Happy 1 year anniversary, Escher Girls! »« It’s happening everywhere

Trolls are spoofing commentariat and authors (Update: countermeasures!)

Thanks to the spate of trolls (who are, in fact, members of our rationalist community!) spoofing our users, owing mostly to their levels of immaturity and the realization that they can type other people’s identities in the comment fields, a few blogs are turning on comment registration. I strongly advise that, even if your primary hangout is a blog that does not require registration, you should consider registering your username/email address anyway.

If you’ve already registered your account, and you need to edit your profile because the display name or email address are no longer valid, the top bar shows a “Howdy, username” link on the right. Hover over it, then click on Edit My Profile. You should also be able to get to it by clicking here — but that link might change depending on your user access level and future WordPress changes. The top bar should always be right.

I have no intention of turning on comment registration at my blog. I am instead working on making changes on the network (via a plugin or via editing the core of WordPress) to ensure that anonymous users cannot use a username or email address of a registered user. If you want to protect your name here, I strongly advise you register your account.

The registration process can use Facebook, Twitter or WordPress as authentication tokens, so you don’t necessarily have to build an account unique to Freethoughtblogs. Our software will rely on those sites’ auth APIs, and won’t ever see your login information. However, if you use these options, I strongly advise that you also log into your profile per the above instructions before making a comment, and set all the options appropriately. Otherwise your display name will show as “sc_{random characters}”, which is dead ugly.

Update: I’ve installed a plugin network-wide that protects login names and email addresses from being spoofed by anonymous users. It doesn’t protect the display name though — if your display name is something different from your login name, this won’t help you much. On blogs where registration is required, people shouldn’t notice a difference. And I’m sure asshats can still spoof people with a fair degree of fidelity to casual outside observers (I can think of two ways myself — there might be more), but this at least gives us an idea of when it’s happening.

Regardless, register your accounts.

Comments

  1. stakkalee says

    I noticed Greta and Ophelia had turned on registration, and in addition to seeing the PZ spoof on one of your threads, I saw skeptifem spoofed over on (I think) Stephanie Zvan’s blog. I’m sure it’s happening elsewhere as well. And of course, once someone spoofs a comment from one of the FTB principals that fictitious comment will be used as “proof” to damn the actual person. My personal opinion is that spoofing and sockpuppetry is a shitbag move, except in cases of “fake” commenters (I’m thinking of some of the gimmick accounts you sometimes see at the AV Club and so forth.) But of course, every shitbag tactic is permitted when you’re going after the “enemy” (people who value social justice, apparently.)

  2. says

    Thanks to the spate of trolls (who are, in fact, members of our rationalist community!)…

    Are you sure about that? If they’re using other people’s names or handles, how can we be sure of who they really are, let alone what they really represent?

  3. says

    Raging Bee: we can be assured that they don’t represent THIS part of the rationalist community. But I’ve noticed the majority of the shitbags are coming from Thunderf00t’s blog where commenters suddenly realized they can sockpuppet the big names.

    (Suffice it to say, if that’s the sort of behaviour a big-name rationalist like Thunderf00t puts up with, don’t trust any username ever shown at his blog.)

  4. Andrew G. says

    Any chance of OpenID support?

    (Given that I had to log in to post this, simply because I’ve commented in the past on one of the other blogs where registration is on, it’s not clear that you’re gaining much from not simply requiring login for all comments.)

  5. says

    stakkalee: Don’t forget that Jen had the last straw come in the form of having several assholes stage fake conversations pretending to be her and talking about sex-related things in mock-laudatory manners, as though pretending to be a person and talking about threesomes and double blowjobs is damning of the person’s arguments, rather than merely slut-shaming them for things they haven’t done.

    Which led Jen to have to clean up such bullshit defamation and salting-the-earth slut-shaming. A double-edged tactic — it makes it seem like if she leaves it up, she’s a slut, and if she takes it down, she condones slut-shaming because she had to remove that nonsense.

    Either way, it’s fucking ridiculous and I don’t get why these people think they’re on the right side of history.

