Thunderf00t’s unauthorized access and leaking of the private FTB mailing list


Recently, the Freethought Blogs staff received evidence indicating that some conversations from the private mailing list for FTB bloggers had apparently been leaked to outside parties by Thunderf00t. These conversations had taken place on the list over a month after Thunderf00t had been removed from Freethought Blogs and the private mailing list. Upon examination of the mailing list logs, it was found that Thunderf00t had seemingly been able to regain access to the list immediately after he was removed. Once this was known, he was removed again and prevented from joining. After this, he allegedly repeatedly attempted to re-join the list without success.

By the time we became aware of the breach, Thunderf00t had apparently been able to access all of the dozens of conversations that had taken place on the private list over the past month, during which time his access was believed to be revoked. This material contained the private real-life identities and personal information of a number of FTB contributors, as well as various behind-the-scenes matters that could have serious adverse effects if they became public knowledge.

The mailing list has always been intended to be private. Every message posted to the list contain this notification: “All emails sent to this list are confidential and private. Revealing information contained in any email sent to the list to anyone not on the list without permission of the author is strictly prohibited.” FTB’s bloggers use the list under the assumption that its contents will not be made public or read by unwelcome parties. If you’ve ever had a conversation in the privacy of your own home which you did not want to become public knowledge, Thunderf00t’s actions are the equivalent of eavesdropping and telling others what you’ve said. And if you can understand the risks inherent to such snooping, you can understand the risks to us – as well as the sense of violation. We’ve now been deprived of control over discussions that were not meant to go beyond a limited group of chosen, trusted individuals.

People have the right to maintain their own private discussion areas, and control who is allowed access to them. This holds true regardless of our personal stance on any other subjects, such as sexual harassment, women in the skeptical movement, the handling of Thunderf00t’s brief stay at FTB, or FTB’s various contributors. The need to hold private conversations is entirely legitimate, and respecting that privacy is a ground rule. Thunderf00t appears to have violated this egregiously, and his actions simply aren’t justifiable. If disagreement on certain topics warrants breaching the privacy of those you disagree with and publicizing their confidential information, the possibility of any kind of good-faith discussion simply vanishes.

Thunderf00t’s alleged actions in this situation are inexcusable under any reasonable standard of ethical behavior, no matter what his motivations are. The limits to the damage he’s now possibly able to do to members of this community, should he attempt to do so, are unknown. Rarely have I seen such outrageous conduct by anyone on YouTube or in the atheist and skeptic community, and he was one of the last people I would have expected to do this. To say I’m disappointed would be an understatement. It’s infuriating that anyone would dare to be so disrespectful and reckless.

Comments

    • Steinmaster says

      It hilarious to see a bunch of Moral Relatvists cryint “This is wrong!”

      Maybe TF has no Free Will. LOL!

      And its hilarious that Zinnia admits that some of the info could look bad to the public.

      Hmmmmm….sounds like something that is being hidden isn’t going to be for long!!!

      I love the smell of atheists bashing each other in the morning.

      • Emburii says

        Yes, some of it could be bad in the sense it threatens people’s LIVES. There could be excellent reasons why, say, Natalie Reed doesn’t want her real name used.

        Or you could be a petty, mean-spirited, horrible excuse for an empathetic being.

        Or both. I think I’m going to go with both.

      • badweasel says

        Its about the release of personal details of bloggers that speak about contentious subjects (and get creepers like Mabus) and some who also favour anonimity for various reasons as well as private correspondance. Not about any dark plotting that might be revealed.

        Do please go away.

      • says

        Seriously, what do you think it’s hidden there?

        Atheist agenda? Nope. It’s quite public. To end what’s bullshit and promote what isn’t.

        Feminist agenda? Nope. FtB is feminist and not ashamed to say it. Which is good.

        Why Thunderf00t was shanked from the FtB? Also nope. He was kicked out because they can’t trust him and because he’s a jerk.

        Would that be personal data from people who can’t be themselves on the Internet without being threatened in real life? Like a transsexual person’s real name? Hmm? Or real addresses of bloggers from the Bible Belt? What do you think it is?

        I want to know who you are. I’ll ask FtB to disclose your e-mail and IP addresses. It’s not like you have anything to hide, right?

        • Tanya2 says

          Q.E.D.

          And a good reason why I for one would never use my own computer on to post on an atheist blog.

          I don’t trust them and you let the cat out of the bag.

          Sap.

