Trolls are spoofing commentariat and authors (Update: countermeasures!)

Thanks to the spate of trolls (who are, in fact, members of our rationalist community!) spoofing our users, owing mostly to their levels of immaturity and the realization that they can type other people’s identities in the comment fields, a few blogs are turning on comment registration. I strongly advise that, even if your primary hangout is a blog that does not require registration, you should consider registering your username/email address anyway.

If you’ve already registered your account, and you need to edit your profile because the display name or email address are no longer valid, the top bar shows a “Howdy, username” link on the right. Hover over it, then click on Edit My Profile. You should also be able to get to it by clicking here — but that link might change depending on your user access level and future WordPress changes. The top bar should always be right.

I have no intention of turning on comment registration at my blog. I am instead working on making changes on the network (via a plugin or via editing the core of WordPress) to ensure that anonymous users cannot use a username or email address of a registered user. If you want to protect your name here, I strongly advise you register your account.

The registration process can use Facebook, Twitter or WordPress as authentication tokens, so you don’t necessarily have to build an account unique to Freethoughtblogs. Our software will rely on those sites’ auth APIs, and won’t ever see your login information. However, if you use these options, I strongly advise that you also log into your profile per the above instructions before making a comment, and set all the options appropriately. Otherwise your display name will show as “sc_{random characters}”, which is dead ugly.

Update: I’ve installed a plugin network-wide that protects login names and email addresses from being spoofed by anonymous users. It doesn’t protect the display name though — if your display name is something different from your login name, this won’t help you much. On blogs where registration is required, people shouldn’t notice a difference. And I’m sure asshats can still spoof people with a fair degree of fidelity to casual outside observers (I can think of two ways myself — there might be more), but this at least gives us an idea of when it’s happening.

Regardless, register your accounts.

Trolls are spoofing commentariat and authors (Update: countermeasures!)

76 thoughts on “Trolls are spoofing commentariat and authors (Update: countermeasures!)

  1. 5

    I noticed Greta and Ophelia had turned on registration, and in addition to seeing the PZ spoof on one of your threads, I saw skeptifem spoofed over on (I think) Stephanie Zvan’s blog. I’m sure it’s happening elsewhere as well. And of course, once someone spoofs a comment from one of the FTB principals that fictitious comment will be used as “proof” to damn the actual person. My personal opinion is that spoofing and sockpuppetry is a shitbag move, except in cases of “fake” commenters (I’m thinking of some of the gimmick accounts you sometimes see at the AV Club and so forth.) But of course, every shitbag tactic is permitted when you’re going after the “enemy” (people who value social justice, apparently.)

  2. 6

    Thanks to the spate of trolls (who are, in fact, members of our rationalist community!)…

    Are you sure about that? If they’re using other people’s names or handles, how can we be sure of who they really are, let alone what they really represent?

  3. 7

    Raging Bee: we can be assured that they don’t represent THIS part of the rationalist community. But I’ve noticed the majority of the shitbags are coming from Thunderf00t’s blog where commenters suddenly realized they can sockpuppet the big names.

    (Suffice it to say, if that’s the sort of behaviour a big-name rationalist like Thunderf00t puts up with, don’t trust any username ever shown at his blog.)

  4. 8

    Any chance of OpenID support?

    (Given that I had to log in to post this, simply because I’ve commented in the past on one of the other blogs where registration is on, it’s not clear that you’re gaining much from not simply requiring login for all comments.)

  5. 9

    stakkalee: Don’t forget that Jen had the last straw come in the form of having several assholes stage fake conversations pretending to be her and talking about sex-related things in mock-laudatory manners, as though pretending to be a person and talking about threesomes and double blowjobs is damning of the person’s arguments, rather than merely slut-shaming them for things they haven’t done.

    Which led Jen to have to clean up such bullshit defamation and salting-the-earth slut-shaming. A double-edged tactic — it makes it seem like if she leaves it up, she’s a slut, and if she takes it down, she condones slut-shaming because she had to remove that nonsense.

    Either way, it’s fucking ridiculous and I don’t get why these people think they’re on the right side of history.

  6. 10

    Andrew G: That’s only an issue because you’ve registered elsewhere, thus your info is protected. There are people that only post places where you don’t have to. I don’t want to push them out unnecessarily.

    But yes, in light of how easy it is to register / sign in, we really aren’t losing much. I just don’t want to lose that little bit.

    I’ll look around for OpenID support — I much prefer it to tying things to Facebook/Twitter.

  7. 11

    Thanks to the spate of trolls (who are, in fact, members of our rationalist community!)…

    Are you sure about that? If they’re using other people’s names or handles, how can we be sure of who they really are, let alone what they really represent?