  6. says

    Andrew G: That’s only an issue because you’ve registered elsewhere, thus your info is protected. There are people that only post places where you don’t have to. I don’t want to push them out unnecessarily.

    But yes, in light of how easy it is to register / sign in, we really aren’t losing much. I just don’t want to lose that little bit.

    I’ll look around for OpenID support — I much prefer it to tying things to Facebook/Twitter.

  7. Nick Gotts (formerly KG) says

    Thanks to the spate of trolls (who are, in fact, members of our rationalist community!)…

    Are you sure about that? If they’re using other people’s names or handles, how can we be sure of who they really are, let alone what they really represent?

    Well, about as sure as – say – that those posting creationist nonsense on FtB are, by and large, religious believers, and not, for example, atheists trying to make religion look bad – I mean, how are you sure they’re not the latter?

    For the past year, prominent feminists within FtB – particularly but not only women – and often FtB as a whole, have been the target of a vitriolic hate campaign from people who identify themselves as rationalists, post extensively on rationalist/atheist/sceptical blogs, attack feminism specifically on the grounds that it is allegedly unsceptical, and include individuals with long records in the community. Now this rash of spoofing has appeared, focused particularly on FtB blogs associated with Atheism+, launched as a pushback against this hate campaign. But yes, maybe the bloggers and commenters are spoofing themselves, maybe it’s a gang of particularly devious creationists or anti-vaxxers, maybe it’s shape-shifting lizard people softening FtB up for the alien takeover – perhaps you should consult David Icke?

  8. says

    Andrew G: I’m dumb. OpenID is already integrated. That’s how WordPress is even on there as an option. I’ve included Google and Yahoo as login options on my blog when I first set up the place originally — if it’s not enabled at someone’s blog as an option, let me know.

  9. stakkalee says

    @9 Indeed, it was a major oversight on my part leaving that out of the list. Also, I was on that TF thread at WordPress when someone made the rape threat against SallyStrange, and then later someone spoofed TF himself (on his own blog!) to “goatse” her (the fictitious TF gave Sally the IP of the rape threat, but the IP actually led to the goatse website, I believe.) I don’t understand what they hope to accomplish with the tactic – it doesn’t convince any fence-sitters, it just reveals what a horrible shitbag you are. If that’s your goal, frankly, no one needs that confirmation. People already know you’re a shitbag. That’s why I think sometimes the FTB folks need to be a bit quicker on the banhammer. You’re going to get that “Don’t censor meeee!” complaint no matter what, and 90% of these assholes have never had an original thought enter their head anyway, so kick ‘em quick – you can usually tell within 2-3 comments who’s genuinely clueless and who’s just being a heel.

  10. Illuminata, Genie in the Beer Bottle says

    But yes, maybe the bloggers and commenters are spoofing themselves, maybe it’s a gang of particularly devious creationists or anti-vaxxers, maybe it’s shape-shifting lizard people softening FtB up for the alien takeover – perhaps you should consult David Icke?

    This made me LOL.

    however, there’s a much simpler explanation, as I’ve said (elsewhere) before.

    Imagine a teenager who suffers from an incredible case of pronoia. He truly believes that everyone likes him, and agrees with him. he firmly believes that everyone finds his screaming insults and threats at others, and refusing to stop despite repeated requests to just leave everyone else the fuck alone, very amusing. Then, suddenly, he finds himself sitting alone in the cafeteria.

    What happened? Boys will be boys! Everyone is supposed to cheer and carry him on their shoulders in celebration of his bigotted genius!

    Then, he discovers that everyone he used to sit with moved to another table. AND DIDN’T INVITE HIM ALONG!

    Well, they must pay!

    but this teenager has (in addition to a tremendous entitlement complex and bigotry issues) absolutely no creativity, or ingenuity.

    Whatever will he do to get revenge?

    Imitate and copy what everyone else is doing to ‘show them’ how much he doesn’t WANT to be part of the ‘club’ . . . that he clearly so desperately does want to be part of.

    That kid grew up to be the Anti-A+ Whiny Ass Bigot Troll. And of course I use the phrase “grew up” in purely the chronological sense.

