Quantcast

«

»

Aug 10 2012

What Thunderf00t did, and how.

By now, I’m certain you’ve read Phil Mason’s, AKA Thunderf00t’s, confession about how he’s done exactly what people have accused him of: accessing the back channel after being kicked off the blog.

He spins himself as a whistleblower about vast conspiracies within Freethought Blogs, how we’re looking to destroy people’s careers every time we commiserate with one another about someone who’s aggrieved us. How this back channel operates like a “clique” where achievements are lauded, messages amplified, and disagreements mocked mercilessly. In other words, it’s a social club for people who choose to participate, to help spread collegiality amongst our bloggers and support one another when under attack. As such, considering that many of these private thoughts are not fights we wish to pick publicly and how Thunderf00t now controls what fights we have with whom because of misplaced trust in what happened to be a compromised listserv, Thunderf00t now gets to control much of the dialog of this blog network.

How very conspiratorial.

You’ve probably also heard that he “doesn’t Doc Drop” in the same post where he violates several folks’ privacy in ways that amount to logistical hair-splitting — and worse yet, we have only his word to go on that he’ll take pains to protect the identity of those pseudonymous bloggers among us who have everything to lose. His word that he’s a good guy, all while he’s engaging in other gross violations of trust.

There are lots of reasons why people had every expectation that the FtB back channel was private, which Greta itemizes. Ashley weighs in on the issue out of pure outrage for the very real personal danger that Natalie Reed is in as a result of an accidental or intentional leak of her personal information, to the point where she’s put off of the atheist movement altogether. Stephanie deconstructs his chosen frame, given that Wikileaks this ain’t. And Zinnia is agog at the sheer disrespect for the very concept of privacy.

I helped Matt, our webmaster, investigate the breach. I will have to, by necessity, describe exactly what went wrong and why.

Server-side, we (up until recently) used a program called Mailman to handle the mailing list functionality for our server. It is a very mature codebase, with no if any known technical exploits for the version we were using. Configuration and security, however, is another story.

Mailman apparently never expires an invitation ticket — once you’re invited to a mailing list, the original email you receive asking for your confirmation allows you to log back in and thus rejoin if you’re ever kicked off. This produces no confirmation email to the administration under the default settings. This is probably by design, or a design oversight — Mailman was likely always intended to run mail lists that were free to join and leave, and only secondarily running private invite-only lists.

Thunderf00t was added with the batch of Youtube vloggers we brought on board:

Jun 07 11:07:01 2012 (23765) [list addy]: new [Thunderf00t's Hotmail address], admin mass sub

When Thunderf00t was booted from the network, Ed got email confirmation that he was removed. Thunderf00t would have gotten a message saying he’d been unsubscribed. The logs also show it:

Jul 01 09:46:54 2012 (7837) [list addy]: deleted [Thunderf00t's Hotmail address]; member mgt page

But they show more.

Jul 01 09:53:03 2012 (8689) [list addy]: pending [Thunderf00t's Hotmail address] 78.80.[xxx.xxx -- IP resolving to Czech Republic, either he was there or using a Tor proxy]
Jul 01 09:53:31 2012 (8716) [list addy]: new [Thunderf00t's Hotmail address], via web confirmation

Less than ten minutes after he was booted from the mailing list he rejoined using the original auth ticket, and none of us were the wiser.

A month later, we were tipped off that he’d been leaking emails from our list to people in our community, stirring up shit that we simply hadn’t been publicly stirring up ourselves. We immediately started pursuing legal advice on the matter, and Matt booted him and changed the settings so all list changes had to be directly approved by an administrator even with a valid invite ticket.

Aug 02 18:10:38 2012 (12417) [list addy]: deleted [Thunderf00t's Hotmail address]; member mgt page

The logs show that he immediately attempted to get back on again:

Aug 02 18:19:46 2012 (13060) Login failure with private rosters: [Thunderf00t's Hotmail address]
Aug 02 18:20:51 2012 (13133) Reminder attempt of non-member w/ private rosters: [Thunderf00t's Hotmail address]
Aug 02 18:21:52 2012 (13212) Login failure with private rosters: [Thunderf00t's Hotmail address]
Aug 02 18:22:42 2012 (13266) Login failure with private rosters: [Thunderf00t's Hotmail address]
Aug 02 18:30:10 2012 (13841) Login failure with private rosters: [Thunderf00t's Hotmail address]
Aug 02 18:33:02 2012 (13976) Login failure with private rosters: [Thunderf00t's Hotmail address]
Aug 02 18:35:31 2012 (14100) Login failure with private rosters: [Thunderf00t's Hotmail address]
Aug 02 18:36:09 2012 (14150) Reminder attempt of non-member w/ private rosters: [Thunderf00t's Hotmail address]

The reminder attempt log lines are instances of him attempting to use the password reminder form to get back in, assuming we’d locked him a different way than just deleting his account again. Ed would have been prompted to let him in if he’d actually requested directly, via the option to “join the list” on the Mailman page, and to my knowledge he didn’t try that — he only tried the easier options that were less likely to trigger repercussions. I cannot ascribe motivations on this, but it seems fairly self-evident why he wouldn’t directly ask to be let back on.

The log files show the date and time of the very last email our mail server sent to Thunderf00t:

2012-08-02 18:10:39 1Sx6PX-0003EI-MH < = [FtB's postmaster address] H=localhost (dev.freethoughtblogs.com) [::1]:51819 P=esmtp S=985 id=mailman.0.1343956238.12417.[old FtB list address] T=”You have been unsubscribed from the Freethoughtbloggers mailing list” for [Thunderf00t's Hotmail address]

So he’s off the list again. This time for good. We’re not even using that software any more, so I feel relatively safe in explaining all this.

Update: See also Ed’s statement on the matter, and PZ’s.

Update 2: Charly posted the following below:

As further evidence that this is real I can attest, that Thundef00t was indeed in Czech Republic. I have first hand information from admin of czech atheist organization website, that he and some other czech atheist activists met Thuindef00t in Prague.

Additionally, I’m putting a strict moratorium on speculation about legal actions. While there are possible routes of action FtB can take, we have not yet squared away all of this with the lawyer we apparently have on retainer for this issue. I’ve told you everything I can, and will not post unexpurgated logs publicly both out of respect for Thunderf00t’s privacy and for the potentiality of messing with any future legal remedies we may or may not attempt.

118 comments

17 pings

Skip to comment form

  1. 1
    VeritasKnight

    Considering you would have had to invite me to your backchannel to begin with.

    Thank you for posting the logs, Jason. Some people have been screaming “we want evidence” and this is it.

  2. 2
    Jason Thibeault

    I’d have posted it way sooner, but I needed to be sure I wasn’t going to screw with any potential legal actions we might be forced to take to get him to destroy what he’s stolen.

  3. 3
    stakkalee

    Thank you for posting this Greg – there’s a lot of confusion out there about what TF did and how he did it. I wouldn’t call it “hacking” in the most technical sense (ie. he didn’t use any exploits or brute-force methods, or crack the box itself) but it’s definitely hacking in the “accessing a private server you have no legal right to access” sense. I hope you guys are treating this as seriously as it deserves – illegally accessing a system is bad juju, regardless of whether the owners of that system took every action they could to keep the unauthorized person out.

    Thanks again, and I hope you get a chance to enjoy the weekend.

  4. 4
    VeritasKnight

    I figured, based on what Zinnia and Ashley said on Twitter last night, that some technical stuff was coming. Anyway, that plus Thunderf00t’s bragging about doing it, is more than enough for most reasonable people. Though I suppose some will accuse you of making up the logs.

  5. 5
    Jason Thibeault

    Err, who’s Greg?

    Yes, if you subscribe to the Richard M. Stallman school of linguistics, this isn’t “hacking”, it’s “cracking”. Unauthorized access of a system, no matter how easy it is, is still unauthorized access and still morally questionable at absolute best, legally questionable at worst. It takes a special sort of broken moral compass to think what he was doing was “right”.

  6. 6
    stakkalee

    Crap, what a fail. Personally, I blame my fingers, but they’re pointing all the blame back to my brain. Stupid brain. Anyway, thanks again, and apologies for the namefail.

