Posting anonymously
Posted on October 28th, 2005 by Bryce Inouye
As a guestblogger at T&S last year, I helped Kaimi out with some of the technical issues the site was having. Given privileged access to the backend, I realized I had access to IP addresses of commenters. I used this information at one point to track down some fake identities being used by a persistent troll — it was very useful knowledge to have.
At that time, I realized that that information could be used to discover other information about commenters. I decided that I would never use that information except in cases where the blog was being abused.
There is great value in being able to post information anonymously or using a pseudonym on the blogs, and while the practice can be abused, on balance, it’s better to allow people the option to hide their identities at times (Impersonating other real people is a vile abuse. Impersonating Prudence McPrude? Not such a biggie).
Some of you may not have been aware until recently (or at all) that websites track information about you that can potentially be used to identify you. If you’re interested in posting anonymously or under a name that can’t be easily traced to you via your IP address, I suggest using a proxy server or other service that hides your IP address. Here’s a link to a Google search for anonymous surfing. There are some sites that offer free services reachable from this page. I do not use them myself, so I cannot offer specific advice or recommendations, but I encourage people who have the need to occasionally post anonymously to use such services so that you can feel secure that inquisitive blog administrators can’t peek to see who you are.
» Filed Under Any
Comments
69 Responses to “Posting anonymously”
Leave a Reply
Here’s a comment I left using http://anonymouse.org/. It’s free, but kind of slow , and the servers are in Germany, so you get German advertising.
That was me up there.
At last, M*’s vile, sexist double-standard is revealed. Hypocrites! You obviously hate righteous women!
I’m not Lyle, or am I?, but I would appreciate it if you Bryce, or someone, would out Prudence…permanently. Many of her comments are beyond the pale (or even violate posting policies) and just don’t redeem the occasional hilarity.
I thought it was pretty well determined that Prudence was initially Aaron Brown, but the persona has been adopted by others as well.
Bryce,
This is a two edged sword. The more trolls who learn how to comment anonymously, the more anonymous spam our poor beleaguered blog admins have to deal with!
We’re eventually going to update our WP to 1.5, which has “emergent whitelisting.” Based on interactions with past trolls, that will be a welcome addition.
BTW, do you know any easy way to download and back up a 62 MB mysql database? The handy-dandy database backup function of the little program that comes with cpanel (phpmyadmin) isn’t handling it. And I don’t want to mess around with trying to upgrade to 1.5 until I’ve got a good database backup.
More than one P. McP? The mind shudders.
(Apparently there is more than one Languatron. It started with one incredibly obnoxious, unstable person posting on Battlestar Galactica message boards. Now there are legions of copycats).
Kaimi, given recent events, I’m guessing there are a lot of people wondering what we nefarious blog administrators know about their “anonymous” posts. I would hate for people to be wondering if their deep dark secrets were being connected to them. I’m trying to place information in people’s hands to empower them. If that means more trolls, then we’ll deal with that problem.
Besides, it took about 45 seconds to load M* through the proxy I tried. It’s a bit of trouble just to troll a site.
Send me an email re: the backup.
As I’ve been hinting at over at T&S, all of the larger, more serious blogs should have privacy policies up and should enforce them. The fact that Frank can peruse the T&S logs in order to win a t-shirt is more disturbing to me than the idea that BoH is a fake blog. I seem to be the only person that cares about the admin side of this as opposed to the user’s side and I don’t understand why that is.
The reason I put this post up is because privacy policies aren’t worth much to the commenter. As a blog administrator, I reserve the right to use the information I gather to make the blog run well. It’s difficult to set out the parameters for when that might be necessary ahead of time. I have a personal policy of not looking unless absolutely necessary, but even then, in the course of routine maintenance, I occasionally see something that gives me information that a non-administrator would have no access to. I can’t make any guarantees, so I provide the information necessary for commenters who wish to remain anonymous to do so.
You’re right to point out the admins’ responsibilities, but the commenters should take responsibility as well.
The reason I put this post up is because privacy policies aren’t worth much to the commenter.
The value of a privacy policy is directly proportional to the honesty of the blog admins. You guys have a lot of information at your disposal. I would think that the only legitimate reason to access it is to prevent abuse of your own site. I don’t think it is asking much to put up a policy and hold yourself to it. I am still a little surprised that I’m the only one that has raised the issue of Frank’s public disclosure of information based on IP addresses.
Yes if you want to really protect yourself then the burden lies with the poster. But with large group blogs simply saying, “Trust us, we won’t use this the wrong way!” without putting down some specifics can open things up to abuse. Please don’t cast all the responsibility on the visitors. This is your house and you’re responsible for how the guests and their information is treated.
ARJ,
We have no policy against looking at or disseminating IP addresses. The only time it comes up, obviously, is when a person is systematically trying to pass themselves off as 2 or more people, which is hardly protected behavior nor is there any implied contract of such. Aaron Brown certainly knew that we knew who he was and was not surprised.