    Well, about as sure as – say – that those posting creationist nonsense on FtB are, by and large, religious believers, and not, for example, atheists trying to make religion look bad – I mean, how are you sure they’re not the latter?

    For the past year, prominent feminists within FtB – particularly but not only women – and often FtB as a whole, have been the target of a vitriolic hate campaign from people who identify themselves as rationalists, post extensively on rationalist/atheist/sceptical blogs, attack feminism specifically on the grounds that it is allegedly unsceptical, and include individuals with long records in the community. Now this rash of spoofing has appeared, focused particularly on FtB blogs associated with Atheism+, launched as a pushback against this hate campaign. But yes, maybe the bloggers and commenters are spoofing themselves, maybe it’s a gang of particularly devious creationists or anti-vaxxers, maybe it’s shape-shifting lizard people softening FtB up for the alien takeover – perhaps you should consult David Icke?

  8. 12

    Andrew G: I’m dumb. OpenID is already integrated. That’s how WordPress is even on there as an option. I’ve included Google and Yahoo as login options on my blog when I first set up the place originally — if it’s not enabled at someone’s blog as an option, let me know.

  9. 13

    @9 Indeed, it was a major oversight on my part leaving that out of the list. Also, I was on that TF thread at WordPress when someone made the rape threat against SallyStrange, and then later someone spoofed TF himself (on his own blog!) to “goatse” her (the fictitious TF gave Sally the IP of the rape threat, but the IP actually led to the goatse website, I believe.) I don’t understand what they hope to accomplish with the tactic – it doesn’t convince any fence-sitters, it just reveals what a horrible shitbag you are. If that’s your goal, frankly, no one needs that confirmation. People already know you’re a shitbag. That’s why I think sometimes the FTB folks need to be a bit quicker on the banhammer. You’re going to get that “Don’t censor meeee!” complaint no matter what, and 90% of these assholes have never had an original thought enter their head anyway, so kick ’em quick – you can usually tell within 2-3 comments who’s genuinely clueless and who’s just being a heel.

  10. 15

    But yes, maybe the bloggers and commenters are spoofing themselves, maybe it’s a gang of particularly devious creationists or anti-vaxxers, maybe it’s shape-shifting lizard people softening FtB up for the alien takeover – perhaps you should consult David Icke?

    This made me LOL.

    however, there’s a much simpler explanation, as I’ve said (elsewhere) before.

    Imagine a teenager who suffers from an incredible case of pronoia. He truly believes that everyone likes him, and agrees with him. he firmly believes that everyone finds his screaming insults and threats at others, and refusing to stop despite repeated requests to just leave everyone else the fuck alone, very amusing. Then, suddenly, he finds himself sitting alone in the cafeteria.

    What happened? Boys will be boys! Everyone is supposed to cheer and carry him on their shoulders in celebration of his bigotted genius!

    Then, he discovers that everyone he used to sit with moved to another table. AND DIDN’T INVITE HIM ALONG!

    Well, they must pay!

    but this teenager has (in addition to a tremendous entitlement complex and bigotry issues) absolutely no creativity, or ingenuity.

    Whatever will he do to get revenge?

    Imitate and copy what everyone else is doing to ‘show them’ how much he doesn’t WANT to be part of the ‘club’ . . . that he clearly so desperately does want to be part of.

    That kid grew up to be the Anti-A+ Whiny Ass Bigot Troll. And of course I use the phrase “grew up” in purely the chronological sense.

  11. 16

    I’ve tried several times over the past month to register this name/email in order to comment on blogs that require log-in with the same user id I’m using here. (Mostly this was because I want to maintain a consistent user ID presence across the site, but also to avoid any appearance of sock-puppetry.) Each time, I’ve made it past the first screen and gotten the message to click the link in my email, but the email never arrived although I’ve gotten email on that account within an hour before and after this post.

    I did send an email to PZ Myers documenting the problem and asking him to bounce it to your web master.

    Is anyone else having problems registering here?

  12. 17

    … I don’t get why these people think they’re on the right side of history.

    My current guess, considering especially this latest silliness, is: at least some of ’em figure it’s online, it’s the net, so they’re really not even worried about that. They probably figure at worst, they can just walk away whistling, with their hands in their pockets, trying to look casual. It’ll be all: ‘What, me, a hoggler? What’s that? Some kinda muppet?’

    And I’d guess some of those who do actually have public personae attached to this thing can always say: ‘Well, I don’t do that stupid shit… That’s just those anonymous hackers; I didn’t ask them to…’

    Still, yeah, it’s not real likely to win friends and influence people over the long haul. I could almost be grateful, but for the people it’s actually hurt. Voltaire’s bit on his enemies being made ridiculous comes inevitably to mind. Tho’ in this case, it’s more being made thoroughly disreputable.

