Tech support (bullies and creep)


After a DDoS attack, 8Chan has eventually been taken down because the domain was “seized”, due to it hosting child abuse images – as nauseatingly documented by Dan Olson. (Please call it abuse images, not “pornography”).

This happened due to numerous complaints sent to ‘the “pass-through” content delivery network that had been operating 8chan’s servers’, as Sam Machkovech describes it, called Cloudshare. The complaints highlighted 8Chan’s hosting of abuse images and called for them to cease hosting illegal, horrific content. However, Cloudshare did something really fucking disgusting.

Machkovech writes (my emphasis):

In accordance to Cloudflare’s abuse-report policy, the company responded to complaints by forwarding them back to 8chan’s administrative address—essentially telling an alleged offender who blew a whistle and how they did so. Brennan responded to those complaints by reposting them, complete with the complainants’ full names and e-mail addresses for 8chan and Twitter users to see. As a result, the complainant quoted above, who used his real name and e-mail address when writing to Cloudflare, was subsequently “doxxed” by imageboard users, and his personal and private contact details were posted on 8chan-friendly boards.

Cloudflare gave information, including details of identity, of people concerned about child abuse imagery to the very people hosting that content. This seems akin to telling an apartment block super that you dislike the loud metal from Apartment 34, then the super telling the thuggish gang that lives there you complained and your apartment number.

This is a wonderful example of internet culture catering to abusers and bullies, creating new targets and insulating the continued harassment of marginalised people. See creeps defending catcalling; see Gamergate; see online harassment of women.

The Internet is a pretty shitty space and we need better thinking when it comes to who we’re giving information to and how we think they’ll use it. Seriously, fuck Cloudflare.

EDIT: Wrote Cloudshare instead of Cloudshare, for some fucking reason. HT Comment #1.

EDIT2: Wrote Cloudshare twice in my correction Edit about writing Cloudshare instead of Cloudflare. I can brain.

Comments

  1. nrdo says

    I think it goes beyond just better thinking about giving information, but also on how we interact. The hosting company seems to have erred in assuming the owners of the website were responsible business owners instead of the immature thugs that they were. I think we need to make is to recognize that the internet creates echo chambers with just the right amount of anonymity to dredge up the worst in many people.

  2. says

    It’s cloudflare.com … I use them as they give you a free level of DoS protection, although anyone who is clever enough to do an IP lookup can circumvent it. But you’d be surprised how many script kiddies that weeds out 🙂

    • says

      oolon,
      We heard tell of a person posting at the pit a little while back, Necbeard_V20 or something like that, who claimed to have been able to hack any system using just an IP address, or even a partial one. He was apparently some kind of computer genius, with access to some government resources.

      What kind of system does it take to keep someone like that out? Can it even be done?

      • Phillip Hallam-Baker says

        Yes, it can certainly be done if you are willing to spend the $$$.

        Basically you strip the O/S down to the absolute bare minimum required for the function. You switch off all extensions, all active code on the system and a long list of other stuff. You get rid of all shell and scripting interfaces, including SQL. Then you strap a firewall in front with a proxy that independently verifies protocol compliance.

        It is very tedious but there are some O/S distributions that have that already done. This is not ‘use Linux’, this is use a very carefully controlled distribution like FreeBSD.

        DDoS attacks are another matter, you need to have someone who has very big pipes who can lend them to you if you are targeted. Cloudflare is the best known player but there are many others.

  3. Great American Satan says

    ^disingenuous misogynist crapsack @4 who thinks doxxing serial harassers is exactly equal to doxxing whistleblowers, of all people.

    • says

      @5 – And if you think that somebody telling A JOKE about someone on another forum constitutes “serial harassment” and rises to the level of doxxing-worthy retaliation, then you are SERIOUSLY in need of some fucking perspective, not to mention a basic recheck of your ethics.

  4. Dunc says

    We heard tell of a person posting at the pit a little while back, Necbeard_V20 or something like that, who claimed to have been able to hack any system using just an IP address, or even a partial one. He was apparently some kind of computer genius, with access to some government resources.

    What kind of system does it take to keep someone like that out? Can it even be done?

    Well, I’m in IT, although not specifically IT security, and that sounds like total bullshit to me. Certainly the thing about being able to hack any system even without the full IP address is rubbish, and even a full IP address doesn’t necessarily resolve to a specific system.

    I expect that he’s also ex-Special Forces, knows 75 ways to kill a man with a rolled up newspaper, and is currently dating a supermodel. (In Canada.)

  5. says

    We heard tell of a person posting at the pit a little while back, Necbeard_V20 or something like that, who claimed to have been able to hack any system using just an IP address, or even a partial one.

    I’m such a leet haxxor I don’t even need the numbers of the IP address. I only need the dots!

  6. says

    To be clear, pseudonymous commenters styling themselves as “Great American Satan” and “LykeX” hope to weaken the general norm against doxxing by advancing the argument that posting tasteless jokes about prominent freethought bloggers on an obscure website counts as serial harassment, an act which is itself doxworthy.

    Sounds legit.

  7. Edward Gemmer says

    This has some interesting issues.

    The doxxing is wrong because it was reported to the owner of the website. However, the owner wasn’t the person actually posting the material. If someone posted some awful image as a comment on your website, and someone else filled out a report to Cloudflare, it is necessarily wrong for Cloudflare to send you the complaint? It does not strike me as inherently wrong.

    Second, who is the marginalized group here? “People concerned about child abuse?” That’s like 99% of the population. Someone went through the indignity of having their concern about child abuse exposed to the public?

  8. says

    We heard tell of a person posting at the pit a little while back, Necbeard_V20 or something like that, who claimed to have been able to hack any system using just an IP address, or even a partial one.

    Haha, good luck with that!

    • Phillip Hallam-Baker says

      What he probably means is he can run an automated test tool against a site and read the report.

      When one of the first scanners came out, the guy who wrote it was hauled up in a hearing in Congress about computer security and he made a similar claim about the EOP systems which reported that they were running obsolete versions of a Web server with several reported holes. What he didn’t realize was the systems were lying about both the server version they were running and the operating system.

      It is certainly not a foolproof control, but it does weed out the script kiddies allowing resources to be focused on the nastier threats.

  9. Great American Satan says

    Damian @9 – I’m sure someone on your side will get around to doxxing us all eventually, while cats like you ignore it or “No True Slymesman” them & only focus on people like Myers & Watson as the Emperors of Evil 1984 witch hunting thought police femistasi uber alles of doxxors.

    I don’t want it to happen, but I recognize this as a risk of becoming vocal against Team Abuse. Ho-hum. I’m sure I’ll see you later, whether I want to or not.

  10. Pierce R. Butler says

    According to various error messages I’ve received when something (apparently) goes amiss at the FtB server, FtB also uses Cloudflare.

    Perhaps a note to the Great Panjandrum Brayton would be in order.