  7. 7
    Ace of Sevens

    @6: From what I’ve seen, TF’s moral compass seems limited to “Islam bad; me getting my my good.” He probably figures he didn’t really do anything unethical because this isn’t “real” cracking and he’s a whistleblowing hero.

  8. 8
    Sili

    the very real personal danger that Natalie Reed is in as a result of an accidental or intentional leak of her personal information, to the point where she’s put off of the atheist movement altogether.

    “Mission Accomplished” I fear.

  9. 9
    BlackBloc

    Hacking in the general sense is ‘using resources in a way not originally intended by the system’. Some people extend the definition to ‘life hacks’, for instance the first example from this link where the direction of the coat hangers in your closet can be used as a way to gain information on what clothes you’re not using (and could therefore donate).

    http://www.buzzfeed.com/eduardoleon/35-life-hacks-you-should-know-ga9

    So in that sense, what TF did was a hack, as he reused the authorisation ticket from his initial join on the listserv to rejoin the listserv after being booted off. It is a very low level hack, as far as computer skills go, but it qualifies. Hacking is not always something that takes computer genius to accomplish.

  10. 10
    Sili

    (ie. he didn’t use any exploits or brute-force methods, or crack the box itself)

    I’d call reusing an old invite an “exploit”.

  11. 11
    qwints

    Morally indefensible, but I’d be surprised if a law enforcement agency was willing to pursue a case given the details of how he gained access.

  12. 12
    Jason Thibeault

    Seriously? So law wouldn’t care about B&Es that happen because a window was left unlatched? Or more accurately, because the latch we thought we had actually is very easy to open if you just shimmy the window to the left a bit?

  13. 13
    Ace of Sevens

    Hell, it can be hard to get law enforcement to care about B&Es when someone pried a car open with a crowbar.

  14. 14
    qwints

    Jason,

    Analogies are not very useful when doing statutory analysis.

    At a federal level (if Thunderfoot is in a different state from the computer system he gained access to), the relevant statute is 18 USC 1030 . The key element of the offense is whether TF “intentionally accesses a computer without authorization or exceeds authorized access.” As his only access of the computer was using a legitimate authorization ticket, it may be difficult to prove up intentionally unauthorized access.

  15. 15
    stakkalee

    Quinn, it was no longer a legitimate authorization ticket. By removing him from the listserv they showed that they no longer wanted him to access the system. The fact that they forgot to “close the door after him” doesn’t change the fact they removed his access, and that he took steps to regain that access without their knowledge.

  16. 16
    Jason Thibeault

    Here’s another analogy: consent to be on that list was expressly revoked when we kicked him off. It’s like he was booted from his apartment but nobody knew he had a copy of the key. It doesn’t matter that we didn’t immediately change the locks until we realize he’d been squatting silently in the apartment.

  17. 17
    Jason Thibeault

    Quinn: why are you suddenly questioning whether what he did is legally actionable, when you seemed on board over at Pharyngula? Is it only the ease of the exploit that leads you to believe that there’s nothing anyone can do about this?

    Additionally, why are you only considering the criminal aspects, when there’s also the civil side?

  18. 18
    brianemerick

    :sigh: Why are we fighting in this movement? We get enough of that from the religious.

  19. 19
    dalesmith

    Aaaaaaand this would be where I finally (at long last) unsubscribe from TF’s youtube channel, abandoning the pretense that ‘well, ok, but at least his youtube videos on creationism are worthwhile.’ He has completely discredited himself in all of this.

    Moving on.

  20. 20
    qwints

    Yes, the ease of the exploit changes my evaluation of how likely criminal action is. The civil side is a different question and depends on a lot of facts I don’t have access to.

  21. 21
    John Horstman

    @15: Indeed; ability to access a system and permission to do so are two completely different things (one could have either without the other, both, or neither). If I have a “Private Property” sign up, but that’s the only thing stopping someone from entering the property, that person is still trespassing if they enter the property. I really don’t understand some of the weird apologetics that come up around these issues.

  22. 22
    Anthony K

    :sigh: Why are we fighting in this movement?

    Because Rebecca Watson said “Guys, don’t do that.”

    We get enough of that from the religious.

    Do we? Up here in Canada, I get absolutely no guff for being an atheist whatsoever.

    However, racism, sexism, homophobia, and transphobia are all relevant issues.

    When I see the same sorts of things coming from ostensible allies in the movement that I do from the religious, I have to say I don’t feel any particular affinity for those in ‘the movement’.

  23. 23
    Jason Thibeault

    How about wiretapping laws, then? (IANAL.)

  24. 24
    qwints

    Jason, interesting question. That could be a valid route.

  25. 25
    Charly

    As further evidence that this is real I can attest, that Thundef00t was indeed in Czech Republic. I have first hand information from admin of czech atheist organization website, that he and some other czech atheist activists met Thuindef00t in Prague.

  26. 26
    Josh, Official SpokesGay

    From someone with experience, and who cares about FtB:

    Friendly advice to FtB bloggers—Do not discuss or even speculate about legal action you may or may not take. Everything you write would be discoverable and would be used against you by the opposing side. Resist the temptation to engage with commenters who go on about this that or the other applicable/inapplicable law.

    Friendly advice to FtB commenters—Do not badger bloggers about whether they’re going to take legal action or insist that they answer your questions. No party considering legal action will talk about it or lay out their cards in public unless they’re utterly foolish and disregarding legal advice. Please understand this and please don’t do it. Contemplating legal action is stressful enough and the good folks here don’t need more.

  27. 27
    F [i'm not here, i'm gone]

    The law? That is totally illegal unauthorized access. They’ve made cases of UA when it didn’t even really exist, so it is entirely enforceable. The authorities caring and pursuing a case? Completely different ball game. But best wishes for that, if it is the avenue FTB feels it needs to pursue.

  28. 28
    Jason Thibeault

    Charly: thank you for that further information, I’ve added it to the body of the post.

    Josh: fully and wholeheartedly agreed. We’re not lawyers, we have no legal training, and we must not screw ourselves over on this. Moratorium on legal speculation starts now, please and thanks.

  29. 29
    Greg Fish

    Mailman apparently never expires an invitation ticket — once you’re invited to a mailing list, the original email you receive asking for your confirmation allows you to log back in and thus rejoin if you’re ever kicked off.

    Wow, that’s a huge omission in the design. Did the designers never think that someone might be banned for malicious behavior, something that would necessitate this person not being able to come back to the list?

    Also, PZ has been calling this a security exploit but I don’t know if I’d even call it that. There was no security setting to exploit, it wasn’t even built in. So the analogy being thrown around “going into a house because the door is unlocked” should more accurately be “going into a house because the door was built without locks.”

  30. 30
    A. R

    Apologies if this has already been answered, but what kinds of data were lost? Author or commentor meatspace names?

  31. 31
    Jason Thibeault

    But there was an option for a lock — the setting that requires an admin to approve every requested change to the list. That the setting was overlooked is probably partly because it’s poorly worded (because how I worded it is not how it’s worded in the panel!), partly because we’ve never had anyone try such a thing.

    The important thing is the intentionality of the action. Neither Loftus nor Greg Laden tried such a trick, proving their moral compasses significantly better than Thunderfoot, who either knew ahead of time how to do it, or figured out how to do it, in under ten minutes of being booted.

  32. 32
    Jason Thibeault

    A.R.: He would have been sent directly to his email every post on the mailing list between when he was kicked off, and when the breach was discovered. That’s from July 7th to August 2nd. It includes many discussions about people’s workplaces, issues they had with certain things that they couldn’t themselves discuss due to work confidentiality, people’s medical issues, revelations about people’s meatspace lives and names and other information that were told under the expectation that everyone reading the list was a colleague who would respect their privacy. Among other things, it included personal gripes about people, organizations and actions, that never became public fights, that will almost certainly become so without our permission — we now no longer control what fights we’re going to have from now until Thunderf00t exhausts his “wikileaks” database. Every private thought we’ve had that we shared with the list is forfeit.

    Greta’s post does a good job itemizing the concerns regarding what was leaked.