      • bendogvallejo says

        As for moral relativism. Yes agreed. In fact PZ Myers had no problem with his daughters claim that having sex with animals was not immoral/wrong, but when someone disagrees with his sensibilities, its a different story. Furthermore, as for what started this whole thing off with the Rebecca Watson fiasco, I was always under the impression that evolutionary theory supported the proposition that natural selection & survival of the fittest meant that it was only natural for males to desire females, (or if that is too politically incorrect) let me rephrase that, that it was only natural for males to want to propagate there genes. Is PZ Myers now blaming men for their biochemical make up? Is hitting on a girl now considered immoral, & especially in light of a persons genes? PS. Be prepared to be banned from this blog. Free thought actually means anyone who agrees with PZ and his minions.

  1. mandrellian says

    Oh. What a colossal bastard.

    Cue defence of “free speech” from the Thunderdouche brethren in 3, 2 …

  2. says

    Disgusting and reprehensible. Any shred of credibility the man once had in my eyes is now irrevocably lost as the result of his actions.

  3. says

    And now you understand my reluctance to join the “Free Bradley Manning” campaign.

    Everyone who is a supporter of wikileaks seems to assume that Manning knew the contents of all the cables, particularly the damning evidence of soldiers killing reporters. I’m not so convinced of that fact. Furthermore, it was Manning’s sworn duty NOT to do what he did. Therefore, at a time when John McCain was trying his damnedest to prevent the repeal of DADT, Bradley Manning was just about the worst exploding birthday cake we could have conjured up for ourselves.

    I don’t know anything about this Thunderf00t person or the situation that you’re not telling us now but data thieves should be very cautious as to their true motives… hurt feelings or mere differences of opinion are hardly ever a good reason to go around prying in other people’s business.

    • strange gods before me ॐ says

      And now you understand my reluctance to join the “Free Bradley Manning” campaign.

      No, I don’t think anyone understands why you’ve confused Freethought Blogs for the United States Army.

      Everyone who is a supporter of wikileaks seems to assume that Manning knew the contents of all the cables, particularly the damning evidence of soldiers killing reporters.

      What a weird claim. I didn’t assume he knew any particular details, though everybody knows that the US military routinely commits war crimes, so a large enough leak is very likely to reveal many evil acts.

      In retrospect we learned that he apparently was aware of the Collateral Murder video in particular.

      Furthermore, it was Manning’s sworn duty NOT to do what he did.

      So what? “Just following orders” is not a valid excuse for covering up war crimes or other atrocities.

      Therefore, at a time when John McCain was trying his damnedest to prevent the repeal of DADT, Bradley Manning was just about the worst exploding birthday cake we could have conjured up for ourselves.

      Turns out Manning had no impact whatsoever on DADT — which is exactly as expected outside of fever dreams.

      Nevertheless, you hold Manning to a higher standard than non-queer soldiers. That’s a misdirection of blame. Bigots were responsible for the existence of DADT; it wasn’t the fault of one queer soldier.

        • strange gods before me ॐ says

          I do. It was just so very very wrong on the internet.

          +++++
          I notice Walton’s comment below. It’s been a long time since I thought about Manning and it didn’t occur to me tonight that I might be misgendering her. Mea culpa.

          • says

            Well, I didn’t know she was trans until very recently – I learned about it from a post at Feministing. (It’s not been widely publicized. Even most of her supporters in the media still seem to be ignorant of this fact: Glenn Greenwald and the Guardian are still calling her “Bradley”, for instance.)

            Other than that aspect, I agree with your post @#2 completely.

    • says

      You’re an idiot. Breanna Manning (please stop misgendering her; she identifies as a woman) has revealed a huge number of appalling human rights abuses being committed, and covered up, by the US military. We need to know about that. We have a right to know about that. If you trust the military-industrial complex to decide what we do and don’t need to know, then you’re an idiot.

      Breanna Manning is an incredibly brave person, someone who is currently suffering torment that no human being should ever undergo. The knowledge that she could be killed by the government for her actions didn’t stop her doing what was right. I’m sick of pusillanimous keyboard warriors criticizing her.

      • Arancaytar says

        Thanks for clueing me in about her first name. So far I’ve needed to refer to her as Manning or PFC Manning; appropriate gendering gets a lot easier this way.

    • Arancaytar says

      If members of the FTB list had committed murder and other crimes, and discussions on the list were evidence of this, then Thunderfoot would have had the obligation to leak this information, regardless of how he got it.

      But if, as I think we can safely assume, they haven’t? Then the Manning analogy doesn’t work.

  4. Emily says

    I hear a lot of allegations without evidence, and given the animosity and history between FTB & Thunderf00t – I’m going to remain skeptical about these claims.

