> They said Avid Life employees first learned about the breach on July 12 (seven days before my initial story) when they came into work, turned on their computers and saw a threatening message from the Impact Team accompanied by the anthem “Thunderstruck” by Australian rock band AC/DC playing in the background.
This reads like a scene straight out of Hackers or some other campy tech movie. Life imitates art.
It's art imitating life. Old school warez, demoscene and hacker groups have always had a very "campy" countercultural aesthetic to them. Hackers the film doesn't hold a candle to the real-life cDc. These types of groups are a dying breed, though.
There is some academic writing on the subject I can't find at the moment. Basically the idea that Hackers are the modern day tricksters of mythology. Sneaky, morally ambiguous, possessing mysterious powers over our surroundings. It's important to be over the top and silly with your hacks.
The ~'90s computer underground hacker, which some people like to call cracker, was a more traditional youth subculture than the coder hacker. With groups, zines, handles etc. similar to say music, graffiti or action sports.
It's really not that interesting. I was 15 and played around with some computers that belongs to the US Navy. Then one day at 6 am I heard a loud knock on the front door.
Yep, myself and a friend and they had logs from one of our Undernet channels. Interesting to hear that it was somewhat commonplace. I hadn't heard any similar stories until the mid 00s and ours happened around 97 or 98.
Yeah mine while I was in high school and it was 1998. I think there was a lot of FBI trolling the usual channels in the late 90's when the 2600-related movements were really getting underway.
Strange how different - and how similar! - the scene is today. Good memories, except that law enforcement back then was a lot less scary...
I used to work at British telecom with a guy who had been a phreak and got caught hacking Prestel - one day one of BT's security (SD Directorate) guys who had busted him bumped into him at work and was not pleased.
I also worked for the Systems administrator who was in charge of the machine in the Prince Philip hack.
They were real dicks for sure. Fortunately I was 15 and it was pre-9/11 (by about 7 months). I'm not so sure things would have gone as well for me today.
Yes, people forget that Emmanuel Goldstein of 2600 fame was a consultant on Hackers. If you thought that was unrealistic (and OK, it was), revisit the other '95 hacker movie: The Net.
For all the shit Hackers gets as a movie, I feel it does capture the zeitgeist of the hacker culture of the time better than just about any other movie out there.
I heard a similar story from a Sony employee about the Sony hack. Was able to find it mentioned in a Vanity Fair article:
>...this morning, as she began her day, she discovered that a bizarre specter had hijacked her computer. The screen glowed with a blood-red skeleton baring its fangs, and the words “Hacked By #GOP.”
I don't condone this hack, but morals/ethics aside for a moment:
The one positive thing this hack has done is really give serious ammo to the battle for online privacy, because the demographic hit by this hack is the most politically & economically powerful demographic in the world....
I'd argue the opposite. The AM hack hasn't helped at all, since enough people view it as a just retribution due to it being about a pet moral value that is held dear, namely marital fidelity. And to others, it's all a big joke.
The cheating cheaters (who likely never got the opportunity to cheat) have been named and shamed, and because of those asserting that it's acceptable to do this if it strokes their personal moral vendetta, then this type of chilling privacy violation is on its way to being normalized.
The naming and shaming is disgusting. There are people who are cheering on the hackers. They completely disregard the ramifications of this for the innocents involved (the family members and loved ones of the person who signed up) who now have to deal with all this publicly.
Imagine any couple that went through a rough patch and reconciled. They've already moved past this, and now they have to live with the knowledge that this information is out there to bring it public.
Children being mocked at school because their mother or father was on the site.
Imagine anything you dealt with in private that you didn't want to share with others, and not imagine having the choice of dealing with that in private removed from you.
In life, you get to choose your actions, but you do not get to choose the consequences.
Yes, some 'went through a rough patch' and 'already moved past this', and are now dealing with a world of pain. But ask yourself, what makes you the authority on how much pain they should have endured for their mistake? As fate would have it, whatever 'moving past' they did will now be really put to the test. This will give some couples a second chance, to really ask themselves if all is forgiven.
Yes, some 'innocents' are hurting now. Some spouses, some children maybe too. Is this the fault of the hackers? I'd argue not. Ask yourself, if it weren't for the actions of the people cheating, could this have ever happened? Ashley Madison wouldn't even exist, and this hack would never have transpired, if it weren't for the liars, and cheaters, who made such a site possible. So should we be upset at the hackers, who exposed liars, and cheaters? Or should we be upset at the liars and cheaters, who thought they would get away with it? It's the liars, and the cheaters who hurt their family, not the hackers.
> what makes you the authority on how much pain they should have endured for their mistake?
And what makes YOU the authority to say they haven't endured enough pain? Or society, for that matter? If a couple 'went through a rough patch' and 'already moved past this', the one who was wronged was apparently forgiving. That forgiveness should be the end of it. We all make stupid decisions in our lives, but just because we did those things, we don't DESERVE endless consequences.
Your logic is a slippery slope to believing that rehabilitation is impossible. In which case, you're essentially arguing for immediate death (or at least shunning) to any wrongdoer, because how can any of us judge them to be rehabilitated?
Put yourself in the shoes of someone whose spouse was exposed by this leak. Imagine how humiliated you would be, knowing that the whole world knows your spouse was cheating on you. Sure, it might be good to know the truth, but how does it help you that friends, family and even strangers know this about you? Not only that, but it's on the Internet, where your humiliation will be permanently recorded for all to see.
Yes, there are consequences for the cheater. But there are also consequences for the cheater's victims, and they're significantly exacerbated by the public nature of the leak.
I understand that 'side of the problem'. Trust me, it's not that I don't comprehend the impact this has on innocent people, I do, and it's very unfortunate.
Where I differ, is in who I blame. It sounds like there is growing animosity toward the hackers, but that dumbfounds me. How could this hack have even transpired, if it weren't for the liars, and the cheaters, who funded this site? How could an innocent spouse be embarassed by their cheating wife, if their wife never cheated on them?
Let's not get confused. The hack, exposed a morally reprehensible act by many. Here's a contrived example, that might help illuminate my point -
Consider a corrupt police force in a city, where police are taking bribes, and working with organized crime, instead of helping the community. Should we shame a mole, who exposes the police force? If he does, the police will be out jobs, and will be exposed! Think about the families!
Hackers publicly exposed personal information but it is not the their fault that the personal information was publicly exposed?
I'm not sure how this follows.
You seem to be very glad society hasn't moved on from the "Name and Shame" game. The one that ends in death, violence and shame for everyone close to and including the named.
I believe in consequences, and personal responsibility. Yes, hacker's publicly exposed personal information, but it wasn't the personal information of Mother Teresa.
I wonder if one's opinion on the ethical nature of this hack, hinges on your moral disposition on cheating/infidelity. I'll illuminate what I'm getting at, by asking you this hypothetical:
If Ashley Madison were a website for child sex trafficking, and the names of registrants were exposed, leading to arrests, and public shaming... How would you feel?
I'd be very surprised if you kept the same opinion, that publicly outing those individuals, was not a fit punishment for the crime. Given that, then this entire conversation is completely subjective, and based entirely on your opinion about cheating, lying, and infidelity.
> If Ashley Madison were a website for child sex trafficking, and the names of registrants were exposed, leading to arrests, and public shaming... How would you feel?
This is still an irresponsible exposure of personal information. This is still vigilante justice.
What happens to the people whose identities were stolen and used on that site? Their lives will be ruined.
It is not the public's responsibility to judge or prosecute/persecute. Give the database to the authorities.
> I'd be very surprised if you kept the same opinion, that publicly outing those individuals, was not a fit punishment for the crime. Given that, then this entire conversation is completely subjective, and based entirely on your opinion about cheating, lying, and infidelity.
This has nothing to do with what the people were doing and everything to do with mob justice and innocent people caught in the crossfire.
Public disclosure of personal information is irresponsible and hurts everyone associated with the exposed.
How is public shaming justice? Who are you to decide who and how to punish? What's an acceptable amount of innocent people to expose as cheaters/child traffickers? What about the amount of innocent family members and friends of the exposed that will get to experience this as well?
How many of the gay men in Saudi Arabia exposed by this hack are allowed to be stoned to death before the ends do not justify the public exposure?
You've made some pretty significant assumptions, and in your childish rage, almost missed my point entirely. For starters, to say I don't give a damn about privacy, couldn't be more wrong.