  33. 33
    Jason Thibeault

    I don’t know if any commenters’ personal info was shared during that time, but it’s possible, for spam prevention purposes or cross-referencing trolls. The only one that comes to mind immediately, though, is Dave Mabus. No great loss of privacy there. The main problem comes from the fact that there was an expectation of privacy, and much will be made of all the day-to-day blog sausagemaking that happened on that list. It will be scrutinized and poured over and pullquoted to make us look bad, if any of it is released publicly. It will do damage, for no other reason than because Thunderf00t’s feelings were hurt that we didn’t want him on the network after he proved to be a terrible person to ally with.

  34. 34
    stakkalee

    I’ve been doing some Googling about MailMan and it seems to be notorious for having security issues, although the complaints may all be about older versions of the software. You say you folks have shut down the listserv and are moving to new software – will you be moving to a different server as well? Not just a different OS, but a different box? Has TF shown any real “hacking” ability, or did he just get lucky in finding out the old invitation still worked? If it were me I’d be worried, not just about what TF might try next to get access, but whether or not he’s sending the address around to someone who actually has some ‘skillz’.

  35. 35
    Tom Foss

    Jason @15: It seems more like using a copied key to get back into an apartment after you’ve been evicted.

  36. 36
    John C. Welch

    (Yes, I know I’m on perma-mod, so I assume you’re seeing this first. But nothing I say here isn’t anytihng I haven’t said on T-f00t’s blog already.)

    First: Good job on the analysis. My initial hypothesis was that no one had actually removed him from the mailing list, but rather thought it had been done. I’ve seen that a few times. And yes, mailman’s setup info only vaguely resembles english.

    Second, and i think i need to say it here, given how often I criticise a few folks here: What Thunderf00t did was wrong. Period. My personal opinion of you or the rest of the FTB FC5 as I call them doesn’t justify what he did, nor does his own excuses for it. Regardless of how easy or hard it was, I find it unbelievable that he could have thought he had any reason to be on that mailing list. He’d been kicked off, that’s a pretty clear sign he wasn’t welcome. At the *very* least, he owes FTB a public apology, and not some bullshit nonpology either. His actions were sleazy, and if FTB decides to pursue legal action against him, that’s certainly justified. IANAL, but I do have *some* IT experience, and while getting the authorities to take this incident seriously may be difficult, (you can barely get them to take you seriously when someone’s gone in and wiped servers, but that’s another problem) at the very least, I’d report him to hotmail. That isn’t a legal action at all, that’s just administrative, and I think he’s earned that at least.

    Third, and this is something I’ve been dealing with professionally for two decades: the misconfiguration of mailman no more excuses what thunderf00t did any more than forgetting to lock your door excuses a random hobo from walking into your living room. He was kicked off the list. He didn’t ask to return, he just took advantage of an unlocked door and walked in to a place where he clearly wasn’t wanted. That’s not FTB’s fault, that’s not Ed’s fault, nor is it PZ’s, yours, greta’s, natalie’s, zvan’s or ophelia’s. The victim-blaming that happens because OMG, you didn’t have unassailable security and someone broke in is both stupid and inexcusable. FTB shouldn’t have HAD to lock that door, Thunderf00t knew he wasn’t welcome. Any and all blame for his actions in this case reside solely with him, no one else.

    I still don’t like you or the rest of the FC5, but this shit was wrong, it was thunderf00t’s fault, and given my profession, i’d be wrong not to say so here, (or at least give it an honest attempt.) I’m glad you were able to provide solid proof of what happened so that there’s less chance for “he said, she said”. Not that it’s not going to happen, but you did what you were supposed to here, and good on you for that.

  37. 37
    Jason Thibeault

    Surprising, Welch. Not that you agree it’s wrong — but that you’re saying so HERE. Thank you.

  38. 38
    kagerato

    I knew Thunderfoot wasn’t a good guy, but it’s still kind of surprising he would risk potential legal sanctions just to acquire more “evidence” for furthering an ideological feud.

  39. 39
    David Gerard

    The law does not work like a computer program: something you may think is a slam dunk may end up being nothing of the sort.

    Best to leave this to the actual lawyer. And don’t be surprised if the police or FBI do nothing.

  40. 40
    Jason Thibeault

    I said, legal speculation streng verboten. Please and thank you.

  41. 41
    ThorGoLucky

    Is legal action necessary? It could just feed into his freedom-fighter-against-the-grand-conspiracy claims.

  42. 42
    ThorGoLucky

    …and thanks for the details, canuk?

  43. 43
    ThorGoLucky

    …period, not question mark. {face palm}

  44. 44
    John C. Welch

    You’re welcome, but honestly, it seems to me that if one has the right to criticize, then one has other requirements imposed by the use of that right.

    If you are going to criticize someone when you think they are wrong, then when they are right, you have a responsibility to comment positively on that as well where appropriate. If you were to say, get married, I doubt I’d say anything here, we’re not friends. However, if you did something like, I dunno, rescue someone from a burning building, (a bit over the top, but low-hanging fruit), then yeah, I’d congratulate you on that here. Even for something more minor, (assuming I knew about it of course.) That responsibility, to my eyes at least, exists independently of personal opinion. I don’t have to LIKE you to acknowledge if you’ve done something well or what I would consider good. If someone I liked did that same thing, and I’d compliment them, then I should also compliment you.

    If someone I agree or like with takes an action I think is wrong, even if it’s against someone I disagree with or dislike, then I should not only say “Hey, that thing you did? Dude, that’s fucked up and you shouldn’t have done it.” to THEM, but I think I should tell the people the action was taken against that I think said action was wrong as well. (again, assuming I know.)

    The kind of thing that Thunderf00t did is not a hypothetical problem for me. I’ve had to deal with it myself before, and it sucks to have to lock things down because someone couldn’t remember what they should have learned in kindergarten: if it isn’t yours, keep your mitts off of it. The victim-blaming that surrounds such things further sticks in my craw.

    There are related arguments that can be made about emails or blog wars, but those are related, tangental even, and ones opinion in those cases doesn’t change a very simple fact: What thunderf00t did was wrong. I may never agree with you on anything else, my personal opinion of you and the rest may never change, we ain’t going to be taking long walks in the park anytime soon.

    But, what he did was wrong, and I think it sucks that he did it to anyone, even FTB.

  45. 45
    timdiaz

    kagerato – People will do incredible and ridiculous things when their pride has been hurt. More so, the less rational and secure they are.

    I mean, all I had to do was read TF’s confession and his crazy, self-obsessed freakout over minor things and immediately I thought to myself, “Oh, he’s THAT guy. K, moving on.”

    I have seen too many of THAT guy (or gal) than I care to remember. Hell, I WAS that guy once. It was terrible, I was terrible, and TF is terrible.

  46. 46
    Tom

    TL;DR Booooring. Who cares.

  47. 47
    Jason Thibeault

    You cared enough to post, Tom. How precious of you to let us all know.

  48. 48
    gworroll

    He’s hosted by WordPress.
    http://en.wordpress.com/tos/

    This may apply, given that operational details of FTB are likely involved:

    the downloading, copying and use of the Content will not infringe the proprietary rights, including but not limited to the copyright, patent, trademark or trade secret rights, of any third party;

    I’m pretty sure this does.

    the Content is not pornographic, does not contain threats or incite violence towards individuals or entities, and does not violate the privacy or publicity rights of any third party;

    How long till he’s whining about WordPress attacking his free speech rights?

  49. 49
    Emburii

    John C. Welch; speaking of compliments where they’re due, thank you for being consistent and ethical in this matter. It surprised me, at least, but this time I’m happy to be wrong.

  50. 50
    Anthony K

    John C. Welch; speaking of compliments where they’re due, thank you for being consistent and ethical in this matter. It surprised me, at least, but this time I’m happy to be wrong.

    Indeed.

  51. 51
    PG

    I’m sorry, but has TF actually doc-dropped anyone during this debacle? Saying he doc-dropped “Natalie Reed”‘s real name is actually bullshit, isn’t it? Because I read that post and she explicitly he hasn’t doc-dropped anyone, and no confidential records have been released. That you trump up the controversy between TF and “Natalie Reed” to amount to a “very real personal danger” is pathetic. Just stop it. She said herself he hasn’t dropped any docs yet, what are you on about?

