What Thunderf00t did, and how.

By now, I’m certain you’ve read Phil Mason’s, AKA Thunderf00t’s, confession about how he’s done exactly what people have accused him of: accessing the back channel after being kicked off the blog.

He spins himself as a whistleblower about vast conspiracies within Freethought Blogs, how we’re looking to destroy people’s careers every time we commiserate with one another about someone who’s aggrieved us. How this back channel operates like a “clique” where achievements are lauded, messages amplified, and disagreements mocked mercilessly. In other words, it’s a social club for people who choose to participate, to help spread collegiality amongst our bloggers and support one another when under attack. As such, considering that many of these private thoughts are not fights we wish to pick publicly and how Thunderf00t now controls what fights we have with whom because of misplaced trust in what happened to be a compromised listserv, Thunderf00t now gets to control much of the dialog of this blog network.

How very conspiratorial.

You’ve probably also heard that he “doesn’t Doc Drop” in the same post where he violates several folks’ privacy in ways that amount to logistical hair-splitting — and worse yet, we have only his word to go on that he’ll take pains to protect the identity of those pseudonymous bloggers among us who have everything to lose. His word that he’s a good guy, all while he’s engaging in other gross violations of trust.

There are lots of reasons why people had every expectation that the FtB back channel was private, which Greta itemizes. Ashley weighs in on the issue out of pure outrage for the very real personal danger that Natalie Reed is in as a result of an accidental or intentional leak of her personal information, to the point where she’s put off of the atheist movement altogether. Stephanie deconstructs his chosen frame, given that Wikileaks this ain’t. And Zinnia is agog at the sheer disrespect for the very concept of privacy.

I helped Matt, our webmaster, investigate the breach. I will have to, by necessity, describe exactly what went wrong and why.

Server-side, we (up until recently) used a program called Mailman to handle the mailing list functionality for our server. It is a very mature codebase, with no if any known technical exploits for the version we were using. Configuration and security, however, is another story.

Mailman apparently never expires an invitation ticket — once you’re invited to a mailing list, the original email you receive asking for your confirmation allows you to log back in and thus rejoin if you’re ever kicked off. This produces no confirmation email to the administration under the default settings. This is probably by design, or a design oversight — Mailman was likely always intended to run mail lists that were free to join and leave, and only secondarily running private invite-only lists.

Thunderf00t was added with the batch of Youtube vloggers we brought on board:

Jun 07 11:07:01 2012 (23765) [list addy]: new [Thunderf00t’s Hotmail address], admin mass sub

When Thunderf00t was booted from the network, Ed got email confirmation that he was removed. Thunderf00t would have gotten a message saying he’d been unsubscribed. The logs also show it:

Jul 01 09:46:54 2012 (7837) [list addy]: deleted [Thunderf00t’s Hotmail address]; member mgt page

But they show more.

Jul 01 09:53:03 2012 (8689) [list addy]: pending [Thunderf00t’s Hotmail address] 78.80.[xxx.xxx — IP resolving to Czech Republic, either he was there or using a Tor proxy]
Jul 01 09:53:31 2012 (8716) [list addy]: new [Thunderf00t’s Hotmail address], via web confirmation

Less than ten minutes after he was booted from the mailing list he rejoined using the original auth ticket, and none of us were the wiser.

A month later, we were tipped off that he’d been leaking emails from our list to people in our community, stirring up shit that we simply hadn’t been publicly stirring up ourselves. We immediately started pursuing legal advice on the matter, and Matt booted him and changed the settings so all list changes had to be directly approved by an administrator even with a valid invite ticket.