My point is about who to blame, for the negative impact on family members, spouses, children, etc. We shouldn't miss the mark. Blame the correct party.
The "shame" that family members incur from this hack, is due to the NATURE OF THE WEBSITE. It's an AFFAIR website, not a gardening forum. If the public information of a garden information site was hacked, then nobody would be complaining about the harm to family members.
Do I think hacks like this, and exposing private information, is good? NO. I'm saying that the negative impact on the innocent people, is entirely due to the deplorable nature of the site, and the individuals who registered on it.
And frankly, I'm not even arguing whether or not I disagree with cheating/infidelity. I'm merely saying, IF someone feels shame/hurt that their spouse is cheating, they should BLAME THEIR SPOUSE FOR CHEATING.
If you found out your friend's spouse was cheating, you would understand if people were upset if your idea of telling them was to post their pictures, address, relationship status and credit card number on every street corner in the neighborhood.
Also, you do it to people who weren't cheating at all. You don't even know them.
Your comment entirely hinges on the following statement:
"If you found out your friend's spouse was CHEATING"
Let me rephrase it, and let's see if your statement still holds...
"If you found out your friend was a member of a gardening forum"
Given this second scenario, if I were to purchase billboards exposing their personal information, including pictures, address, and - important - their registration on the gardening forum, then I certainly would be to blame for the deplorable act of exposing personal information. I agree on this point entirely.
It is NOT my fault however, if society believes gardening is morally reprehensible, and they then incur shame as a result of having chosen to associate with gardeners.
Replace gardeners, with liars, cheaters, etc, and you'll see (hopefully), why I don't appropriate the blame for this hypothetical "shame for family members" onto the hackers. Furthermore, let's not pretend like the hacker's suddenly caused family trauma that never would have happened. That's incredibly naïve. In all likelihood, if there was infidelity, these relationships weren't exactly headed in a good direction to begin with, and their exposure as liars, and cheaters, would happen for a good lot of them anyways! And just to underscore my point, if they were gardeners, there would be no shame in it all.
So for maybe the 3rd time now, just so that I am completely clear - NO, exposing personal information is NOT cool, and I do NOT think it's right to do. However, the fall out being incurred by family members, has more to due with the nature of the exposure, than the exposure itself. I really genuinely struggle to see why this point is so difficult for some.
You are jumping to unfair conclusions about the person you are replying to. You clearly disagree with him, but this is offensive. You should delete it.
The declaration that "people like you are terrible, terrible evil people" is intentionally designed to offend the person to whom it is directed. It moves beyond the realm of civil conversation to a shouting match, and hence is inappropriate for a discussion forum. I (mostly) don't agree with 'rubicon33', but I'd prefer to keep an environment where his position can be discussed without personal insult.
Right. It strikes me sort of like "hey! this person over here is/has acted like an asshole!" After a point, what do you gain by publicly pointing out the shortcomings of others?
I'd like to think that at some point we'd just get over the whole voyeuristic, hypocritical obsession with finding new witches to burn but I'm starting to just accept that it's part of human nature.
The future is a future where no semblance of privacy exists.
In the year 3000:
"Truth about the ugliness of the human race will finally be revealed when every single detail about anyone's life is public knowledge available to all."
Once privacy disappears we can actually base our morality on data rather than wishful thinking. It's the transition period (i.e. now) where we have pretty arbitrary morals largely based on ancient religious texts, etc. and we're finally getting actual data on what people actually do that is the nasty part.
E.g. we know that rich people have always obtained abortions, used illegal drugs, and had promiscuous sex, but public morality and social mores were constructed entirely on the fiction that this was the exception and not the rule.
I'm an atheist and have an expansive view of morality, but I still value my privacy, not least because it provides me with a small asymmetrical information advantage against institutions with which I would otherwise be unable to compete. I don't think it's the case that if we were all to wake up naked (figuratively speaking) that hypocrisy would disappear and there would be a major adjustment in our social technology.
Take this AM hack; one of te first public casualties was a somewhat famous religious conservative, who had previously been in the news for committing multiple acts of incest/child molestation as a youth (the statute of limitations on which has long since expired). Despite abundant evidence of moral malfeasance and a blunt self-assessment as 'the biggest hypocrite ever', the guys followers are still lining up to defend his fundamental righteousness and condemn his detractors as being on an inferior moral plane. This is irrational, but people place a high value on their illusions and will expend real resources to perpetuate them.
Some people are really dumb. But we are also in a transition period. People in general don't change hard earned prejudices; they die and are replaced by people with new prejudices.
These aren't arbitrary just because they are enshrined in religion and custom. Before the pill, women couldn't sleep around without fear of getting pregnant. Before condoms, people couldn't sleep around without fear of STDs. Before DNA testing husbands couldn't be sure they were the father of their own children if their wife had an affair. Before modern medicine, abortion carried a significant risk of complications - potentially death.
We are adjusting our social values in response to advances in technology.
OTOH, lying, cheating, and betraying those closest to you will never be acceptable. I think we will simply move towards a state where open marriages are much more common.
Back when sex always entailed a chance of pregnancy, food was scarce, disease was a mystery, we lived in small tribes, etc. etc. many of these rules may well have made sense. Survival heuristics got encoded as religion, which was then horribly misinterpreted, and adhered to long past its point of utility. Now these rules aren't random, but they are pretty arbitrary.
Consider that our hangups about sex are tied to a sense of right and wrong that comes down to food scarcity (and other base needs, such as safety from predators) and reproductive rights. So we've got a bunch of people who treat sex as having moral significance owing to a survival/economic importance that no longer exists.
When sex first became disconnected from reproduction we had a "sexual revolution" where people tried to act as if the underlying rules and norms had changed overnight and there were horrible repercussions, but that's not because there's something intrinsically correct about our current (or recent past) sexual mores. Rape within marriage used to be just fine (indeed, it only became illegal throughout the US in 1993).
> Before the pill, women couldn't sleep around without fear of getting pregnant. Before condoms, people couldn't sleep around without fear of STDs.
I'm going to push back on that assertion. There are still STDs in developed countries with plenty of access to condoms. Assuming that STD patients are not intentionally contracting diseases, it appears, at least on a social level, that condoms are not effective ways to prevent STDs in populations, at least not yet. Likewise for other forms of birth control and unplanned pregnancy rates.
I think our morals are outpacing our science and habits. And the disadvantaged disproportionately pay the consequences. Or the people who pay the consequences end up disadvantaged. Or both.
> We are adjusting our social values in response to advances in technology.
Are we? I'm not so sure. We take a very non-judgmental view of all sorts of risky behaviors. Scientifically speaking, anal sex has many more risk factors associated with it than other forms of sex. I haven't seen any studies about health risks associated with infidelity, but it's plausible (if not almost certain) that a person having unprotected sex with a secretly promiscuous spouse is exposed to STDs unwittingly.
I think you can argue for more personal freedom, but I'm going to disagree when you assert that we, as a society, have evolved past the consequences traditional morals were set up to protect against.
Well said. Though of course another aspect of those social institutions was hierarchical stability: if a peasant married a nobility, had a child, and then gained claim to this family's assets then all would go to pots soon. On the contrary a marriage between two noble families would create political bonds to benefit them both. In fact the notion of "romantic love" didn't really exist until the renaissance (though unfortunately now we know pretty well this notion is also quite BS and against human nature anyways). Now with productivity largely increased and ordinary people having much more economic power such an institution has no reason to stand. It's just that social changes mostly occur slower than technical/economic basis for them.
And indeed, a relationship has to be based on mutual agreement and trust. If both sides agree this relationship to be open, then there's no problem at all. It's only problematic if they reached an agreement when starting the relationship, but later couldn't adhere to it. If no deal, then no relationship. If there's a deal, then you'll have to follow through.
Many of our arbitrary morals, even religiously influenced ones, are based on tribal culture and human biology. For example, chastising monogamous cheaters is one way to reduce jealousy and oxytocin-induced stress in a community. Following your example, anti-abortionists may see themselves as championing undefended members of society.
Even in lieu of a privacy-free utopia where we fully analyze our motivations, I think we'll still have biological and tribal inclinations influencing our societal morals. (Unless this hypothetical utopia is so far in the future we've biologically evolved.)