    • says

      Ah – applied skepticism. Somehow it always comes out in these situations.

      The actions described seems entirely in character for thunderf00t, so I think any skepticism is unwarrented. Also, making these claims, as several people have done, open them up for a libel suit – why would they risk that?

    • scrutationaryarchivist says

      Emily,

      In a blog entry today, Thunderf00t wrote about how he “passed on” to a third (fourth?) party “some of the chatter” from the listserv.

      Starstuff has the link, just above my comment. Look for “August 10, 2012 at 10:53 AM”.

    • One Thousand Needles says

      Fuck it, people like you are exactly why others want to distance themselves from the Skeptic™ movement.

      You’ve learned just enough about the concept of ‘evidence’ to over-demand it in situations where it is not warranted.

      Skepticism is NOT:
      • preferring ignorant ambivalence over educating yourself enough to draw a conclusion.
      • expecting others to do your Googling for you.
      • expecting others to consolidate, summarize, and itemize information that you could easily find on your own.

      What you are practicing is lazy, cynical indifference. Please don’t call it ‘skepticism’ or ‘critical thinking’.

  5. says

    I’m curious. How was he able to “regain access”? Does this involve hacking or any potentially criminal activity? Or did someone just forget to reset the password after he was kicked out?

  6. says

    This guy is seriously obsessive about FtB. It’s kind of creepy at this point. Who does this? Who sits around after they’ve been let go from a job and schemes about “how to get them back”? Who spends there time and energy twitting and blogging about their old boss and colleagues and how awful they are over a month later? What is wrong with this guy?

    • says

      Who posts thousands of words a day in comments about “FTB”? Who sets up a whole parody site of “FTB”? Who tweets endlessly about “FTB”? Who apparently thinks about almost nothing but “FTB”?

      Weirdly, quite a few people.

      • Nothingifnotcritical says

        And who spends well over half their blogging activity scouring the internet in search of any sign of –gasp– anti-FTB sentiment to flip out over?

  7. Wowbagger, Titillated Victorian Gentleman says

    Even as little as a few months ago I’d have expected such a blatantly scumbag move as this one would be shouted down by all but the tiniest minority of the atheist/skeptic community.

    Now, sadly, I’m sure that there’ll be almost as many voices praising him for his actions as there are condemning them.

  8. says

    Now, sadly, I’m sure that there’ll be almost as many voices praising him for his actions as there are condemning them.

    Interesting, don’t you think? I wonder what reason people have for support him and not supporting him. It seems one can not take a majority vote and declare a winner here, but one would have to critically examine both sides. Do we do that type of thing?

    • Emburii says

      We do, and at least some of us conclude that we he’s doing is unFUCKing acceptable because it’s not just revenge (even that’d be childish and hardly a good reflection on his character), it could endanger people’s entire lives (or did you think Zinnia Jones linked to Natalie Reeds just for traffic?)

  9. dogeared, spotted and foxed says

    So the guy who was arguing that harassment isn’t a big deal has no respect for boundaries. Figures. His fan club is happy, so what? They were vicious and petty before. I’m a more worried about who else will be applauding this disgusting breech of trust.

    Zinnia, this is terrible. Even from the outside, it’s just sickening. I don’t know what I can do to help but if you think of something, please ask.

  10. says

    Ugh. And yet, this happens so much, that I came up with what amounts to a stock response on my blog:

    Regressives don’t merely think they’re correct. They think they’re right — period. Anything and everything they do is right. Anything done to forward their conclusions is right. Evidence and logic are just tools to be manipulated to the cause of that which is right.

    This is war. There is no long and short about it, no “both sides”, no golden mean, no balance, no complexity. This is a war between those who would treat others as equals and rhetoric as a tool, and those who would treat others as subordinates and rhetoric as a weapon.

    Every instance of these basic violations of decency committed against those who support decency is just more proof of this. And every instance of these violations going apologized-for or purely unheard is proof that the assholes are winning.

    • says

      Every instance of these basic violations of decency

      Rather looks like a violation of the law to me, breaking into a server to steal information. But we need to know more about how this was done exactly.

  11. Wowbagger, Titillated Victorian Gentleman says

    Balstrome wrote:

    Interesting, don’t you think?

    Not even vaguely. ‘Sickening’ is the word I’d use.

    It seems one can not take a majority vote and declare a winner here, but one would have to critically examine both sides.

    It shouldn’t take too much ‘critical examination’ to conclude that it’s wrong to reveal information about a person that puts their life in danger. Though I guess that depends on what sort of person you are.

