New system aimed primarily at matching newer sellers with buyers
So now it seems I have to wait two hours before I can bid for a job. This is extremely unfair. Not only do experienced creatives/designers have to compete with an unfair playing field, ie people offered to do a job for £10 when it is clearly worth £100, we are now not allowed to bid for jobs as soon as they appear on PPH. What kind of system is this?!
Awful. Unfair. Unprofessional. Discriminatory.
Regards
C. Howe
-
Michael, this is a very serious thing. Potentially thousands of people have had this email and may follow though and attempt to follow the malicious link.
I know you said it was your personal email, but it comes from the PPH domain, so it looks valid.
I think I'm probably more cautious than many on PPH and recognised the link was suspicious and the style and wording was suspicious.
Why haven't you warned everyone? Thousands could fall into this trap.
-
Well, the people on this thread will now be wary. It's the potentially huge list of people that were on Michael's list that is the concern. I have no idea how many people got that email.
Hopefully, it's limited to those who normally deal with Michael and those Michael contacts under his CS role.
-
Thanks for clarifying.
On a very similar topic, do you have any comment to make on http://support.peopleperhour.com/entries/103632486-Improve-Security-
-
I think this deserves some special attention:
http://support.peopleperhour.com/entries/103632486-Improve-Security-
-
I'd hate to pour doubt on Stefans claims but:
I have successfully logged into my account without knowing either the password or email
Two things:
1) It is possible to 'log in' to your account without password or email, because your browser will simply remember the details. When I type 'peopleperhour' into my web browser, it logs me straight in, I DONT NEED an email or password.
2) I know it's possible for you to forget your password (it's happened to me a few times), but I've NEVER forgotten my own email address before.
I know that he doesn't want to reveal too much information for obvious reasons, but I think he may need to re-write that sentence to make it clearer????
He also states that he can intercept sensitive data, but doesn't state what sort of sensitive data.
I also think (I may be wrong, of course), that pph won't take him seriously at all. And good luck to getting payment for a video.
-
Well, if I was at PPH I would at least engage with Stefan and see if a suitable "reward" could be arranged if he could demonstrate this in action and it was repeatable, so it could be fixed.
No demonstration, no reward. It did make me think that PPH could very well have a vulnerability because many operations are not encoded. If I had time on my hands, I might have a go myself.
I have an idea what he may be doing, but I really don't want to suggest what that may be.
PPH really need to be on top of this because it could severely damage their business, if true. It also raises the question about how much of our data is exposed by PPH by not using encrypted connections. I fully realise that PPH does use encrypted connections for part of the system, but you do have to wonder if Stefan is right that enough is accessible via unencrypted pages to compromise our data.
PPH needs to be all over this.
-
In regards to the following post:
http://support.peopleperhour.com/entries/103632486-Improve-Security-
I have responded to Stefan and we are in direct contact via email to address his issue. I have brought this up with our developers who have investigated and determined that there is no security issue as stated. I will wait to receive the added information from Stefan so that we can determine what exactly he is seeing.
Thank you
-
He also states that he can intercept sensitive data, but doesn't state what sort of sensitive data.
Without encryption you can get data people send to the site, such as login credentials. However, I've just logged in and while the forum here and main site is not encrypted (HTTP*S)*, the login page was,.
Also the settings page on our profile page (where one can change email address, password, etc) IS encrypted once again (HTTP*S*). So when we do anything with our password or other non-public sensitive data, email address, security question etc, then it is encrypted.
That said, this may or may not be enough, entirely depending on how PPH are handling active sessions on unencrypted pages, browser cache, passwords (ie hashed and salted etc).
Perhaps Stefan has found other vulnerabilities, which is possible, many sites can be vulnerable even large corp ones. If he genuinely has, then fair play not giving out said information.
-
Michael - thank you.
I know we've been critical of PPH and pretty forthright at times, but I'd like to thank you for a clearly more laissez-faire attitude to this thread in particular. PPH has always been sensitive to critics and tried to close down dissent, but I think you've shown a greater tolerance than we've seen for some time.
I'll still remain an ardent critic while the craziness continues, but I do appreciate your tolerance and some engagement.
Thank you.
-
Doh, I only just realised that I've been getting emails from Emma Brown too! My system has been automatically putting them into spam, where they look exactly like all the rest of the rubbish so I never opened any of them, and there's nothing to suggest they're from pph Was checking my spam folder just now and it suddenly dawned on me for the first time why the name Emma Brown rang a bell ;-)
Gosh, all those opportunities I've been missing out on.
-
In Xenios' situation, I'd have kept my mouth shut. Coming clean about it now doesn't change the lack of transparency at the time, it just confirms from the top that what PPH says is nothing but spin, transparency is not on the agenda and PPH sees nothing wrong in that, in fact they're proud of it. The man is a PR disaster. IMHO.
-
Hello,
Is there a problem with skills entered in profile with different word case and the buyer putting it in same category however with different word case.
Because I am qualified for an SEO job (my skill set says so) and a job also has seo however in lowercase. Still it doesn't allow me to bid for the job.
Someone please let me know is that the issue. Can you please check Ninjas...
-
I guess that blog means more to you lot than it does to me, having only been on this platform for under a year. I just see that as the usual trials and tribulations of people in business, the peaks and troughs so to speak. One thing that's got me though is I read somewhere, I think it was on the pph site itself about pph only allowing the most serious freelancers to stay on the platform. Wonder how they're going to implement that one then? Do I detect a certain Xenios about to p*ss people off even more than he has done already???
-
pph only allowing the most serious freelancers to stay on the platform. Wonder how they're going to implement that one then? Do I detect a certain Xenios about to p*ss people off even more than he has done already???
I think you're behind the times Malcolm - that programme is already underway. Haven't you seen the comments already about 'seller approval'?
-
I am new here and I think it is a terrible idea. All I want is to be able to apply for creating HTML emails for clienst which I have experience in and PPH has decided that I do not have the relevant skills!! I have desperately tried to change my profile but I don't understand how HTML and CSS does not qualify to build HTML emails?!
-
@Paul - yeah, I have seen some comments about seller approval, and people understandably getting annoyed about it. I'm sure you'll correct me if I'm wrong, but I think it's just about having your profile/keywords checked etc. However I have also come across comments about pph trying to decide whether freelancers actually have the skills or not.
I think what I'm thinking is:
1) Are they actually going to start kicking people off the site, if, in their opinion, they're not 'good enough'? (which will probably be based on successful bids, buyer feedback etc)
2) What about those freelancers who miss jobs because of other work external to the site?
3) Or how about those with low bid success due to being selective about the jobs they take on? For very valid and personal reasons?
4) Not to mention, people who aren't bidding on jobs, due to the level of frustration they feel about the site itself?
The list is almost endless.
Maybe I'm being a little OTT here, but I think that's what I was thinking at the time.
-
I suppose that what PPH want is to reduce the number of complaints they have to handle. They've realised that they have to do something about the 'quality' of sellers. Basically they just want sellers that aren't going to create hassle, the actual 'quality of their work doesn't matter as long as buyers don't complain.
I think what they're missing is that many of the jobs are too rubbish for PPH to be picky about their sellers. Also, pushing the site as a bargain basement, like their latest 50 per cent off hourlies promotion, is hardly consistent with having only quality professional sellers. What serious professional is going to jump at the opportunity to do twice as much work for their money? What serious buyer would expect them to?
Post is closed for further comments because the limit of comments per post has been reached.
Comments
1902 comments