The message that you receive while you are browsing is not tied to any webpage and not a regular popup either. It is an iSNS notification. The same type of notification is used to notify users of reaching there internet usage levels at 75% and 100%. This message is simply pushed out to your connection.

Rogers does not monitor your surfing habits at all.

Brian

iSNS is Internet Storage Name Service according to Wikipedia https://en.wikipedia.org/wiki/Internet_Storage_Name_Service - is that what you mean? That seems to have nothing at all to do with HTTP.

If I saw a message instead of the web pages, then what you say might make some sense (though it would be extremely annoying). However, it's been pushed to the front,  and the content I was expecting follows (see the image I posted, though I crowded the content to the bottom). I believe that requires some amount of inspection of the HTTP data stream in order to merge in the Rogers notice with the web page.  That may not count as "monitoring", but they do seem to be playing with the data I'm receiving from the internet, and I'd rather they stop it.

RogersCorey, there does not seem to be any method provided to set up an App Password for secondary e-mails. I can go ahead and "Add Another" authorized application but these extra passwords are not accepted for use by Secondary Email addresses...they are only accepted for the primary e-mail address. I have tried this multiple times with one of my secondary e-mail addresses but the App Passwords provided do not work.

---

@SheamusPatt wrote:

iSNS is Internet Storage Name Service according to Wikipedia https://en.wikipedia.org/wiki/Internet_Storage_Name_Service - is that what you mean? That seems to have nothing at all to do with HTTP.

If I saw a message instead of the web pages, then what you say might make some sense (though it would be extremely annoying). However, it's been pushed to the front,  and the content I was expecting follows (see the image I posted, though I crowded the content to the bottom). I believe that requires some amount of inspection of the HTTP data stream in order to merge in the Rogers notice with the web page.  That may not count as "monitoring", but they do seem to be playing with the data I'm receiving from the internet, and I'd rather they stop it.

---

Well, ISNS notifications is what it says on our tools and what I am told. As stated in the article in your posts:

"State-change notification

The state-change notification (SCN) service allows an iSNS server to issue notifications about each event that affects storage nodes on the managed network."

I have to assume that these notifications are what I have described.

Brian

Maybe I don't know the definition of secondary email.     I have  me@rogers.com and my wife has  her@rogers.com

At the 'sign in'   link ( from the email message ) screen I logged in as me and generated    Then I logged in as her and generated.  Went to T'bird and entered my generated password and then wrote hers down and went to her PC and entered it.  All worked fine.

@timlocke  You understand perfectly what the use of "secondary accounts" is talking about in the Yahoo and Rogers.  We have a primary account that is typically the username we use for access - it doesn't need to be though as a side note.

The secondary accounts are the 9 other ones we can use on the Yahoo/Rogers email service.

And you followed the steps exactly as should be done.

In the original instructions, unfortunately, they did not speak of primary and secondary user email accounts and the steps.  It may seem obvious to someone who works with this stuff everyday that they were saying, login using your email account (i.e., your primary account is me@rogers.com) using your typical password, and then you log out and the secondary account users can do it on your computer or their computer.

In my case, I don't know my wife's password (her email is not my business), so she can log in from any device to the member's centre.

You are exactly correct.

Now another question that has come up is about primary and secondary accounts on the same email client, which is completely doable and common.  You may have one for personal, and one for a personal business, etc.

You will set up each account with the passkey.  And my understanding is that the passkey will be different on each client/device (i.e., one passkey for computer outlook email account, another passkey for computer 2 outlook, same email account).

The same passkey works currently across devices because they have not fully implemented the model yet.

As a past computer techie and documentor, documentation is the same as alpha and beta testing - when you write instructions, you must run them by users for questions and clarity.  I know this too well, I was not a great documentor in written docs, but I could train it well face to face.

Bruce

@borfordand others.

HTML injection

This is not a critique of this whole discussion about iSCN servers and state change notification just an attempt to clarify.

My comment is that the majority of people will have no knowledge of what that means, and it muddies the water on the discussion of injected messages.

Before I comment on the first part, my concern and many other people's concerns is the use of html injection for messages to users - it is a quick and easy way to let people know, and yes it is not monitoring, merely injecting of code into our packet stream.