And seriously, do you really think I did it for the t-shirt? I did it because a bunch of people were lying and I could reveal the truth because they’d been lying on our site.
But if it bugs you then you probably have more experience with this than me, so feel free to write up a statement we can use on T&S. It should say something to the effect that there is no implied privacy of posting to our _public_ site and we will use IP addresses as we see fit. Although I am sure we could all agree to not sell them to commercial enterprises.
Frank,
Don’t diss the t-shirt! Remeber, the burden of proof lies with you to show that you didn’t do it for the shirt. That shirt rules. You know you’re going to show up to all the bloggersnackers in it assuming that your entry isn’t disqualified.
I really have no experience running a major blog, but it seems to me that a privacy policy should include some of the following:
1. Primary use of data collected will be to prevent abuse/trolling/spam at the blog in question. The methods of prevention would be deletion of posts and banning. Not “outing”.
2. Private information will not be disclosed to third parties. This would include outing trolls on your own or other blogs. This gets a bit complicated given the interlocking nature of the lists of permabloggers at some of the blogs, but you guys are smart, right? You can figure something out.
3. Admins will not browse private information out of curiosity or to discover the identity of a non-abusive poster. Basically, if you’re not looking to delete posts on your own site then don’t go poking around.
These all seem like reasonable suggestions to me. Implementing these could prevent an arms race of sorts between posters using anonymous proxies and the sites they visit. If the above are not reasonable please tell me why. Like I said, I don’t run any blogs so I am probably missing issues and details that you guys deal with frequently.
Lile, I suspect you’re still smarting over Prudence’s over-the-top reference to stoning her daughter over at T&S. Understandable, but you have to admit that your rhetoric sometimes invites an extremist backlash. Not that I know anything about that specific incident, mind you.
Kaimi is probably right to point out that certain pseudonyms can and are adopted by different anonymous bloggers now and then. One can’t automatically be sure one is reading the same commenter each time. In other words, it’s as if Lady McPrude isn’t a person, so much as an office or a calling that various intrepid souls dare to inhabit from time to time. Kind of like a “prophetic mantle,” if you will. Or not…
But I don’t really know anything about this either.
Aaron B
By “Kaimi,” I of course meant “Bryce.”
Aaron B
Am I missing something here? The blog is a public forum operated by a private individual(s).
Policy: If I choose to post on this blog be honest and do not lie. If you are found to be lying on his blog it will be made public. Simple.
Is posting anonymously lying? Usually not. Is posting using a different name (or anonymously) with the intent to deceive lying? Yes! Can the administrator determine which is which? Hopefully. If not and the administrator makes an error, don’t post there anymore.
I’m playing his game in his court with his rules, if I don’t like that, I can find a different game, a different court, or rules I like.
I’m fine if blog’s policy says the administrator can use the information for whatever, but won’t sell it.
Bryce, you are very nice to let us know this. I do not see any reason to use that anonymous server here though as you already have my email address already from previous posts. I am just glad that I have never been banned from the site. I have pretty much cut out white sugar from my diet and find myself to be much less hyper so hopefully I will not walk on the edge in the future lol. Is that anything like the “Twinkie Defense”? Well, I sincerely hope that I have not been as bad as all of that. For the record, I may have used a lot of alias names but never have I been the personage, Prudence.
As one appalled by the BoH hoax, I hate to think that I might have been doing something unethical and not realizing it: sometimes when people post anonymously at T & S, I click through to see what email address they gave. (Lots of anonymous posters leave real email addresses.) I don’t look at IPs because I’m too stupid to figure out what to do with them.
Is this wrong? I always assumed that if someone left a real email address, it was because they didn’t want their identity known publicly but didn’t care if the permabloggers knew it. (Otherwise, just give anonymous@gmail.com as the email . . .). But if it is considered a breach, I’ll stop right away.
Actually, Aaron B, that was me posting as Kaimi.
Julie, I’ve resolved to make an extra effort not to look at information associated with posts signed anonymously. It’s probably best not to peek. Just think, you’re basically entering into a confidence when you discover the identity of an anonymous poster. It’s one reason I never want to be a bishop.
I can’t speak for everyone, but I have no compunction about what Frank McIntyre did.
a random John, I’ve been thinking about this issue today, and I currently come down on Don’s side.
Part of the problem is that it’s hard to make promises without knowing future conditions. At times, it is definitely useful to share information with other blogs when combatting trolls and spammers. Occasionally we’ll get a hit from some overseas country, and I’ll dig a little to see if I can tell something about the person. As I told Julie, I try extra hard to respect anonymity, but even that can be problematic. Every comment on a post that I write ends up as a message in my inbox, with the IP address, machine name, email, and url at the top. I see that information whether I want to or not. I’d much rather educate our readers as to how to remain truly anonymous than promise anonymity that I can’t guarantee.
