What about MD5?
Some of our more technically astute readers may have noticed that Slashdot computes an "MD5 Signature" of each user's IP address and stores this in the database instead of the raw IP. Glossing over this detail for the sake of simplicity appears to have lost some of our readers, so let's address MD5. If you're reading this, we'll assume that you're familiar with some cryptographic concepts, especially how MD5 works.
Won't MD5 protect my privacy?
Well, not in this case. There's two problems with the MD5 argument:
To prove this, we would like to propose a contest:
Write a perl script to generate the MD5 hash of every IPv4 address in existence. If possible, it should take a command line argument of the starting IP and ending IP, so that we can distribute the search space into blocks. IP addresses should be hashed from a 32 bit integer, increasing by 1 per iteration. We'll post our entry here sometime this week. The winning entry will use the least number of lines.
Thanks, and good luck
-The Slash Privacy Watch Team.
This is an open forum for Slashdot users and editors to discuss Slashdot privacy issues. You can reply to this journal entry in the standard manner. Questions about Slashdot privacy in this forum are on-topic; please do not ask questions about privacy in other articles, if you are Offtopic you are being abusive.
You can enter the forum via this link.
It is reccomended that you read The Slashdot Privacy Alerts before posting.
No abusive content, please.
Privacy Alerts by Slashdot Privacy Watch
Weigh in on our online discussion board, or please contact us with any privacy questions you may have: Slash_Privacy_Watch@ziplip.com. We use ZipLip because of their excellent site security and Privacy Policy!
What can I do to help?
Before we talk about what you should do, let's talk about what you shouldn't do:
That said, what is to be done? To achieve change, it is necessary to apply the tried and true formula: Politely state your concerns, in writing, to as large an audience as you can address. In this case, this means writing a letter to VA Linux, writing a letter to the Electronic Frontier Foundation, writing a letter to EPIC (the Electronic Privacy Information Center), or maybe even writing a letter to someone at Slashdot, though please consider the latter option with the utmost discretion. Please be polite, and speak your mind. For reference, we have included Slashdot Privacy Watch's "Open Letter to VA Linux Concerning Privacy on Slashdot". Please do not just copy this letter and send your own version; instead, write up your own concerns and mail them to the appropriate parties. Form letters do not have the same impact as a heartfelt and earnest request.
An Open Letter to VA Linux Concerning Privacy on Slashdot
To whom it may concern,
It has come to our attention that Slashdot is building a detailed database of every visitor and user of Slashdot. This database includes, among other personal details, an address history which permanently records every IP address assosciated with every Slashdot user and comment for all time. We are concerned that this database is a signifigant Intellectual Property asset that may be abused in the event of a sale of Slashdot by VA Linux to a third party.
In addition, we feel that keeping a permanent and indelible record of every IP address used to post every Anonymous comment on Slashdot erases whatever hopes of anonymity that endangered or threatened users may have had. To name two examples, Chinese dissidents and corporate insiders can have no expectation of anonymously revealing civil rights violations and corporate abuse.
It is our hope that given these concerns, VA Linux or Slashdot may choose to provide an opt-out option to users, whereby users could choose not to be tracked and profiled if they so request. Some discussion has been made of a Slashdot subscription service; perhaps one revenue stream for Slashdot would be to sell Privacy Rights. For a low yearly fee, a user could purchase the right not to be tracked, profiled, and logged by IP address.
Whatever steps are taken, it is our hope that Slashdot will address the current privacy concerns in public to allay our fears and to promote open discussion.
Thanks again for creating one of the most popular sites on the Internet, and all the best.
-The Slashdot Privacy Watch Team
Does the Slashdot Customer Profile violate my Privacy?
It is strongly reccomended that you understand Slashdot Customer Profiles before asking this question. Now that you do, let's attempt to understand the answer.
The Right to Privacy is not guaranteed by the United States Constitution, and in America whatever "right" we may have had to privacy is rapidly dissapearing. Nowhere is this more true than on the Internet. However, many Americans value their privacy, and the courts have attempted to safeguard the privacy of citizens to some degree. However, "privacy" on the Internet is a subjective and hotly contested term, so any attempt to define it objectively will most likely fail.
Does the Slashdot Customer Profile violate the OSDN Privacy Statement?