    Do we do that type of thing?

    Define ‘we’.

    • jim says

      “It shouldn’t take too much ‘critical examination’ to conclude that it’s wrong to reveal information about a person that puts their life in danger.”

      Is that the claim being made here?

  12. Patrik Roslund says

    Dear god the man is insane. Lets hope he’s employers gets wind of this, that he can be charged whit a crime, and that he just goes away.

  13. says

    i like thunderfoots vids specifically cause he jabs at any open sore that the unscienced type have developed, one of the type to not get angry. this incident… it may be that someone else was able to use his credentials to discredit him, i won’t put being a colossal jerk past him, but he just doesn’t seem the type stupid enough to invite federal prison time for a snit.

    if he has done this… he’s gotta learn a lesson.

  14. Daniel Schealler says

    Everything Zinnia said.

    Also, the alleged behaviour would be particularly hypocritical given how strongly Tf00t spoke out against DawahFilms using very similar tactics against himself.

  15. Tom says

    If it’s true, of course it’s a bad thing to do.

    But that alone (I have no evidence to either believe it or disbelieve it, although I also have no reason to believe it’s not true) it’s pretty naive to think such a ‘private’ list would be somehow ‘safe’ in a ethical kind of code.

    Not saying that you shouldn’t trust anyone, and it doesn’t make the act less sneaky, but it’s a hard lesson learnt: on the internet, information that gets spread digitally, is never 100% safe. In this case it’s an unethical human action which caused a leak, but it might as well have been an innocent human error or even unintended technical error.

  16. says

    Speaking in purely hypothetical terms here…

    Given that not enough time has gone by for Tf00t to get back from England and read any hypothetical communications that might be waiting for him (unless a copy was sent via e-mail as well), this post muddies the waters, makes the task of damage control more complex, and probably is tempting Ed to tear his hair out as he tries to perform the task of enforcing that little paragraph at the bottom of the list emails.

    Not cool.

    • says

      Well, I can tell you that things aren’t actually that bad. We’ve already been preparing for this for some time. This was not a spur-of-the-moment thing.

      • says

        It doesn’t matter how long you’ve been preparing; it matters whether the preparations are complete (such as whether a hypothetical registered mail receipt or suitable equivalent, signed by TF00t, has been received or not).

        It’s always, always, always better to have everyone with documentation and paperwork in hand if you’re going to make a statement about a security incident, (and it’s very strange to do so before the person responsible for handling the incident has made an official statement, or in lieu of such a statement).

        I understand that privacy has been violated, but this type of intrusion is not a false flagging or a false DMCA. This situation crosses national boundaries, and if it turns out in any way that a financial loss resulted or anyone was actually endangered, then it could get very complicated very quickly. “Subpoenas and badges” complicated. “You never know what is going to come up in pre-trial discovery” complicated.

        It may feel good to vent your outrage about this, but it’s just not a good gamble to take. The gains just aren’t worth the potential losses, and it’s not your gamble alone to take.

  17. says

    This is surprising ZJ. (At least for me)

    How are you sure it was him?

    Was it a hacking incident or had access removal not been completed successfully?

    DJ

  18. Tony •King of the Hellmouth• says

    Emily:

    I hear a lot of allegations without evidence, and given the animosity and history between FTB & Thunderf00t – I’m going to remain skeptical about these claims.

    You know what: Fuck off.
    Skeptical?
    Really?
    How are they supposed to provide this proof to you when it involves information they don’t want people knowing about?
    How would you like it if you were an atheist, a gay man in a Muslim country, a trans woman in Texas, or any number of other minorities who are terrorized, assaulted, tortured, and/or killed because the wrong people have private information? How would you feel if you had to look over your shoulder every single minute of every day, never knowing a moment’s peace? This is a very real possibility of Thunderf00t’s actions. He has jeopardized the lives of others pulling this bullshit. His actions are reprehensible and disgusting.
    Take your faux skepticism elsewhere and learn how to be a human being.

    • says

      Yes, this. Besides the stuff Natalie pointed out, Taslima’s address could do serious damage. I suspect Physioprof and Cuttlefish have good reasons for their anonymity.

  19. Beathil says

    I’m sorry for everyone at FTB. None of you should have to deal with this. I would like to think that this is all some sort of misunderstanding, that TF didn’t do this somehow, but, to be honest, I can see him doing this.

    I would like to see further evidence, perhaps more can be revealed after “Legal Stuff” at a later date.