I guess I am out of the loop as I am not aware of the BOH hoax spoken of. I guess my addiction to blogs is not as bad as I feared.
I have never posted as someone other than the names that I made up for myself.
I think the bloggernacle is unusual for an online community in the high percentage of participants that use their actual names (or some form of them). I don’t have a problem with pseudonymous or anonymous commenters, but I much prefer having a “real” name.
Barbara is on my birth certificate so I guess I will stick to posting under it(Barb), however boring it may be to limit myself to just one name.
Ah, I have drawn too much attention to myself. I guess I need a little more time to get the sugar out of my system.
As an anonymous poster, I agree with Don (#16). And my e-mail is legit, I just never check it. But just out of curiosity, I think I will as soon as I post this.
Barb, don’t worry about a thing. Just keep on posting.
I should clarify an earlier comment, where I mentioned digging for information on overseas posters. I do this on my personal blogs, but I have not yet done it here at M* (although I reserve the right to do so).
Thanks!
Julie
I didn’t know it was ok to make up fake emails when you want to be anonymous–other people might be just like me. If I were you, I’d avert my eyes unless there was a real reason to look.
As a poster, I am placing some trust in the people on this blog. I assume that you aren’t going to start stalking me or selling my information to businesses.
While I don’t expect the absolute privacy of a medical professional or the silence of a Catholic priest, I do expect the people who run this site to be respectful of what they know, or what they are capable of knowing.
Dang it, I really wish I knew what an IP address was.
“I assume that you aren’t going to start stalking me or selling my information to businesses.”
That seems reasonable.
John
In the end, you seem to be coming from the school of “implied privacy” where anonymity in a public sphere is a kind of quasi-right. Perhaps this is from reading too much slashdot. I don’t buy into that at all. We’re a tiny little village. We’re the kind of place where everybody kows your name. I am fine with letting people post anonymously. It does not bother me in the least. But I am not going to set up ex ante constraints on how I deal with situations that might come up requiring me to use IPs. I am perfectly willing to make that explicit by putting up a policy.
As for the difficulties of a big blog, by far the biggest is coordination across over a dozen people. Thus anything that is going to make that harder better be really worth it.
Now you have me curious. You were very into outing the people at BoH. There was even talk of using wordprint analysis. You dug into the pictures posted lookiubf for clues that BoH certainly did not intend you to use. What steps were you willing to take and not willing to take to establish and announce this fakery? Are you saying that you would not have used IP addresses?
Regarding posting pseudonymously …
I use an alias mostly so that when I google myself, I’m not returning hits from all the blogs I’ve posted against. It’s also handy if I want to google my alias. It’s also handy is that family members won’t automatically recognize me — because sometimes I share personal information that might be embarrassing to certain individuals.
Part of this mindset dates to a former employment, when I got into trouble with a boss for criticizing my employer in an open forum using my real name (yes, I was naive). Within that particular technical community, I use an alias that is fairly obvious to anyone who knows me already.
Beyond that, I don’t care if people know who I am. I just prefer to make it a little less obvious.
In fact, my particular pseudonym here would be EASILY identified by family members (but not in-laws) who used some common sense. Of course, that assumes they’ve figured out how to sign on the the internet, learned to read, or removed any Bloggernacle sites from their blocked filter (you know, because of the Sunstone or Dialogue references).
And … the email is real. And I use it for other reasons. Anyone who has ever wanted to communicate with me via the real email, I have let them.
queuno -at- gmail
I agree 100% with queuno’s reasons for using a pseudonym to post. But I don’t feel people have the right to use a pseudonym or annoymous post to deceive, lie, fake-out, scheme etc. Administrators have the right and or an obligation to let the rest of us know when this happens. Also they have the right to deal with these people in any way they seem fit when it comes to their blog.
Frank,
Once again you turn the discussion from an examination of what you did to what the deluded slashdotter might have done in his hackerly search for truth. I’d rather focus on what the responsibilities of perma-bloggers at large, respected sites are, but I am willing to indulge you.
I do not speak for Rusty, who has admin access at 9m. As far as I am aware I have no access to IP addresses, but honestly I’ve never tried. There were three or four IP addesses that were looked at by the two of us to verify the location of the posters but not to link them to other screen names. It was decided immediately that we would not reveal any information based off of IP addesses, but thought that we might use this info to administer the contest in the case that they didn’t come clean. Thus my guess (that all of them were pupetmaster JMW) was knowingly inaccurate and I believe that Rusty was not as accurate as he could have been either. All the information that I researched and posted up was available to anyone with a web browser. In fact I didn’t put up as much as I found.
As far as other steps that were considered, I did look into sending an email to each Bannerite with a “web bug” in it that would report the ip address that it was read at but decided that was evil and we didn’t do it. I’m not sure if this would be better or worse than using admin info from T&S.