It's not "wishful thinking". It's a tool/lie by the ruling class to control the mass. "Marriage" has always been a tool to ensure hierarchical stability: nobles married nobles because that helped to maintain their family wealth, which is not necessarily how the society works today, and so-called "romantic love" was a new notion invented only after renaissance(it's also not the truth on how humans think/behave anyways). Of course technical advances also play a big part in it. In ancient times there were practical troubles for sleeping around because of STD and impregnation. Female liberation and sexual freedom largely came with advances in contraception devices. Nowadays with everybody gaining more independence and power such archaical social institutions are bound to be obsolete. It's just that social changes mostly come slower than technical/economical basis for them.
Humans have arbitrary morals in much the same way that wolves have arbitrary instincts to pack-hunt; many preceding generations have survived thanks to that particular characteristic, so the modern individuals abide by the behavior, not even fully aware that it happens to increase their chances of survival. The mechanism works the same both for adopted social behavior and for evolved instinct.
But I'd like to make the argument that the central moral imperatives put forth by the bible (as well as by many other religions) would exist as moral imperatives even without religion itself; natural selection would popularize them no matter what.
We will have something far more sinister than just a data based morality.
The planet is overpopulated and it can't sustain that many people. In one hundred years it will be even worse, and measures more drastic than the Chinese one child per family policy will be taken.
The total loss of privacy will let the world rulers choose who gets to live and who doesn't, with ruthless efficiency and, having records of everything questionable everyone has done, no opposition whatsoever.
I guess it will have even plenty of public support.
After the purge, the statistics based morality will rule uncontested.
I don't think so, I think it's just a matter of us learning where our prior ideas of privacy and what should and can be expected are meeting with the new reality. We can not legislate away capabilities that are fundamentally the same as what's existed previously, but have a greater effect because of the digital age, and expect those to hold[1].
Additionally, I increasingly think our interpretation of privacy has been too colored by the recent past (recent in this case being the last couple hundred years). Public privacy is largely a byproduct of increasing urbanization and the anonymity that large crowds provided. In rural areas where someone was around to witness your actions, anyone and everyone might know of it in short order.
I think we will eventually settle on new norms of privacy, where some laws are strengthened, and some are weakened, people are aware of what steps they need to take to be reasonably private in the different areas of their life, and we'll settle into a more normal level of government privacy breaches (they have always existed) than the occurrences we are seeing now (which I believe it a result of our laws and expectations no longer adequately mapping to reality).
1: For example, if a government can legally place a person at a location to observe, I believe any actions to prevent their capability to automate this process (CCTV) will likely fail in outcome, if not legislation.
1: For example, if a government can legally place a person at a location to observe, I believe any actions to prevent their capability to automate this process (CCTV) will likely fail in outcome, if not legislation.
Where I think this might cause problems, be likely to be appealed, or are ripe for legislation to change are cases like this where it would have been completely legal to have an undercover agent stake out the house and obtain the same footage of firearms use and thus obtain the same warrant. I don't know if that was the case here (but it sounds like it was). To be clear, I don't think it's impossible to create laws outlawing that situation, or find that current laws find it illegal, just that those cases will be where there is extreme friction between the law and those it applies to, and there will be a higher likelihood to ignore it.
> Although perhaps your standard holds, and the argument would that constant warrantless surveillance would be illegal even if done by a human.
That's possible. Then again, depending on what is outlawed it may run afoul of what I think is a related (and probably root) phenomenon, where something easily accomplished with little risk or cost by the average person is outlawed, and is often ignored. e.g. Jaywalking.
You won't need CCTV. Many already carry around always-connected surveillance devices. Those devices will only grow in number and their capabilities increase.
> We can not legislate away capabilities that are fundamentally the same as what's existed previously, but have a greater effect because of the digital age, and expect those to hold[1].
If you think about genetic predispositions to certain illnesses, and technologically enabled screening for that after conception as a precursor abortion, then you can see how people will disagree with your statement here.
The same principal applies to digital technology, just because people are able to do certain things, does not mean that the law will ultimately allow it.
I meant capabilities allowed for and accomplishable without digital help, which may have been unclear.
> If you think about genetic predispositions to certain illnesses, and technologically enabled screening for that after conception as a precursor abortion, then you can see how people will disagree with your statement here.
If it was easily discernible without the internet whether the person had that genetic marker, legislating away the ability to determine it with the internet is destined to fail. The key here is whether the digital age makes it easier to expand and correlate on something already achievable through using your eyes interacting with someone.
For example, I don't believe we can usefully legislate away a company's ability to use information gleaned from the customer during your interaction with them for their own purposes. That's the equivalent of asking a fast food server to wear a blindfold. It will be worked around, because it's ridiculously limiting for little benefit. I think we CAN usefull legislate what passive information companies are allowed to share with outside entities, or require they track additional information that makes it easy for them to respond to requests for removal (such as timestamps for all information that carry through to linked info, so we can require removal specific past info and correlations derived from it).
I think something trivial like store employees prompting customers at the till to buy pornographic media that they looked at for too long on the shelf/online, would be legislated against easily.
"I see you've been looking at this porno. Would you like lube with that?".
Displaying overt ads of a specific type at a specific time, probably. Displaying general ads at a general or specific time, possibly. Using that information to do advanced analysis of customers, or do custom tailored time-sensitive (it's payday!) sales, of select inventory they are likely to be interested in? Curtailing them in that manner may be harder to get companies to swallow and live with, and harder for the public to get worked up over. Loopholes would be found, or rules would be ignored, etc.
It's sort of analogous to the friendly neighborhood general store owner Bob knowing his customer Carl is into fishing, getting an expensive but interesting lure, and noting to Carl right after his payday that he has this interesting item Carl might be interested in... I don't see legislation preventing Amazon from doing the same going anywhere.
Sharing that data with outside companies, or restricting it to specific portions of a company with many businesses might be a good candidate for legislation, and also the ability to request specific purchases and associated data or all purchase data for you prior to X be removed.
and only at this point will everyone realize we're all hypocrites, liars and cheats that will all do whatever we can get away with when we need to or it serves our purpose. We'll all have to acknowledge that life isn't as black and white as we like to pretend but is almost entirely some blurry shade of grey that only resembles our own specific set of beliefs in the most narrow of circumstances... and that any and all human behaviour is totally normal and would most likely be considered completely fucked up when applied through your own set of ideals.
We're all capable of fucking up, making shitty decisions, painting ourselves into corners, getting depressed, thinking emotionally instead of objectively/logically. That is the peril of the human condition. I don't think it's fair for any one of us to pass judgment on others actions except when it comes to the physical safety of the community.
So what, one group of people holds marital fidelity dear and think that any action that compromises this view is worthy of exposé. Another group doesn't believe in monogamy or lies about it... largely because to disagree with it ostracizes you from the community - makes you an outsider. Forget innocent parties that are hurt by this - collateral damage, a necessary evil to expose the cheaters. Can you even hear yourselves? Who cares? People lie, cheat and steal all the time. Politicians do it, spies do it, FBI, CIA, NSA, the police, hell, even Presidents do it if it serves their objective. Think about that. When are we going to wake up and realize that this is normal human behaviour - regardless of whether you're happy about that or accept it or not, this is the case.
I agree with those who say leave this behind closed doors. If marriages fall to pieces because of this, that is between them. But to publically name and shame people because their [non-criminal and not-concerning-you] actions don't jive with your morals [Perhaps politicians would be an exception to my perspective on this] is inexcusable. Not many are going to die because someone cheats on their spouse - even if they're caught. But leaking a database of this nature has real repercussions that could cause people death or persecution for something that should only between them and their partner and was none of anyone else's business.
You can't generalise like that. It's a mistake to tar everybody with the same brush in supporting the erosion of privacy. Some people, rightly, hold themselves and others to higher standards. Because they do so, does not necessarily mean they support outing cheaters.
> any and all human behaviour is totally normal
Categorically not. Lines are drawn and accepted socially. People even abide by the rules.
I wasn't tarring everyone with this brush. I don't support the erosion of privacy, so it would be hypocritical of me to tar anyone with this brush, let alone everyone. Much of my family for instance believes in the "I've got nothing to hide, so I have nothing to fear" argument, but my perspective is "neither did the Jews before Hitler".
> Some people, rightly, hold themselves and others to higher standards.
You cannot control the actions of everyone else, only yourself. Others will do what inspires them. What inspires them may or may not align with what inspires you. When it doesn't, expecting them to abide by the rules you hold dear is only setting yourself up for disappointment.
> People even abide by the rules
Yes, when it serves their purpose. When it doesn't, they either break the rules publicly, demonstrate to get the rules changed or break them privately to avoid judgment or being ostracized by partners, family, their community and hope like hell they don't get caught.