  11. Kimbeaux says

    I’ve tried several times over the past month to register this name/email in order to comment on blogs that require log-in with the same user id I’m using here. (Mostly this was because I want to maintain a consistent user ID presence across the site, but also to avoid any appearance of sock-puppetry.) Each time, I’ve made it past the first screen and gotten the message to click the link in my email, but the email never arrived although I’ve gotten email on that account within an hour before and after this post.

    I did send an email to PZ Myers documenting the problem and asking him to bounce it to your web master.

    Is anyone else having problems registering here?

  12. says

    … I don’t get why these people think they’re on the right side of history.

    My current guess, considering especially this latest silliness, is: at least some of ‘em figure it’s online, it’s the net, so they’re really not even worried about that. They probably figure at worst, they can just walk away whistling, with their hands in their pockets, trying to look casual. It’ll be all: ‘What, me, a hoggler? What’s that? Some kinda muppet?’

    And I’d guess some of those who do actually have public personae attached to this thing can always say: ‘Well, I don’t do that stupid shit… That’s just those anonymous hackers; I didn’t ask them to…’

    Still, yeah, it’s not real likely to win friends and influence people over the long haul. I could almost be grateful, but for the people it’s actually hurt. Voltaire’s bit on his enemies being made ridiculous comes inevitably to mind. Tho’ in this case, it’s more being made thoroughly disreputable.

  13. says

    Andrew G: Are you not seeing options to sign in using Yahoo or Google when you’re not logged in? Those are the only three OpenID conduits this plugin provides…

    Kimbeaux: I don’t see the email address you’ve used here on the list of registered users, so I can tell you it’s not built you an account yet. I’d have to look at the mail server logs to prove it’s sending you mail, but it’s possible either your mail provider (who I see is not Gmail) is denying mail from our domain, or it’s simply going to spam. Have you ever tried registering for email updates using that address, either for comment threads or for a specific blog or the whole network? That would be the quickest way to prove our domain can send yours email.

    If you CAN get email, then either something’s failing in the registration process (which would be surprising, but possible) or it’s going to your spam folder (which is much more likely).

  14. F says

    Kimbeaux

    Don’t forget to check the junk/spam folder of your email client and webmail interface.

    Also, what happens occasionally (and with great frequency to some people), is that some ESPs drop mail from “bulk senders”. I have no idea how much mail is sent from FTB, or if it would qualify as a “bulk sender” with any ESP. But some, like Yahoo, blackhole mail a lot. I’ve not seen it from teh Google ever, but others do it. And some have really particular and weird filters in place (ISP’s using badly configured Postini for their customers, etc.)

  15. karmakin says

    I am Jack’s complete total lack of surprise.

    One of the original forms of trolling, and I’d argue trolling in its purest form, is the whole “let’s watch you and him fight” type thing. (There are entire forums dedicated to this..do a search for Game of Trolls) Indeed, I’m seeing a lot of what looks to me to be this sort of false flag operation.

    The two examples that come to mind, at least recently:

    http://freethoughtblogs.com/cristinarad/2012/09/07/a-response-to-girlwriteswhat-on-the-dmca-drama-more/

    In short, a YouTube vlogger is hit with DMCA notifications (where they entirely don’t belong), blames it on FTB people, fight ensues.

    and.

    http://skepchick.org/2012/09/misandry-a-how-to/

    The rape threat in here. Note that I’m not saying that it’s fake. It’s INTENDED to be received as real, and I’d be concerned about something like that as well. But at the same time it really does set off my Poe detectors. (In short the use of Third-Wave Feminism AND using it ass-backwards. It’s actually written like it would be from a non-third wave but still feminist PoV…which I highly doubt.)

    Truth? I think people are being riled up ever since ElevatorGate. I think there are people, certainly on the anti-feminism side, but possibly on the pro-feminism side as well who are basically..well..trolling. Who knows who. But..it’s pretty clear that it’s happening, at least to some degree.