This much more focused question can be easily answered. The Slashdot Privacy Policy is linked from the toolbar in the upper left hand corner of your web browser. Slashdot is part of VA Linux Inc.'s OSD Network, and is bound by OSDN's Privacy Policy. Let's examine the relevant portions of this policy:
With regard to personal information, users can view their data on their personal profile page.
This statement is empirically false. No user has ever been permitted to view his or her Slashdot Customer Profile "IP address history" field.
OSDN will track the domains from which people visit OSDN and analyze this data for trends and statistics.
This statement is empirically false. Slashdot does not track domain statistics in the aggregate, rather it profiles every customer and their IP address history for the purpose of gagging abusive content on a per-user or per-subnet basis.
Subject to the provisions of this Privacy Policy, different OSDN sites may use accumulated data for different purposes, including but not limited to marketing analysis, service evaluation and planning.
This statement is true, but misleading. Tracking and gagging users by IP address is certainly a "different purpose", and it is clearly stated that use of per-customer information includes but is not limited to the stated purposes. One must wonder what the other unstated purposes are?
General: In cases where users voluntarily and publicly disclose personal information which may contain Registration Data or otherwise post personal information in conjunction with content subject to an open source license, such personal information necessarily will be disclosed subject to the terms of the applicable license.
Keep in mind that your IP address history is not a "voluntarily disclosed" piece of information: you are forced to disclose an IP address when you interact with a web site. Therefore IP address histories are not bound by this clause.
At OSDN, we intend to give you as much control as possible over your personal information, including the Registration Data
It is not possible to change, modify, or "opt out" of having your IP address history stored in your Slashdot Customer Profile. Therefore, we must understand this statement to mean "OSDN does not believe it is possible for a Slashdot user to check a box which opts them out of being profiled by IP address".
The simple answer to the question "Does the Slashdot Customer Profile violate the OSDN Privacy Statement?", therefore, is a resounding yes. The recent changes to Slashcode to profile every customer and their IP address history for the purpose of gagging abusive content on a per-user or per-subnet basis have only been made recently. It is therefore possible - nay, likely - that these changes have been made without a careful examination of the OSDN Privacy Policy.
Which brings any concerned privacy advocate to the obvious question: Should I be concerned about potential privacy violations on Slashdot? More importantly, should Slashdot users be given the option of "opting out" of being profiled? The answer is a resounding... perhaps .
What is the Slashdot Customer Profile?
Slashdot is owned by VA Linux, and VA Linux is a for-profit Corporation. This means that, like other corporations, Slashdot must maintain a customer profile for every user (yes, even you Anonymous Cowards!). These customer profiles are kept in Slashdot's master MySQL database, which is archived on a frequent basis to preserve VA Linux's valuable Intellectual Property rights to its' customer information. The Customer Profile contains many fields, such as the email address you used to register your Slashdot account. In addition, it contains these fields which are accessed in users.pl, line 1898.
They're Tracking WHAT?
You may have noticed that the Customer Profile contains a field called $iplist. You're not dreaming, this is a list of every IP address anyone has used to access Slasdot - ever. Slashdot has a perfectly legitimate reason for maintaining these detailed records on every customer. However, while every Slashdot user understands that the privacy of each Slashdot user is paramount to the current management of Slashdot, we must also understand that Slashdot is property, and that it has been bought - and sold - before. Therefore we must not consider the implication of the existence of Slashdot Customer Profiling under the existing management, but rather the implications under any future management.
Who Would Want my IP?
Let's assume, for the sake of argument only, that VA Linux decides to sell Slashdot to DoubleClick in order to boost its' short-term cash supply. Doubeclick would be looking at Slashdot mainly as an Intellectual Property asset, and its' customer database as the primary portion of that asset (because Slaschode is GPL'd). How, then, can VA Linux maximize the resale value of Slashdot's Intellectual Property assets? By tracking every possible piece of information. The list of IP addresses used by every Slashdot user, reverse-correlated by email, would provide a very lucrative marketing tool to a would-be buyer of Slashdot. Doubleclick could use this Intellectual Property to:
It is easy to see why recording the IP profiles of every Slashdot customer maximizes the value of the Slashdot Customer Database. The question is, should you be given the option to opt-out?