Lines are drawn regarding all kinds of things. Let's take just for the argument's sake, speeding, or smoking marijuana, never downloading music or movies illegally - things that we can all agree, there are rules about, rules that (currently) define these activities as prohibited in many jurisdictions. Even though there are rules, and many people may argue they're dumb rules about benign activities, there are still rules. Many break the rules publicly, voicing their defiance; many others break them privately and hope they don't get caught. I'd say given your stance you never break any rules - even rules you consider dumb or counter to your own set of beliefs or don't align with your interests; you always abide by the rules and you always fall in line with the wishes of your neighbour. Of course you don't, nobody does. It's human nature to question the rules and to find loopholes, and to bend them and/or break them when they don't align with our interests. These rules, which are defined for the good of the masses, to maintain the status quo. But what happens when what's good for the masses doesn't align with what's good for you? Do you put everyone else first or do you put yourself first? You put yourself first, you hope like hell you don't get caught or called out; or you hope if you do get caught you get away with a slap on the wrist or that a reasonably competent lawyer could fight your case in court and help you avoid the charges.
For me to believe that you strictly abide by all the rules, without questioning human nature, and without understanding your set of circumstances, would be incredibly naive. There are many reasons people break the law, it's not always cut and dry nor black and white. Most of the time it's incredibly grey - to the point that billions of dollars every year are spent on lawyers to argue to put people in jail or keep people out of jail based on legal technicalities, loop holes and precedence set by previous circumstances; because nothing is black and white. If it were then anyone could go to court and defend themselves and no more lawyers would be required.
Some of those revered as the greatest people on earth shunned the rules to invoke great change. Some canonized as saints after the fact, but in their time considered rebels, misfits and, in some cases, criminals: Rosa Parks, Bob Dylan, Mahatma Ghandi, Einstein, Martin Luther King Jr., John Lennon, the lone protester at Tiananmen Square, Nelson Mandela, heck, even Jesus Christ - the son of man, shunned the rules and defied the status quo because of their beliefs - and many believe their rule breaking changed the world for the better.
The opposite of Gyges's ring. If every fact of everybody's lives, everything you ever thought was public - would you behave more ethically? It's sort of like a panopticon where everybody guards everybody else.
This sounds more like 2020. By the year 3000 there is a great chance we'll all have gotten over our fear, our conflict with government, and ourselves.
Who wants to know? This is a question easily overlooked, but is crucial to observation (aka surveillance). Observation is done by an observer and done with intent. Without intent, we stop looking.
I for one don't want to know or care for petty details about my neighbors. I want safety without the chore of maintaining knowledge. This might be too much to ask by 2020, but by 3000 we should have it figured out (granted we'll still here).
Interesting thought:
"By the year 3000 there is a great chance we'll all have gotten over our fear, our conflict with government, and ourselves."
By gotten over, did you mean we'll have given in to the fact that there will be an observer (albeit a benevolent one?) or that we'll have stopped caring about the intent of the observer?
Honestly, we may not even have a word for what we call privacy now. Or at least that would be a future I'd strive for. Our business is our business, and we love to mind our own business already.
The government has played the fear card to get all this surveillance going, and now fear of surveillance (and government) is what has the resistance going. To have fear be the primary driver of our common intentions is barbaric, and humanity is still barbaric at the grandest scale.
But by 3000, hopefully we'll have gotten over all of our fears. And if all Earthlings are just one tight-knit family, then surveillance of any kind would be just creepy.
Probably in the year 3000 we won't be here, but mass migrating to Jupiter or Saturn in escape from a heating up Sun after some idiot's decision to nuke it just to see what happens.
(ok, that was a bit of an overstretch, I still would like to be paid for eventual movie royalties)
By 3000, I doubt that anything resembling modern society will exist. Look at life in the 1800s or 1700s to see what things will be like, if we are lucky.
"God looks down from heaven
on the children of man
to see if there are any who understand,
who seek after God.
They have all fallen away;
together they have become corrupt;
there is none who does good,
not even one." Psalm 53
The truth about humans has been pretty apparent for about as long as humans have been reflecting on it: we sometimes have high ideals and dreams, and at our best the capacity to even temporarily embody them. But very few people (if anyone) are consistently good, it would seem everybody does something ugly eventually.
I have to agree. The only way it will lead to change is if multiple powerful people are drastically inconvenienced, and honestly I don't think you get to be powerful in western society by being stupid enough to outsource your guilty pleasures to an online information broker.
Not really. Those who don't hold this moral value will still think it's a privacy breach. If they think it's a joke and don't take it seriously, then it's some other problem instead of "moral vendetta"
The data is out there. There was literally no way to stop it. Whether people find glee in it or not is entirely irrelevant, and this notion that if we all just held up our nose no privacy would be invaded is unreasonable.
And it's worth noting that the "pet moral value" that people seem the most outraged about is honesty, however much people try to load it with their own hangups. If this was a site for open marriages, tinder hookups, or anything of the sort, I doubt it would have gotten much attention at all. Instead it's a site for people a) lying to their partner, or b) lying to everyone else. Some of the most reported cases have been about raw hypocrisy.
This will absolutely make everyone pause when offering up data to third parties though, and really that couldn't come quickly enough. Whenever there is a password database dump, one of the things I've always found most remarkable are the number of people inconvenienced because they use the same password everywhere, trusting their life to every random service they used. Similarly, trusting critical, compromising data to some hookup app -- who have competencies and auditing and archiving that you have no notions about -- seems insane, but it has become an online norm. Breaches like this may make people more considerate of the value of their own data.
Yeah, well if you engage in a promise with someone that you're going to be in a monogamous relationship -- let's be real, that's what marriage is for the vast majority -- you're a prick if you attempt to break that commitment, and again, that's what being on AM is about.
Pretending otherwise is delusional, and having morals isn't a bad thing.
Then that's a breach of contract between two private parties which is of absolutely no relevance to outside observers. It is the married couple's prerogative to undergo court procedure if they so desire.
Being on AM wouldn't solely have been about breaking commitment. From what I recall, it became an inadvertent hub for gay dating due to its extraordinary gender/sex imbalance. AM's entire business practice was about hooking into people's desire to seek taboo and then be exorbitant with charging them fees, even for terminating an account. It was, in no minced words, a con.
Having morals means knowing when to stay out of things that are none of your concern.
Having morals means knowing when to stay out of things that are none of your concern
That's fundamental to your moral framework. It may even be fundamental to the moral norms in US or Western culture. But it's not fundamental to everybody's. It's by no means objective. That's why we have objective laws to go by.
Talking about morals means realizing everyone has different morals. Of what use is it to argue whether cheating or hacking or meddling in the business of others or vigilante justice is or isn't moral in general?
> Then that's a breach of contract between two private parties which is of absolutely no relevance to outside observers.
That's one way to look at things. I happen to have a different philosophy about marriage, that it actually does affect other people, and since you're so understanding, I'm sure you'll grant that my philosophy is equally valid.
No. I think marriages actually affect people not involved in the marriage commitment itself. Especially when you consider populations and not just hypothetical individuals.
Yeah, but what does that have to do with random unassociated outside observers? Are you saying society at large has some kind of right to intimate details of personal relationships?
I'm saying it's impossible, especially across large populations, to assert that infidelity is wholly a private matter. It's a compelling notion that doesn't stand up to facts. Be sure to consider things like STD rates, unplanned pregnancy rates, rates of single parenthood, divorces resulting from infidelity, and so on.
I can assert that this data breach is immoral while also asserting that infidelity, especially organized infidelity, is not simply an intimate detail. I'm not sure why everyone feels compelled to square off into two camps on every issue.
A little reading would let you know that there is a significant chunk of happily married people who don't think monogamy is for them. They think honesty is more important. I don't know if these folks are AM users or if they've got a better scene.
I'm aware of those people. I'll formally apologize in a twitter post if a significant portion of the AM clients were in open marriages.
> They think honesty is more important.
Yeah, that's a false dichotomy. And are monogamous marriages dishonest? That's oddly judgmental for an appeal for open-mindedness. Or you meant something else by "honesty", like realistic?. I guess that's slightly less judgy.
A lot of these philosophical arguments get bogged down in boring bickering about word definitions. Marriage, traditionally, has implied "monogamous". At least "adultery" and "cheating" do.
Married people's thoughts on monogamy are irrelevant.