    PZ Myers, Ophelia Benson, et al. and you, Jason, keep saying TF has leaked personal information, but has he? The evidence points to the contrary. Seriously, why make this shit up? Wasn’t he a part of the mailing list legitimately for a while and thus would have gotten the “leaked personal information” without the hacking or putting himself back on the list?

    I’m not even a fan of Thunderf00t, but this is just sad.

  52. 52
    Ace of Sevens

    @57: Can you quote what exactly was said that you think was wrong?

  53. 53
    TerranRich, Yet Another Atheist

    @57: Re-read Natalie Reed’s post again. Really, you’ll be doing yourself a favor. You didn’t seem to get anything from it other than your own preconceptions regarding this whole ordeal.

  54. 54
    Jason Thibeault

    No, I believe it was very explicit what I said — the information was there for his collating, without any participants’ consent, and Natalie has no reason to believe that he’ll honour his rather twisted sense of morality that he’s expressed. Nobody does. We have proof he did some pretty shitty things, and he’s admitted as much, so we have no reason to trust him at his word that he’ll protect people’s identities (via, say, scrubbing out personal information on any of those pieces of private conversation that he’s slowly leaking to relevant and apparently irrelevant parties.

    So putting it out there that someone shared something they feel is personally life-threatening if the wrong person knows something via either intentional or unintentional future leaking is not exactly the same as saying “Thunderf00t dropped docs”, now, is it?

  55. 55
    gworroll

    @57-

    While Thunderf00t has yet to release personal information, he has leaked confidential emails. They are quoted in his own post. This is bad enough on its own.

    And even if you ignore that- why should we take him at his word that he will not release personal information? He’s already violated the trust he was given when invited to the mailing list. Why should his word be considered to be worth anything at all at this point?

    Also, even if he redacts real names and such, you’d be surprised what you can work out from even sanitized information. Seemingly impersonal references can betray someones location, cultural background, sex, interests, etc. And then, if they’ve got any net presence under their real name, you can often find them. If they don’t have a net presence under their real name, get boots on the ground where you think they live, and tracking them down may still be pretty easy. Fully redacting all information that can trace back to someone IRL can be very difficult. Thunderf00t is not, to my knowledge, a private investigator or intelligence analyst, or any of the professions that would tell him what needs to be redacted. I simply doubt he has the skills to do this properly, even if I trusted him to make an honest attempt at doing so.

  56. 56
    PG

    @60- Yet? What if? Are we really condemning someone for a hypothetical situation?

    NEWSFLASH: IT HASN’T HAPPENED YET.

  57. 57
    Jason Thibeault

    NEWSFLASH: That’s not what people are condemning him for! Jesus fuck, it’s like his supporters are all illiterate.

  58. 58
    PG

    @63- I quote:

    “We have proof he did some pretty shitty things, and he’s admitted as much, so we have no reason to trust him at his word that he’ll protect people’s identities (via, say, scrubbing out personal information on any of those pieces of private conversation that he’s slowly leaking to relevant and apparently irrelevant parties.”

    Bolded for emphasis.

    Ashley weighs in on the issue out of pure outrage for the very real personal danger that Natalie Reed is in as a result of an accidental or intentional leak of her personal information, to the point where she’s put off of the atheist movement altogether.

    Bolded for emphasis.

    So Natalie Reed being put off by the atheist movement due to an alleged “accidental or intentional future leak” (being very vague in the process) — putting her in a “very real personal danger”, life-threatening even — is not condemning him for something he has not yet done?

  59. 59
    Jason Thibeault

    We are condemning him for having taken intentional action to obtain that information without any relevant parties’ consent. We do not trust, therefore, that he is a good steward for that information seeing as how he grossly violated our privacy to get it in the first place.

    How is this so difficult for you hair-splitters?

  60. 60
    Jason Thibeault

    Especially considering that he’s already leaking things to people and we don’t know how much extra stuff he’s leaking. Snippets? Posts without expurgated email addys and real names? Full threads? Full threads with headers? Really, how ARE we to know what the hacker who stole our information will do with it, and why should we trust him that he’s going to be scrupulous with it?

  61. 61
    Michael Kingsford Gray

    Good work, Jason.
    I mean it.
    Actual evidence that TF seems to be no stranger to sleazy tactics.
    This is what true skeptics should be doing!

  62. 62
    PG

    @65- Should you really accuse me of splitting hairs, Jason?

    Aren’t you the one who’s saying Thunderf00t should be condemned for maybe accidentally leaking personal information sometime in the future, because he intentionally acquired email correspondence from the listserv – a listserv he was a member of for quite some time (could have gotten the information then?)

    I’m the one splitting hairs for saying you shouldn’t do that?

    Doesn’t seem right, does it?

    So your argument has gone from conjecture to straight-up paranoia? What is he, a fucking terrorist? How about instead of acting like petulant children and doing the exact same thing you accuse him of doing (leaking information from behind the scenes), you actually engage in a conversation? No. Better to be paranoid and pretend as though your personal information is being held hostage by a loose cannon.

  63. 63
    John C. Welch

    You would not believe how utterly bizarre this all is for me, but I’ve had a rather boring week, so why not.

    Jason’s right on this one, or at worst, mostly right.

    The fact that Thunderf00t is releasing private email contents, in and of itself is good or bad depending on your views. Anyone who’s ever done or applauded one of the ever-popular “I get email…” posts that crop up around FTB has little moral high ground to be shocked, shocked I tell you that someone else is doing it. Personally, i’ve little problem with it. I’ve done it myself when someone gets to be particularly annoying, but then, I’ve a bit of history with just how “un” private such things can be. I long ago learned the wisdom in not saying things in private you’d not be willing to stand behind in public. Keeping track of what i’ve said to who about whomever takes a lot more work than I feel like doing, and I am a sysadmin. Being intelligently lazy is a design goal for my ilk.

    It was surreptitiously sneaking back on to the email list that was wrong. Period. I completely walk away from “the ends justify the means”. That’s how you justify crap you know is wrong, be it cheating on a test or waterboarding people. The means count. Usually far more than the ends. It doesn’t matter if FTB was or was not shitty in how they treated Thunderf00t. Barring a full release of emails on the subject, there’s thunderf00t’s version, FTB’s version and the objective truth lies somewhere in between. (Neither side is particularly innocent when it comes to being douchenozzles.)

    But that doesn’t matter. If PZ managed to fucking lemonparty Thunderf00t during a presentation to a class, that still doesn’t justify thunderf00t’s actions. What thunderf00t did was wrong. That’s the long, short and middle of it. I told him over twitter I thought it was wrong, I very actively said so on his blog post on the matter, and I’m saying so here.

    Why? Why is this important to me?

    Because there has to be some fucking rules in this shit. Some bright shiny lines you don’t goddamned cross. I’m not talking about childish idiocy like OH MY GOD, YOU CALLED SOMEONE A CUNNNNNT. Grow up already. I’m talking about shit you don’t do even if you really hate the person.

    What thunderf00t did was wrong. Doesn’t mean everything he’s ever said or did was wrong, but he was wrong to do this, and if he’s going to insist that he did nothing wrong, or it was all justified or what have you, if he’s not going to apologize and stop sending out the info he gained after he was booted, (the shit before he was booted is a different story), then while I can’t speak for anyone else, personally, I’m putting him in the “irredeemable assclown” bin, and forgetting about him. There’s a lot of smart people on the internet, it’s not like I’m going to spend friday nights crying and alone without him.

    holey shamoley, this is just the weirdest day I’ve had in a while. My wife’s not going to believe this, and she’ll probably tease me about it for at least a fortnight.

  64. 64
    Jason Thibeault

    Meanwhile, I’ve had two people who normally call me all manner of names agree with me, publicly, on my blog. My first inclination is to calibrate whether I’m right or not because I am biased against agreeing with people who think I’m slime on their boot. So you’re not the only one having a weird day.

  65. 65
    eNeMeE

    How about instead of acting like petulant children and doing the exact same thing you accuse him of doing (leaking information from behind the scenes), you actually engage in a conversation?

    How do you picture that ‘conversation’ going?