I know the intent is important, like the 75% and 100% notifications, but it inherently has concerns for people when they become aware that unwanted code, or even useful messages in the code can be injected into our data streams without our permission, and when it is used in this manner, I would hope that it can be turned off and not seen again.

The other problem is that the person responsible for the email may not actually see the message, same as the person responsible for paying for the account may not see the message if it comes while someone else is on the computer - let's say, your child has an email and sees this message while browsing, it will mean nothing to them.  They would have to communicate to the person responsible for email if the parent chose to not allow them to have access.

So let's not try to give the technical explanation to clarify the person's concerns about injection of code, they have a legitimate concern, and some find it to be an unacceptable intrusion in their use of the Internet (reason why people use ad blockers is for this very reason).

On the second point (you are correct in your description of the iSNS and state change notification).

In what you are describing, and I suspect that this is what is happening - the iSNS identifies all computer mac address or name connected to the Rogers customer network.

When the web server identifies a state-change-notification (in this case, it is the injected message), the iSNS is being used to send the notification (in this case the notification about email changes) to the currently actively connected computer on probably the residential customer network.

I am also thinking that it may be sent only to a currently active computer on the residentially IP address we receive from the Rogers network.  My wife has seen them, but I have not seen a single one yet.

A final couple of example where iSNS servers are used - if you have Rogers security software installed, if you are off the Rogers network for over 30 days, it is deactivated until you go on the Roger's network again.

An iCNS server is probably storing information from another server that you are authorized to use a specific version of the software.  The final one will be when you take your TV setbox off the network for an extended period of time - the registration will be removed from the server, considering it as stolen or something else - and you contact them to reregister.  iSNS servers are the servers that keep track of all the associated names of computers on the network and the back end servers and information flows both ways.

Bringing me back to the other concern - iSNS servers are basically a switchboard - your computer wants to communicate to a Rogers server, or visa versa - it facilates knowing what computers have access to what servers.

It doesn't take away the reality that many of us, me too don't like having code injected into our HTML streams.  It is used for important communications, and authorizations on internal networks to send messages to users of notifications of server maintenance, and it also notifies us of upcoming maintenance to our computers from our bank servers, and on Rogers, it is the message server not available if it is down, or the we apologize messages.

It serves an important purpose, but people's fear with injection is that the code can be used to do things both direction.  I personally don't see it as a concern in the context of Rogers, but without a doubt I don't like it, and it is annoying - send me an email, a text, a phone call, it is over a month, so send me a letter, put it on my paper bill, on my electronic bill, or on MyRogers for this type of communication.

Bruce

---

"State-change notification

The state-change notification (SCN) service allows an iSNS server to issue notifications about each event that affects storage nodes on the managed network."

I have to assume that these notifications are what I have described.

 

Brian

---

Well, ISNS notifications is what it says on our tools and what I am told. As stated in the article in your posts:

Still not buying it, sorry. iSNS, as Wikipedia describes it, is a management protocol for iSCSI and iFCP, which are essentially networks of storage devices over IP instead of things like SATA. Something you would find at Google or Amazon, maybe, but I'm certain it's not something you would find on my home network.

Could you ask someone there at Rogers just what they mean by iSNS? It must be something else.

I see the old passwords still work today.

There seems to have been no notice of when this officially comes on line - some hearsay dates, but nothing official.

But what is new - advise of a drop dead date, and if something comes up to delay it, then advise users - standard industry practice to allow users to make decisions on how to prioritize time.  Understanding and changing password protocols is not necessarily the only thing in our lives we have to make decisions on, not only for Rogers services, but also other things in our lives.

It is courtesy and best practice to advise users of changes, or to deprecate a protocol like Chrome did with NPAPI, and yet Rogers never acknowledged this impact on their One Number product.  Microsoft deprecated support for XP a few years back, yet you will still find that Rogers still describes the following minimum requirements for their Online security software.