Now you say that that you wouldn’t sell private information but you did something that is qualitatively worse. You sold private information of posters that were not committing any abuse at T&S but rather than selling it to a third party you posted it to the public. And don’t tell me that you didn’t sell it. I remember our conversation about BYU athletes getting special tutoring well enough to know that you would consider the shirt an item that can be assigned a monetary value.
Also this sort of public posting is dangerous in that it could be wrong. The AKA pluggin that ran for a brief while at BoH showed that misidentifications can happen when using IP addresses.
I assume (perhaps wrongly) that you have been aware of the BoH prior to the events of this week and that you could have outed these people at any time. But it took the enticement of filthy lucre to motivate you to do this.
Ok, so I am joking a bit here. But really, can a T&S perma-blogger unilaterally decide to publish private information on posters that have not violated the T&S comment policy? Did you also go back and delete the posts by these people?
Perhaps an escape clause could be added to the rules above saying that exceptional situations can be dealt with as needed pending the agreement of some #/% of the perma-bloggers.
I am honestly disturbed to learn that at least one T&S blogger (that I respect) regularly browses information that would be assumed to be private to satisfy personal curiosity. I would think that others would be to if this were made known on T&S. I really don’t see how having a privacy policy that restricts what can be done with this data is such a terrible burden for T&S to bear.
Is this wrong? I always assumed that if someone left a real email address, it was because they didn’t want their identity known publicly but didn’t care if the permabloggers knew it.
That is the way I’ve expected it to work those times I’ve posted without giving my name.
Of course to hide my IP (or if my computer is in use) I use AOL, which has dynamic allocation (i.e. lots of people on AOL end up with the same IP number rather than one person to one number). I learned about that when we were trying to ban a particular troll at another forum a long, long time ago (9-10 years back).
“I assume (perhaps wrongly) that you have been aware of the BoH prior to the events of this week and that you could have outed these people at any time. But it took the enticement of filthy lucre to motivate you to do this.”
No, good try, but wrong. What _actually_ enticed me to do it was when I decided that this really probably was a hoax. Up to then I really was not following the whole thing. Once I felt confident it was a fake, it was worth taking action. I was surprised that they had all commented at T&S. I did not remember that and thought I would be lucky to find out info on a couple of them. It turns out the returns were much higher than expected.
And sure the T-shirt has monetary value. I’m glad you took that lesson to heart. But my agreement not to sell IP’s to a commercial entity (which I did not do) is not because I think money taints all it touches. Rather because I can see no situation where there would be any other motive. And if money is the only motive, then it may well be because you are profiting at another’s expense. In this case, I was being rewarded for doing what I would have done anyway, and for what was the right thing to do, and for what I think was a net benefit to society.
“Ok, so I am joking a bit here. But really, can a T&S perma-blogger unilaterally decide to publish private information on posters that have not violated the T&S comment policy? Did you also go back and delete the posts by these people?”
I didn’t delete the posts. I can’t see much gain in that now. You think IP addresses are private information. I think that when you post on my site, they are no longer your private information but also my information, like a caller ID box. You gave them to me as part of the deal of posting at my site. I agree that that information should be used responsibly, as all information should. I think that it would have been very irresponsible to not say what I knew. Apparently you felt differently. But letting the hoax go on for weeks more would have been the unethical thing to do in my mind. Note all the comments by people who felt badly that they knew but couldn’t reveal the hoax, or were too lazy, or whatever.
Once again, your attitude comes from a particular take on privacy that is very common among computer geeks and libertarians but, as best I can tell, is not the societal default. That’s a fine view but that does not mean each site needs to adopt the same philosophy and I am perfectly willing to make that explicit on our site.
Naturally, other T&S types may have wildly different opinions. I don’t speak for them. In fact, me saying this is probably a strong temptation for some of them to disagree, solely because I said it! We love to disagree.
I know that I cannot take it for granted that people knew that I was largely joking in my above posts. It is true that I changed identies a lot but not because I was doing anything that was malevolent towards anybody on this site or any other blog. I was a little manic at the time. I realize that as a whole my behavior was not amusing to anyone. Sometimes I mainly say things to amuse myself and then regret it later. I sure wish we could go back and edit things later!
Frank,
I don’t understand, you are saying that you didn’t sell them? May I refresh your memroy? Ok, great!
OK, here are the relevant facts.
1. I just wasted like an hour doing this, so I better get a pretty cool t-shirt out of it.
You are certainly getting a t-shirt. I might even delivery it personally since I have to sign it and I’m the closest one to you. (expect 4 to 6 weeks for shipping and handling. Lots of handling…)
Given that you stated that you are doing this with the expectation of a t-shirt and that you will in fact get a very cool t-shirt, how do you the economist not see this as a trasaction that could be defined as a sale of information for filthy lucre, a t-shirt in this case?
