Forgot your password?
typodupeerror
Censorship

Journal: Slashcode Gagging Component Modified

Journal by Slash Privacy Watch

The gagging component of Slashcode has been modified. Rather than blocking any user who receives a signifigant quantity of negative moderation, the new system blocks any user (or user subnet) who is anonymous or has less than 1 karma point who receives negative moderation. This change will hopefully discourage abuse of the moderation system for the purpose of censoring unpopular users, though it does not protect the truly unpopular, for instance, persistent Windows advocates who have zero or less karma. Thanks to jamie for this change.

User Journal

Journal: What about MD5?

Journal by Slash Privacy Watch

What about MD5?

Some of our more technically astute readers may have noticed that Slashdot computes an "MD5 Signature" of each user's IP address and stores this in the database instead of the raw IP. Glossing over this detail for the sake of simplicity appears to have lost some of our readers, so let's address MD5. If you're reading this, we'll assume that you're familiar with some cryptographic concepts, especially how MD5 works.

Won't MD5 protect my privacy?

Well, not in this case. There's two problems with the MD5 argument:

  • One-way correlation is good enough. Slashdot is using MD5 to provide only one-way correlation between IP addresses and user accounts. This one-way correlation is exactly what can be used by any future owner of the Slash database to correlate incoming web hits to Slashdot accounts, and it is exactly what we described in our previous article on the subject. This is why we treated MD5 as an implementation detail only; given an IP address, the Slashdot database can still be mined for the corresponding user account. This is what the $iplist field is there for!
  • Additionally, while it is not trivial, a brute force attack on the Slash database would easily yield the bidirectionally correlated database. Considering that there are only 2^32 base values, and MD5 pads every bit under 448 with zeroes, what we are looking at is attacking values that are 32 bits, a 1 bit, and a string of zeroes, hashed. The computational power required to achieve this brute force attack is trivial.
  • To prove this, we would like to propose a contest:

    Write a perl script to generate the MD5 hash of every IPv4 address in existence. If possible, it should take a command line argument of the starting IP and ending IP, so that we can distribute the search space into blocks. IP addresses should be hashed from a 32 bit integer, increasing by 1 per iteration. We'll post our entry here sometime this week. The winning entry will use the least number of lines.

    Thanks, and good luck

      -The Slash Privacy Watch Team.

Privacy

Journal: Feedback for Slashdot Privacy Watch 30

Journal by Slash Privacy Watch

This is an open forum for Slashdot users and editors to discuss Slashdot privacy issues. You can reply to this journal entry in the standard manner. Questions about Slashdot privacy in this forum are on-topic; please do not ask questions about privacy in other articles, if you are Offtopic you are being abusive.

You can enter the forum via this link.

It is reccomended that you read The Slashdot Privacy Alerts before posting.

No abusive content, please.

Privacy

Journal: Privacy Alerts by Slashdot Privacy Watch

Journal by Slash Privacy Watch

Privacy Alerts by Slashdot Privacy Watch

Weigh in on our online discussion board, or please contact us with any privacy questions you may have: Slash_Privacy_Watch@ziplip.com. We use ZipLip because of their excellent site security and Privacy Policy!

Slashback

Journal: The Final Step: Privacy Advocacy

Journal by Slash Privacy Watch

What can I do to help?

Before we talk about what you should do, let's talk about what you shouldn't do:

  • DO NOT just fire off an angry email to Rob. The old adage that "nobody has ever accomplished anything with email" holds especially true with Rob Malda, who probably gets more email than anyone on the Internet and is overworked to boot. A boatload of "you hypocrite why are you profiling us delete my account you jerks" emails to CmdrTaco are going to achieve exactly the opposite effect that privacy advocates would like to achieve, and makes our cause look immature to boot. Rob & Jeff have worked extraordinarily hard to make this site what it is; abusing them is likely to achieve nothing.
  • DO NOT simply conclude that inaction will make everything better. Even if you never post to or read Slashdot again, they already have a detailed Customer Profile on you. It is their Intellectual Property, and VA Linux, Inc. isn't going to relinquish it just because you've stopped reading Slashdot.