Slashdot and Censorship
It is a well known fact that Slashdot as a community does not advocate censorship or Censorware of any sort. Slashdot's own Jamie McCarthy is an active and effective member of The Censorware Project, one of the Internet's leading watchdog organizations for monitoring Censorware. What is Censorware? Jamie defines it here as:
"software which is designed to prevent another person from sending or receiving information (usually on the web)."
This succinct definition can be applied to any software package to evaluate whether or not it is Censorware. However, this definition attempts to define in black and white what is actually a very grey area. In order to maintain an effective and intelligent forum, Slashdot must have facilities to prevent abusive users from posting comments in order to disrupt and harass the effective functioning of the site. This does not mean that "Slashdot is Censorware"; far from it. However, Slashdot does contain some Censorware components.
The Power of Open Source
Slashdot, thankfully, is an Open Source project. In fact, you can view every line of Slashdot's code from it's home on Sourceforge. Slashdot contains many facilities for tracking abusive users and banning them from access. For the sake of simplicity, we'll avoid the facilities for tracking scripted form abuse and focus on the facilities for detecting abusive content (sometimes called "trolling").
Detecting Abusive Content
The story begins in comments.pl, at line 1082. The function isTroll() quickly checks to make sure that the user is not an editor (editors do not post abusive content) and then hands off to the perl module which interfaces with the MySQL database. MySQL.pm contains the function getIsTroll() which runs a series of checks on the user to detect abusive content. Because no filtering system can reliably detect abusive content, getIsTroll() relies on Slashdot's Moderation System (specifically M1) to highlight abusive content. If a particular comment receives a signifigant quantity of negative moderation, it is likely abusive content. If multiple comments from the same account receive a signifigant quantity of negative moderation, the account in question is likely a source of abusive content, and must be prevented from communicating with the Slashdot audience. However, many abusive users create "multiple personalities" for themselves on Slashdot. To detect this, getIsTroll must identify the total number of negative moderations received by a particular IP address. Because some abusive users even go so far as to change their IP address frequently, getIsTroll also checks the number of negative moderations received by a particular IP subnet (class C network). If a large amount of negative moderation has been applied to an account, IP address, or IP subnet, getIsTroll returns "true", which in turn prevents the abusive user from communicating with the audience of Slashdot; this keeps abusive users from disrupting the free and open exchange of ideas. To see how getIsTroll detects and marks for gagging abusive content in comments, read the source code carefully before continuing.
Some examples of abusive content which is regulated by getIsTroll:
- links to vulgar or deeply offensive web sites.
- links to web sites advocating hate crimes.
- comments which contain ludicrous "anti-Linux" or "BSD is dying" arguments
- general abuse.
The Last Step: Gagging Offensive Users
Once getIsTroll has identified the abusive content, Slashcode must prevent it from being posted. Remember, this is not Censorware, it is a very limited Censorware component. Comments or IP subnets on Slashdot are never moderated down without very good reason. Returning to comments.pl at line 489, a quick check is made during comment posting for isTroll (our first function) to return true. If isTroll returns true, Slashdot returns the "Troll Message" from one of its' administrator defined templates and returns without posting the comment. This prevents the abusive user from communicating with the Slashdot audience. Slashdot's standard "Troll Message" comes from the default error template:
[% # TROLL MESSAGE.
CASE "troll message" %]
This account or IP has been temporarily disabled. This means that this IP
or user account has been moderated down too much in the last
[% constants.istroll_ipid_hours %]
[% IF constants.istroll_uid_hours != constants.istroll_ipid_hours %]
(IP) or [% constants.istroll_uid_hours %] (account)
[% END %]
hours.
If you think this is unfair, you should contact [% constants.adminmail %].
If you are being a troll, now is the time for you to either grow up, or
change your IP.
Note: Gag time starts at 72 hours (3 days) per abusive comment posted.
Conclusions
This should shed some light into why Slashdot maintains comprehensive customer profiles on every visitor in the Slashdot database. For ever person posting to Slashdot, there is a chance, no matter how small, that that user may intend to post abusive content. It is the responsibility of the management of this site to prevent these users from communicating with the Slashdot audience in order that intelligent communication be preserved. Again, this is not Censorship. It is merely order.
"Spock, did you see the looks on their faces?" "Yes, Captain, a sort of vacant contentment."