  13. 18

    Andrew G: Are you not seeing options to sign in using Yahoo or Google when you’re not logged in? Those are the only three OpenID conduits this plugin provides…

    Kimbeaux: I don’t see the email address you’ve used here on the list of registered users, so I can tell you it’s not built you an account yet. I’d have to look at the mail server logs to prove it’s sending you mail, but it’s possible either your mail provider (who I see is not Gmail) is denying mail from our domain, or it’s simply going to spam. Have you ever tried registering for email updates using that address, either for comment threads or for a specific blog or the whole network? That would be the quickest way to prove our domain can send yours email.

    If you CAN get email, then either something’s failing in the registration process (which would be surprising, but possible) or it’s going to your spam folder (which is much more likely).

  14. F


    Don’t forget to check the junk/spam folder of your email client and webmail interface.

    Also, what happens occasionally (and with great frequency to some people), is that some ESPs drop mail from “bulk senders”. I have no idea how much mail is sent from FTB, or if it would qualify as a “bulk sender” with any ESP. But some, like Yahoo, blackhole mail a lot. I’ve not seen it from teh Google ever, but others do it. And some have really particular and weird filters in place (ISP’s using badly configured Postini for their customers, etc.)

  15. 23

    I am Jack’s complete total lack of surprise.

    One of the original forms of trolling, and I’d argue trolling in its purest form, is the whole “let’s watch you and him fight” type thing. (There are entire forums dedicated to a search for Game of Trolls) Indeed, I’m seeing a lot of what looks to me to be this sort of false flag operation.

    The two examples that come to mind, at least recently:

    In short, a YouTube vlogger is hit with DMCA notifications (where they entirely don’t belong), blames it on FTB people, fight ensues.


    The rape threat in here. Note that I’m not saying that it’s fake. It’s INTENDED to be received as real, and I’d be concerned about something like that as well. But at the same time it really does set off my Poe detectors. (In short the use of Third-Wave Feminism AND using it ass-backwards. It’s actually written like it would be from a non-third wave but still feminist PoV…which I highly doubt.)

    Truth? I think people are being riled up ever since ElevatorGate. I think there are people, certainly on the anti-feminism side, but possibly on the pro-feminism side as well who are basically..well..trolling. Who knows who.’s pretty clear that it’s happening, at least to some degree.

  16. 24

    I realise my contribution generally are not that welcome around here anyway but my attempts at registration left me with the somewhat underwhelming username sc_5c0608346ae1445092633ddc9cb5a892
    Not quite sure how that happened but it seems that it is the one thing on my profile that cannot be changed, which effectively means that any blogs with registration turned on I can’t post on

  17. 26

    I haven’t the first clue who you are so I don’t know how valued or disliked your contributions are. Regardless, you should be able to change the Display Name field. Because you’re logged in with a SocialConnect link from another auth service, your username is automatically generated. The Display Name gives you the option to use the name you signed up with as an alternative. This of course doesn’t have to be your “real name” even if that’s what the field says it is.

  18. 27

    Jason @26
    thanks for the reply.
    It only seems to give me permutations of my real name, which it presumably garnered from my gmail account.
    I suppose i could create an email account purely to register but it seems a bit of a pain, especially as then a defunct email account would be linked to FtB with regards to any threads i am subscribed to.
    jim (noelplum99)

  19. 28

    Hmm. Does it not give you the option to change your “first” and “last name” fields? Because it looks like I can, anyway. If you can, go ahead and change them to whatever you’d like, then set your display name after you’ve changed your “real name” settings.

  20. 29

    Ah yes, I see now. I was having trouble seeing those first and last name fields on account of them being slap bang in the middle of the screen, totally unhidden and almost impossible to miss!!!

    Thanks for the help 🙂
    Jim (noelplum99)

  21. 30

    So… logging in breaks my Gravatar. I’m not sure if my registered ID is set to a different e-mail address or something, though the system is telling me my e-mail is already registered, and the password re-set for my e-mail address has not sent me an e-mail (at least not at the e-mail address I’m trying to log in with). Thoughts?

  22. 31

    By the way, I’m logged in through my Google ID right now, which is what I figured might break the Gravatar (I’m not sure I’ve ever been able to log directly into the site with the e-mail I used for registration).

  23. 33

    My problem not getting the reset mail might be the same issue Kimbeaux is having with the initial registration mail, as I’d assume they use the same mailer daemon.

    Also, my first message was confused – I’m logged in through Gmail, which is a different e-mail than the one I (usually) use to post and subscribe, but my usual (apparently registered) e-mail is not allowing me to log in (I’m also pretty sure I have the username correct) with any of the passwords I’ve used in the past 10 years, nor is it sending me the password re-set mail.