Are you also saying that you would continue to sell such info in the future as long as in addition to the lucre it was for a cause that you felt was a good one?
Your privacy policy should at least detail the situations under which Frank will sell the info to a “good” cause without consulting his fellow perma-bloggers. Internally you should probably also have a document that spells out how you all will divide up the lucre.
My real name is not Anne, but I wish it was because I think it’s the most beautiful name and I don’t like my real name. But I tell everybody who e-mails me my real name. I don’t post it because maybe some crazy person will stalk me or something.
But everything else is real. I’m not trying to deceive, just be safe.
Barb, uh, very confused.
Anne, If I were to guess, I would say that Annegb stands for Anne of Green Gables. That is one of my favorite stories. Sorry that I have struck you as being so strange.
I guess I like forums a lot better because you can actually become friends with people. At least, that has been my experience with forums. Of course, as the adage that I tell myself goes, “If I do not want people to think that I am strange, I should not act so strange.”
John,
I should clarify, because clearly I was too funny for my own good. My point number 1 that you quote was tagged on after I realized that I did in fact have enough info to reveal pretty much the whole gang. I thought it would be amusing. I then had to renumber, which was annoying, but I thought it was worth it.
As for “not selling”, that is not what I meant. The relevant claim is:
1. Not selling to a commerical entity (like Amazon or something)
2. And, obviously, I did not give out any IP addresses.
I would not sell to a commerical entity because, as I stated, I can’t think of any reason why I might want to do that except to make money for a spam operation. I would never sell IPs for some sort of spamming. And since I won’t do that, I agreed that I would never sell to a commercial entity. But it is not the selling that bothers me, it is the spamming. I have no problem having you hand-deliver my poster as a reward for doing what I would do anyway. Feel free to also give me a poster for reading to my children at bedtime—another thing that I would have done anyway!
But look, if you are going to hand deliver this thing, we can just hash this out when you get here. At which point I will teach you all my secret, jujitsu, rhetorical moves. And, as Rusty can attest, I am not actually getting an Aaron T-shirt. I thought it was a little creepy. I’m getting a nine moons T-shirt for my daughter.
Why do you hate my daughter?
[deleted at comment author’s request]
I am leaving but staying long enough to say that you may really want to edit that. Also to add that many of you have been great examples and I will probably still read your blogs and some of the peripheral comments. I just won’t read any more comments on any of the present blogs. Sorry that I let my pent up frustrations out inappropriately. I tell myself not to do that. Then I go and do it. That is why I should not post where there is no edit button.
Frank - I understand why you revealed the BoH names, but I think you are very much to blame here for the negative fallout and bad feelings expressed on the blogs over the past week about BoH.
By revealing the names of the BoH bloggers prematurely and without their consent, the BoH bloggers weren’t able to lay the groundwork that could have staved off at least some of the hurt feelings experienced by their readers.
It is my understanding that the BoH bloggers were planning to reveal themselves little by little, so that eventually every BoH reader would have realized without a doubt that Jenn, Miranda, et. al. were, in fact, fake. But instead of giving the BoH readers this opportunity, you (and others) ripped off their masks before the final act, causing more hard feelings than was necessary.
I’m not justifying BoH. No doubt the BoH bloggers pushed the envelope a bit too far in denying their involvement with BoH. That is a separate issue. But I wholeheartedly agree here with ARJ. It should be very clear to readers and posters alike that on your blog they should have no expectation of privacy in their IP addresses, regardless of whether they would prefer to comment anonymously.
Hope your daughter enjoys the t-shirt.
Frank,
I think that most economists would agree that we’re only talking about a difference in scale here. You gave information to Nine Moons (and the public!) that would otherwise be considered private. You also said that as long as you agree with what you understand the cause to be that you would sell private info to anyone. Note that the purchasing party could then use this info for anything. You seem to think that spam is the only evil thing that this info could be used for and that outing people who have not committed abuse on your blog is A-OK. Why you don’t see this as disturbing is a mystery to me.
Please talk this over with the other T&S perma bloggers and come up with something that either protects the privacy of the participants in your “house” or at least gives them a clear warning that any one of you can look at the records for any reason whatsoever and can sell or otherwise distrubute them without the consent of the other bloggers.
No, Barb, I don’t think you’re strange, but are you real? I thought you said you weren’t real. You seem real. And I’ve been confused for the last few weeks. Well…more confused
email me and I’ll tell you about the gb part. gardnera@netutah.com
I never noticed that you revealed anything you shouldn’t have. I tell everything. except my weight and my sex life. It’s easier not to have secrets.
Frank, hmm….if I knew what an IP was, I might be upset, too.
Oh, I just hate when we get mad at each other.