    Thunderf00t was one of the youtubers that introduced me to atheism, it’s a shame, I really really liked him at one time.

    Be safe FTB.

  20. says

    Has anything actually been leaked, or is it just threats so far? I’m a little confused about what has actually happened. (I don’t follow twitter or youtube so I may be missing things.)

    Zinnia, yours and Natalie’s situations worry me the most – you’re both so vulnerable. Stay safe!

  21. says

    I want to offer concrete support, but since the whole friggin’ width of the North American Continent lies between us, the best I can do is this: If any of your projects (present or future) could use an editor, a graphic artist, or a typesetter, please feel free to get in touch when you’re looking for the person to do that.

  22. says

    This is not for commenters to decide since we don’t have access to the evidence. But those who do have access, I would encourage to talk to, and present the evidence to, law enforcement as well as Mr Thunderf00t’s employer. If the guy threatens to make anonymous blogger’s IDs public, this must be an option. If TF in his butthurt rage wants to hurt FTB bloggers based on guilt by association with PZ Myers, I see no reason not to disclose his activities to his employer, and let law enforcement deal with his hacking of private conversations.

    • says

      Depending what was said when, maybe. The idea that he’a willing to leak e-mails to third parties (rather than just speak in general terms about the e-mails that concerned him) is new and is cause for alarm.

  23. chrisstaab says

    Well Zinnia,….I must say with the Chick-fil-A controversy blowing up like crazy. You must realize now that with the amount of people that went to chick-fil-A over the past week or so, that nobody cares about gays or their make-believe rights. The amounts of people that went to go and support the chick-fil-A cause was quite refreshing. You also seem to have an obsession with Bristol Palin, maybe you wish you were as pretty as she is, like every other ugly liberal women in this country. Lastly I will just say that I now have a new video blog on YouTube with which I will expose you, and other left wing liars. See for yourself, I have already exposed your best buddy Ed Brayton: http://www.youtube.com/watch?v=3FlrOCMeuL8

    • says

      If you want to argue about Chick-fil-A, go to that post. If you want to argue with Ed, he has his own blog. I don’t go into your church and start throwing out accusations and demanding answers during greeting time.

      • chrisstaab says

        HAHAHA!!! You left-wing nuts are so funny with your ironic statements. It’s too bad that irony is the only form of both argument and humor that you know of. My video blog got plenty of views within a reasonable amount of time. Zinnia has written several bogus blogs that I can critique and expose, I have already exposed Mr. Brayton. I am going to give people the truth as well as give them an opinion that challenges the left wing dummies.

  24. chrisstaab says

    So funny to watch all of the left-wingers argue. I never said the numbers were everything. But the fact is that my video blog has made people think about the Obamacare act as well as Ed Brayton’s unfair and unbalanced joke of a radio program.

    • says

      But the fact is that my video blog has made people think about the Obamacare act as well as Ed Brayton’s unfair and unbalanced joke of a radio program.

      You got 125 views. 125. Only 8 people cared enough to like or dislike, and of those, only 3 cared enough to like it. You have managed to convince a grand total of 3 people to click a little thumb under your video to signal that they agree with you.

      You’ll be happy to know, I stopped the video loading before I’d be counted as a view.

      • chrisstaab says

        Well it’s only been a few days, plus did you ever stop to think that maybe most of the people that watched my video blog might not have youtube accounts (hence they cannot “like” or “dislike” or subscribe) but more importantly I have received emails from 7 individuals who thanked me for my insight,.and none of them had youtube accounts, so infact there are 10 individuals that agree with me atleast. So what do you have to say to that?……..

          • chrisstaab says

            Well I know it’s hard for the left wingers to realize that their rhetoric and views are not well liked in most parts of the country. But I think you are all realizing that the only place that your views are liked is within your own boundaries on bogus blog sites like this one.

  25. jerrybarrington says

    Please, folks, notice the important word: ALLEGED.

    Get back to us when some evidence is shown. Until then, this is just more of the spat between FTB and Tf00t.

      • jerrybarrington says

        Yes, details which show he used an authorized invite. The system let him back in, ergo, he was authorized.

        Yes, he has admitted to distributing sanitized copies to non-list members. I hate to say it, but the concept of a private list for dozens of people is a bit absurd. One can keep a secret. Two might. Dozens? Don’t bet on it. (And I have serious doubts the note at the bottom of each email will carry legal force.)

        • Truthfulpinecone says

          ” (And I have serious doubts the note at the bottom of each email will carry legal force.)”

          Without an express written agreement, none what so ever. I’d have to dig it up, but there was one law firm that published their boiler plate in a book, and then used the DMCA to get people from not posting their C&D letters publicly.

