Community

Rasto · ‎12-30-2015

Hi All,

Just a suggestion (and this may not be the correct area for this post, so I apologize) but I'd recommend setting up the "Get Help" email/contact form to use https instead of http. The reason I'm suggesting that is when I had problems porting my number, I had to enter in my PIN, my account, my email, etc. Basically all the information an 'unscrupulus' user would require to take over my account.

Just as your login pages should (and do) implement https, I'd recommend the email/contact forms do as well.

Just my 2 cents,

Jason

7789849803 · ‎02-04-2016

Yay!! Finally! Something fixed, at long last!

NDesai · ‎02-04-2016

Happy to see that Get Help button link now redirects to https link.

Thanks PM for resolving this issue.

______________________________________________________________________
I am not a mod. Do not send me private message with your personal info.
If you need to contact PM Customer Support Agent, send a Private Message.

Rasto · ‎01-12-2016

Any idea when those changes are being deployed? I just tested it again from both Chrome & Internet Explorer & it's still using the http protocol.

David_J · ‎01-12-2016

Hello @Rasto (and @7789849803 , @Rockdaddy22 , @NDesai ) - we had our developers look into the issue and the contact form now defaults to https. For most people using the form this was the case, although we did find an outlier scenario which we have fixed. Thanks to all for the posting and discussion.

7789849803 · ‎01-04-2016

FYI for all - I just recieved a response from PM telling me that this is currently being looked at. Hopefully they'll fix it soon...

Rockdaddy22 · ‎12-31-2015

Welcome to PM @Rasto

7789849803 · ‎12-31-2015

@Rasto I think @David_J meant that this should not be happening and is currently being investigated. I'm sure he'll be back with updates once they've had a chance to look at the problem more closely.

Rasto · ‎12-31-2015

Thanks for the response, I love Public Mobile so far (only been with you guys a few days) so I just posted this to help keep our services secure. (I hope I didn't come across trying to be a jerk or anything, that was not my intent)

🙂

As far as the information being encrypted -> the email/contact form does an http "POST" with all of the information in the form in plain text, so any "man in the middle" attacks, etc. would be able to see that information. Again -> it might not seem like a huge deal, but it still means that our PIN & email, etc. are being sent across the wire in plain text.

I've attached a screenshot that shows the email/contact form using the http protocol.

Jason

David_J · ‎12-31-2015

Hi - the pages should appear all as https, and I will take that away to investigate fully with our developer team to see if some scenarios where the pages wouldn't be https.

Additionally, all the information is encrypted before being passed to the Public Mobile team for a response.

Lastly, we are working on a different process which eliminates the need to pass your account information via this web form.

Hopefully this helps answer your questions.

7789849803 · ‎12-31-2015

I'm fairly sure this is a bug - Contact Us pages were supposed to be secure in the first place. I'm writing to PM support now to get this fixed. I'll keep everyone updated on the progress as soon as I hear back.

NDesai · ‎12-31-2015

If you are talking about Contact us page, i see it https here.

EDIT: ohh i see, when i click Get Help, that is not https. But the bottom contact us page is.

______________________________________________________________________
I am not a mod. Do not send me private message with your personal info.
If you need to contact PM Customer Support Agent, send a Private Message.

Community

Switching the "Get Help" area to default to https