That said, what is to be done? To achieve change, it is necessary to apply the tried and true formula: Politely state your concerns, in writing, to as large an audience as you can address. In this case, this means writing a letter to VA Linux, writing a letter to the Electronic Frontier Foundation, writing a letter to EPIC (the Electronic Privacy Information Center), or maybe even writing a letter to someone at Slashdot, though please consider the latter option with the utmost discretion. Please be polite, and speak your mind. For reference, we have included Slashdot Privacy Watch's "Open Letter to VA Linux Concerning Privacy on Slashdot". Please do not just copy this letter and send your own version; instead, write up your own concerns and mail them to the appropriate parties. Form letters do not have the same impact as a heartfelt and earnest request.

An Open Letter to VA Linux Concerning Privacy on Slashdot


To whom it may concern,
      It has come to our attention that Slashdot is building a detailed database of every visitor and user of Slashdot. This database includes, among other personal details, an address history which permanently records every IP address assosciated with every Slashdot user and comment for all time. We are concerned that this database is a signifigant Intellectual Property asset that may be abused in the event of a sale of Slashdot by VA Linux to a third party.

      In addition, we feel that keeping a permanent and indelible record of every IP address used to post every Anonymous comment on Slashdot erases whatever hopes of anonymity that endangered or threatened users may have had. To name two examples, Chinese dissidents and corporate insiders can have no expectation of anonymously revealing civil rights violations and corporate abuse.

      It is our hope that given these concerns, VA Linux or Slashdot may choose to provide an opt-out option to users, whereby users could choose not to be tracked and profiled if they so request. Some discussion has been made of a Slashdot subscription service; perhaps one revenue stream for Slashdot would be to sell Privacy Rights. For a low yearly fee, a user could purchase the right not to be tracked, profiled, and logged by IP address.

      Whatever steps are taken, it is our hope that Slashdot will address the current privacy concerns in public to allay our fears and to promote open discussion.

      Thanks again for creating one of the most popular sites on the Internet, and all the best.

    -The Slashdot Privacy Watch Team

VA

Journal: Customer Profiling and the OSDN Privacy Policy

Journal by Slash Privacy Watch

Does the Slashdot Customer Profile violate my Privacy?

It is strongly reccomended that you understand Slashdot Customer Profiles before asking this question. Now that you do, let's attempt to understand the answer.

The Right to Privacy is not guaranteed by the United States Constitution, and in America whatever "right" we may have had to privacy is rapidly dissapearing. Nowhere is this more true than on the Internet. However, many Americans value their privacy, and the courts have attempted to safeguard the privacy of citizens to some degree. However, "privacy" on the Internet is a subjective and hotly contested term, so any attempt to define it objectively will most likely fail.

Does the Slashdot Customer Profile violate the OSDN Privacy Statement?

This much more focused question can be easily answered. The Slashdot Privacy Policy is linked from the toolbar in the upper left hand corner of your web browser. Slashdot is part of VA Linux Inc.'s OSD Network, and is bound by OSDN's Privacy Policy. Let's examine the relevant portions of this policy:

With regard to personal information, users can view their data on their personal profile page.

This statement is empirically false. No user has ever been permitted to view his or her Slashdot Customer Profile "IP address history" field.

OSDN will track the domains from which people visit OSDN and analyze this data for trends and statistics.

This statement is empirically false. Slashdot does not track domain statistics in the aggregate, rather it profiles every customer and their IP address history for the purpose of gagging abusive content on a per-user or per-subnet basis.

Subject to the provisions of this Privacy Policy, different OSDN sites may use accumulated data for different purposes, including but not limited to marketing analysis, service evaluation and planning.

This statement is true, but misleading. Tracking and gagging users by IP address is certainly a "different purpose", and it is clearly stated that use of per-customer information includes but is not limited to the stated purposes. One must wonder what the other unstated purposes are?

General: In cases where users voluntarily and publicly disclose personal information which may contain Registration Data or otherwise post personal information in conjunction with content subject to an open source license, such personal information necessarily will be disclosed subject to the terms of the applicable license.