The argument was that the breach of contract is no one else's business except for the two parties to that contract. This was rebutted by someone claiming that they hold value in knowledge about another's breach of a contract.
What I don't understand is the reasoning that says a breach of contract is only meaningful to the parties of the contract. If someone is influenced by knowledge that someone breached another contract, then that knowledge is meaningful outside the confines of the contract.
Well, I reviewed the argument that I was referring to and it wasn't what you are claiming.
Here's the text:
>Then that's a breach of contract between two private parties which is of absolutely no relevance to outside observers.
The argument claimed that the breach was "of absolutely no relevance". Yes, the word "meaningful" wasn't used, but I dare you to provide a definition of the word "meaningful".
>The argument isn't that it isn't meaningful, it's that it shouldn't be.
I'd say the part where vezzy-fnord talks about the couple's "prerogative" and "things that are none of your concern" set the context in terms of moral rights, not whether it can possible affect the other person.
I can see where one might read it differently, though, but I confess I fail to see the point in discussing from that POV.
Eh, there's very little here that has much point in discussion.
I only wanted to point out that this particular sub-thread was going off the rails (as many are, but I can't respond to all of them due to time constraints and HN's hard rate limit).
The information can't be destroyed now, so there is little point in discussions about what should or shouldn't have happened in this specific instance.
If someone breached a contract and this provides evidence to those ends, then it's simply a fact. I completely understand that facts can upset people.
If someone didn't breach a contract...well I'm not sure what the worry is in this specific instance.
In any case, it obviously sucks when information you gave in trust is leaked out and there is certainly a lesson to learn in data security here. There also seems to be a lesson to perhaps not trust companies who apparently fundamentally produce and specifically market a trust violation product. Of course, if you are in the market for such a product, formal calculation of your preference function may not be a priority.
>I'd say the part where vezzy-fnord talks about the couple's "prerogative" and "things that are none of your concern" set the context in terms of moral rights, not whether it can possible affect the other person.
This makes it sounds like vezzy-fnord is arguing for some kind of thought control regime; a regime where one may selectively engineer the exact perception to create in others. If someone can perceive something, they should be able to contemplate it.
Just as it is a couple's prerogative to seek court mediation for their breached contracts (this is the right the argument afforded the couple), it is another's prerogative to act on information that is known to them.
Having morals also means speaking out about things when it is your concern. 37 Million (of course potentially non-unique) accounts on a website advertised with the express intent of cheating on your spouse with nobody knowing is fucked up. It's a sleazy website run by sleazy people with sleazy business practices, used by people who are trying to do something which their spouse VERY LIKELY disagrees with.
Of course there are portions of the AM leak which are bad, like the gay men in Saudi Arabia, but pretending that this is the norm and not the exception is feeding a delusion. Just because a small portion of the website does not follow the same perogative does not mean that we should derail the discussion from the main issue.
An epidemic of cheating over the internet is a concern for people who intend to get married. Estabilshing strong social taboos here is not some awful thing.
It exposes what is already human nature. Okay, it was a potential enabler... you have a fair point. But it having a large male populous turns out to be a popular gay hub. The people on this site were going to cheat anyway.
I don't disagree with it being run by sleazy people with sleazy business practices. From everything I've read, I'd concur with this statement.
An epidemic of cheating over the internet is no more a concern than the "epidemic" of cheating. The internet was just a means to an end... just like party lines, dating services, the bar, the office and everywhere else people of our species comingle without their partners. Cheating is no more an epidemic now than it ever was. People just changed media. Perhaps if it's truly the epidemic you suggest, then instead of that being a concern to people who intend to get married, we as a species need to re-evaluate if monogamy is actually human nature or if it's just wishful thinking impressed upon us by the dogma of our upbringing.
I find the prospect of people making promises to people that we can assume that they love and being unable to keep those promises to be terrifying. If I believed that we weren't able to control our behavior and we were overrun with animalistic desire, I would kill myself. The same ideology is used to justify violence, rape, etc., and if I did not believe that these problems could be addressed or improved upon, I personally do not think life would be worth living.
That's your call. People break promises all the time. I find the prospect that you choose to believe peoples promises will uphold over time naive - that's my perspective and equally as valid to me as yours is to you.
People do things for many reasons you are not privvy to all the time and while they may seek comfort in the arms of someone outside their relationship, doesn't automatically justify violence and rape. I find this argument to be as laughable as those making arguments that same sex marriage is comparable to marrying animals.
If understanding and accepting human nature for what it is makes your life not worth living, then only you can evaluate that.
I choose to believe that people are inherently good. I choose to believe that while their interests align with my own, they're likely to make good on that promise. But I equally believe that accepting someone else's promise without question or qualification is naive at best. I cannot expect them to honour that promise when their interests are no longer aligned with mine.
Does that make my life not worth living? Of course not. I love people, I enjoy being around them. People are amazing, wonderful and fascinating creatures.
...but to expect that one person uphold a promise they had no hope of truly understanding when they made it, for the entire duration of the remainder of their life... and then holding them accountable for failing to keep it. That's beyond ridiculous, I don't care what religion you are.
Do you feel like your hyperbolic response to something that isn't actually even your concern to be a convincing argument of some sort? Without trying to be too callous, your suicide-in-potentia is dust in the wind compared to the sort of misery that would be produced by trying to live according to the standard you thankfully have no right to set.
You're equating an injury to the an imaginary-symbolic construct (the exclusively monogamous relationship) with an injury to an actual person's body that occurs in the case of violence or rape. Contracts are valuable, but they're not people.
How are 37 million private accounts, having nothing to do with you, your concern at all?
You brushed the consequences of this vigilante justice under the rug. Those Saudi Arabians will most likely suffer severe consequences, probably death, for being exposed.
The public is not a judge, jury or executioner, no matter how good it makes you feel to play morality police.
None of this excuses an irresponsible exposure of private information.
Raw numbers aren't of much use here. You need to also gauge intent and opportunity, which is much harder, and at least in the case of opportunity, there was virtually none. You can't do that, so just stay the hell out.
"An epidemic of cheating over the internet". My God, do you think adultery was invented recently? This is a classic fallacy of blaming the mere institutions as opposed to the root cause.
The intent when you register on a website designed for cheating on your spouse seems pretty clear to me. If you found your spouse registering for AM would you assume that it was just to see if they had a sleek UI?
Hook-up culture has always existed as well, but let's not pretend that Tinder hasn't changed the pace/availability of hooking up. In the same light, let's not pretend that the anonymity of the internet hasn't facilitated people comitting adultery.
In the same light, let's not pretend that the anonymity of the internet hasn't facilitated people comitting adultery.
In the same light, let's not pretend that the anonymity of the Internet hasn't facilitated people engaging in terrorist activity and drug trade. When do we build the firewall, captain?
We build the firewall around prosocial behavior. I think that if the names of all of the coke dealers selling their wares through TSR came out today I would not be upset either, because it's a scummy, exploitative industry. If you're breaking a social contract, my expectation of other people upholding their social contracts with you, in that area, are very slim.
The whole purpose of a judicial system is that blanket vigilantism based on "social contracts" is ineffective and prone to high margins of error. I understand that you do not share this belief and instead want to mold people around allegedly "prosocial" behavior, even if it's a legal contract outside your jurisdiction as a natural person. We will have to disagree and cut the argument here.
You wouldn't care if people who are not at all involved are implied to be coke dealers because they had their identity stolen?
Public exposure of individuals' private information is irresponsible, period.
Vigilantism is against the social contract, upholding it implies you gave up that power to the institutions that have the responsibility to judge and prosecute.
Who are you, or anyone else, to question or evaluate "commitment" in a relationship that you have no part of, and know nothing about? Or to force someone's personal private life out in the open where it will be used to judge them without context?
Nothing is as black and white as you are claiming it to be.
One could argue privacy is a more natural right than, for example, property rights since strong encryption can give you absolute privacy, even against the state.
that would be a right to encrypt, not a right to privacy. the 'right to privacy', as established in the US, constitutes a 'reasonable expectation of privacy' that is - if you passively (e.g hiding behind a wall) or procatively (enclosing a letter in an envelope) take measures to hide what you are doing then you have the legal right to go after someone who tries to breach this privacy.
In the context of encryption, A right to encrypt says that no one can stop you from encrypting your work. A right to privacy says no one is allowed to try to break your encryption.
I think you and I have different ideas of what absolute means.