You must install Rogers Online Protection Basic using Rogers Hi-Speed Internet.
Your PC must meet these minimum requirements:

• Microsoft Windows XP SP3 (32-bit)
• Microsoft Windows Vista SP2 (32 and 64-bit)
• Microsoft Windows 7 SP1 (32 and 64-bit)
• Microsoft Windows 8 (32 and 64-bit)
• Microsoft Windows 10 (32 and 64-bit)
• 1 GHz processor or higher
• 1 GB of RAM (1.5 GB for Windows Vista, 7 and 😎
• 1.8 GB of free hard disk space
• Removal of other antivirus software
• Microsoft Internet Explorer 7+ or Mozilla Firefox 3.6+

Not compatible with Apple computers.

Windows XP is no longer supported by microsoft, nor Explorer 7 - only Edge and IE 11 are supported by MS now, and Firefox 3.6 was released in 2008.  Firefox has been through 58 major updates to version 61.  Support for previous versions are ended 6 months after each major release.  Support for 3 series ended in 2010.

So that is why I say, what is new - one of my most frequent concerns about Rogers is their total disregard for keeping up on all industry standards, and not providing implementation dates - just vague ideas.

I would stop bringing this up as a concern about disregard by Rogers for up to date FAQ and support docs, maintaining support for up to date protocols and OS, if they would start being more open in the provision of information on changes.  It is called good technical and customer support to advise users of dates and to keep up to date.

I will give them credit for giving advance warning and clear instructions, but unfortunately their use of the word OAuth rather than OAuth2 led to concerns about the security protocols which was legitimate, and not making it clear that the application passkey was one time only for each device (it is suggestive of it), but they do not explicitly indicate that when the full system is brought online, if you reused the key, it would work only on the first client you use.

Nor was it well explained, while they did mention OAuth, which most will have no idea what it is, that the applicatin passkey goes beyond the principle of a password saved in your client and allows the security servers to recognize that this application has been approved by you to access the email servers, and you can remove access -  they also don't mention that best security practice for those of us who used to not save the password, and use that as our security for email access, is to place your own individual access on the email client (do a google search to learn that process), or to put a lock password or code on your device and always log out when walking away and to be aware that if you leave access to your computer logged in, others will be able to read your email.

Unfortunately, there has been much confusion created in this change, it has not been well explained, and there has been much miscommunication and discussion (and I am guilty of it too).

Simple communication - Rogers is implementing a stronger more secure access to your email in conjunction with Yahoo.

The official implementation date is not set, but we will advise, but all users are strongly advised to follow the provided steps as on the implementation date, users who have not done so will not have access until they make the changes.

In the interim before the implementation date, the old methods of logging in with your Rogers email accounts will still work, but we strongly encourage all users to make these changes.

If you have any difficulty, then contact us at technical support.

So official day when the standard password process ends - whenever they get around to turning it on.

Having said all that, my advice is do the change, get it done, as it will come sooner or later.

Just do it, and move forward.  It is what we have been given, so for those who have to work with the older email clients, just go ahead and do it.

Bruce

App password for secondary email address ... 

Anyone know how to create an 'app' / email password for a secondary email address I own ? 

I was able to create the app password for the primary address - no problem. 

The secondary address is giving me the run-around ... 

I had Rogers Tech support tell me to login to https://rogersmembercentre or some such with the secondary account and perform the same steps as I did for the primary account - but that's a no-go, as the login fails - i don't think secondary email accounts have access to rogersmembercentre - only primary (?) 

I was able to deal with secondary accounts ok.

You should be able to access the member centre for each email, whether primary or secondary by logging in with the email address when accessing the member centre and use your regular password.

If you can log into your email with the username and password, that same set should (and I say should, in terms, that just because it should doesn't mean it does - if isn't working for you, should doesn't matter, if you can't).

If you have forgotten your password, you can request to set a new one, and then maybe that will work.

If I were in your place, I would try to log in to email, if it rejects your password, then get a new one and that technically "should" allow you into the member centre.  If you can get in with the existing password, then I can't see what would restrict you from getting into the member centre.

So in summary, I was able to do the work with every account we have (three of them), and I tested them all on clients not fully supported, both the described ones, and things like Pegasus and Thunderbird and had no problems.

So, try again, contact support, describe and confirm every step with them as you go along and if it fails, request they escalate - may be related to your own service accounts, or just a bug that is coming up for a few and remains unknown how to go forward.

Hope you get some success moving forward.