John,
“that would otherwise be considered private”
This is, I think, where we part ways. I did not then, nor do I now, think that it is private information that Steve Evans was pretending to be Jenn Mailer in his posts at T&S. As for the rest of your hypothetical, I am at a loss to conjure up a situation where that is going to be a problem. Do you have something in mind? This is, incidentally, why I am not inclined to make ex ante promises of specific behavior. I lack the imagination to see what I am or am not actually promising.
Also, I am not convinced that continuing their hoax onto our blog constitutes “no abuse of my blog”.
As for writing up a policy, that’s a good idea; we will. Or at least, we’ll start to. A lot of things never end up happening. Feel free to check the comments policy next week and remind me if nothing has changed.
Elisabeth,
I do not have any ill will towards any of the BoH people. I think they did something stupid and feel bad about it now. I was certainly not privy to their future plans when I discovered the deception. Would it have been better to wait? I doubt it, but maybe. I knew they were lying to me and others. So I revealed it. If nothing else, I would guess it averted a few weeks of increasingly intense lying by them and those who knew the truth. But this is probably not the best time for that particular discussion, as many people still seem rather raw about the whole thing.
Anne,
I’m not mad at John. I just think he’s wrong!
As for IP addresses, an IP address is listed with every comment in the “back room” web logs. It can sometimes tell you a location or business; like mine would show that I am posting from BYU, but nothing more than that. I looked at people who had posted comments that had the same IP address as the BoH posters on T&S. Like seeing who all had called my house from the same phone. That is how I came up with the list. In some cases, I did not have an exact match or they were using fake addresses, so it is far from perfect. But one of its better uses is to out people masquerading as someone else. John thinks this information is private and I disagree.
Thus I knew that Jenn Mailer and Steve Evans were posting from the same machine, which machine was connected to a law firm. But I couldn’t do more than that.
Frank,
I have an example in mind. What if the Strengthening the Members Committee makes it known that they would like to identify someone that has posted using a fake name to T&S? Would you be able to give them this information on your own?
What if Amazon was willing to buy the ip info not to spam but to use it for directed advertising to visitors to their site?
I’m sure that other situations will come up in real life. This one did an you acted on your own, right?
Frank, I do understand where you are coming from, but this put me off a bit:
The “higher” returns for being the first to disclose this information about the BoH hoax was an increase in the shock and surprise by BoH’s believing readers. Since you cared enough about the members of the bloggernacle community to spend time uncovering a fraud, a better way to reveal the information you found (and to alleviate some of the shock and surprise) would have been to contact the BoH ringleaders, show them the information you found, and suggest that they contact their readers personally before you posted the incriminating information for everyone to read.
If the BoH bloggers had had the opportunity to explain themselves personally to their loyal readers before they were publicly unmasked, I think the hoax would have resulted in fewer people feeling hurt and betrayed.
Think about it, Hillary Clinton would have felt less hurt and betrayal if Bill Clinton had revealed his dalliance with Monica to her privately before he was outed by Ken Starr. This example works nicely with BoH, because who knows if the BoH folks would have ‘fessed up on their own without being “outed” by you? The point is, though, they should have been given the opportunity to explain themselves - if only to reduce the hurt and betrayal felt by innocent people (annegb, etc.) when they found out they had been duped.
Therefore, I think blog admins should adhere to a strict privacy policy - agreeing on what is and what is not appropriate information to share with each other (and with outsiders), and to disclose this policy to their readers.
annegb,
I should also chime in to say that I am not mad at Frank. I just think he has done wrong!
I also think that he is willing to do wrong again!
Frank’s description of an IP address is accurate. I disagree when he says that I think this information is private. I probably could have stated my position better earlier in the discussion. My position is that the public/private nature of this info is defined by each individual site. I would guess that it assumed by the majority of T&S visitors to be private information. However T&S does not have a policy that states how this information will and will not be used by the site. Thus Frank is able to disclose any information that he cares to without consulting with the other perma-bloggers there, not that he would do that. Oh wait! He did!
I also agree with Elisabeth that this was probably not the ideal way to unmask the Bannerites, but it was all going to come out in the short term anyhow. At this point I’m more concerned with the future than the past. I’m also a bit concerned with Frank’s lack of imagination given that he can’t think of another situation in which he would again sell this information.
Elisabeth,
Arggh!! You and John are winning awards for thinking me eviler than I am. The “returns” in this were _not_ shock and surprise, but the number of BoH people I could identify from the logs. 5 out of 6 was higher than expected. Why would you assume such a thing? Did I run over your cat in a prior life?
As for the right or wrong way to out people, I think it would be smarter to wait and let people calm down and get some distance before going into that. Ask me again in a month.
Re a privacy policy, thankfully, we’ve already got the lawyers working on it. They love this stuff. Eventually, T&S will have a policy book written to cover every contingency!
John,
I’m confused as to why you were having a contest if you didn’t want to out them. Or you did want to out them? I’m sure you had your reasons, but you’re too tricky for me.