    “Hey, you took stuff that you had no right to access to and apparently passed it on to Michael”
    “Yeah, I did, see the blog post”
    “So you stand by that, and think you were right to do that?”
    “Yep, it’s pretty clear in the post that I expect you guys to do knife jobs on people”
    “And posting private e-mails that weren’t acted on is a-ok with you?”
    “Clearly – I put some up with people’s names attached”

    What the hell happens next? Where does this ‘conversation’ go?

  66. 66
    John C. Welch

    LOL.

    When I was in the air force, one of the folks on my shift, someone I really didn’t like said the following:

    “Welch, I really don’t like you. You’ve got a smart mouth, and you’re an asshole. I don’t think I’ll ever like you. But you do good work, you’re an asset to the team, and so, I’m glad to work with you.”

    That one took me a while to really understand, so I just looked at him in a rather confused state, thanked him, and wandered out into the hangar to think about it. Didn’t take too long to realize the sense of what he’d said. I don’t gotta like people, I just have to work with them. If we happen to get along on a personal basis, well, that’s a bonus. I don’t have to like you, or really, anyone at FTB to agree that what Thunderf00t did sucks. The logic is pretty simple:

    “would [act] be something I’d think wrong if done to a friend or family member? If yes, then it’s still wrong when done to someone I dislike. If no, then fuck it, they’re whining, move on.”

    Sometimes, it can be a bit hard to apply that as ruthlessly as it should, but I have yet to have it lead me wrong.

  67. 67
    r3a50n

    I’m a little late to the game here, I wasn’t around when TF was a FTB blogger. That said, I’ve read a lot about this meta firestorm and irrespective of the legal questions, what TF did was wrong. He cannot justify it, though he certainly is trying to by claiming that what he found in private emails he had no right to access uncovered something sinister.

    That reasoning is also known as “the end justifies the means” and we all know that’s BS.

    Further, the “scandal” he claims to have uncovered is not scandal at all. He seems to think that an email sent from one person to another without any disclaimer that the communication is private and is then forwarded to someone else is equivalent to surreptitiously accessing email on a private system, which he had no right to access, and then forwarding those private emails – complete with a privacy disclaimer – to someone else.

    That is patently ridiculous. I don’t know TF and I haven’t read or seen anything by him before this but I don’t care to, it is clear that he has no credibility so it doesn’t matter what he says. The destruction of his credibility is of his own making. Most atheists I know are atheists because they are reasonable and rational but there isn’t anything reasonable or rational about what TF did.

    His apologists have no more credibility that he does and I am embarrassed for them. They are all acting like children, spewing ad hom insults at FTB and FTB bloggers, which is obviously sour grapes. They are all behaving dishonorably. If they knew what was good for them, they’d STFU. TF’s lack of credibility is now their lack of credibility and they should not be surprised that they now have fleas after laying down with a dog.

    IANAL but to the legal question, I am confident that it is actionable in some way and I hope action is taken.

  68. 68
    r3a50n

    Anyone who’s ever done or applauded one of the ever-popular “I get email…” posts that crop up around FTB has little moral high ground to be shocked, shocked I tell you that someone else is doing it.

    You are perpetuating a false equivalence. If I send an email to another person, I have no reasonable expectation that such an email will remain private and that it won’t be forwarded or otherwise shared by the recipient. The emails that TF fraudulently accessed on a private system were not sent to him, nor were they intended to be seen by him. They were not his emails to share.

    It would be entirely different if someone in the private group broke trust with the group and forwarded the emails to him, but that isn’t what happened. He wasn’t the recipient of those messages. He accessed a private system by exploit when his access had previously been revoked. He secretly acquired messages from it, which he has admitted to doing and which this post proves that he did. He then shared those private messages with others that were not his to share.

    This false equivalence is the same banal and discredited apologia that TF’s “fans” are advancing in his defense.

    The fact that Thunderf00t is releasing private email contents, in and of itself is good or bad depending on your views.

    No, it is unequivocally wrong. Taking something that doesn’t belong to you is commonly known as “stealing,” which is not “good or bad depending on your views.” Stealing is wrong and it is illegal irrespective of whether or not one views it as such.

  69. 69
    cityzenjane

    “NEWSFLASH: That’s not what people are condemning him for! Jesus fuck, it’s like his supporters are all illiterate.”

    BINGO!!!!

    Please give the man a toaster.

    Thing is spend an hour reading the comments of his fanbase on YT and you get what gets them going.

  70. 70
    cityzenjane

    I guess the community is due for a repeat of Ethics 101…or at least Tf00t’s defenders…

  71. 71
    John C. Welch

    (i like to use l33t because it makes me cool) @75

    Stealing is wrong and it is illegal irrespective of whether or not one views it as such.

    since you’re focusing on two rather small things I said, and out of context, I’ll return the favor.

    is stealing illegal? Well yes, in most places it is. Unless you’re vested with proper authority, then it’s called things like “eminent domain” and is okey-dokey. So stealing being illegal is not a legal absolute.

    Is stealing always morally wrong? Well, that depends. are you the baker or the starving man?

    there’s a reason i used the phrase “in and of itself” and i’m sadly unsurprised you glossed over it. so let me attempt to be more clear, since I evidently wasn’t:

    the act of publishing emails is only wrong if you think it is. it’s not “illegal” in and of itself. The *contents* of the email might cause you legal problems, but the morality of the concept of publishing emails? That’s really an individual choice and when people have tried to sue solely over that specific action, they tend to lose.

    In and of itself, when you talk about a group with some members who take a certain delight in publishing emails when they find it convenient or amusing, well, the fact they suddenly find it in poor taste when it happens to them is of little concern to me. (maybe some people should ponder that when they start to post something called “i get email…”. Just saying.)

    However it’s only a false equivalence if I’m actually making a direct comparison of that to thunderf00t breaking onto a list. I’m really not, and if it comes across that way, I apologize for my lack of clarity. I don’t think both actions are the same. But don’t expect me to get weepy about FTB emails getting published OUTSIDE of thunderf00t’s actions that is, outside of a specific case and a specific time period, and only emails he got directly from lurking on the list. Emails he publishes outside of those conditions? chickens coming home to roost. If someone else on the list sent him emails, well, in that case, he’s done nothing wrong, and it’s still chickens coming home to roost.

    Thunderf00t sneaking onto the list? Wrong. Maybe only to me, but wrong.

    Thunderf00t publishing list emails: two answers – were they emails posted BEFORE he was booted? If yes, then well sucks to be you. Were they emails posted AFTER he was booted? If yes, then well, that’s wrong too.

    I think you’re trying very hard to get me to support thunderf00t’s actions in terms of sneaking on to the list or publishing emails he received as a result of that. If so, well, no, i’m not going to do that. But that’s a very specific time period. He still, at VERY least owes people an apology for doing that, and any fallout he gets over it, within reason, is earned.

    If it’s stuff he got while he was an official part of it, and THOSE emails are inconvenient, (assuming of course personal info is redacted. this isn’t a blanket approval) well, don’t talk shit about people in private and you don’t have to worry about it becoming public. Or if you do, own it like a grownup and accept the fallout.

  72. 72
    psanity

    What r3a50n said. There have been several suggestions that it is unethical to share or publish email of which you are the intended recipient. That is not correct.

    If someone sends me an email, on purpose, to me, I own it. If I misrepresent myself, and receive email based on that misrepresentation, that may be fraud. If I gain access to email by theft of services (what TF did), I have stolen that email and do not own it.

    It doesn’t matter if the correspondence is in electrons; what matters is whether it was given to you. I happen to own a card signed by Jacqueline Kennedy. I can publish it or sell it; it is mine to do with as I wish because she freely sent it to me. If Jason sent Stephanie a letter, she could publish it, if she wanted to.

    What TF has done is the moral and ethical equivalent of watching (for example) Stephanie’s mailbox, steaming open her mail, reading it and keeping a copy, and restoring the mail to her mailbox carefully resealed. Of course, that would be a federal crime, even if TF had somehow acquired a key to Stephanie’s mailbox — even if Stephanie had at one time given TF a key to her mailbox. It would be interesting to learn if the federales are willing to protect electronic mail with the same vigor.

    BTW, copyright is also an issue in this case, since TF has published written material that he, well, stole.