Oh why oh why did I have to learn so much about this - couldn't they have automated this somehow.  Yes they could, all of the routines we are using could have been scripted and tested thoroughly in a wide range of situations.

But they chose not to, so we plug along, once again we function as the testers of the live versions and it hasn't even been fully turned on, so let's hope it all works properly in the end.

Keep trying, technically you can do it, but Rogers also decided to layer their own model over the Yahoo chosen model, so it adds complexities that Yahoo can't support us with and as Yahoo makes changes, as they may with their own implementations, Rogers will have to then implement them too on their side.

Good luck

---

@cvanderkolff wrote:

App password for secondary email address ... 

 

Anyone know how to create an 'app' / email password for a secondary email address I own ? 

I was able to create the app password for the primary address - no problem. 

The secondary address is giving me the run-around ... 

I had Rogers Tech support tell me to login to https://rogersmembercentre or some such with the secondary account and perform the same steps as I did for the primary account - but that's a no-go, as the login fails - i don't think secondary email accounts have access to rogersmembercentre - only primary (?) 

---

Secondary accounts do have access to the member centre but there is a known issue with some logins failing. Don't worry about it too much at the moment. Just call tech support and have yourself added to the open ticket. You will be notified when it is fixed and you can continue after that. We still don't have a date as to when the app passwords will be mandatory.

Brian

OK - Thanks to all who replied - I'm OK now .... I was able to login with the secondary account and generate the 'app' password.

I think there were a couple issues occurring last night that prevented me from accessing/logging on to the membercentre website - I was using 'chat' support - and the tech on chat said their systems were down and I would need to call in blah-blah-blah ... 

So - I checked this AM, logged in , generated the APP password  and all is good (thank God no more of that webmail interface !)

Chris 

I usually use live mail on  my laptop so i update one of my rogers email accounts for live mail and get the app password and plug it into windows live mail. all works correctly in windows live mail. so I check out accessing  the account from the web. guess what !!! now I have two passwords to access my email account, the new app one in windows live mail, which doesn't work on the web. for that one I have to use my old password.  thats real progress!!!

Wonder what password I need to use when I acccess the account from my ipads, or from my smartphones, never mind I figure it out! I only have 7 rogers email accounts so no problems remembering which ones to use on which devices. Thanks Rogers for this enhancement. I won't be changing to any more app passwords soon you can be certain!!

As a final note, in terms of changing app passkeys, you would only do that if you thought that your computer had been compromised, that locks out that access.

Rogers hasn't said anything at this point, but Yahoo is implementing on their own email accounts that there may be occasional requests to change to application passkey.  Hopefully Rogers does not force this one.

Bruce

I keep getting notices to enter my password on both my laptop and iPhone ! This is after I have updated to the App specific passwords.  I just ignore the notice.  I still get my emails, but it is frustrating to get the notices. Whats going on ?

Amur yes it applies to Thunderbird also.  I was on with tech support and they gave no instructions how to do as it isn't on the list.  If you have more than one email address from Rogers you are using you have to do this to each email.

I went into Thunderbird and deleted all SAVED passwords and closed it up
I went to the link below
https://rogersmembercentre.com/rmcapp/remc.html#/signin
Signed in the with the email address I'm creating it for
At top right click on Account Information
Then on to Authorized Apps
Put a name for my password and clicked Generate
I then copied that and put it into a word document (I had several emails to do)

I then opened up Thunderbird went to write an e-mail to this address and it popped up to enter password
I copied and pasted it into the space and it sent
I can't remember exactly but then when I went to receive it I believe it asked for it again so I pasted it again

Hope this helps

IMPORTANT NOTE:   If you login from the WEB if away from home, on vacay etc.... then you are still logging in with your OLD password 🙂

Another annoying Roger's Email thing.   To be fair it may not be Roger's fault I suppose, could be the underlying Yahoo...but it did work ok this morning.

We use Thunderbird with POP. This afternoon when trying to get ones mail T'bird popped up a message saying that the mail system no longer supported something ( pop up disappears of course) and go and correct your mail settings.

The thing that had to be corrected, turned off was the setting 'Leave mail on the Server '     We do that as we use different devices to get mail.   

Some will say, Why not move to IMAP and all these problems go away.  T'bird  is not good at changing a given mail system between the two protocols.