      • Truthfulpinecone says

        What jerrybarrington said and more.

        People v. Lifshitz, 369 F.3d 173, 190 (2d Cir. 2004)

        The basic assertion is while we have the reasonable expectation of privacy when we mail a standard letter to someone that some 3rd party won’t read it until it’s delivered, you really don’t have control over what the 2nd party does. T

        Let’s say for example you fancied me and set me an erotic love letter. I could read the letter to a friend, your mom, some hick in Arkansas, on the radio, on youtube, at my mother’s lesbian bridge circle, in a confessional while spanking my monkey. I could xerox it, fax it, transcribe it to biblical Hebrew read it while two unshaven rabbis go to town. While I would be a total asshat for doing any of the above, the fact of the matter is once I open the letter, you really don’t have control over what I do, and excluding copyright considerations, you really don’t have a legal recourse except not mailing me letters.

        A listserv is hardly secure, and should you consider continuing to use one, with admins who clearly don’t have clue one about security, you should likely use your nom de plume. Better still, a private non-email msg server with an express written agreement of non-disclosure.

  26. pauliexcluded says

    Well….I don’t see how this was unethical. He was given access to this mailing list. If PZ failed to revoke this access upon his dismissal that just makes him an idiot as well as a coward who expels those who express dissenting opinions. Wasn’t it PZ who was once expelled from expelled? Amazing we humans…we so turn around and exhibit the very behavior we so protest. I would like to know exactly what happened. Did TF actually “hack” into something or did the webmaster simply forget to revoke his access. If the latter is the case, it is exceedingly dishonest to assert that he “hacked” into something.

    • says

      His access was indeed revoked, and he was aware of this. He managed to regain access through a security loophole. I don’t think the mere existence of such a security hole excuses any exploitation of that.

      • pauliexcluded says

        I tend to agree with you. It is rather “creepy” behavior. However I wouldn’t see it as anything one should get all worked up over. If something is written in a mailing list with so many members it is unreasonable to believe that such a list is “secure”. So surely one would not be writing things that one would not want disseminated. Be that as it may it is unkosher of him. Yet here we are still talking about how PZ and thunderfoot are spoiled little brats who can’t seem to behave like professional adults. I went into academia hoping to escape high school.

      • TruthfulPinecone says

        “His access was indeed revoked, and he was aware of this. He managed to regain access through a security loophole. I don’t think the mere existence of such a security hole excuses any exploitation of that.”

        Ethnically, perhaps not. But legally, that’s another matter.

        http://freethoughtblogs.com/lousycanuck/2012/08/10/what-thunderf00t-did-and-how/

        The legal statute is 18 USC 1030, and based on this blog entry, TF used the auth ticket he was given in the first place. You can’t even describe this as a security loophole. He was given a legitimate code to access the listserv, he USED a legit code to access the listserv. He didn’t use another code not given to him, he didn’t use software to generate a new code he wasn’t given. There was no exploit to gain admin access, no keyboard logging virus. In analog terms, the gent was given a key, no one asked for the key back, and he used it to open the door.

        Again, I’m not condoning his actions, but the ultimate person responsible was whoever gave him the invite code, and didn’t remove the invite code. Without removal of that code, TF’s access was authorized by definition.

        Again, I hope you accept this as constructive criticism. If the listserv admin can’t be arsed to revoke invites to users who have been banned, then ultimately it’s the admin who’s responsible.

        • says

          I make no claims as to the legality of it. But the fact of him having a key does not mean that the list administrators forced him to use it to open the lock on a door he had been barred from entering. That act was clearly his decision and his responsibility.

          • TruthfulPinecone says

            “But the fact of him having a key does not mean that the list administrators forced him to use it to open the lock on a door he had been barred from entering. That act was clearly his decision and his responsibility.”

            Ah, no. Him having a key means he’s not barred from entering. He had a key, there was no bar. You give people keys to remove bars for access. You give someone a key, that is your express permission for access. You ask for the key back, you’re revoking permission. If you forget to ask for the key, that’s actually your fault.

            If the list admins didn’t remove his invite, it’s THEIR lack of due diligence, their responsibility.

            I’m not saying TF isn’t an asshat, he was just an asshat with a key, and access was not unauthorized.

  27. TruthfulPinecone says

    Dear Zinna,

    I like you, and watching your vids makes me want to question my sexuality. I’m not in agreement with what Thunderfoot did, however some of your assertions you made in this post are patently incorrect.