  16. sc_5c0608346ae1445092633ddc9cb5a892 says

    I realise my contribution generally are not that welcome around here anyway but my attempts at registration left me with the somewhat underwhelming username sc_5c0608346ae1445092633ddc9cb5a892
    Not quite sure how that happened but it seems that it is the one thing on my profile that cannot be changed, which effectively means that any blogs with registration turned on I can’t post on

  17. says

    I haven’t the first clue who you are so I don’t know how valued or disliked your contributions are. Regardless, you should be able to change the Display Name field. Because you’re logged in with a SocialConnect link from another auth service, your username is automatically generated. The Display Name gives you the option to use the name you signed up with as an alternative. This of course doesn’t have to be your “real name” even if that’s what the field says it is.

  18. says

    Jason @26
    thanks for the reply.
    It only seems to give me permutations of my real name, which it presumably garnered from my gmail account.
    I suppose i could create an email account purely to register but it seems a bit of a pain, especially as then a defunct email account would be linked to FtB with regards to any threads i am subscribed to.
    jim (noelplum99)

  19. says

    Hmm. Does it not give you the option to change your “first” and “last name” fields? Because it looks like I can, anyway. If you can, go ahead and change them to whatever you’d like, then set your display name after you’ve changed your “real name” settings.

  20. says

    Ah yes, I see now. I was having trouble seeing those first and last name fields on account of them being slap bang in the middle of the screen, totally unhidden and almost impossible to miss!!!

    Thanks for the help :)
    Jim (noelplum99)

  21. John Horstman says

    So… logging in breaks my Gravatar. I’m not sure if my registered ID is set to a different e-mail address or something, though the system is telling me my e-mail is already registered, and the password re-set for my e-mail address has not sent me an e-mail (at least not at the e-mail address I’m trying to log in with). Thoughts?

  22. John Horstman says

    By the way, I’m logged in through my Google ID right now, which is what I figured might break the Gravatar (I’m not sure I’ve ever been able to log directly into the site with the e-mail I used for registration).

  23. John Horstman says

    My problem not getting the reset mail might be the same issue Kimbeaux is having with the initial registration mail, as I’d assume they use the same mailer daemon.

    Also, my first message was confused – I’m logged in through Gmail, which is a different e-mail than the one I (usually) use to post and subscribe, but my usual (apparently registered) e-mail is not allowing me to log in (I’m also pretty sure I have the username correct) with any of the passwords I’ve used in the past 10 years, nor is it sending me the password re-set mail.

  24. Andrew G. says

    Jason @18: I think you’re missing the point of what OpenID is – I should be able to provide the URL of an arbitrary OpenID-serving website and use that.

    Providing a specific shortlist of sites is not how OpenID is supposed to work.

  25. maddog1129 says

    In discussing Atheism+ and elevatorgate on another board, I ran into the same question about “how do you know?” in response to RW’s lament, after months of harassment that she’d been subjected to groping, unwanted touching, name-calling, rape threats, death threats, etc., “all by skeptics, all by atheists, all skeptic, atheist men” or something to that effect. Someone latched onto that and pointed out that at least a couple of the people piling on were women, so it just wasn’t true that 100% of the attackers were skeptic, atheist men. And until they were shown “proof” (which, of course, I don’t have) that it wasn’t some outsiders trying to divide the community and just a bunch of non-community trolls, then RW was a liar to say that this campaign had been conducted by atheist, skeptic men. I’m not in a position to say anything, except that I know for sure that at least one very prominent atheist, skeptic man participated in the abuse. But beyond that, it doesn’t seem that anything I can say will dissuade them from thinking that RW is a liar, a self-aggrandizer, trying to promote a “divisive” brand of feminism to gain power for herself, and to destroy the atheist/skeptic community. How do people in my position (no real knowledge) counter that? Has anybody traced a significant portion of the harassers? Mind you, they would probably discount the source if the information comes from anyone at FtB.

  26. Rob says

    Jason, How quickly should the confirmation email be generated? I’ve checked the spam folder – nothing there. That email address is seldom used now so it redirects and I’ve checked the junk folder at the redirect address as well.

    Sorry looks like this post is going to generate lots of helpdesk work for you.