Aug 02 18:10:38 2012 (12417) [list addy]: deleted [Thunderf00t’s Hotmail address]; member mgt page

The logs show that he immediately attempted to get back on again:

Aug 02 18:19:46 2012 (13060) Login failure with private rosters: [Thunderf00t’s Hotmail address]
Aug 02 18:20:51 2012 (13133) Reminder attempt of non-member w/ private rosters: [Thunderf00t’s Hotmail address]
Aug 02 18:21:52 2012 (13212) Login failure with private rosters: [Thunderf00t’s Hotmail address]
Aug 02 18:22:42 2012 (13266) Login failure with private rosters: [Thunderf00t’s Hotmail address]
Aug 02 18:30:10 2012 (13841) Login failure with private rosters: [Thunderf00t’s Hotmail address]
Aug 02 18:33:02 2012 (13976) Login failure with private rosters: [Thunderf00t’s Hotmail address]
Aug 02 18:35:31 2012 (14100) Login failure with private rosters: [Thunderf00t’s Hotmail address]
Aug 02 18:36:09 2012 (14150) Reminder attempt of non-member w/ private rosters: [Thunderf00t’s Hotmail address]

The reminder attempt log lines are instances of him attempting to use the password reminder form to get back in, assuming we’d locked him a different way than just deleting his account again. Ed would have been prompted to let him in if he’d actually requested directly, via the option to “join the list” on the Mailman page, and to my knowledge he didn’t try that — he only tried the easier options that were less likely to trigger repercussions. I cannot ascribe motivations on this, but it seems fairly self-evident why he wouldn’t directly ask to be let back on.

The log files show the date and time of the very last email our mail server sent to Thunderf00t:

2012-08-02 18:10:39 1Sx6PX-0003EI-MH < = [FtB’s postmaster address] H=localhost (dev.freethoughtblogs.com) [::1]:51819 P=esmtp S=985 id=mailman.0.1343956238.12417.[old FtB list address] T=”You have been unsubscribed from the Freethoughtbloggers mailing list” for [Thunderf00t’s Hotmail address]

So he’s off the list again. This time for good. We’re not even using that software any more, so I feel relatively safe in explaining all this.

Update: See also Ed’s statement on the matter, and PZ’s.

Update 2: Charly posted the following below:

As further evidence that this is real I can attest, that Thundef00t was indeed in Czech Republic. I have first hand information from admin of czech atheist organization website, that he and some other czech atheist activists met Thuindef00t in Prague.

Additionally, I’m putting a strict moratorium on speculation about legal actions. While there are possible routes of action FtB can take, we have not yet squared away all of this with the lawyer we apparently have on retainer for this issue. I’ve told you everything I can, and will not post unexpurgated logs publicly both out of respect for Thunderf00t’s privacy and for the potentiality of messing with any future legal remedies we may or may not attempt.

{advertisement}
What Thunderf00t did, and how.
{advertisement}
The Orbit is still fighting a SLAPP suit! Help defend freedom of speech, click here to find out more and donate!

135 thoughts on “What Thunderf00t did, and how.

  1. 51

    kagerato – People will do incredible and ridiculous things when their pride has been hurt. More so, the less rational and secure they are.

    I mean, all I had to do was read TF’s confession and his crazy, self-obsessed freakout over minor things and immediately I thought to myself, “Oh, he’s THAT guy. K, moving on.”

    I have seen too many of THAT guy (or gal) than I care to remember. Hell, I WAS that guy once. It was terrible, I was terrible, and TF is terrible.

  2. 54

    He’s hosted by WordPress.
    http://en.wordpress.com/tos/

    This may apply, given that operational details of FTB are likely involved:

    the downloading, copying and use of the Content will not infringe the proprietary rights, including but not limited to the copyright, patent, trademark or trade secret rights, of any third party;

    I’m pretty sure this does.

    the Content is not pornographic, does not contain threats or incite violence towards individuals or entities, and does not violate the privacy or publicity rights of any third party;

    How long till he’s whining about WordPress attacking his free speech rights?

  3. 55

    John C. Welch; speaking of compliments where they’re due, thank you for being consistent and ethical in this matter. It surprised me, at least, but this time I’m happy to be wrong.

  4. 56

    John C. Welch; speaking of compliments where they’re due, thank you for being consistent and ethical in this matter. It surprised me, at least, but this time I’m happy to be wrong.

    Indeed.