Encryption protects infromation as long as A) the computation power, time and desire available to break your encryption does not exceed the level you encrypted, B) the underlying math principles on which the encryption was based do not see a change in some manner reducing the effectiveness of the algorithm for this task, or C) The implementation of the encryption algorithm did not suffer some flaw reducing it's effectiveness to the level if can be beaten.
I know A and C have happened in the past. I'm unsure whether B has occurred. It's worth noting that in the case of B or C, the strength you choose now may not have any effect on the outcome.
While one could be wrong about the basics of physics and math, you can encrypt things, cheaply and quickly, that would take a computer made of all the matter and all the energy in the universe to break in more time than the universe has existed.
You have to take some care. But an NSA magic code breaking machine is in the same category as flying saucers at Area 51. Exceedingly unlikely.
That's about as good a guarantee as nature can offer.
There's a very specific reason I included B and C in my listed cases. I agree in many or most cases it could be said that it's unlikely certain encryption methods would be bypassed, but to me that only gives you a fairly good prospect of being secure, not an absolute certainty. That may or may not affect your original argument, I'm not sure.
>Yes, it absolutely is always unethical. [...] Nothing is as black and white as you are claiming it to be.
The irony thickens.
Let me rephrase you: "Who are you, or anyone else, to evaluate 'abuse' in a relationship..." -- the answer is "anyone who knows how to count". While there are exceptions to every rule, the majority of cases fall into rather ordinary examples. Not everyone is special.
Of course, indiscriminately doing this sort of thing like the AM hackers is terrible -- notwithstanding those in third-world countries facing draconian legal consequences -- but plenty of the people exposed certainly deserved it.
Nobody asked you to intervene in their marriage, investigate their spouse, or enforce any laws -- adultery isn't even a crime in many places. You do not get to impose your morals on others. A stranger cheating on another stranger has nothing to do with you.
Clearly from the response we're seeing from society outside of this tech bubble where your privacy must be protected at all times otherwise doom ensues, people want to know when their spouse is cheating on them. You make an assumption that quite frankly ignores reality in favor of a weird moral relativism where any sort of judgment is bad.
Odds are that people don't want their spouse cheating on them.
Someone stealing from someone else doesn't have an affect on me either, but I would operate under the default assumptions that
1) they want their things
2) they would want to be notified if someone wanted to steal their things
3) they would want to be notified if someone actually stole their things
And guess what? People acting in this way has the prosocial implication of teaching people that stealing is bad, and gives me the assurance that if someone is trying to steal from me that people will let me know!
Hacking into a dating website is not analogous to merely observing someone stealing. If you set up cameras pointed into my bedroom, I'd have a big problem with that even if it did catch a burglar.
The fact that some people approve of vigilante justice and disrupting the personal lives of people they don't like doesn't mean it's a good idea. There are many obvious historical examples of terrible harm that sort of thinking has caused. If you think adultery is a crime that requires help from people not involved in the marriage, I suggest you campaign to make it illegal in all states and ask for police resources to be dedicated to it. If you see someone stealing, you should call the police.
Again, you have no way of gauging intent. An example the poster above gave is a really great one. A couple having a consensual S/M relationship that involves controlled pain, possibly leaving visible marks. Your method would be to immediately rat them out to the authorities. Congratulations, you just ruined a happy couple's relationship because you can't see past your own thin worldview, and never bothered to think before you act.
BDSM is legal under Lawrence v. Texas in the United States, as I recall. The police are generally aware of this. Though, in this situation, a reasonable person would ask first.
From what I've seen, interest in the Ashley Madison leaks has been almost entirely prurient ("OMG look at this guy!"), which is a common human foible, but not something that's generally considered good to encourage. Many people also reacted positively to the theft of compromising photos from dozens of celebrities last year, for very similar reasons.
Let me rephrase you: "Who are you, or anyone else, to evaluate 'abuse' in a relationship..." -- the answer is "anyone who knows how to count". While there are exceptions to every rule, the majority of cases fall into rather ordinary examples. Not everyone is special.
I'm guessing that you haven't talked about this with anyone who is into BDSM. Just because you witness something that you think is violent abuse doesn't mean that you're right.
Conversely I've seen perfectly pleasant looking couple who engage in constant verbal abuse disguised as pleasant commentary. Most people won't recognize it for what it is. Go read http://www.amazon.com/The-Gentle-Art-Verbal-Self-Defense/dp/... and you may do better than most people.
Be very, very careful about judging what happens in other people's relationships. It may be bad. Or you may not know. For real.
At best you're arguing for vigilante justice. An internet mob accountable to no one and meting out punishment to people who, for the most part, have not violated any laws. No, that is not ethical. I don't want self-appointed Morals Police going around ruining lives for perceived crimes. I don't think mob justice is ever ethical.
So...basically a large scale version of ruining someone's life for being an asshole? I dunno about you but while I'm not married and have never cheated on a spouse, I've certainly been an asshole before and I'm glad my life wasn't completely screwed over it.
Unfortunately, that's not how the "politically & economically powerful demographic in the world" works.
What you will see is lots of new laws to crack down on hackers, encryption and any type of computing not specifically 'approved' by some sort of security overlord department.
Look at what the UK is proposing (way before AM became news) and you'll have a rough starting point.
The laws will be the exact opposite of improved privacy.
Yes, but then someone creates a network for cheater spouses that gets in the news cycle because it's "impossible to hack due to futuristic maths" (ie. peer-to-peer). And now suddenly something decentralized and provably private seems very interesting and practical to those who were previously interested in legislative solutions. But I'm an optimist :)
If anyone here is a science fiction fan (seems unlikely right?), there's a great comic called The Private Eye which takes place in a society which experienced a fallout from an event not unlike this (though on an even larger scale).
Some people of questionable ethic and questionable intelligence gave a third party incriminating information about themselves and also gave them money all while hoping for discretion. (I say questionable intelligence because the real rich and powerful use different services provided by different people..) Any privacy agreement was a private one between 2 parties, at best covered by civil law, maybe Canadian civil law. Certainly nothing binding in any substantial way was signed.
It's certainly making light of online privacy but I'm not sure there is a battle here, it's just demonstrating that it's still very much the wild west out there. What should happen here? Should AM pay a fine to some government? Class action law suit? (I think that idea is particularly hilarious..)
Riddle me this, so suppose AM goes bankrupt. Can their creditors just take that data and sell it? It's an asset, right? Is it possible for a EULA or some sort of agreement to prevent that? Hackers or not, all that information could be in someone else' hands, that the users have no agreement with. AM is sort of the poster child for these problems but you may have given a lot of information to companies that you wouldn't want other companies to have.
This is going to have some long-lasting repercussions on the industry. I fully expect there to be a push in the legislature to require PCI-like compliance from anyone who takes "sensitive data". That would have very serious effects for the startup community.
Any architecture that facilitates this will lose massive amounts of customer data, full stop. Backups have to be in places where live systems can't touch them, or can append only. Backups have to be offline and immutable. If you can mutate a backup based on a user request, it's not a backup.
Offline backups are, however, pretty hard to steal (unless you're stealing the physical tapes).
So... immediately, maybe. Completely, no fucking way.
Right, but eventually the older backups (still containing Joe Public's data) will go away. Depending on how long you retain backups it may be anywhere from a few days to perhaps a few months but at least it will be gone from the live systems immediately.
I second those wishes, but thats feasibly impossible without vast auditing resources. DB backups, logging, and the general "archive-first" nature of the modern web essentially prevents this from happening.....even if service providers wanted to give this opportunity to its users...and most do not.
What I find weirdest about the whole thing is the data wasn't sold back to Ashley Madison. The hacker(s) could have leaked 10 or 20 juicy names then probably cleared $10 million dollars or better. It would have been a bargain to Ashley Madison at that price.
The problem with digital data is that it can be replicated at no cost and with no trace, so there wouldn't be any way for Ashley Madison to ever be sure the leak was contained. They could pay $10MM for a copy of the data... and two months later it can anonymously show up on Tor. Not to mention the hackers would need to come forward to collect the $10MM, which might land them in a jail cell before they can collect.
All bitcoin transactions are public record, and even if you tumble you are setting yourself for getting caught by repeatedly doing the same actions. Besides, the value of the information decreases over time, meaning you're going to be making the large payments up front.
> even if you tumble you are setting yourself for getting caught by repeatedly doing the same actions.
By doing what? Making payments to an address?