  73. 73
    Michael Kingsford Gray

    Meanwhile, I’ve had two people who normally call me all manner of names agree with me, publicly, on my blog. My first inclination is to calibrate whether I’m right or not because I am biased against agreeing with people who think I’m slime on their boot. So you’re not the only one having a weird day.

    I am just as willing to give praise to behaviour when it falls due, as I am to offer criticism to behaviour when it falls due.
    That this is seen as “unusual”, or “jarring” is a sad reflection on humanity.

  74. 74
    pauliexcluded

    Yeahhhhh….that is kinda shady…but I can’t tell you I wouldn’t do the same thing in his place. PZ has been acting like a little girl over this. First he booted someone, so far as I can tell, simply for disagreeing with him regarding the severity of the issue of sexual harassment at conferences of all topics. That is hard core creationist behavior there PZ… pathetic. Still, TF should stop obsessing over FTB’s internal activities…it’s kinda like facebook stalking an old girlfriend…kinda unhealthy. Screw FTB. PZ has shown himself to be a spineless creationist coward. Just walk away TF. Let it go. Find a new girlfriend to obsess over. You are just going to feel worse when you see the picture of PZ’s new boyfriend. So stop with the facebook stalking…let him go feel all proud of himself for booting you…like that somehow makes him a better man. Just let it go man…cause PZ is not worth it.

  75. 75
    Plop

    Accessing to a mailing list with your old login/password because the owner of the mailing list did not bother to configure it correctly is probably really really bad.

    But publishing email and IP address of people fo public shaming like you did few month ago (http://freethoughtblogs.com/lousycanuck/2012/03/11/the-twenty-comments-in-my-moderation-queue/) is much worse.

  76. 76
    Plop

    Hooo, and Myers hacked a phone call few years ago : http://scienceblogs.com/pharyngula/2008/03/28/i-always-aim-to-misbehave/

  77. 77
    Michael Kingsford Gray

    Plop says:

    Accessing to a mailing list with your old login/password because the owner of the mailing list did not bother to configure it correctly is probably really really bad.

    Indeed it is bad.
    To all of those fannying about trying to settle the illegality of this trespass, I say: legality (or otherwise) is of no consequence in this escapade.
    TF appears to have committed a misdemeanor against reasonable adult behaviour.
    And I say this as a minor “fan” of his, or at least his usually logical piercing of illogical deepities.
    TF fucked up.

  78. 78
    qwints

    r3a50n @ 75

    The emails that TF fraudulently accessed on a private system were not sent to him, nor were they intended to be seen by him. They were not his emails to share.

    The e-mails were sent to him because that’s how a list serve works, but the rest of this statement is true.

    r3a50n and psanity, people stop the amateur legal analysis per update 2? And feel free to meet me in thunderdome for a discussion of how what stealing, copyright and fraud actually mean.

  79. 79
    carlie

    Plop, he didn’t hack the phone call. Anyone could call in and listen to what they were saying; that was the point. They just didn’t want anyone to talk back.

  80. 80
    Jason Thibeault

    Oh Plop. Posting the comments that ended up in moderation sent directly to me by people who wanted to be published on my website, is fully in accordance to my policy on the right:

    I reserve the right to publish any contact, especially if it’s hateful or ridiculous.

    It’s kind of sad that Thunderf00t didn’t make his own policy clear when he was invited to the list that he thinks “please keep this stuff confidential” means “please hack back in after you’re disinvited and send this stuff to everyone in the community.” Then you might have a leg to stand on, calling my following my policy identical to Thunderf00t disregarding others’.

  81. 81
    coyotenose

    Pauliexcluded, you might to actually read about what happened with FtB and TF before talking about it. Just a thought.

    That you think you might also steal confidential messages between other people and share them publicly if you feel slighted tells everyone everything they might ever need to know about you.

  82. 82
    Plop

    I’m not talking about the comments but about the emails (hint: Mail (will not be published))and ip address.

  83. 83
    Jason Thibeault

    Hint: I talked about that on the very thread you linked to. When you post a comment, the email doesn’t show up on the comments page. It does show up in my mail inbox and on my moderation panel with both your email address and IP address. That the WordPress default “will not be published” statement is there, expresses the fact that it will not be automatically shown when your post is submitted. This does not override my stated desire to reserve the right to publish any contact, hateful or ridiculous. If my policy is unclear, I can clarify by making it so explicit that even a Thunderf00t-supporter can understand it. My policy overrides any default misleading WordPress text, especially the stuff I can’t change.

    See this post for my thoughts on moderation, and this post for my thoughts on pseudonymity.

    Your rules-lawyering is getting on my nerves, so you’re in moderation til you decide to talk about Thunderf00t.

  84. 84
    r3a50n

    @87:

    The e-mails were sent to him because that’s how a list serve works, but the rest of this statement is true.

    Then let me rephrase, they were not legitimately sent to him. The only reason that they were sent to him is because he exploited a security weakness, i.e., he hacked the system.

    And feel free to meet me in thunderdome for a discussion of how(sic) what stealing, copyright and fraud actually mean.

    Could you be more patronizing? No thanks.

  85. 85
    partypoopaaaah

    What if I worked in an office and I was fired. A week later I walk back, ring the bell of the door and to my amazement get let in. On the floor I find a opened letter containing horrible stuff being said about me. Would that be trespassing and stealing confidential information? I mean I would also try to get in and see what they are saying about me, especially if I found a way to get in without breaking a door or hacking a password.
    Ofcourse, I wouldn’t be that stupid to disclose that to the public and giving out people’s information in public. I would just vaguely hint at knowing what they said about me.

  86. 86
    CompulsoryAccount7746, Sky Captain

    @partypoopaaaah #94:

    I walk back, ring the bell of the door and to my amazement get let in.

    Explain “get let in”.

    get in without breaking a door or hacking a password.

    Why do you think hacking a password would be wrong?
    Or do you think that’s fine but just too much effort?

  87. 87
    Jafafa Hots

    What if I worked in an office and I was fired. A week later I walk back, find to my amazement that I can find a way to re-enable my disabled keycard…

    Fixed your analogy to make it closer to reality and less deliberately dishonest.

  88. 88
    Setár, Elvenkitty

    #94:

    On the floor I find a opened letter containing horrible stuff being said about me. Would that be trespassing and stealing confidential information?

    Since it is not a crime for others to say horrible things about you, this action would not be protected under whistleblowing laws and thus, yes, you could be prosecuted for theft. That being said, it is far more likely that you would simply end up facing a lawsuit.

    Ofcourse, I wouldn’t be that stupid to disclose that to the public and giving out people’s information in public. I would just vaguely hint at knowing what they said about me.

    Scratch that — you would definitely end up facing a lawsuit for slander or libel (whichever applies) for falsely insinuating that you have whistle-blowing information.

    Hope that answers your question.

  89. 89
    Tom

    I’m not sure how the invite email was worded, but isn’t clicking on a link like “click here to subscribe” the electronic version of requesting access? I’m not defending thunderf00t’s actions, because it was bad form on his part. It’s just it seems that may be a technicallity that he could use to justify access to the server. Basically, something along the lines of, “They asked me to leave, but I came back ask asked to be let in and they said yes.”

  90. 90
    Setár, Elvenkitty

    Tom #98:

    I’m not sure how the invite email was worded, but isn’t clicking on a link like “click here to subscribe” the electronic version of requesting access? I’m not defending thunderf00t’s actions, because it was bad form on his part. It’s just it seems that may be a technicallity that he could use to justify access to the server. Basically, something along the lines of, “They asked me to leave, but I came back ask asked to be let in and they said yes.”

    No, Tom. That’s the exact same argument as the people who are overtly saying it’s FTB’s fault for using a system that had such a backdoor in the first place, only dressed up in libertarian-style hyperliteralist terms.

  91. 91
    qwints

    Setar, what whistle blowing statutes have anything to with theft? What possible cause of action could the writer of a letter have against a party who encountered that letter on the floor and used the information contained theirin? And in what juisdiction could an insinuation of a true fact ( that the speaker knew what someone else had said) support a claim of defamation?