I just wanted a T-shirt.Frank,
Part of the motive for the contest was to force them to out themselves. Another was to see what clues that had left in their writings and use those to determine who they were. Simply coming in after having paid no attention to the site and saying, “Well here they are!” wasn’t nearly as fun. However no rules against that were put in place and I gladly admit that you won fair and square. It just wasn’t as fun as what I had envisioned.
I’m glad to hear that the lawyers are having fun doing what they do best. I’m sure that you are glad to get back to the study of lucre!
Frank: I echo ARJ. You definitely scooped ‘em! I don’t think you’re evil, but you are right that Banner-gate created lots of unforeseen consequences.
Maybe in a month you can tell us why you think your way of unmasking the masqueraders was better than letting them (or others closer to the situation) do it themselves.
“I have an example in mind. What if the Strengthening the Members Committee makes it known that they would like to identify someone that has posted using a fake name to T&S? Would you be able to give them this information on your own?”
This seems rather far-fetched to me, but no more so than BoH frankly. Well that would certainly involve discussing with the other bloggers. Hopefully the lawyers will hash that out in the policy. It seems like we want room for anonymity. But it is not clear that we wish to be a podium for those who wish to attack the Church. Hopefully the policy will balance those in some way.
“What if Amazon was willing to buy the ip info not to spam but to use it for directed advertising to visitors to their site?”
Sounds like a no-brainer. I would not do it and would vote against anyone else doing it. And from prior discussions, I am confident that such a move would get roundly trounced in a vote.
Also, I don’t study lucre so much as the lack of it– bankruptcy, poverty policy, minimum wages, etc. It’s far more interesting!
[Deleted at comment author’s request]
If you want to post anonymously, and avoid things like my AKA plugin or Frank’s snooping eyes. You don’t have to use any service, you just have to use a highly anonymous proxy. Here’s some instructions I wrote on how to do so:
You can get a list of free proxies from right here:
http://www.atomintersoft.com/products/alive-proxy/proxy-list/
(Notice at the bottom of the list, there are 100 pages of these proxies available.)
You’ll want to choose a highly anonymous proxy, which means that it will mask all information originating from your machine and it will not identify itself as a proxy (though if your logs are configured correctly and you know what to look for you can still make a pretty safe guess about who’s using a highly anonymous proxy). You’ll find some lag using a free proxy compared to a normal broadband type connection, but they’re free. If you don’t want a slowdown, you can use a pay proxy service (usually $40 a year or so).
And here’s everything you ever wanted to know about setting up proxies, but was afraid to ask:
I’m sitting at a Mac OS X system right now, so I can give you detailed instructions on how to set up a proxy if you’re on a Mac–it’s very simple. For windows, I can only give you the following vague instructions:
In IE, you choose Tools->Internet Options; select Connections tab; click the LAN settings button, and check the Allow Proxies check box, click advanced, and put the proxy address in the http input box.
In Firefox (which everyone should use instead of IE) choose Tools->Options; select the “Connection Settings…” button from the General preferences pane. Check the manuel configuration checkbox, and put the value in the http input box. Put the proxy value in the input box.
In linux, the instructions are basically the same for firefox on Linux. Mozzilla on Linux has (if I remember correctly) a proxy preference pain.)
If you need more detailed instructions on how to set up a Windows or a Linux box to use a proxy, say so and I’ll fire up a computer and walk through the process.
At any rate, here’s the detailed Mac OS X instructions:
1. Select System Preferences from the Apple menu.
2. Select the Network icon from the System Preferences window (it’s in the Internet & Network section, if you have them so ordered)
3. Double click on the network interface that you are using; i.e., modem, ethernet (cable modem or ISDN) or wireless.
4. Click on the proxies tab
5. Check the “web proxy” option in the scroll panel on the left
6. Paste the IP portion of the proxy (the portion before the colon if there is a colon; the entire number if there is no colon) into the longer input line just under the words “Web Proxy Server”
7. Paste the port portion of the address (the portion after the colon if there is a colon) into the smaller text input box on the right of the box described in the preceding step.
8. Click the “Apply Now” button in the lower right corner.
9. Try to open a common web page like http://www.yahoo.com
10. If the page comes up, then you’re in business. If it doesn’t choose another highly anonymous proxy and input the value back into the Network preferences per instructions 6+.
You may also want to create a new “Location” called anonymous. Click on the “?” button above the “Apply Now” button to learn how to do this (it’s really easy, but there are more steps). This has the advantage of allowing you to switch to an anonymous proxy connection using the Locations submenu off the Apple menu, so you don’t have to use a lagging connection all the time or continually modify your network preferences.
Note, if you’re using links or lynx, these have proxy settings that bypass these settings, so you’ll want to read the docs for these to setup their http proxy (it’s really simple also)
Also, free proxies can stop working at any time (they’re still a good value, though). So bookmark the page at the start of this email so that you can grab another when one your using stops working.