> Besides, the value of the information decreases over time, meaning you're going to be making the large payments up front.
Any lumpsum can be structured as an equivalent series of regular payments. Whatever the present value of not having the data released is, it can be turned into a set of finite or indefinite payments, which last 1 year or 5 years or 10 years or however long the company feels the harm will be non-neglible. And by doing this, you still get the anti-defecting incentive of a stream rather than one-off payment.
Those transactions become permanently public, and can be used against you in court if at any time in the infinite future you are tied to that address, or tied to any addresses pulling bitcoins out of that account (which are also publicly recorded actions). Compared to cash, which is not a matter of public record, bitcoin is not a "Perfectly Adequate" solution.
Without contracts or signals, you can't make monthly payments on a depreciating asset/service because it becomes an auction. The hackers are rationally incentivized to maximize their returns, and that includes selling the data to the highest bidder before the price depreciates. That means that Ashley Madison would need to beat the highest bidder each month, without knowing if the other bidders are even real.
You apparently don't. Payments do not in themselves offer any risk whatsoever when the payments are made to a brand-new address (which is so obvious and basic a point of secure Bitcoin use I didn't need to mention it); these payments to the blackmailer can then be mixed in numerous ways at varying costs and levels of efficacy - Coinjoin, a large DNM, a web wallet, an exchange (either to just gradually withdraw, or sell outright into another cryptocoin & then sell that cryptocoin at a different exchange, particularly one of the cryptocoins with built-in anonymity features), sent to stealth addresses, etc etc. The pseudonymity of this does not affect the mechanism of turning a lump sum into a stream of payments: the payments can be safely made with reasonable levels of transaction costs, and thus the blackmailed and blackmailers can transact safely and keep the data private or not, with neither side being ripped off for more than one payment.
> The hackers are rationally incentivized to maximize their returns, and that includes selling the data to the highest bidder before the price depreciates. That means that Ashley Madison would need to beat the highest bidder each month, without knowing if the other bidders are even real.
If the hackers are bluffing, then AM can always call their bluff. If AM is not confident they are bluffing, then they will simply pay up to the value of keeping the data secret. Where's the problem here? Again, why does a stream of payments fail where lump sums would succeed?
So, how the hell would you receive your criminal payment of $10mm? How would your life be afterwards? You don't think the FBI or whoever else will be spending $2mm to catch you, and a big money payment like that will be the way to track you?
how to get the money: bitcoin, move to russia and use wire transfers, launder it through lawyers, etc
life afterwards: one hell of a lot richer
fbi: part of the agreement is ashley doesn't go to the fbi, again, with the full data release hanging over their heads. And no, I don't think the fbi would be particularly motivated. They have plenty on their plates. Because, crucially, Ashley Madison wants this to go away (hence the hush money), so they're unmotivated to pursue legal challenges because it quite likely results in the full data release.
Particularly with the potential of disrupting the ipo, it seems straightforward to cut a deal.
The FBI wouldn't want to be involved either. What high-level bureaucrat wants to defend themselves in front of a congressional investigation about why they spent taxpayer dollars keeping marriage infidelities private instead of X, forall X they could have been working on instead?
Ok, on the flip side, how would AM hide a $10mm payment to a random shady group from investors and future IPO filings? A new office in russia for 'consulting services'!?
And in these kinds of hostage negotiations, you give in to demands while simultaneously try to capture the criminals.
It shows the solution really. Turn the focus on the people making decisions. Put them under surveillance and see if they still think everyone needs to have all their communication public for their own safety.
You trade money/favors for discretion from the smallest number of people possible, with the unspoken implication that if they betray you'll spend at least as much on inconveniencing them afterward.
Maybe some of them fear that using professional escort services make them bigger targets for blackmail or their information will be used to cut deals when the escort service is busted. Also, some may be looking for more than sex with professionals.
What would you prefer, some amorphous undefinable moral relativism where everyone is somehow a good person, and we're all the same? Public shaming is a pretty decent prosocial incentive.
How about people not sticking their noses into other people's relationships?
We used to have the state jail, or even torture, adulterers. Society eventually agreed that it's not their job to do that. Let's hold off on forming lynch mobs.
Where are the lynch mobs? For the vast majority of these people, they're being called assholes because they were being assholes. I'm okay with that. The same "not sticking our noses into other people's relationships" was the root of the Family Values crowd in the 80's saying that domestic violence is a family issue, incest is a family issue, etc. Where do you draw the line at sticking your nose into other people's relationships? I find public shaming for deplorable behavior to be perfectly fine.
And if a ton of these people are non-monogamous, then perhaps we as a society should have a discussion abuot how our values are shifting and what new families look like, but something tells me that there aren't suddenly millions of non-monogamous marriages.
They're not just being called assholes, they're having all personal and financial details dumped in the process. There's a difference.
We've generally determined that sexual practices, as long as they're consensual and do not involve harm to anyone outside the participants themselves, should not be subject to persecution. This includes incest, as much as it may disgust you. A lot of people are disgusted by coprophagia, that doesn't mean we should publicly shame people for having sexual tastes that aren't to our fancy. It is as arbitrary as shaming people for musical preferences.
Domestic violence is a wholly separate problem altogether. There's nothing that doxing will do to solve it.
The incest I was talking about was wrt the Family Values discussions in the 80's in which there was some discussion of molestation being a family issue that should not be handled by the courts. Admittedly this was a fringe view, but still discussed.
I agree that financial data being dumped is over the top.
> And if a ton of these people are non-monogamous, then perhaps we as a society should have a discussion about how our values are shifting and what new families look like
Why should we have that discussion? If my spouse was cheating, I'd want to have that discussion in private, without gawkers, and without social pressure from the uninvolved.
If you had the option of knowing that your spouse was cheating via dox, or not knowing at all which would you choose?
I would still contend that you do get to have the discussions surrounding all of this in private, if you choose, or in public amidst people who are going through the same thing that you are through discussions like these, the legal system, etc.
What about the scores of people to whom cheating is a dealbreaker, who now have the means of divorcing their cheating spouses? What is the net outcome of the situation?
The same "not sticking our noses into other people's relationships" was the root of the Family Values crowd in the 80's saying that domestic violence is a family issue, incest is a family issue, etc. Where do you draw the line at sticking your nose into other people's relationships?
How about we put the line somewhere between physical force and broken promises? Just an idea.
It's worth pointing out that even traditional Western morality looks askance at "detraction" which is "the sin of revealing another person's faults to a third person without a valid reason."
To what end? There's clearly a social benefit to people not always minding their business. Do you really prefer that people stick their head in the sand instead of looking at social problems and discussing them, even on an individual level?
I could defiantly see some stricter privacy laws being passed - also might I'mpact google etc if they have to start vetting staff in the same way big telcos do.
Back in my BT days I knew team leaders who had to get PV'd (aka TS) clearance.
> because the demographic hit by this hack is the most politically & economically powerful demographic in the world....
They're saying that because those affected have the ability to actualize change, it's more likely that some action will be taken to further online privacy.
It's basically the strategy John Oliver used to raise awareness about government surveillance. Most people don't care about privacy until it gets sexual.
I know it's a giant long shot, and the Zhu is not using his own IP/ISP, but could the FBI use the screenshot showing his desktop with Twitter, Youtube, Google and do an intersection of IPs on those services for the pattern that matches his use on those services ? The twitter user Zhu, who listened to Thunderstruck and went to Google within a time period.
edit: I'd like to have 1% of the $500k bounty wired in Dogecoins please
Why do they need to censor an alias account for someone connected to the hack? There is no "Zu", the photos of Zu and his locations are copied from the internet.
For the same reason I don't go around and post an article how "watty" did $x. It doesn't matter if this is a pseudonym and what kind of avatar you use.
If watty might be implicated in something illegal I should go talk to the police and not publicly witch hunt your handle, no?
I still don't see the problem. If this handle was directly connected with $x I would fully expect people to be discussing my handle in blogs/forums. Going to the cops is fine and dandy too of course.
Krebs even clarifies "If Zu wasn’t involved in the hack, he almost certainly knows who was.".
So I'm 85% sure that ${User} is connected to a CP ring in some way.
Should I publicly out ${User} even though I could be wrong and let them suffer the ramifications that it causes?
If they lose their job, spouse, shunned by family, receive death threats, and have an internet hate mob trying to find where they live because the evidence was "leaning towards them" does that make it okay for me to call them out as being connected?
