Hotels.ng is Still Completely Unsecured!

I wasn’t being sarcastic.

Ok. So do we have hotels.ng in French and Portuguese now?

2 Likes

Well, not yet. But that shouldn’t be difficult for their geniuses. They just have to integrate Microsoft Translator into the site for a start.

5 Likes

You don’t need to speak for @mark, he knows that its wrong … so watin be the stand up you dey do now?

As at 2120 hours, March 24th, 2016. Hotels.ng is still unsecured.

I’m committed to seeing that Hotels.ng becomes a secured site for the good of the visitors using their service. We’ll keep this post trending on Radar until HTTPS is implemented on Hotels.ng.

Security and privacy of personal and transactional information in this modern age is non-negotiable.

#LetsMakeHotelsngSecured

Well-said @Ndianabasi.
I almost feel one needs to reconcile the argument of why hotels.ng needs SSL. Hopefully, we all now understand why we had to bash the ‘dummy’ icons.

@mark and his Team ‘MIGHT’ be wondering, what would be the the Purpose of using SSL Certificates on hotels.ng
Trying to understand if user datas on hotels.ng are sensitive enough.

As a web developer, I have come across many clients who ask “Why do I need SSL? Not ‘What is SSL’.

This is an important question for anyone involved in the web to understand. SSL is the backbone of our secure Internet and it protects our sensitive information as it travels across the world. Yes! Our contacts and emails are already widely spread-out and can be overlooked as sensitive data’s in the case of Hotels.ng.

However, after a user successfully books a room/suite in a hotel, the information is added to the users profile/dashboard. That is some sensitive info. We surely don’t want hotels.ng to be ruled by anarchists and criminals, conveniently providing 'em with details regarding where I’ll be on the 30th of March. Making it easy for psycos to know the time I’ll check in/out of a hotel and the address of the hotel.

I have a strong belief that @mark will look into this.
Let me be rest assured that some psyco will not have access to some privileged info when I book next.

See you guys at the ‘Youth Enterprise Conference’. :slight_smile::slight_smile::slight_smile:

1 Like

As at 1805 hours, March 25th, 2016. Hotels.ng is still unsecured. I tried to access the secured version of their URL and got the following error:

According to Scott Gilbertson [1],

You wouldn’t write your username and passwords on a postcard and mail it for the world to see, so why are you doing it online? Every time you log in to any service that uses a plain HTTP connection that’s essentially what you’re doing.

[1] HTTPS is more secure, so why isn’t the Web using it? | Ars Technica

1 Like

This is getting overflogged really. It’s not secure. Well, cool. If that’s the way Mark and his folks want it. Hotels is not a public service. It’s not Wikipedia. Or have publicly traded stocks that anyone here own.

Move on, fellas. If you don’t like it’s not secure, try Jovago. If Jovago isn’t working for you, well, just go to the actual hotel and book directly.

I am certain that’s how tens of thousands of Nigerians book hotels every night.

4 Likes

Dear @akindolu, calm down. Unless you haven’t been observant, hotels.ng is already taking bold steps to improve UI/UX/Security. As at 07:00pm, 25th of March 2016, the dummy ‘Union Jack’ and Naira Sign had also been removed from the Mobile Responsive Site. You can also now see your ‘User Email’ on your dashboard and conveniently ‘Log Out’ too. This should let you know that @mark and his esteemed Team are listening. They are drastically improving daily. Even their Customer Support is on-point.

No one is trashing hotels.ng or over-flogging anything. hotels.ng is Proudly Nigerian and we simply want to see them grow further.

We already talked about ‘Gratuitous Negativity’ HERE

Stay Tuned! HTTPS coming soon to hotels.ng! :wink:

2 Likes

This is not an issue that is being overflogged. Hotels has thousands, maybe millions of customers who know nothing about security or all that ssl jargons, it’s only fair to protect them as much as they can. The creator of this thread is doing the right thing. It’s not about how @mark wants to run his business, it’s about ethics and standard practice

1 Like

So the time has come to beg teams and founders to secure their site because we care about their users. Carry on, fellas.

I expect a thread on the next big/small site without ssl.

Sincerely fella, I don’t know what you do, but I’m sure I wouldn’t want to patronise your product or service; at least not with this attitude or outlook of yours. It strikes of sheer lackadaisicalness and recklessness.

Do you know how many users risk having their email addresses, phone numbers, passwords, addresses, and hotel itinerary being exposed to some internet miscreants because their sensitive information is being transmitted over plain HTTP? Do you even understand the implications of a breach of privacy and security to a company in this modern age? Do you know that Hotels.ng could be sued for all their worth if it could be proved that a user’s privacy and security was hampered due to their non-implementation of HTTPS on their public-booking site?

I’m sure Hotels.ng wouldn’t want this oversight to go into the mainstream press too. Oh! Imagine waking up tomorrow and hearing CNN, Al Jazeera, TVC, or Channels TV create a breaking news on Hotels.ng around this subject matter. And their ruthless presenters begin to dissect every bit of these implications!

Your perception of these implications is unfortunately infinitesimal. But luckily for you, the post was created to raise the awareness about privacy and security of users on publicly-accessible websites (especially in Nigeria).

We will continue to keep this thread active until we see the lovely “green bar” or “green padlock” on Hotels.ng.

