Re: Is Kindred Konnections mining our family trees? #latvia

Prof. G. L. Esterson <jerry@...>

Hi all,

Further to my posting about the above topic, and in response to several
persons who have posted about this topic or sent me an e-mail about it,
I want to make the following observations. These is based on a posting
by Leigh Compton, "Getting More for Less", which was submitted to the
RootsWeb Review. I apologize in advance for the length of this
posting, but I think that an important point needs to be made.

Under certain circumstances, it is possible for someone (or
"something") visiting your family tree web site, to obtain quite easily
a list of all of the files contained on that site, and then select one
or more of them to view in his browser. This means that, even if the
preparer of the web site makes some files "hidden", that is, files that
are not accessed by the normal site html software, the "hidden" files
can never-the-less be read by an intelligent outsider intent on
exposing secret material on the site.

Thus, a spider could obtain the file listing, check for those which
have the extension GED (which identifies a GEDCOM file), view that
file, and then use "Save as" to download the entire GEDCOM file to his
own computer -- in effect, mining your family tree! Scary, isn't it?

And if the webmaster of the web site has gone even farther, and
provided access to the GEDCOM files directly through other html
software, it is even easier for outsiders to download copies of those files.

Here is what Leigh Compton had to say:

"You can help to reduce the workload on the RootsWeb servers by
always including the full URL for your home page in links.

Assume that your home page is "index.html" and your RootsWeb
account is txpecos. Links to this page can be written as any of
the following:

1. <a href=3D"";>Pecos

2. <a href=3D"";>Pecos County</a>

3. <a href=3D"";>Pecos County</a>

A click on any of these hyperlinks will cause your home page to
be sent to the browser. There is, however, more work to be done
by the server whenever the incomplete version #3 is used.

When the full URL as in #1 is received by the Web server, all
that it has to do is read the index.html file >from the disks and
send it to the browser. If you have coded the URL as in #2, with
a slash on the end, the server notices that you have asked for a
directory rather than a particular file. So, the server looks at
its configuration file to determine which file in the txpecos
directory should be used (on RootsWeb both "index.html" and
"index.htm" are used as defaults). Then it retrieves the default
file (if you have one!) and transmits it to your browser. URL #2
makes the server do a very little bit more work, but it is almost

In case #3, however, the URL ends in "~txpecos" but has no
trailing slash. The server isn't sure how to interpret this, so
instead of retrieving the index.html Web page, it sends back a
little message to your browser that says "That doesn't really
make sense: did you mean `~txpecos/' with a slash?" Your browser
gets that message and sends back a new, correctly formed URL.
Using this kind of URL means that your browser has to send an
extra Web command across the network, and may even need to
reconnect to the Web server. That slows you down a lot and
increases the load on RootsWeb's systems slightly.

By using URL #1 or #2 for your home page, you are helping to
reduce the processing needed to view a Web page.

Using "index.html" or "index.htm" as your home page is a good
idea because it permits you to use URL #2, which is easier for
other people to remember. If someone uses URL #2 or #3 to view
your Web site, and you don't have "index.html" or "index.htm" in
your public_html directory, the server will display a listing of
all the available files in your directory. We strongly recommend
that you create a file in your public_html directory named
index.html or index.htm. You don't have to use this as your home
page, but it will prevent someone >from browsing through all of
your files."

Thus, all webmasters of family tree sites should always give the home
page file (the first file which is loaded when first visiting the site)
the name "index.html" or "index.htm". This will prevent the
presentation to the visitor of a list of all files on the site.

I believe it behooves all of us who have posted their family trees to a
web site, or who are thinking of doing so, to consider these factors,
particularly if we are concerned about the security of our genealogical



Prof. G. L. Esterson, Ra'anana, Israel=A0=A0=A0 E-mail:
=A0 ESTERSON, NORINSKY=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
Berdichev=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Ukraine
=A0 KRETZMER, SWEETGALL=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Zhaimel/Birzai=A0=A0=
=A0=A0=A0 Lithuania
=A0 HELL, WAGENHEIM=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
Riga/Bauske=A0=A0=A0=A0=A0=A0=A0 Latvia
Visit the ESRA web site:=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=

Join to automatically receive all group messages.