  5. PG
    57

    I’m sorry, but has TF actually doc-dropped anyone during this debacle? Saying he doc-dropped “Natalie Reed”‘s real name is actually bullshit, isn’t it? Because I read that post and she explicitly he hasn’t doc-dropped anyone, and no confidential records have been released. That you trump up the controversy between TF and “Natalie Reed” to amount to a “very real personal danger” is pathetic. Just stop it. She said herself he hasn’t dropped any docs yet, what are you on about?

    PZ Myers, Ophelia Benson, et al. and you, Jason, keep saying TF has leaked personal information, but has he? The evidence points to the contrary. Seriously, why make this shit up? Wasn’t he a part of the mailing list legitimately for a while and thus would have gotten the “leaked personal information” without the hacking or putting himself back on the list?

    I’m not even a fan of Thunderf00t, but this is just sad.

  6. 58

    @57: Re-read Natalie Reed’s post again. Really, you’ll be doing yourself a favor. You didn’t seem to get anything from it other than your own preconceptions regarding this whole ordeal.

  7. 59

    No, I believe it was very explicit what I said — the information was there for his collating, without any participants’ consent, and Natalie has no reason to believe that he’ll honour his rather twisted sense of morality that he’s expressed. Nobody does. We have proof he did some pretty shitty things, and he’s admitted as much, so we have no reason to trust him at his word that he’ll protect people’s identities (via, say, scrubbing out personal information on any of those pieces of private conversation that he’s slowly leaking to relevant and apparently irrelevant parties.

    So putting it out there that someone shared something they feel is personally life-threatening if the wrong person knows something via either intentional or unintentional future leaking is not exactly the same as saying “Thunderf00t dropped docs”, now, is it?

  8. 60

    @57-

    While Thunderf00t has yet to release personal information, he has leaked confidential emails. They are quoted in his own post. This is bad enough on its own.

    And even if you ignore that- why should we take him at his word that he will not release personal information? He’s already violated the trust he was given when invited to the mailing list. Why should his word be considered to be worth anything at all at this point?

    Also, even if he redacts real names and such, you’d be surprised what you can work out from even sanitized information. Seemingly impersonal references can betray someones location, cultural background, sex, interests, etc. And then, if they’ve got any net presence under their real name, you can often find them. If they don’t have a net presence under their real name, get boots on the ground where you think they live, and tracking them down may still be pretty easy. Fully redacting all information that can trace back to someone IRL can be very difficult. Thunderf00t is not, to my knowledge, a private investigator or intelligence analyst, or any of the professions that would tell him what needs to be redacted. I simply doubt he has the skills to do this properly, even if I trusted him to make an honest attempt at doing so.

  9. PG
    61

    @60- Yet? What if? Are we really condemning someone for a hypothetical situation?

    NEWSFLASH: IT HASN’T HAPPENED YET.

  10. PG
    64

    @63- I quote:

    “We have proof he did some pretty shitty things, and he’s admitted as much, so we have no reason to trust him at his word that he’ll protect people’s identities (via, say, scrubbing out personal information on any of those pieces of private conversation that he’s slowly leaking to relevant and apparently irrelevant parties.”

    Bolded for emphasis.

    Ashley weighs in on the issue out of pure outrage for the very real personal danger that Natalie Reed is in as a result of an accidental or intentional leak of her personal information, to the point where she’s put off of the atheist movement altogether.

    Bolded for emphasis.

    So Natalie Reed being put off by the atheist movement due to an alleged “accidental or intentional future leak” (being very vague in the process) — putting her in a “very real personal danger”, life-threatening even — is not condemning him for something he has not yet done?

  11. 65

    We are condemning him for having taken intentional action to obtain that information without any relevant parties’ consent. We do not trust, therefore, that he is a good steward for that information seeing as how he grossly violated our privacy to get it in the first place.

    How is this so difficult for you hair-splitters?

  12. 66

    Especially considering that he’s already leaking things to people and we don’t know how much extra stuff he’s leaking. Snippets? Posts without expurgated email addys and real names? Full threads? Full threads with headers? Really, how ARE we to know what the hacker who stole our information will do with it, and why should we trust him that he’s going to be scrupulous with it?