Keep in mind that your IP address history is not a "voluntarily disclosed" piece of information: you are forced to disclose an IP address when you interact with a web site. Therefore IP address histories are not bound by this clause.

At OSDN, we intend to give you as much control as possible over your personal information, including the Registration Data

It is not possible to change, modify, or "opt out" of having your IP address history stored in your Slashdot Customer Profile. Therefore, we must understand this statement to mean "OSDN does not believe it is possible for a Slashdot user to check a box which opts them out of being profiled by IP address".

The simple answer to the question "Does the Slashdot Customer Profile violate the OSDN Privacy Statement?", therefore, is a resounding yes. The recent changes to Slashcode to profile every customer and their IP address history for the purpose of gagging abusive content on a per-user or per-subnet basis have only been made recently. It is therefore possible - nay, likely - that these changes have been made without a careful examination of the OSDN Privacy Policy.

Which brings any concerned privacy advocate to the obvious question: Should I be concerned about potential privacy violations on Slashdot? More importantly, should Slashdot users be given the option of "opting out" of being profiled? The answer is a resounding... perhaps .

Privacy

Journal: Slashdot Customer Profiles

Journal by Slash Privacy Watch

What is the Slashdot Customer Profile?

Slashdot is owned by VA Linux, and VA Linux is a for-profit Corporation. This means that, like other corporations, Slashdot must maintain a customer profile for every user (yes, even you Anonymous Cowards!). These customer profiles are kept in Slashdot's master MySQL database, which is archived on a frequent basis to preserve VA Linux's valuable Intellectual Property rights to its' customer information. The Customer Profile contains many fields, such as the email address you used to register your Slashdot account. In addition, it contains these fields which are accessed in users.pl, line 1898.

They're Tracking WHAT?

You may have noticed that the Customer Profile contains a field called $iplist. You're not dreaming, this is a list of every IP address anyone has used to access Slasdot - ever. Slashdot has a perfectly legitimate reason for maintaining these detailed records on every customer. However, while every Slashdot user understands that the privacy of each Slashdot user is paramount to the current management of Slashdot, we must also understand that Slashdot is property, and that it has been bought - and sold - before. Therefore we must not consider the implication of the existence of Slashdot Customer Profiling under the existing management, but rather the implications under any future management.

Who Would Want my IP?

Let's assume, for the sake of argument only, that VA Linux decides to sell Slashdot to DoubleClick in order to boost its' short-term cash supply. Doubeclick would be looking at Slashdot mainly as an Intellectual Property asset, and its' customer database as the primary portion of that asset (because Slaschode is GPL'd). How, then, can VA Linux maximize the resale value of Slashdot's Intellectual Property assets? By tracking every possible piece of information. The list of IP addresses used by every Slashdot user, reverse-correlated by email, would provide a very lucrative marketing tool to a would-be buyer of Slashdot. Doubleclick could use this Intellectual Property to:

  • Correlate web hits to member sites by IP address, sending an email to every Slashdot user who visits a target site.
  • Correlate web hits by IP address and present customized content to each Slashdot user who visits a target site, for instance: "Welcome to Superdomains.com, Slashdot user Jamie!"

It is easy to see why recording the IP profiles of every Slashdot customer maximizes the value of the Slashdot Customer Database. The question is, should you be given the option to opt-out?

Slashdot.org

Journal: How Slashdot Prevents Abusive Content

Journal by Slash Privacy Watch

Slashdot and Censorship

It is a well known fact that Slashdot as a community does not advocate censorship or Censorware of any sort. Slashdot's own Jamie McCarthy is an active and effective member of The Censorware Project, one of the Internet's leading watchdog organizations for monitoring Censorware. What is Censorware? Jamie defines it here as:

"software which is designed to prevent another person from sending or receiving information (usually on the web)."

This succinct definition can be applied to any software package to evaluate whether or not it is Censorware. However, this definition attempts to define in black and white what is actually a very grey area. In order to maintain an effective and intelligent forum, Slashdot must have facilities to prevent abusive users from posting comments in order to disrupt and harass the effective functioning of the site. This does not mean that "Slashdot is Censorware"; far from it. However, Slashdot does contain some Censorware components.