  92. 92
    FREE BORF

    “He spins himself as a whistleblower about vast conspiracies within Freethought Blogs, how we’re looking to destroy people’s careers every time we commiserate with one another about someone who’s aggrieved us. How this back channel operates like a “clique” where achievements are lauded, messages amplified, and disagreements mocked mercilessly. In other words, it’s a social club for people who choose to participate, to help spread collegiality amongst our bloggers and support one another when under attack”

    All true. Who gives a shit that you morons are too dumb to have an invitation expire? You deserved to be exposed. You are an embarrassment. Keep rolling around in your blog fanboy pigshit though, cries of privacy violation won’t shield you from the spotlight. Only rats are afraid of the light

  93. 93
    CompulsoryAccount7746, Sky Captain

    @FREE BORF #102:
    ~You deserve whatever happens to you; laws and ethics don’t apply.~
    Does not follow from
    ~I don’t like you.~
     

    Only rats are afraid of the light

    ‘Light’ woul also include misrepresentative quote mining or outing someone who was closeted to avoid being targeted by bigots.
    Anyone who doesn’t want that deserves to be dehumanized, right?

  94. 94
    alecrezz

    Yep. Thunderf00t is a detestable, underhanded cad for “hacking” into an email server he didn’t have permission to access, but PZ is a hero for “hacking” into a phone conference with a code he didn’t have permission to use. Makes perfect sense.

  95. 95
    r3a50n

    @104

    Your talking points have already been dismissed as a logical fallacy.

    Do try to keep up.

  96. 96
    dysomniak "They are unanimous in their hate for me, and I welcome their hatred!"

    @105 I wouldn’t expect much from this one, it’s spammed the same comment at Stephanie’s, Greta’s, and Ed’s.

  97. 97
    bismarket

    I find this whole thing pretty tiresome, & consider it to be something of a cross between a Witchunt & schism within the community. I assumed that because i myself was Atheist & got involved (in whatever small way) in the whole thing because of said Atheism that everyone felt the same. So if people who never really were that interested that much by Atheism want to now leave the movement or have nothing more to do with it, why does anyone even care? The self importance of people is amazing to me. I’m not a fan of TF, i don’t think he can debate, i think he comes across as socially inept & appears to be somewhat of a pseudo intellectual, but he was treated shabbily by FTB. He hasn’t done the right thing re; the private eMails but (again) i can understand why he did it, especially when some people want to throw him off the gravy train that the so-called “Top Atheists” have made for themselves with free travel around the world, where they get to speak at some conference or whatever. Ms Watson & her Ilk have achieved a lot, you should all be so proud at the outcome. I’m only a normal Atheist so what i have to say probably doesn’t count for much, me not being clevver & all, but i’m going to say it anyway. I’m going back to r/atheism, you get a better class of person there & i expect we can all agree on one thing now, “Good riddance”!

  98. 98
    r3a50n

    I find this whole thing pretty tiresome, & consider it to be something of a cross between a Witchunt(sic) & schism within the community.

    Please explain the what you mean; in your analogy, who is the “witch” that’s being “hunted?”

    So if people who never really were that interested that much by Atheism want to now leave the movement or have nothing more to do with it, why does anyone even care?

    You are betraying your ignorance of what has actually happened here. No one is threatening to “leave the movement or have nothing more to do with it” because they “never really were that interested that much by Atheism,” again, who are you talking about here?

    The self importance of people is amazing to me.

    Which people? Be specific. Who are you trying to insult here?

    …but [TF] was treated shabbily by FTB.

    How so? Again, be specific and show your work.

    …i can understand why he did it, especially when some people want to throw him off the gravy train that the so-called “Top Atheists” have made for themselves with free travel around the world, where they get to speak at some conference or whatever.

    Is that the same “some people” whose self-importance is so amazing to you? Further, where are you getting this? Why do you think participation on a blog entitles anyone to “free travel around the world, where they get to speak at some conference or whatever?”

    Was it your intent to come here, lob a few transparently ignorant verbal grenades and then beat a hasty (and cowardly) retreat to r/atheism or do you at least have enough integrity to explain yourself inasmuch as who it is you’re trying to malign here and why?

  99. 99
    James Sweet

    Really, the most disgusting thing is that he’s still using hotmail. Is he living in 1998???

  100. 100
    Zendo

    Thunderf00t is my hero. Very few people in this world are willing to put their asses on the line to stand up for others.

  101. 101
    Illuminata, Genie in the Beer Bottle

    Thunderf00t is my hero. Very few people in this world are willing to put their asses on the line to stand up for others lie, break the law and lie some more all to cover his own ass, because he’s a whiny crybaby that the smart kids don’t want to play with.

    FTFY, diddums!

  102. 102
    r3a50n

    Thunderf00t is my hero. Very few people in this world are willing to put their asses on the line to stand up for others.

    Kinda funny and ironic considering that it was his failure to “stand up for” some of the women that are part of the community to which he tried to ingratiate himself that ultimately led to his ass being on the line…

  103. 103
    Jafafa Hots

    Thunderf00t is my hero. Very few people in this world are willing to put their asses on the line to stand up for others.

    I don’t see the relationship between these two sentences.

  104. 104
    Tony! The Queer Shoop

    Zendo:

    Thunderf00t is my hero. Very few people in this world are willing to put their asses on the line to stand up for others.

    Your hero is a sexist, racist, douchebag. Are you sure want to idolize that?
    Oh, and his release of private information to third parties is incredibly unethical and could potentially hurt various anonymous bloggers. That’s something you’re idolizing?
    If that’s your idea of a hero, I don’t think this is the place for you.

  105. 105
    Tony! The Queer Shoop

    Borf:

    Keep rolling around in your blog fanboy pigshit though, cries of privacy violation won’t shield you from the spotlight. Only rats are afraid of the light

    I guess it would be no big deal if one of the anonymous bloggers used their real name in the back channel, only to have that released to a third party by Thunderf00t, huh? Have you thought through the very real consequences that could follow from Thunderf00t’s unethical actions? Or are you too busy basking in the glow of his magnificence to think rationally?

  106. 106
    Tony! The Queer Shoop

    Setar:

    Since it is not a crime for others to say horrible things about you, this action would not be protected under whistleblowing laws and thus, yes, you could be prosecuted for theft. That being said, it is far more likely that you would simply end up facing a lawsuit.

    I find it sad that TF’s defenders seem to think the only thing discussed in these emails/back channel is Thunderf00t. It’s as if they can’t conceive of the FtB bloggers chatting about something completely unrelated that they wish to remain private.

  107. 107
    Anonymous Atheist

    Wow, I haven’t had time to keep up with FTB for the last couple months, and I’m shocked to discover (thanks to http://www.rhrealitycheck.org/article/2012/08/12/do-atheists-have-to-be-pro-choice-feminists ) what a mess happened in the meantime! :(

  108. 108
    borismeier

    @pilot

    Why did you call her Amy Lee Roth?

  109. 109
    borismeier

    Sorry, this is confusing, my previous comment shoulda gone under a different post and makes no sense here. I am embarassed

  110. 110
    kleykenb

    I don’t think Thunderf00t was actively trying to get back in.
    All those logs seem to show is a mail application that is trying to do what it normally does : check for mail. It will keep doing that until it’s told not to but Thunderf00t isn’t monitoring the software all the time (that would be silly!) so of course there were attempts to connect.

    I’m willing to bet that much of these unsavory escallations were due to misunderstandings upon misunderstandings upon misunderstanding.

    Has there been a drop in ethics and unprofessionalism at some point? I bet there was, and you can’t turn back the clock and undo them but it is still important for people to recognise at some point that it takes more than one party to get into a ‘vicious circle’ like this. I don’t buy it for one second that Thunderf00t is the only meany in this story. Ego’s have clashed and innocent people got hurt. That’s life , kids. Now grow up. The lot of you.

  111. 111
    kleykenb

    ps: trying to ‘reconnect with the list’ would only be a bad thing if ThunderF00t was aware that he was kicked off intentionally.

    If I found that I suddenly could not connect anymore to a Mailing list then I would do the same thing he did (with no harm intended) : look up the original mail and try to reconnect. It’s not persé an attempt to ‘hack’ his way back in. He possibly thought that something accidentally went bad with the IT behind the MailServer and simply did what he had done the first time to connect with it.
    … or not… but I hope you’ve considered that possibility.