BONUS:
Since many (if not most) of the proxies on that sight are down by the time they post them, I wrote the following command line script (I just went and pulled it out of my history — if you have access to a Unix command line prompt, you can cut and paste it at the prompt.
x=”1″; while [ $x -lt 100 ]; do echo; echo “page $x”; for y in `curl –silent http://www.atomintersoft.com/products/alive-proxy/proxy-list/?p=x | grep -i ‘\>High anonymity proxy<’ | sed -e ’s/\(\/tr>\)/\1\n/g’ | grep -i ‘\>High anonymity proxy<’ | sed -e ’s/.*>\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\:[0-9]\+\).*/\1/g’`; do echo $y; curl –silent –proxy $y –max-time 5 http://www.yahoo.com | head -n1 | sed -e s/.*/HIT/g; done; x=$[$x+1]; done
Since some sites block known proxies, you can filter these by changing the second url:
x=”1″; while [ $x -lt 100 ]; do echo; echo “page $x”; for y in `curl –silent http://www.atomintersoft.com/products/alive-proxy/proxy-list/?p=x | grep -i ‘\>High anonymity proxy<’ | sed -e ’s/\(\/tr>\)/\1\n/g’ | grep -i ‘\>High anonymity proxy<’ | sed -e ’s/.*>\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\:[0-9]\+\).*/\1/g’`; do echo $y; curl –silent –proxy $y –max-time 5 http://www.timesandseasons.org | head -n1 | sed -e s/.*/HIT/g; done; x=$[$x+1]; done
Hope this helps.
I forgot to mention:
The preceding script simply rifles through the 100 pages of the site that I link to at the beginning of the preceding post, finds each highly anonymous proxy, and tries to access some web site with it. It prints to the screen the IP address of each highly anonymous proxy that it finds, and In the event that it can access the second specified web site, it displays the word, “HIT.”
Some of these will simply be proxy error pages, and this script is too simple to filter these, but most of the proxy addresses will work. Just use any one that you want the way that it describes in the preceding instructions about filling in proxy info.
This is just something I thru together in about 15 minutes one night–there’s probably a cleaner way to do it.
Anyway, hope this helps.
Thanks for that information, DKL.
I recommend cygwin (http://www.cygwin.com — there’s some problem with linking in comments right now) for windows users who want unix-style shells.
I see you’re burning T&S’s bandwidth there
And thus the arms race accelerates!
I agree that people that want to be anonymous need to take steps to protect themselves. I’m sure that there are people out there that will appreciate DKL’s walkthrough, though I’m guessing that those that can use the scripts didn’t need it.
Despite the fact that talking to Frank is like trying to get a brick wall to admit that it is wrong this has been a productive conversation and I look forward to seeing what the lawyers come up with.
Both this privacy issue (who owns the data?) and the BoH thing have me thinking once again about issues of group ownership on the internet and the tensions that an architecture of participation can create. Probably a subject for another post…
If you can make it LDS-related, feel free to submit a guest post, arJ.
Or better yet, fire up a blog of your own.
I have a blog of my own! It is unfortunately blank. I have several unfinished projects that will probably go there.
As for guest posting, I am flattered by the offer but anything I write will probably show up at Nine Moons, though I might still do a guest article to the Banner.
Bryce, thanks for recommending cygwin to the Windows users out there. It’s an admirable way to approximate the functionality of a real operating system, and it should get people by until they can purchase a computer that doesn’t have Windows installed on it. (Frankly, I’m surprised that the brethren haven’t spoken on this yet. We’re supposed to be ready for emergencies, and everybody knows you just can’t count on Windows in a pinch.)
a random John: I’m sure that there are people out there that will appreciate DKL’s walkthrough, though I’m guessing that those that can use the scripts didn’t need it.
Fair enough. What I meant to do was provide a little something for everybody.
Script doesn’t seem to work on a Windows machine with cygwin. It just reponds bash:curl:command not found , 100 times.
looks like curl isn’t installed on your machine, Kaimi.
Just a joke of course, but remember, if you really want to be anonymous, use a proxy or an anonymizing service.
Just tried DKL’s script on my cygwin install. Works just fine. I have a pretty complete installation though.
Do you have wget? you can tell by just typing wget into the bash command line prompt. If you do, I’ll shoot you a script that uses wget instead.
Most systems will have either wget or curl installed. As long as you’ve got a copy of gcc, I can walk you through instructions on how to download and compile it.
Thanks for editing my comments. I want to quickly say that I deeply regret any blame that I cast on anybody. I am sorry for how that misrepresented the situation. I just read in a book last night that I have victim mentallity. So publically I state this just in case anybody got the wrong idea from my irresponsible comments. If you did not read them, you are not missing anything. What kind of person would seek so much attention to derail a post that had nothing to do with my situation? Valid question and I am not sure that I know the answer.