The Power of Open Source

Slashdot, thankfully, is an Open Source project. In fact, you can view every line of Slashdot's code from it's home on Sourceforge. Slashdot contains many facilities for tracking abusive users and banning them from access. For the sake of simplicity, we'll avoid the facilities for tracking scripted form abuse and focus on the facilities for detecting abusive content (sometimes called "trolling").

Detecting Abusive Content

The story begins in comments.pl, at line 1082. The function isTroll() quickly checks to make sure that the user is not an editor (editors do not post abusive content) and then hands off to the perl module which interfaces with the MySQL database. MySQL.pm contains the function getIsTroll() which runs a series of checks on the user to detect abusive content. Because no filtering system can reliably detect abusive content, getIsTroll() relies on Slashdot's Moderation System (specifically M1) to highlight abusive content. If a particular comment receives a signifigant quantity of negative moderation, it is likely abusive content. If multiple comments from the same account receive a signifigant quantity of negative moderation, the account in question is likely a source of abusive content, and must be prevented from communicating with the Slashdot audience. However, many abusive users create "multiple personalities" for themselves on Slashdot. To detect this, getIsTroll must identify the total number of negative moderations received by a particular IP address. Because some abusive users even go so far as to change their IP address frequently, getIsTroll also checks the number of negative moderations received by a particular IP subnet (class C network). If a large amount of negative moderation has been applied to an account, IP address, or IP subnet, getIsTroll returns "true", which in turn prevents the abusive user from communicating with the audience of Slashdot; this keeps abusive users from disrupting the free and open exchange of ideas. To see how getIsTroll detects and marks for gagging abusive content in comments, read the source code carefully before continuing.

Some examples of abusive content which is regulated by getIsTroll:
  - links to vulgar or deeply offensive web sites.
  - links to web sites advocating hate crimes.
  - comments which contain ludicrous "anti-Linux" or "BSD is dying" arguments
  - general abuse.

The Last Step: Gagging Offensive Users

Once getIsTroll has identified the abusive content, Slashcode must prevent it from being posted. Remember, this is not Censorware, it is a very limited Censorware component. Comments or IP subnets on Slashdot are never moderated down without very good reason. Returning to comments.pl at line 489, a quick check is made during comment posting for isTroll (our first function) to return true. If isTroll returns true, Slashdot returns the "Troll Message" from one of its' administrator defined templates and returns without posting the comment. This prevents the abusive user from communicating with the Slashdot audience. Slashdot's standard "Troll Message" comes from the default error template:

[% # TROLL MESSAGE.
CASE "troll message" %]
This account or IP has been temporarily disabled. This means that this IP
or user account has been moderated down too much in the last
[% constants.istroll_ipid_hours %]
[% IF constants.istroll_uid_hours != constants.istroll_ipid_hours %]
                (IP) or [% constants.istroll_uid_hours %] (account)
[% END %]
hours.
If you think this is unfair, you should contact [% constants.adminmail %].
If you are being a troll, now is the time for you to either grow up, or
change your IP.

Note: Gag time starts at 72 hours (3 days) per abusive comment posted.

Conclusions

This should shed some light into why Slashdot maintains comprehensive customer profiles on every visitor in the Slashdot database. For ever person posting to Slashdot, there is a chance, no matter how small, that that user may intend to post abusive content. It is the responsibility of the management of this site to prevent these users from communicating with the Slashdot audience in order that intelligent communication be preserved. Again, this is not Censorship. It is merely order.

User Journal

Journal: users.pl:1898 Slashdot Customer Profile

Journal by Slash Privacy Watch
       return slashDisplay('getUserAdmin', {
                field                        => $field,
                useredit                => $user_edit,
                banned                         => $banned,
                banned_reason                => $banned_reason,
                userinfo_flag                => $user_editinfo_flag,
                userfield                => $user_editfield,
                iplist                        => $iplist,
                uidstruct                => $uidstruct,
                seclev_field                => $seclev_field,
                checked                 => $checked,
                topabusers                => $topabusers,
                form_flag                => $form_flag,
                readonly                => $readonly,
                thresh_select                => $thresh_select,
                readonly_reasons         => $readonly_reasons,
                authoredit_flag         => $authoredit_flag
        }, 1);
Slashdot.org

