Gary

andy.saunders · March 25, 2021, 2:54am

Hi Jo,

You can change your name in the My Account page.

Andy

dan-editor · March 25, 2021, 3:38am

Hi Jo

Just to clarify - project members can not see each other. Only project admins have (necessarily) access to a list of names and emails of the members of their project.

If you choose to make your project publicly listed, then anyone who has created an account in Trap.NZ can request to join it. There is no hacking or address harvesting involved, but unfortunately, some people will try and use this as a mechanism for generating spam.

It is possible also that people may have even more malicious intent in mind - such as animal rights activists attempting to find the locations of traps, etc. As a project administrator, you do need to be careful about approving join requests, and you should certainly not assign roles to anyone you don’t know and trust.

Dan

Wak_Trapper · March 30, 2021, 6:17pm

One thing I have raised in the past, is that when you use Trap lines and mark them in a map.

Any member can see those lines (Not the trap locations, but knowing the line to follow makes it pretty easy to find the traps)

We stopped using Traps lines in our project because of this reason.

Thanks…Gary

jo_b · April 11, 2021, 9:44pm

Thanks Andy. I was trying to do that on the Members page, not My Account.
Now done
j

andy.saunders · April 13, 2021, 12:38am

Point well raised Gary. We’ll follow this one up.

Note, some projects use lines without adding the geo data, that means you can still see the lines in list form, and click through them in line order on the app.

Wak_Trapper · April 13, 2021, 12:58am

Thanks Andy, yes this is what we do.

We have removed the Geodata, we have heard that some people like to destroy traps so given them the line to follow is dangerous.

I think the line data should only be available to the assigned person oand not to all members.

I think at present you can’t assign lines to people in the group.

Thanks…Gary