"Oops, I was wrong. They aren't connected after all." doesn't fix ${User}'s life. Even if it opens up a defamation lawsuit, it won't fix their life - and the lawsuit will be expensive - and even when they win they'll hardly see any money because I'm some nobody who doesn't have any money for them to sue for to begin with.
Do you still not see the problem?
Edit:
Not to mention I may not even be in their country.
unclear if its a witch hunt or if Krebs wants to be on record with his reasoning in order to secure some of that $500K bounty if it turns out to be this guy?
I've never figured out how they actually decide who gets what if they have to split that up.
I'm pretty sure Krebs is in the game for the publicity, not the reward money. The publicity and "staying relevant" as a security researcher has a lot more value than a nebulous reward that likely will never pay out.
Based on the typical wording when reward money is offered, I strongly suspect almost no reward money is ever paid out. It typically requires arrest and prosecution (often conviction) and there are plenty of opportunities for the lawyers to say "sorry, your tip did not qualify" even if someone is arrested and prosecuted.
I did not find a direct offer, but Wired has a quote[1] (most sources don't even provide a quote!):
“Today I can confirm that Avid Life Media is offering a $500,000 reward to anyone providing information that leads to the identification, arrest and prosecution of the person or persons responsible for the leak of the Ashley Madison database,” Evans said, according to the BBC.
Update: Odd. The BBC link in the Wired story has quotes from "Bryce Evans of the Toronto police", but does not have the offer of a reward quote that Wired quotes.
http://www.bbc.com/news/technology-34044506
Not familiar with Twitter, but if you can easily get all or most handles through their API or scraping then wouldn't it be easy to brute-force reverse the hash?
Edit: Maybe add a private salt?
Edit again: Oh, missed that "The Twitter handle Brian Krebs..." is effectively the private salt, nevermind.
The inclusion of a salt only protects against precomputed hashes. It makes almost no difference to how many millions of hashes one can perform per second.
I think the idea is not to publicize the salt. The proof still works (after both user name and salt are publicly known), but a dictionary attack with all twitter handles won't work.
Exactly. If you publish just the digest of "HMAC(salt,handle)" and want to find a new salt in order to fill in a different twitter handle but with the same digest, this is called a pre-image attack -- finding a message with a specific hash value, with a time complexity of 2^n.
then he could not provide evidence the handle and hack were connected. He would either need to provide enough relevant information for a reader to independently discover that Zu was the correct twitter handle, or leave out enough info that it wouldn't be convincing.
If/when these people are caught, they should face the consequences of their actions but I'm not going to wrap paranoia over my own peccadillos in fake outrage over internet privacy.
I'm opposed to people doing unauthorized things with other people's property on general principles. I'm far more concerned with the IRS's data breach because every victim was legally compelled to submit certain personal information to the IRS. Everyone on Ashley Madison was there voluntarily for nefarious purposes.
Catch them and prosecute them but don't cry crocodile tears either.
Most of them yes. Lots of innocent people are caught up in this too. For example, many women joined the site to try and find out if their husbands were having an affair. Other people had third parties use their pictures and emails used to sign up.
Agree. But if I understand correctly, the purpose of the hack was to take down a website that was ripping people off and, in the minds (if not experience) of the hacker(s), a scam.
In a way, it's not unlike Snowden's revelations. Yes, it was illegal. Yes, some people are embarrassed. But the intent, in the long run, is actually to protect those people.
And, regrettably, the fact that sex secrets were exposed is likely to alert much more of the population to the real dangers of privacy erosion than Snowden's revelations.
Read the "Time's up" message they wrote. They pretty much speak in a righteous way to the signed up people. They tell them to "atone and move on" or something of the sort.
This reads to me more like "power trip" than anything else.
Peoples' motivations for doing things are never cut and dry. Yes, an amount of ego may have snuck in there, but they may have also genuinely thought they were doing a Good Deed.
The old narrative of vigilante justice in the hacker set is getting repetitive. I wish reports weren't so biased to use 'hacker' in their stories because it forever connotes hack with something unsavoury. This is an infosec breach, not a hack. The 'Impact Team' even said they did not have to try that hard. Any good hack has hack value, and the only reason AM was booted offline was because it happened on their clock, and not the clock of any other {random} internet database. This could have been any site. Also I wrote this small piece on hackerdom and what paths we can take if we are inclined to hack: http://blog.higg.im/2015/05/27/hacker-with-lots-of-free-time...
>To say that Zu tweets to others is a bit of a misstatement. I have never seen anyone tweet the way Zu does; He sends hundreds of tweets each day, and while most of them appear to be directed at nobody, it does seem that they are in response to (if not in “reply” to) tweets that others have sent him or made about his work. Consequently, his tweet stream appears to the casual observer to be nothing more than an endless soliloquy.
Perhaps that's all Zu is? A bot, or a covert chat channel of some kind. Perhaps prime numbered words from every third tweet contain the real message, or something like that?
Hmmm ... is it appropriate for Brian Krebs to dox this person (at least to some extent), in a much more public forum than someplace like 4chan, because Krebs suspects him or in order to compel him to talk to Krebs?
This is pretty poor journalism. Reminds me of the reddit Boston bombing witchhunt. Note that in the comments, Krebs had to be "reminded" to reach out to Thadeus Zu for comment.
"MOTHERBOARD: How did you hack Avid Life Media? Was it hard?
The Impact Team: We worked hard to make fully undetectable attack, then got in and found nothing to bypass.
MOTHERBOARD: What was their security like?
The Impact Team: Bad. Nobody was watching. No security. Only thing was segmented network. You could use Pass1234 from the internet to VPN to root on all servers."
2.) My read is that, instead of no security, (or else AM would be have been compromised instantly by script kiddies) they used manufacturer default passwords on internal firewall appliances.
I am sure there are others, once the password is changed to one of these easy passwords, someone who owns the account is support to change it to a harder password.
I used to work as a federal contractor and in IT departments and handled password resets.
One time as a federal contractor someone phoned in from Florida to pretend to be me or someone in my group to get our account password changed to one of the above. They used social engineering and might have been someone who worked there but retired.
When you have a weak password, people can easily break in.
This seems awfully meta - as the AM hack revealed 30m people to have lost any real privacy in the digital age, the person seemingly / likely / possibly responsible is hunted down and much of his life laid out like a private investigators report through his digital trail.
It's curious - we are all being affected by the new digital pollution
The hacker is a criminal, he's being hunted by the FBI. Brian Krebs is good at tracking down people but he's not a vigilante. In the end the hacker will be arrested and have his day in court.
There isn't any contradiction, if you were implying there was. All of the information compiled in this article was published to the public. Any private information that has been revealed about this individual is likely misdirection or irrelevant.
> But there may something else going on here. It is possible that Zu’s approach to tweeting — that is, responding to or addressing other Twitter users without invoking the intended recipient’s Twitter handle — is something of a security precaution. After all, he had to know and even expect that security researchers would try to reconstruct his conversations after the fact. But this is far more difficult to do when the Twitter user in question never actually participates in threaded conversations. People who engage in this way of tweeting also do not readily reveal the Twitter identities of the people with whom they chat most.
I love how Krebs has reframed "subtweeting" as some sort of new security practice as opposed to an annoying passive-aggressive thing everyone does from time to time :-D
The AM hack is similar in tenor to the Sony hack. Nothing about the hack has the feel of a lone wolf or black hat operation. I have no doubt someone will get pinned for the hack, but I also think if it wasn't an inside job it was state-sponsored.
(1) The hackers dislike the idea of adultery and wanted to harm the site & punish its users;
(2) The hackers wanted to blackmail the site and its users by threatening to expose them if they did not pay hush money or perform other services (e.g. reveal secrets).
It seems that motive (1) has some acceptance (people are cheering the hackers), but I think (2) seems more plausible. These guys aren't heroes: they found a vulnerable target and went after it.
(3) They're in it for the lulz, and realized that going after an unsavory company with unsavory clients they'd create a Schadenfreude-fueled media sensation they'd have extra lulz.
The aspect that a company who's business model resolves around people breaking contracts (marriage contracts) finding itself on the downside of what could of been an employee who broke their employment contract is something ironic.
Maybe we should not be calling those a hack and more a data-affair.
Still one can only hope that we gain some better protection and rights regarding how companies handle data and more so in the area of authority auditing that those rules and standards are maintained.
This reads like a scene straight out of Hackers or some other campy tech movie. Life imitates art.