  13. PG
    68

    @65- Should you really accuse me of splitting hairs, Jason?

    Aren’t you the one who’s saying Thunderf00t should be condemned for maybe accidentally leaking personal information sometime in the future, because he intentionally acquired email correspondence from the listserv – a listserv he was a member of for quite some time (could have gotten the information then?)

    I’m the one splitting hairs for saying you shouldn’t do that?

    Doesn’t seem right, does it?

    So your argument has gone from conjecture to straight-up paranoia? What is he, a fucking terrorist? How about instead of acting like petulant children and doing the exact same thing you accuse him of doing (leaking information from behind the scenes), you actually engage in a conversation? No. Better to be paranoid and pretend as though your personal information is being held hostage by a loose cannon.

  14. 69

    You would not believe how utterly bizarre this all is for me, but I’ve had a rather boring week, so why not.

    Jason’s right on this one, or at worst, mostly right.

    The fact that Thunderf00t is releasing private email contents, in and of itself is good or bad depending on your views. Anyone who’s ever done or applauded one of the ever-popular “I get email…” posts that crop up around FTB has little moral high ground to be shocked, shocked I tell you that someone else is doing it. Personally, i’ve little problem with it. I’ve done it myself when someone gets to be particularly annoying, but then, I’ve a bit of history with just how “un” private such things can be. I long ago learned the wisdom in not saying things in private you’d not be willing to stand behind in public. Keeping track of what i’ve said to who about whomever takes a lot more work than I feel like doing, and I am a sysadmin. Being intelligently lazy is a design goal for my ilk.

    It was surreptitiously sneaking back on to the email list that was wrong. Period. I completely walk away from “the ends justify the means”. That’s how you justify crap you know is wrong, be it cheating on a test or waterboarding people. The means count. Usually far more than the ends. It doesn’t matter if FTB was or was not shitty in how they treated Thunderf00t. Barring a full release of emails on the subject, there’s thunderf00t’s version, FTB’s version and the objective truth lies somewhere in between. (Neither side is particularly innocent when it comes to being douchenozzles.)

    But that doesn’t matter. If PZ managed to fucking lemonparty Thunderf00t during a presentation to a class, that still doesn’t justify thunderf00t’s actions. What thunderf00t did was wrong. That’s the long, short and middle of it. I told him over twitter I thought it was wrong, I very actively said so on his blog post on the matter, and I’m saying so here.

    Why? Why is this important to me?

    Because there has to be some fucking rules in this shit. Some bright shiny lines you don’t goddamned cross. I’m not talking about childish idiocy like OH MY GOD, YOU CALLED SOMEONE A CUNNNNNT. Grow up already. I’m talking about shit you don’t do even if you really hate the person.

    What thunderf00t did was wrong. Doesn’t mean everything he’s ever said or did was wrong, but he was wrong to do this, and if he’s going to insist that he did nothing wrong, or it was all justified or what have you, if he’s not going to apologize and stop sending out the info he gained after he was booted, (the shit before he was booted is a different story), then while I can’t speak for anyone else, personally, I’m putting him in the “irredeemable assclown” bin, and forgetting about him. There’s a lot of smart people on the internet, it’s not like I’m going to spend friday nights crying and alone without him.

    holey shamoley, this is just the weirdest day I’ve had in a while. My wife’s not going to believe this, and she’ll probably tease me about it for at least a fortnight.

  15. 70

    […] In case you hadn’t heard: The Freethoughtblogs network was recently informed that former Freethoughtblogs blogger thunderf00t has been forwarding private emails from the private FTB email list. He has not only been forwarding emails sent during the short time he was a blogger on this network — he used a security loophole to re-gain access to the email list shortly after he was fired from the network and blocked from the list, and has been accessing emails he never had any right to see. When this security breach was discovered and he was shut out again, he tried several times to re-access the private list. And he has already made the content of some of those emails public. (UPDATE: If you want to know exactly what thunderf00t did and how, Jason Thibeault has the technical details.) […]

  16. 71

    Meanwhile, I’ve had two people who normally call me all manner of names agree with me, publicly, on my blog. My first inclination is to calibrate whether I’m right or not because I am biased against agreeing with people who think I’m slime on their boot. So you’re not the only one having a weird day.