    It’s a bugger that we are having to do this. I’d been avoiding signing up, but with so many blogs shutting down comments unless we are registered it seems like letting the trolls win to be silenced.

  27. Pteryxx says

    maddog: well, unless some mythical false-flag attackers actually registered at conferences just to grope Rebecca, then she knows darn well the people harassing her *in person* have been atheist/skeptic men. It’s also plain to see on blogs, twitter, and facebook that a significant portion of the slurs and misogyny (and all the variants of ‘bitchez be lying’ are misogyny) have come from self-identified atheists and skeptics under their own names.

    If you think it’s worth your time trying to argue reasonably, good luck; but based on the last year your instincts are probably right and nothing will ever convince these people who have made up their minds to hate.

  28. says

    maddog: if you repost this question on the previous post, where it’s on topic, perhaps someone might be willing to answer with something more than “because it involves assuming more things than are in evidence to suggest it’s a false flag op and we’re supposed to be skeptics here so either they should show their evidence or cut it with the hyperskepticism”. Please, nobody follow up here. Thanks.

    Rob: it should be absolutely instant (to load-related degrees of “instant”). If it isn’t sending immediately, definitely look through the spam stuff. And check to see if subscribing to a post and/or blog successfully sends you email — that’s the best test to see if stuff from FtB is going to spam or being blackholed by your email provider.

  29. hjhornbeck says

    Sheez, this fight over feminism has made an ugly mess in the atheist/skeptic community. Oh well, time to roll up our sleeves and get out the mops!

  30. jewnigger says

    Jason, you jewnigger, how do you know about the “double blowjobs” comment? Jen never said anything about that publicly…and if you’re not a coward, leave this comment up. Or is there something that you’re trying to hide about your knowledge of the “double blowjobs” comment? :p

  31. jewniggerjew says

    Jason, you jewnigger, how do you know about the “double blowjobs comment”? Jen never said anything about that publicly…and if you’re not a coward, leave this comment up. Or is there something that you’re trying to hide about your knowledge of the “double blowjobs comment”? :p

  32. says

    People might consider changing their passwords, too. If you’ve been using some low security who-cares password for posting on blogs, it’s time to reconsider. If your password is really common, the trolls might break it with a few guesses and that would be bad, mmkay? Some regular posters have been targetted, not just bloggers.

    Examples of bad ones: your user name, password, letmein, 123456, pirate, ninja, monkey, qwerty, qazwsx

    Try this for more thoughts:
    http://www.google.com/search?q=most+common+passwords

  33. regginwej says

    Then how do you know about the “double blowjobs” comment? And at least you’re not like those other cowards who censor comments (you should be proud, you beta white knight mangina fag)! BTW, I wasn’t the one who was impersonating Jen…but I was in that thread and I was the person who made the thread on /b/. And there seems to be a lot misconception about us on FtB… You haven’t checked out /b/ lately, have you?

    Yeah, we’re on the same side as Thunderf00t but we don’t support that fag (him and his fans have made it clear that they’re against trolling). Anyways, I don’t know how unaware you are but it’s not FtB/Skepchick vs Thunderf00t’s fans anymore – it’s FtB/Skepchick vs 4chan. And wait…you probably don’t know about the thread on /b/, do you? You’re not in it but Jen and Greta and Ophelia are… And Rebecca’s next. :p

  34. Francisco Bacopa says

    I hardly ever post here at Lousy Canuck, but I do post at a couple of the other FtB sites.

    This is mostly just a test post.

    I can’t believe all this bullshit. I was on Youtube last night and saw that one of the people I subscribed to favorited a weird anti Jen video that addressed absolutely nothing she ever said. There were tons more in the “related videos” section. What is up with these people? Makes me sick.

    BTW, I went to edit my WordPress profile and everything seemed to be as it was before. I made no changes. Just posting this to see if it works.

  35. says

    Ooh, /b/ is going to say mean things and make stupid, nasty pictures about us? How…original.

    You know what would be original? Managing to say something completely true, relevant, and nasty, all at the same time. Nobody’s done that yet that I’ve seen.

    I doubt they can manage it either, though.