#LetsMakeHotelsngSecured

It’s either you guys are trying to ruin the reputation of the startup because maybe de guy refued to hire you or someone close to you because I have seen references to “hired geniuses lack of knowledge”.

Or

You guys are doing a PR campaign for the startup to trend on radar, in which case it’s a waste of PR considering this blog is full of startup owners and devs.

To redeem yourself, make it a weekly post and criticize one local startup like this. Use my own startup next week. :wink:

LOL @Uduak.

Well, as a quick response, neither of your assumptions is correct (as least not for me as the OP).

We hope this topic will educate other startups and it wouldn’t be necessary to “torchlight” one startup every week.

1 Like

You are not entitled to your Opinion. You are entitled to your Informed Opinion. No one is entitled to be IGNORANT.

Look beyond being a Geek but as a Business Person. I hope you understand what Customer Testimonials are. Cause if your Customers can’t appreciate your business and inform you of what will make them feel more happy patronizing you, then SHUT IT DOWN.

Oh wait! You don’t care? And your customers don’t care? #SMH

Bro, email Mark. All this public comment is tiring. You may as well, start a twitter campaign with an hashtag.

Hotels is not a public service that his security, privacy, design and engineering should be up for endless public campaign. Yes, for a mild conversation. Beyond that, it’s no one’s business how he goes about things. Campaign from now to 2028. It’s a private enterprise. He can take your words or ignore it completely. If you don’t like it, don’t patronize him. L

Yes, the service is not secure. But do you know you can freaking send him an email. Tweet at him. DM him. Mark is not Buhari that his access is so hard. And I’m sure he is reading all the post. I have his email. Am sure most folks have it, and can guess it. Add him on Hangout. If you want his number, you will get it in 10 mins top. In a certain universe, that’s what people do. They contact the actual person in charge privately if they want something done.

The rant on this post is beginning to seem you either want to ruin the public outlook of his service, or his personality. Or make him or his team seem incompetent. Even though I agree with the faults on his end or the team on exposing the service, but bro, quit it. It’s really getting overflogged. It started funny and cool, but now, it’s appearing like some other agenda. Move on, in other words.

Oh, never mind what I do either. And if you won’t move on, I’ll actually enjoy you set up a thread for every ssl-less site in Nigeria that processes sensitive information.

And seriously, like seriously, you actually commented that you imagine CNN or AL Jazeera making a news out of Hotels ssl status. Like it’s the new global issue on the same level of importance with Brussels bombing and the US presidential election, that it deserves all that airtime.

OK!

4 Likes

Tiring to you or the Radar Community?
Why do I have a feeling we can relate this to [Em…Radar so far!? Oh @87_chuks could have sent @lordbanks an email? C’mon.

Oh YES! I have my own startup to run. And couple of trending products to carter for. It’s my problem if I choose to show concern for other Startups. Tell me if customer reviews used to improve Twitter, Facebook et al are done privately.

1 Like

All I want to say is this: OK.

Interesting thread. Interesting because an entire thesis can be written based on the differing points of view expressed as well as the motivation (both actual and perceived) behind the campaign.

In general I believe this thread demonstrates the power of the Internet to effectuate change. Before @Ndianabasi first posted this topic I went to hotels.ng for the first time to look for a hotel. I noticed a Union Jack flag next to the Naira symbol. My first thought was that since I was browsing from North America the hotels.ng site had erroneously identified my location to be in the U.K. I tried clicking on it but nothing happened. Also on the Naira sign, with the same result. It actually feels good as a prospective customer that this thread was created and an action to fix an issue was taken promptly. Whether or not the action was taken as a response to this thread can only be speculated upon.

With regards to security, the points made cannot be overemphasized. The push for all websites to implement https as a baseline is currently underway. On a top security podcast I recently heard that Google might even start favoring https sites on their page rankings. I don’t know if you guys have noticed but even for just basic search Google uses https. Enough said.

As an ecosystem it’s imperative that we shake off that perception of “anyhowness” we have earned with regards to business execution. We can only do that by holding each other accountable and grow from there.

This is becoming an epistle so I’ll sign off by saying that there really is no conflict here; rather a great opportunity to witness Radar being used as a tool to move the ecosystem forward.

3 Likes

OK - I thought I should make a comment on this.

Please understand, the importance of securing a website cannot be overlooked but I feel the OP passed the message rather too strong. Mark didn’t develop an unsecured website. Yes, it was not completely secured according to industry best practice but that doesn’t mean you should make it a bigger case unless your are a competitor obviously. You could have started a thread about the importance of securing a website using SSL while making reference to hotels ng. There is no evidence to proof that hotel ng is not secured. Have you tried hacking the website? Hence, creating a thread with the company name is called defamatory. This can easily lead to legal proceeding against you.

Again, making reference to money raised in the capital market should never be used as a complete yard stick to measure money available to spend. Funds raised might not get into account for a very long time. According to the press statement, the funds was meant for expansion I supposed? Redesigning came as a results of new profile but I am 100% sure if wasn’t about the new account balance / statement.

We need to learn how to be our brothers keeper. The reason why technology is creating massive jobs in the states is because everyone is United. Looking for the next start-up that will make it to IPO. Most sites can be hacked but no one has the time. Everyone is looking forward to making the planet a better place to live. I believe tech can create jobs if we are not envious of other people’s success (I don’t mean to say you are envious of course). Instead, we can use that as a motivation to do something better.

Anyways, I feel the title of this thread should be changed.

Best!