  17. 72

    How about instead of acting like petulant children and doing the exact same thing you accuse him of doing (leaking information from behind the scenes), you actually engage in a conversation?

    How do you picture that ‘conversation’ going?

    “Hey, you took stuff that you had no right to access to and apparently passed it on to Michael”
    “Yeah, I did, see the blog post”
    “So you stand by that, and think you were right to do that?”
    “Yep, it’s pretty clear in the post that I expect you guys to do knife jobs on people”
    “And posting private e-mails that weren’t acted on is a-ok with you?”
    “Clearly – I put some up with people’s names attached”

    What the hell happens next? Where does this ‘conversation’ go?

  18. 73

    LOL.

    When I was in the air force, one of the folks on my shift, someone I really didn’t like said the following:

    “Welch, I really don’t like you. You’ve got a smart mouth, and you’re an asshole. I don’t think I’ll ever like you. But you do good work, you’re an asset to the team, and so, I’m glad to work with you.”

    That one took me a while to really understand, so I just looked at him in a rather confused state, thanked him, and wandered out into the hangar to think about it. Didn’t take too long to realize the sense of what he’d said. I don’t gotta like people, I just have to work with them. If we happen to get along on a personal basis, well, that’s a bonus. I don’t have to like you, or really, anyone at FTB to agree that what Thunderf00t did sucks. The logic is pretty simple:

    “would [act] be something I’d think wrong if done to a friend or family member? If yes, then it’s still wrong when done to someone I dislike. If no, then fuck it, they’re whining, move on.”

    Sometimes, it can be a bit hard to apply that as ruthlessly as it should, but I have yet to have it lead me wrong.

  19. 74

    I’m a little late to the game here, I wasn’t around when TF was a FTB blogger. That said, I’ve read a lot about this meta firestorm and irrespective of the legal questions, what TF did was wrong. He cannot justify it, though he certainly is trying to by claiming that what he found in private emails he had no right to access uncovered something sinister.

    That reasoning is also known as “the end justifies the means” and we all know that’s BS.

    Further, the “scandal” he claims to have uncovered is not scandal at all. He seems to think that an email sent from one person to another without any disclaimer that the communication is private and is then forwarded to someone else is equivalent to surreptitiously accessing email on a private system, which he had no right to access, and then forwarding those private emails – complete with a privacy disclaimer – to someone else.

    That is patently ridiculous. I don’t know TF and I haven’t read or seen anything by him before this but I don’t care to, it is clear that he has no credibility so it doesn’t matter what he says. The destruction of his credibility is of his own making. Most atheists I know are atheists because they are reasonable and rational but there isn’t anything reasonable or rational about what TF did.

    His apologists have no more credibility that he does and I am embarrassed for them. They are all acting like children, spewing ad hom insults at FTB and FTB bloggers, which is obviously sour grapes. They are all behaving dishonorably. If they knew what was good for them, they’d STFU. TF’s lack of credibility is now their lack of credibility and they should not be surprised that they now have fleas after laying down with a dog.

    IANAL but to the legal question, I am confident that it is actionable in some way and I hope action is taken.

  20. 75

    Anyone who’s ever done or applauded one of the ever-popular “I get email…” posts that crop up around FTB has little moral high ground to be shocked, shocked I tell you that someone else is doing it.

    You are perpetuating a false equivalence. If I send an email to another person, I have no reasonable expectation that such an email will remain private and that it won’t be forwarded or otherwise shared by the recipient. The emails that TF fraudulently accessed on a private system were not sent to him, nor were they intended to be seen by him. They were not his emails to share.