    E-mails do NOT have the expectation of privacy. They are NOT like a conversation in your own home as conversations in your own home are not transcribed, sent over a planetary wide network, hosted for a time on servers any admin “could” read, and displayed using software that has a big bold friendly FORWARD button on it. It’s not even like phonecall or a conference call. Unless there was some express written agreement, information divulged in an e-mail is is not private by definition.

    Signature tags that claim “this is privileged information” do not count.

    This isn’t even eavesdropping. Eavesdropping only applies to situations where you have the reasonable expectation of privacy, which wouldn’t apply with group communication. Depending on the kindness of others to not hit the forward button doesn’t count either.

    You can call it unethical, and not knowing all the details, this may be correct. You may feel violated, and you are entitled. But the actions are not illegal. Unethical, perhaps, but not illegal.

    I hope you accept this as criticism, and not as an attack, and in the future take precautions to protect your privacy. While I am empathetic, you simply do not have the legal definition of a reasonable expectation of privacy.

    • says

      I didn’t call anything illegal. What I made clear was that there was a stated and accepted convention in place: that participants in the private list would agree to keep its contents private, so as to enable a trustworthy, open and honest environment. Thunderf00t knew this, but did not respect that, and he compromised that privacy. And no, I do not agree with you that two or more people cannot communicate over email and expect that their messages will not be eavesdropped upon. This is like telling the Department of Defense that they can no longer use any global communications infrastructure for group collaboration. What would we have to do, in your estimation, to make the intention of privacy clearer than it already is? Encrypt every message with PGP?

      • TruthfulPinecone says

        “And no, I do not agree with you that two or more people cannot communicate over email and expect that their messages will not be eavesdropped upon.”.

        Unless there is a written agreement, you do not have what the law describes as a reasonable expectation of privacy. Not with two people, esp. not with MORE people. E-mails are digital, and since 1978 there are provisions to “forward”. YOU might have the expectation of privacy, but this is not reasonable. There is a forward button, you’ve seen it. People read e-mail at work, in cafés. Your argument is based on someone else having the same ethics as yourself, which is unfortunately NOT reasonable.

        And it’s not eavesdropping, not unless someone for example uses YOUR password, installs spyware, or uses a telescope though your window. Inviting someone to use your listserv, booting them, and forgetting to delete their invite, doesn’t count.

        “What would we have to do, in your estimation, to make the intention of privacy clearer than it already is? Encrypt every message with PGP?”.

        Intention doesn’t count for anything. A written agreement with a signature would.

        Avoiding e-mail, maybe using a web based system that has an express written agreement. Avoid using listservs, they are not secure and e-mails are not considered private by law. Oh, did I happen to say EXPRESS WRITTEN AGREEMENT.

        PGP wouldn’t work in this case, since we are dealing with a group, and PGP only is for preventing REAL eavesdropping, you know monitoring by a 3rd party, by wire tape, packet sniffing, server hacking, e-mail spoofing, actual eavesdropping. An asshat who forwards an e-mail with your real name isn’t eavesdropping. And as cited in this case, TF gained access using a valid, but dated, auth ticket.

        I’m not unsympathetic, I’d feel violated myself. However, without a written agreement, any old asshat can forward your e-mail or drop your docs.

        “This is like telling the Department of Defense that they can no longer use any global communications infrastructure for group collaboration”.

        Ah, no. The DOD requires employees to sign HUGE MOTHERFUCKING NON-DISCLOSURE AGREEMENTS, deal in materials protected by copyright, patents, national security, patriot act, international treaty, federal laws, and don’t use e-mail for sensitive information. Okay, not never, but they have their own infrastructure for private communications. And again NON-DISCLOSURE AGREEMENTS you have to sign just to use one of their toilets, the kind that explain this is national security, repeating / relaying / recording / transcribing anything from adjacent stalls will result in being shot point blank in the stamper, having your genitals removed by a pack of wild badgers, and being sent up the river to a federal prison reserved for rapists and people who talk at the cinema.

        You see a pattern here, an express written agreement.

        I’m not unsympathetic. I’d be upset too.

  28. Vicki says

    Yes, there’s a “forward” button. Ethically at least, and maybe legally, that’s a red herring. The mere fact that modern technology makes something easier doesn’t make it right (or wrong).

    If I send someone a personal letter, intending it to be private and saying so, they can use any of millions of photocopiers, make a dozen copies, and send them to the local papers, the FBI, and my three nosiest neighbors. The existence of that photocopier wouldn’t give the newspaper the right to publish my letter, and I wouldn’t buy “you knew photocopiers exist” as a defense of their actions. Depending on our previous relationship, I might have a reasonable social expectation that they would protect my privacy.