  112. 112
    Jason Thibeault

    We have considered it, and considered that possibility very wanting. This is because he was informed that he was being kicked out of the blog, he received an unsubscribe notification from the back channel, and immediately rejoined (within fifteen minutes). He knew. He KNEW he was kicked out. Attempts to suggest otherwise are ridiculous.

  113. 113
    BullSDetector

    Are you guys for real? You invite him on your so-called “FreeThoughtBlog”, then kick him out a week later, supposedly because of his writing skills and argument style, as if you wouldn’t know that already with all the stuff he’s done… And then, when he gets some info on how freaking hypocritical you guys are, how you all pat yourself in the back for being so great and denigrating other people who don’t think like you, you set off to descredit him completely… ya, makes complete sense. If what your talking about in private on that mailing list is so bad as to have repercussion in your everyday life.. i can only imagine what kind of stuff you guys are talking about… we got a glimpse of it anyway, so ya i guess i’d be worried too in your situation.

    All the other stuff you’re throwing out there is just a smoke show to avoid the real issue (he didn’t agree with you and you didn’t like it) guess you’ve learn some good “avoiding the point” tatics from debating all those creationists. Kinda weird seeing you use their methods, but I guess anybody would do the same when lacking an actual good reason for his actions. It shows in the comments also… (ya i know, i’m not welcome here for thinking that yadiyadiyada. so much for free thoughts. Don’t worry, I won’t be back.)

  114. 114
    Jason Thibeault

    Ladies and gentlemen, this is what’s known as the Halo Effect. Shame the guy with the halo in this case is a jackass, and the people who can’t look past the halo are abysmal skeptics.

  115. 115
    ludicfallacy

    Thunderf00t simply clicked a bloody href in an email form.

    He did this 6 times.

    He broke no laws.

    Accusing him as such to the level it’s been taken here is, IMHO, deformation.

  116. 116
    Jason Thibeault

    Proving T Footy’s fans don’t know anything about the law, or about what’s presented here, or about the repercussions thereto. Nice hat trick, ludic!

  117. 117
    ATrueSkeptic

    You people are an insult to the atheist community as a whole. Cry all you want, but we still have the right to free speech and I can offend anyone I like. Poor Babies can’t take fair criticism, you slimy sexist whiners.

    If this comment is removed it only proves me point.

    Cry Babies.

  118. 118
    Jason Thibeault

    Ah, the “if you don’t publish this it proves my point” gambit. Special. Unique. Only used by true vanguards of Free Speech, which apparently means “freedom to say anything to anyone ever without any consequences”. How dare WE criticize YOU for saying douchetastic nonsense? How dare WE criticize YOU for being intentionally offensive and demonstrably antisocial? OUR speech is not free, but YOURS IS.

    I just want to scruff your wee head and tell you to run along and eat your pudding cup.

  1. 119
    Thunderf00t, and Violating Email Privacy | Greta Christina's Blog

    [...] The Freethoughtblogs network was recently informed that former Freethoughtblogs blogger thunderf00t has been forwarding private emails from the private FTB email list. He has not only been forwarding emails sent during the short time he was a blogger on this network — he used a security loophole to re-gain access to the email list shortly after he was fired from the network and blocked from the list, and has been accessing emails he never had any right to see. When this security breach was discovered and he was shut out again, he tried several times to re-access the private list. And he has already made the content of some of those emails public. (UPDATE: If you want to know exactly what thunderf00t did and how, Jason Thibeault has the technical details.) [...]

  2. 120
    Summary of Thunderf00t/Phil Mason’s disgrace | Pharyngula

    [...] Jason Thibeault (includes technical evidence for Mason’s hack) [...]

  3. 121
    In Praise of Whistleblowers | Almost Diamonds

    [...] now you’ve heard that Thunderf00t exploited a security vulnerability [details and logs now available] to continue to receive confidential FreethoughtBlogs business emails after he was removed from the [...]

  4. 122
    Thunderf00t’s unethical breach of our privacy | Blag Hag

    [...] Jason has the technical details, including logs for evidence, in case you want them. Thunderf00t has confessed to breaching our privacy, but of course he’s trying to spin everything to make himself look like some sort of Wikileaks hero against the Big Bag Evil FtB Bullies. He insists that he doesn’t “doc drop,” even though in that very post he releases private statements from the mailing list. And we already have outside confirmation of people receiving mailing list emails through him. Keep diggin’ that hole! [...]

  5. 123
    Thunderf00t admits to sending my private emails to Michael Payton of CFI Canada | Zinnia Jones

    [...] wanted further confirmation of Thunderf00t’s intrusion into the FTB private mailing list (details here), Thunderf00t himself has now helpfully provided that: So a week or so ago a guy called Michael [...]

  6. 124
    Sleaze | Butterflies and Wheels

    [...] Ed explains it all. PZ does. Jason adds technical details. [...]

  7. 125
    What Kind of Person Does This? | Atheism, Music, and More…

    [...] In case you hadn’t heard: The Freethoughtblogs network was recently informed that former Freethoughtblogs blogger thunderf00t has been forwarding private emails from the private FTB email list. He has not only been forwarding emails sent during the short time he was a blogger on this network — he used a security loophole to re-gain access to the email list shortly after he was fired from the network and blocked from the list, and has been accessing emails he never had any right to see. When this security breach was discovered and he was shut out again, he tried several times to re-access the private list. And he has already made the content of some of those emails public. (UPDATE: If you want to know exactly what thunderf00t did and how, Jason Thibeault has the technical details.) [...]

  8. 126
    Thunderf00t’s Illegal, Immoral Crusade | En Tequila Es Verdad

    [...] Jason Thibeault explains how Thunderf00t hacked our system. Combined with the fact he’s now crowing about it (no, I’m not going to link his ass: if you want to see it, either find the link in another post on FtB or Google it), this should satisfy those uber-skeptics who believe nothing without twelve dozen lines of evidence. If not, they’re a lost cause, and I will no more weep for their departure than I did Thunderf00t’s. [...]

  9. 127
    Thunderf00t’s credibility has dried up « Dub i nGal

    [...] Thibeault has the technical details and evidence. Basically, the server program they were using never expires an invitation ticket, and the original [...]

  10. 128
    My Few Comments about Thunderf00t’s Hubris | StealthBadger.net

    [...] Lousy Canuck has general technical [...]

  11. 129
    Atheism+ – What it is, and Why I want to be a Part of It | Atheism, Music, and More…

    [...] off for using his blog to bully Freethought Blogs. After being kicked off their private listserv, he got back in and, for a whole month, shared private information with other people, scaring Natalie Reed, whose anonymity protects her place in the real world. Then, Jason Thibeault [...]

  12. 130
    Anatomy of a Bully | Atheism, Music, and More…

    [...] Here’s another good example of bullying. For the record, this one resulted in one FtB blogger fearing for her own safety (oh, BTW… she is someone who is unsure of A+… and most of us over at A+ respect that, because her criticisms are legitimate and not couched in… well… bullying). I actually wrote my own blog post on this issue, too. [...]

  13. 131
    The ways we lost the battle for the SCA | Lousy Canuck

    [...] here both privately and publicly. Resolving the issue required messiness, and we had no idea the depth of the damage to which Thunderf00t was capable. Now SCA has learned that some people aren’t followed by [...]

  14. 132
  15. 133
    The 2012 Lousy Year In Review » Lousy Canuck

    [...] successfully touched down on Mars, missing its mark by a mere few hundred metres. Thunderf00t was kicked off the FtB mailing list for the second time after he’d gained access without permission the first time he was kicked off. I made an [...]

  16. 134
    Drawing a line under hypocrisy, dishonesty and incredibly poor writing. | The Science of Sarcasm

    […] now is because his behaviour has progressed from being adolescent and arrogant, to being creepy and possibly criminal. I’ve decided to go through one of his latest tantrums piece-by-piece to showcase each and […]

  17. 135
    Why This Matters » Almost Diamonds

    […] while palling around with Thunderf00t without mentioning his two-year temper tantrum that involved thieving emails from other prominent atheists with whom he had political […]

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>