    It would be entirely different if someone in the private group broke trust with the group and forwarded the emails to him, but that isn’t what happened. He wasn’t the recipient of those messages. He accessed a private system by exploit when his access had previously been revoked. He secretly acquired messages from it, which he has admitted to doing and which this post proves that he did. He then shared those private messages with others that were not his to share.

    This false equivalence is the same banal and discredited apologia that TF’s “fans” are advancing in his defense.

    The fact that Thunderf00t is releasing private email contents, in and of itself is good or bad depending on your views.

    No, it is unequivocally wrong. Taking something that doesn’t belong to you is commonly known as “stealing,” which is not “good or bad depending on your views.” Stealing is wrong and it is illegal irrespective of whether or not one views it as such.

  21. 76

    “NEWSFLASH: That’s not what people are condemning him for! Jesus fuck, it’s like his supporters are all illiterate.”

    BINGO!!!!

    Please give the man a toaster.

    Thing is spend an hour reading the comments of his fanbase on YT and you get what gets them going.

  22. 78

    (i like to use l33t because it makes me cool) @75

    Stealing is wrong and it is illegal irrespective of whether or not one views it as such.

    since you’re focusing on two rather small things I said, and out of context, I’ll return the favor.

    is stealing illegal? Well yes, in most places it is. Unless you’re vested with proper authority, then it’s called things like “eminent domain” and is okey-dokey. So stealing being illegal is not a legal absolute.

    Is stealing always morally wrong? Well, that depends. are you the baker or the starving man?

    there’s a reason i used the phrase “in and of itself” and i’m sadly unsurprised you glossed over it. so let me attempt to be more clear, since I evidently wasn’t:

    the act of publishing emails is only wrong if you think it is. it’s not “illegal” in and of itself. The *contents* of the email might cause you legal problems, but the morality of the concept of publishing emails? That’s really an individual choice and when people have tried to sue solely over that specific action, they tend to lose.

    In and of itself, when you talk about a group with some members who take a certain delight in publishing emails when they find it convenient or amusing, well, the fact they suddenly find it in poor taste when it happens to them is of little concern to me. (maybe some people should ponder that when they start to post something called “i get email…”. Just saying.)

    However it’s only a false equivalence if I’m actually making a direct comparison of that to thunderf00t breaking onto a list. I’m really not, and if it comes across that way, I apologize for my lack of clarity. I don’t think both actions are the same. But don’t expect me to get weepy about FTB emails getting published OUTSIDE of thunderf00t’s actions that is, outside of a specific case and a specific time period, and only emails he got directly from lurking on the list. Emails he publishes outside of those conditions? chickens coming home to roost. If someone else on the list sent him emails, well, in that case, he’s done nothing wrong, and it’s still chickens coming home to roost.

    Thunderf00t sneaking onto the list? Wrong. Maybe only to me, but wrong.

    Thunderf00t publishing list emails: two answers – were they emails posted BEFORE he was booted? If yes, then well sucks to be you. Were they emails posted AFTER he was booted? If yes, then well, that’s wrong too.

    I think you’re trying very hard to get me to support thunderf00t’s actions in terms of sneaking on to the list or publishing emails he received as a result of that. If so, well, no, i’m not going to do that. But that’s a very specific time period. He still, at VERY least owes people an apology for doing that, and any fallout he gets over it, within reason, is earned.

    If it’s stuff he got while he was an official part of it, and THOSE emails are inconvenient, (assuming of course personal info is redacted. this isn’t a blanket approval) well, don’t talk shit about people in private and you don’t have to worry about it becoming public. Or if you do, own it like a grownup and accept the fallout.

  23. 79

    What r3a50n said. There have been several suggestions that it is unethical to share or publish email of which you are the intended recipient. That is not correct.

    If someone sends me an email, on purpose, to me, I own it. If I misrepresent myself, and receive email based on that misrepresentation, that may be fraud. If I gain access to email by theft of services (what TF did), I have stolen that email and do not own it.