  24. 36

    Jason @18: I think you’re missing the point of what OpenID is – I should be able to provide the URL of an arbitrary OpenID-serving website and use that.

    Providing a specific shortlist of sites is not how OpenID is supposed to work.

  25. 37

    In discussing Atheism+ and elevatorgate on another board, I ran into the same question about “how do you know?” in response to RW’s lament, after months of harassment that she’d been subjected to groping, unwanted touching, name-calling, rape threats, death threats, etc., “all by skeptics, all by atheists, all skeptic, atheist men” or something to that effect. Someone latched onto that and pointed out that at least a couple of the people piling on were women, so it just wasn’t true that 100% of the attackers were skeptic, atheist men. And until they were shown “proof” (which, of course, I don’t have) that it wasn’t some outsiders trying to divide the community and just a bunch of non-community trolls, then RW was a liar to say that this campaign had been conducted by atheist, skeptic men. I’m not in a position to say anything, except that I know for sure that at least one very prominent atheist, skeptic man participated in the abuse. But beyond that, it doesn’t seem that anything I can say will dissuade them from thinking that RW is a liar, a self-aggrandizer, trying to promote a “divisive” brand of feminism to gain power for herself, and to destroy the atheist/skeptic community. How do people in my position (no real knowledge) counter that? Has anybody traced a significant portion of the harassers? Mind you, they would probably discount the source if the information comes from anyone at FtB.

  26. Rob

    Jason, How quickly should the confirmation email be generated? I’ve checked the spam folder – nothing there. That email address is seldom used now so it redirects and I’ve checked the junk folder at the redirect address as well.

    Sorry looks like this post is going to generate lots of helpdesk work for you.

    It’s a bugger that we are having to do this. I’d been avoiding signing up, but with so many blogs shutting down comments unless we are registered it seems like letting the trolls win to be silenced.

  27. 40

    maddog: well, unless some mythical false-flag attackers actually registered at conferences just to grope Rebecca, then she knows darn well the people harassing her *in person* have been atheist/skeptic men. It’s also plain to see on blogs, twitter, and facebook that a significant portion of the slurs and misogyny (and all the variants of ‘bitchez be lying’ are misogyny) have come from self-identified atheists and skeptics under their own names.

    If you think it’s worth your time trying to argue reasonably, good luck; but based on the last year your instincts are probably right and nothing will ever convince these people who have made up their minds to hate.

  28. 41

    maddog: if you repost this question on the previous post, where it’s on topic, perhaps someone might be willing to answer with something more than “because it involves assuming more things than are in evidence to suggest it’s a false flag op and we’re supposed to be skeptics here so either they should show their evidence or cut it with the hyperskepticism”. Please, nobody follow up here. Thanks.

    Rob: it should be absolutely instant (to load-related degrees of “instant”). If it isn’t sending immediately, definitely look through the spam stuff. And check to see if subscribing to a post and/or blog successfully sends you email — that’s the best test to see if stuff from FtB is going to spam or being blackholed by your email provider.

  29. 45

    Jason, you jewnigger, how do you know about the “double blowjobs” comment? Jen never said anything about that publicly…and if you’re not a coward, leave this comment up. Or is there something that you’re trying to hide about your knowledge of the “double blowjobs” comment? :p

  30. 46

    Jason, you jewnigger, how do you know about the “double blowjobs comment”? Jen never said anything about that publicly…and if you’re not a coward, leave this comment up. Or is there something that you’re trying to hide about your knowledge of the “double blowjobs comment”? :p

  31. 47

    People might consider changing their passwords, too. If you’ve been using some low security who-cares password for posting on blogs, it’s time to reconsider. If your password is really common, the trolls might break it with a few guesses and that would be bad, mmkay? Some regular posters have been targetted, not just bloggers.

    Examples of bad ones: your user name, password, letmein, 123456, pirate, ninja, monkey, qwerty, qazwsx

    Try this for more thoughts:

  32. 49

    Then how do you know about the “double blowjobs” comment? And at least you’re not like those other cowards who censor comments (you should be proud, you beta white knight mangina fag)! BTW, I wasn’t the one who was impersonating Jen…but I was in that thread and I was the person who made the thread on /b/. And there seems to be a lot misconception about us on FtB… You haven’t checked out /b/ lately, have you?

    Yeah, we’re on the same side as Thunderf00t but we don’t support that fag (him and his fans have made it clear that they’re against trolling). Anyways, I don’t know how unaware you are but it’s not FtB/Skepchick vs Thunderf00t’s fans anymore – it’s FtB/Skepchick vs 4chan. And wait…you probably don’t know about the thread on /b/, do you? You’re not in it but Jen and Greta and Ophelia are… And Rebecca’s next. :p

Comments are closed.