Journal: MySQL.pm:3682 getIsTroll()

Journal by Slash Privacy Watch
################################################## ######
sub getIsTroll {
        my($self, $good_behavior) = @_;
        $good_behavior ||= 0;
        my $user = getCurrentUser();
        my $constants = getCurrentStatic();

        my $days_back_ip = int($constants->{istroll_ipid_hours} || 72) / 24;
        my $days_back_user = int($constants->{istroll_uid_hours} || 72) / 24;
        my($downmods, $trollpoint);
my $time = time;
print STDERR "gIT $time gb $good_behavior dbi $days_back_ip dbu $days_back_user\n";

        # Check for downmods by IPID.
        $trollpoint = -abs($constants->{istroll_downmods_ip}) - $good_behavior;
        ($downmods) = $self->sqlSelect("sum(val)",
                "comments, moderatorlog",
                "comments.cid = moderatorlog.cid
                AND ipid = '$user->{ipid}'
                AND moderatorlog.active=1
                AND TO_DAYS(NOW()) - TO_DAYS(ts) <= $days_back_ip"
        );
print STDERR "gIT $time " . ($downmods <= $trollpoint?1:0) . " ip downmods $downmods trollpoint $trollpoint ipid '$user->{ipid}'\n";
        return 1 if $downmods <= $trollpoint;

        # Check for downmods by subnet.
        $trollpoint = -abs($constants->{istroll_downmods_subnet}) - $good_behavior;
        ($downmods) = $self->sqlSelect("sum(val)",
                "comments, moderatorlog",
                "comments.cid = moderatorlog.cid
                AND subnetid = '$user->{subnetid}'
                AND moderatorlog.active=1
                AND TO_DAYS(NOW()) - TO_DAYS(ts) <= $days_back_ip"
        );
print STDERR "gIT $time " . ($downmods <= $trollpoint?1:0) . " subnet downmods $downmods trollpoint $trollpoint subnetid '$user->{subnetid}'\n";
        return 1 if $downmods <= $trollpoint;

        # At this point, if the user is not logged in, then we don't need
        # to check the AC's downmods by user ID;  they pass the tests.
        return 0 if $user->{is_anon};

        # Check for downmods by user ID.
        $trollpoint = -abs($constants->{istroll_downmods_user}) - $good_behavior;
        ($downmods) = $self->sqlSelect("sum(val)",
                "comments, moderatorlog",
                "comments.cid = moderatorlog.cid
                AND comments.uid = $user->{uid}
                AND moderatorlog.active=1
                AND TO_DAYS(NOW()) - TO_DAYS(ts) <= $days_back_user"
        );
print STDERR "gIT $time " . ($downmods <= $trollpoint?1:0) . " user downmods $downmods trollpoint $trollpoint uid '$user->{uid}'\n";
        return 1 if $downmods <= $trollpoint;

        # All tests passed, user is not a troll.
        return 0;
}
Slashdot.org

Journal: comments.pl:1082: isTroll()

Journal by Slash Privacy Watch
################################################## ################
# Troll Detection: checks to see if this IP or UID has been
# abusing the system in the last 24 hours.
# 1=Troll 0=Good Little Goober
sub isTroll {
        my $slashdb = getCurrentDB();
        my $user = getCurrentUser();
        my $form = getCurrentForm();

        return 0 if $user->{seclev} > 99;

        my $good_behavior = 0;
        if (!$user->{is_anon} and $user->{karma} >= 1) {
                if ($form->{postanon}) {
                        # If the user is signed in but posting anonymously,
                        # their karma helps a little bit to offset their
                        # trollishness.  But not much.
                        $good_behavior = int(log($user->{karma}));
                } else {
                        # If the user is signed in and posting under their
                        # own name, their karma can help to offset quite a
                        # bit of their trollishness.
                        $good_behavior = getCurrentStatic('goodkarma');
                        $good_behavior = $user->{karma}
                                if $user->{karma} < $good_behavior;
                }
        }

"We learn from history that we learn nothing from history." -- George Bernard Shaw

Working...