    It doesn’t matter if the correspondence is in electrons; what matters is whether it was given to you. I happen to own a card signed by Jacqueline Kennedy. I can publish it or sell it; it is mine to do with as I wish because she freely sent it to me. If Jason sent Stephanie a letter, she could publish it, if she wanted to.

    What TF has done is the moral and ethical equivalent of watching (for example) Stephanie’s mailbox, steaming open her mail, reading it and keeping a copy, and restoring the mail to her mailbox carefully resealed. Of course, that would be a federal crime, even if TF had somehow acquired a key to Stephanie’s mailbox — even if Stephanie had at one time given TF a key to her mailbox. It would be interesting to learn if the federales are willing to protect electronic mail with the same vigor.

    BTW, copyright is also an issue in this case, since TF has published written material that he, well, stole.

  24. 80

    Meanwhile, I’ve had two people who normally call me all manner of names agree with me, publicly, on my blog. My first inclination is to calibrate whether I’m right or not because I am biased against agreeing with people who think I’m slime on their boot. So you’re not the only one having a weird day.

    I am just as willing to give praise to behaviour when it falls due, as I am to offer criticism to behaviour when it falls due.
    That this is seen as “unusual”, or “jarring” is a sad reflection on humanity.

  25. 81

    Yeahhhhh….that is kinda shady…but I can’t tell you I wouldn’t do the same thing in his place. PZ has been acting like a little girl over this. First he booted someone, so far as I can tell, simply for disagreeing with him regarding the severity of the issue of sexual harassment at conferences of all topics. That is hard core creationist behavior there PZ… pathetic. Still, TF should stop obsessing over FTB’s internal activities…it’s kinda like facebook stalking an old girlfriend…kinda unhealthy. Screw FTB. PZ has shown himself to be a spineless creationist coward. Just walk away TF. Let it go. Find a new girlfriend to obsess over. You are just going to feel worse when you see the picture of PZ’s new boyfriend. So stop with the facebook stalking…let him go feel all proud of himself for booting you…like that somehow makes him a better man. Just let it go man…cause PZ is not worth it.

  26. 84

    Plop says:

    Accessing to a mailing list with your old login/password because the owner of the mailing list did not bother to configure it correctly is probably really really bad.

    Indeed it is bad.
    To all of those fannying about trying to settle the illegality of this trespass, I say: legality (or otherwise) is of no consequence in this escapade.
    TF appears to have committed a misdemeanor against reasonable adult behaviour.
    And I say this as a minor “fan” of his, or at least his usually logical piercing of illogical deepities.
    TF fucked up.

  27. 85

    […] Jason Thibeault explains how Thunderf00t hacked our system. Combined with the fact he’s now crowing about it (no, I’m not going to link his ass: if you want to see it, either find the link in another post on FtB or Google it), this should satisfy those uber-skeptics who believe nothing without twelve dozen lines of evidence. If not, they’re a lost cause, and I will no more weep for their departure than I did Thunderf00t’s. […]

  28. 87

    r3a50n @ 75

    The emails that TF fraudulently accessed on a private system were not sent to him, nor were they intended to be seen by him. They were not his emails to share.

    The e-mails were sent to him because that’s how a list serve works, but the rest of this statement is true.

    r3a50n and psanity, people stop the amateur legal analysis per update 2? And feel free to meet me in thunderdome for a discussion of how what stealing, copyright and fraud actually mean.

  29. 88

    Plop, he didn’t hack the phone call. Anyone could call in and listen to what they were saying; that was the point. They just didn’t want anyone to talk back.

  30. 89

    Oh Plop. Posting the comments that ended up in moderation sent directly to me by people who wanted to be published on my website, is fully in accordance to my policy on the right:

    I reserve the right to publish any contact, especially if it’s hateful or ridiculous.

    It’s kind of sad that Thunderf00t didn’t make his own policy clear when he was invited to the list that he thinks “please keep this stuff confidential” means “please hack back in after you’re disinvited and send this stuff to everyone in the community.” Then you might have a leg to stand on, calling my following my policy identical to Thunderf00t disregarding others’.

