sls WayneC --Account issues/account access

"take other actions we deem necessary"

It's a catch all. It says we can do what we want.

And they're not logging in as you anyway. To do that they would need your password. Which they don't have. It's obfuscated in the DB.

What they're doing is impersonating you. It's recorded differently in any logging to show that it wasn't you but the admin impersonating you.

As long as they're not using shared admin accounts (or at least using sudo or some other IAM tech) it would be trivial to find out who actually performed the action.

And I guess you don't read carefully.
Monitoring your data includes accessing your data. But logging in as you is a different matter.

Where did he ever say he acted on someone's behalf?

And I guess you don't do contracts. Because the section I posted basically says they can do what they want. And the TOS says they can change the definition of that anytime they like without notifying you.

So, unfortunately, you agreed to let them do whatever they want with your account.

BTW, check Facebook, Twitter, TikTok or any other website out there. They basically say the same thing. They can access you data whenever they want with no notice.

Their privacy policies might say they won't sell your data. But that doesn't mean they can't access it.

Monitoring your use of the website, including the posts and messages you send, is one thing. But logging in as you (as Wayne has repeatedly claimed he does) and acting on your behalf is a different matter.

Furthermore, although not knowing HOW they login as you, knowing how poorly this site is run, including the inabilities of the developer(s), it would not surprise me one bit if users' passwords are stored in cleartext in their system.

Check out the TOS by scrolling to the bottom of the page and clicking on Terms of Service. There are several spots where they state they can access your stuff. Essentially for any reason they want.

For example

We reserve the right in our discretion to: (i) monitor your use of the Website, your Profile and Facilities, any communications made on the Site, and Content transmitted through the Site, (ii) restrict or foreclose access to certain Internet sites or other resources; and (iii) take other actions we deem necessary to protect our Members and the Site. Due to this monitoring, you cannot expect that communications through our Website will remain "private" or otherwise free of our review. Please refer to our Privacy Policy for a precise statement concerning your expectations of privacy.

We know in the past our account was accessed without our permission and our private messages were read. This was admitted by SLS staff when asked directly. They stated they had the right to do such. So nothing you do within your account is actually private.

Well. Well. Here’s a legal dilemma. All of these comments to this concern have to do with corporate environments where the user is either using supplied computers and network/ data access to facilitate work related responsibilities. The user has no privacy when using corporate/ business material, supplies, equipment or access. And, YES. Shame on you for personal conduct no meeting the standard of the business as you have no guarantees and rights to anything. Using your own computer but using corporate Internet access is a bit different and all “intrusion” activities stop at the users hardware. However, and this is a however, paying for a service and being compromised by employees who have not been granted access to your space is a complete different problem. Service providers always as permission and have you express it. If what Wayne is doing is true, he’s got issues. I too would like the answer to this question. This Forum is getting more and more BS as more and more users start making inquiries.

It's not different at all honestly. Take a look at the T&Cs and I'm sure you'll find we all agreed to them having access to our data.

AandJ-- Not being familiar with what your environment is, but as a former Sys/Net Admin, I agree 100%-- in a corporate environment. But that's also an environment where if a user has personal information on the corporate intranet/extranet/equipment, well.... that's on that user for doing such. I have also, in that environment, logged in to user accounts for the same reasons you stated. This environment is nothing but personal information and not a corporate intranet so is very different. No one but the authorized account holder/user should be able to login to the actual account without first having to grant permission that would issue a one time/limited time token for troubleshooting. That doesn't seem to be the case here and I find that disturbing.

It's not unusual for support personal to be able to impersonate specific users. This is a feature granted to administrators in many software products.
My support teams use it daily when troubleshooting user issues. We usually use it to confirm the user has the access/rights required to perform whatever function isn't working properly for them.

It can also be used to rule out the users local environment as the source of the issue. So if it works as intended when the support person impersonates the users that almost always points to a local issue on the users end.

Wayne-- All other site/performance issues notwithstanding, I would like an answer to the question regarding SLS employees being able to log directly in to individual user profiles...? Thanks.

I thought the exact same thing after seeing him post multiple times that he logged into users accounts.

lol@ sorillo

In before the topic lock...

sls_WayneC-- I find it disheartening that the majority of your responses in here seem to be "we can't replicate the issue." As former IT, when I am having SLS issues, I will try on multiple devices, browsers, connections, etc. And ALL yield problems. With the number of users who have issues, the problem is obviously on SLS's end, for whatever reason. Furthermore, I have noticed you state several times [paraphrased] "I have logged in to your account and everything seems to be working. Mail. Messages. Pictures. Hot Dates. Etc." Are you saying that, at any given time, SLS employees can just log in to any users account and browse it freely? Is that correct??? If so, that is VERY disturbing and highly insecure and highly irregular. How about the next time you do that, you send the user in question YOUR login information (for both your SLS support account and any personal account you may have) so the user can login to YOUR account and see if the problem when logged in to their account still presents. 1) It's only fair. 2) Could help determine if issues are account-related (ie: EVERYONE'S account/device except for yours), or something else.

Ultimately, what we would all like is an HONEST answer and timeline for fixing things. If you feel the site functions well 90 plus percent of the time, then I assure you--you are the ONLY person having that experience.