  36. says

    Heh. The utter lack of originality is how anyone knows about “double blowjobs”. Same dull idiot or another idiot just as dull left one of those fake comments on my blog today…on a comment thread Jason was subscribed to. Guess what it referred to.

    Damn. As someone else said to me today, “Like a conspiracy theory, but not as well thought out.” Has /b/ always been this laughable, or is this guy letting down the side?

  37. says

    Welp. This is what an extinction burst looks like. They’ll troll us for a while then get bored and Battletoads some Gamestop instead. Or call up and slut-shame one of their members’ girlfriends since they’re evidently reduced to the level of “personal army” for every individual with a grudge.

  38. Anonymous Atheist says

    Jason, in regards to the requests for OpenID, here’s an example of what they’re asking for, implemented on another blog site I happened to see just now: http://bannedatheists.us/
    Upon clicking the grey-O-around-an-orange-I button, a prompt is offered to “Enter the [any] OpenID Url to login with”.
    This happens to be ‘Powered by OneAll Social Login’, but I’ve seen that OI button on plenty of other sites before, probably using a variety of plugins.

  39. says

    Also, what gets me the most about this is, they had to post instructions on how to spoof people.

    STEP ONE. PUT SOMEONE ELSE’S NAME IN THE NAME BOX.

    Jesus fuck. These are our enemies.

  40. says

    Anonymous Atheist / Andrew G: yes, I realize that OpenID is more than the three provided by this plugin. I didn’t realize there were plugins that allow arbitrary URLs though. I will take it to the powers that be — but bear in mind it took a shitload of trolling before I got this plugin installed. There’s a lot of considerations that have to be made with regard to database usage. Adding another SQL query to each comment, for instance, might increase server load by half again. Which would be bad.

  41. Anonymous Atheist says

    Fine with me either way, I just remembered this thread when I saw an opportunity to easily demonstrate the possibility. :)

  42. Kaguya says

    They may be atheists and even skeptical of several things mainstream skeptics are rightly skeptical of, but I don’t really consider the troll hordes to be rationalists, at least in the strict sense in which I use the word.

    They keep failing the tests.

  43. Kimbeaux says

    Jason (18): Thanks, I have subscribed to comments on this thread and will check to see if I can get mail at all.

    F (19): I did check my spam folder, but thanks for the reminder.

  44. davidsimon says

    @Jason, seconding the request to allow use of arbitrary OpenID urls. I’m not sure if there’s some WordPress-specific issue that you’re wary of, but in general it should not increase database load to allow arbitrary URLs; you only need to look up email addresses in your own tables after getting a security confirmation from the identity provider, whether the user at your site typed in a URL themselves or some string that got transformed into a URL (the latter being the case for stuff like Google and Yahoo OpenID email logins).

  45. Rodney Nelson says

    Kaguya #63

    They may be atheists and even skeptical of several things mainstream skeptics are rightly skeptical of, but I don’t really consider the troll hordes to be rationalists, at least in the strict sense in which I use the word.

    They also claim that we’re the bullies.

  46. dir igible says

    Unless I messed up registration and forgot about it, someone who isn’t me seems to have registered my username (this one, without the space).

    Please can I have it back. I can collect a reset through the email address used on this comment (and every B&W one…).

    Thanks.

  47. says

    Sorry dir igible, no can do. That appears to be a user with comments on the site.

    However, here’s what you can do. Register a different username (modify your usual slightly). Then log in, go to the dashboard per the instructions above, change your name to first name “dir”, last name “igible”, and choose the Display Name that shows the name how you usually display it.

  48. JohnnieCanuck says

    Jason, unless one has checked the ‘enable toolbar’ field on the profile page, that Howdy, DisplayName won’t show up.

    I looked all over the page to confirm that I was registered, to no avail. I got to the profile by clicking on my display name in the Leave a Reply section.

    This brings back memories. I ran one of the first BBSs in Vancouver in the ’80s (300 bps). At first the software was totally open and trusting and anyone could use any signature and delete any message. That lasted a year. One vandal was all it took. After a steady escalation of passwords and security measures in the following years, we chucked in the towel.

    Some things don’t change.

Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>