  31. 90

    Pauliexcluded, you might to actually read about what happened with FtB and TF before talking about it. Just a thought.

    That you think you might also steal confidential messages between other people and share them publicly if you feel slighted tells everyone everything they might ever need to know about you.

  32. 92

    Hint: I talked about that on the very thread you linked to. When you post a comment, the email doesn’t show up on the comments page. It does show up in my mail inbox and on my moderation panel with both your email address and IP address. That the WordPress default “will not be published” statement is there, expresses the fact that it will not be automatically shown when your post is submitted. This does not override my stated desire to reserve the right to publish any contact, hateful or ridiculous. If my policy is unclear, I can clarify by making it so explicit that even a Thunderf00t-supporter can understand it. My policy overrides any default misleading WordPress text, especially the stuff I can’t change.

    See this post for my thoughts on moderation, and this post for my thoughts on pseudonymity.

    Your rules-lawyering is getting on my nerves, so you’re in moderation til you decide to talk about Thunderf00t.

  33. 93

    @87:

    The e-mails were sent to him because that’s how a list serve works, but the rest of this statement is true.

    Then let me rephrase, they were not legitimately sent to him. The only reason that they were sent to him is because he exploited a security weakness, i.e., he hacked the system.

    And feel free to meet me in thunderdome for a discussion of how(sic) what stealing, copyright and fraud actually mean.

    Could you be more patronizing? No thanks.

  34. 94

    What if I worked in an office and I was fired. A week later I walk back, ring the bell of the door and to my amazement get let in. On the floor I find a opened letter containing horrible stuff being said about me. Would that be trespassing and stealing confidential information? I mean I would also try to get in and see what they are saying about me, especially if I found a way to get in without breaking a door or hacking a password.
    Ofcourse, I wouldn’t be that stupid to disclose that to the public and giving out people’s information in public. I would just vaguely hint at knowing what they said about me.

  35. 95

    @partypoopaaaah #94:

    I walk back, ring the bell of the door and to my amazement get let in.

    Explain “get let in”.

    get in without breaking a door or hacking a password.

    Why do you think hacking a password would be wrong?
    Or do you think that’s fine but just too much effort?

  36. 96

    What if I worked in an office and I was fired. A week later I walk back, find to my amazement that I can find a way to re-enable my disabled keycard…

    Fixed your analogy to make it closer to reality and less deliberately dishonest.

  37. Tom
    97

    I’m not sure how the invite email was worded, but isn’t clicking on a link like “click here to subscribe” the electronic version of requesting access? I’m not defending thunderf00t’s actions, because it was bad form on his part. It’s just it seems that may be a technicallity that he could use to justify access to the server. Basically, something along the lines of, “They asked me to leave, but I came back ask asked to be let in and they said yes.”

  38. 98

    #94:

    On the floor I find a opened letter containing horrible stuff being said about me. Would that be trespassing and stealing confidential information?

    Since it is not a crime for others to say horrible things about you, this action would not be protected under whistleblowing laws and thus, yes, you could be prosecuted for theft. That being said, it is far more likely that you would simply end up facing a lawsuit.

    Ofcourse, I wouldn’t be that stupid to disclose that to the public and giving out people’s information in public. I would just vaguely hint at knowing what they said about me.

    Scratch that — you would definitely end up facing a lawsuit for slander or libel (whichever applies) for falsely insinuating that you have whistle-blowing information.

    Hope that answers your question.

  39. 99

    Tom #98:

    I’m not sure how the invite email was worded, but isn’t clicking on a link like “click here to subscribe” the electronic version of requesting access? I’m not defending thunderf00t’s actions, because it was bad form on his part. It’s just it seems that may be a technicallity that he could use to justify access to the server. Basically, something along the lines of, “They asked me to leave, but I came back ask asked to be let in and they said yes.”

    No, Tom. That’s the exact same argument as the people who are overtly saying it’s FTB’s fault for using a system that had such a backdoor in the first place, only dressed up in libertarian-style hyperliteralist terms.

Comments are closed.