    If you confide in your spouse, sibling, or best friend and they tell your secrets to the world, they haven’t broken the law. But they may have broken the relationship, in ways that will reduce trust and could lead to divorce and/or estrangement. And that’s true whether you confide on paper, electronically, or in a whispered conversation in your own home.

  29. alecrezz says

    Yep. Thunderf00t is a detestable, underhanded cad for “hacking” into an email server he didn’t have permission to access, but PZ is a hero for “hacking” into a phone conference with a code he didn’t have permission to use. Makes perfect sense.

    • says

      alecrezz: Yep. Thunderf00t is a detestable, underhanded cad for “hacking” into an email server he didn’t have permission to access, but PZ is a hero for “hacking” into a phone conference with a code he didn’t have permission to use. Makes perfect sense.

      Even if you weren’t misrepresenting several aspects of the two different incidents which make your comparison a classic apples v oranges effort, alleged misbehaviour by PZ still wouldn’t justify TF’s misbehaviour.

  30. christo930 says

    I am under the impression that TF only warned someone that members of FTB were trying to get him fired from his job and provided that person with the identity of the people trying to get him fired over a blog disagreement. I don’t think that Internet blog fights should endanger someone’s job. Furthermore, if you don’t want to be embarrassed in public for what you say, don’t say embarrassing things. An email list isn’t the same thing as a private home. Emails go through hundreds of public networks unencrypted and are in no way comparable with conversations int he privacy of your own home. But I think the real issue is that FTB is trying to divert attention from their embarrassing emails by calling attention to the fact that they didn’t want TF to see the emails and that he did so anyway.

    • says

      If you read carefully, Thunderf00t never alleges that anyone from FTB tried to get Payton fired. Just that someone tried to get Payton fired and some people on FTB were upset by the tweet. The quotes are all from Zinnia. Her reaction was to write a blog post about it. Go back a few days. The post is still there.

    • says

      “members of FTB were trying to get him fired from his job”

      “people trying to get him fired over a blog disagreement”

      Here’s the thing: that never happened. So please, show me where it did.

      “Furthermore, if you don’t want to be embarrassed in public for what you say, don’t say embarrassing things.”

      Apparently this does not apply to writing a post that’s critical of something Michael Payton publicly tweeted.

      “But I think the real issue is that FTB is trying to divert attention from their embarrassing emails”

      Hey, you know those “embarrassing emails”? I posted mine in the next post over. How “embarrassing”.

  31. Tony •King of the Hellmouth• says

    But I think the real issue is that FTB is trying to divert attention from their embarrassing emails by calling attention to the fact that they didn’t want TF to see the emails and that he did so anyway.

    If that’s what you believe, please tell us what was mentioned in the back channel. You claim the emails are embarrassing, which implies that you’ve read them. You apparently have been privy to all this stuff, so please tell us what’s embarrassing. Or, you could go look at Greta Christina’s post on the harms releasing this information to third parties can do to various bloggers here at FtB.
    You don’t seem to understand that Thunderf00t was no longer authorized to be reading those emails. I don’t know what was in them, but since I’ve read Greta’s post, I have some idea of the topics the bloggers discuss. The subjects vary quite a bit, and I didn’t see Thunderf00t’s name much.
    So maybe, just maybe, you’re wrong. It’s not about Thunderf00t, despite his protestations. His invasion of privacy and subsequent actions show him for the scum he is.

  32. pauliexcluded says

    Please don’t drag this crap on and make FTB look even worse than it already does by trolling the comments….

  33. says

    Whats up this is kind of of off topic but I was wanting
    to know if blogs use WYSIWYG editors or if you have to manually
    code with HTML. I’m starting a blog soon but have no coding knowledge
    so I wanted to get guidance from someone with experience.
    Any help would be enormously appreciated!

    • Kevin Lyon says

      Be careful…you might get banned for asking off topic questions and labeled a “douche canoe” or something to that effect. Still, it seems you might want to ask this somewhere relevant rather than on a dead topic. I mean seriously WHY would you post this here? This is a long dead thread on a dying blog…..

Trackbacks

  1. […] By now you’ve heard that Thunderf00t exploited a security vulnerability to continue to receive confidential FreethoughtBlogs business emails after he was removed from the network and from the mailing list. If you haven’t already, you should read Natalie’s post covering the personal dangers to some of the members of our list and Zinnia’s on the importance of privacy. […]

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>