The Bitlove LLC spin on their recent implosion, as presented to their captive audience.

Wednesday, 22 April, Year 7 d.Tr. | Author: Mircea Popescu

After the numerous problems brought to light by the recent stomping Bitlove LLC (operators of Fetlife) received at my hands, it's pretty certain nobody will "invest" in a bullshit Canadian "company" consisting of one lying scumbag (John Baku) and his rent-a-coder Ruby on Rails reimplementation of Facebook. It's slightly more likely that someone might still consider going to work for them, but not by much : without money they can't afford competitive pay. Even if they tried to pay competitivelyi, burn rates being what they are the very poor job security implicit in the package is likely to keep anyone even half qualified away. It's also altogether improbable they'll be making further strides in conning chumps to sign up their "services" at any sort of a rate approaching the user flight they're experiencing (and for good reason), but that doesn't usually matter online : if Baku could puff up a 50-100k actual userbase into "three million", there's nothing to prevent him from turning a 15% userbase loss into "fastest growing" or whatever hollow verbiage is fashionable that week.

This sad state of affairs is of course not reflected in the Kool Aid being poured generously (behind closed walls) in the trough of a mostly naive, broadly ignorant audience. Let's look into this - it promises to be fun.

We Are Not Being "Outed" and There Hasn't Been a "Security Breach" (But Trilema is Still a Huge Douche & Fetlife Needs to Reconsider its Privacy Mechanisms)

Ikonoclast's Writing 29M Dom (Sandy, Utah) | 462 Comments · 2,504 Love It | 12 days ago

Hokay folks. I am seeing a lot of (what I suspect is mostly unintentional) fearmongering about this gigantic douchecanoeii in my feed today, replete with comments like "This is outing everyone!", "When is Fetlife going to fix this breach of security?", "I wish there was a better site than Fetlife so this wouldn't happen", etc., as well as loads of female-identified members changing their gender to N/A.

While Trilemaiii is absolutely, incontestably a misogynistic, entitled fuckwad with a vastly overinflated sense of his own hacker $ki11Ziv, I'm concerned by these comments and actions because they speak to a certain ignorance about 1) what "outing" is, 2) the nature of information privacy on a semipublic site like fetlife, 3) the difference between a security breach and an information crawl, and 4) what it would actually take to build a "better site" to stop this sort of thing from happening. So, let's talk about those things.

What is "Outing?"

Outing is a pretty explicit action. It is the connection, without your consent, of your vanilla existence to your kink existence (Or exposure of any private information related to your sexual orientation, relationship dynamic, or other aspects of yourself you choose to keep private.) In that view of the term, I can't really say Trilema has "Outed" anyone because 1) there is no Personally Identifiable Information (What we in the data world call PII)v in the table he's dumped on his site. 2) none of the information he posted was truly private.vi Yes, it was behind a password-protected site that didn't offer a search function, but literally anyone can create a profile on that site and there is currently no way to set age and gender identity as "friends only".vii 3) None of the information he's posted is verifiable beyond the Fetlife ID in the links he's posted. Since anyone can set their name, age, location, and orientation to any value they wish, any information beyond that Fetlife ID is unreliable at best.viii

How does information privacy work on Fetlife?

Unless you can set it to "Friends Only," you should operate on the expectation that literally everyone on the Internet can see it. That includes your mom, your pastor, your 14-year-old kid, Barack Obama, and of course Trilema. And, as SupremeOverlord points out in the comments below, even if you set a photo to "Friends Only" it is still accessible, though not without considerable effort/not in a "searchable" way, without even accessing Fetlife in the first place by going directly to Fetlife's image host domain).ix

What does this mean for you? Well, if you don't want there to be a chance some dipshit will stumble across and save the info, possibly posting it to an external site, DON'T POST IT. Period. While I understand that, in an ideal world, everyone would respect your desire for privacy and ownership of your data, reality doesn't align with that desire at this point in time, and it probably never will.x

What the fuck is an "information crawl?"

What Captain Douchenozzle has likely donexi to get his information, given the relatively small section of the female members of the site he's posted, is point a webcrawler (Basically an automated web browser) at Fetlife with his login credentials, browse through the site one ID at a time (note how Fetlife IDs are numeric, e.g. mine, which is users/48475), and scrape the following information:
Name
Profile URL (And thus Fetlife ID #)
Age
BDSM Role
Sexual Orientation
Location

His crawler then dumped this information into a database (Or a flat file, like a .csv, think of this sort of like a spreadsheet with rows and columns, etc.) where he could easily query it with "show me all female-identified people whose age is less than 30." Clean up the output, preserve the hyperlinks when you put it into an HTML table, and voila!

Why is this not really a security breach? Because any idiot could do itxii, and once again the information is not really protected - a real security breach involves accessing data you're not supposed to be able to accessxiii, i.e. passwords or email addresses. Does it constitute a breach of the Fetlife TOU? Absolutely.xiv Is it pursuable from a criminal standpoint? Probably not.xv Civil? Likely.xvi However, given Doucheface's name (Which he helpfully includes on his blog), he's probably from Romania (or one of the other Central/Eastern European countries) and getting them to honor lawsuits filed by North American nations is a bitch and a half.xvii

Why doesn't changing my gender help?

Okay, so it might help, kind of. But only if you weren't already included in his idiotic little "meat list." Remember what I said about his crawler scraping the User ID? That doesn't change, so you can change your Fetlife gender to "big, hairy manbearpig" and if you were on the list before, you'll still be on it.

So how do we protect against this sort of shit?

Remember my points in the "How does information privacy work on Fetlife?" section. In the short term, that is literally all you can do.

In the mid-term, Fetlife should probably consider making some of the basic profile information (Gender identity, age, location) settable to "Friends only" so folks concerned about their privacy can manage those as they wish.

In the long term? The only way to really improve the privacy of the site itself is to use an invitation-only membership structure, and I just don't see that happening in an enterprise like Fetlife. That sort of design, if people take the vetting rules seriously, takes years to realize membership numbers that will let you operate without losing money, so unless someone with $8-10,000 a month in extra disposable income wants to set that up out of the goodness of their heartxviii, it's kind of a long shot. And, lest we forget, it still will not be 100% safe. People will still make errors in character judgment and invite predatory jackoffs, long-standing community members will suddenly be revealed as abusive, consent-violating assholes, etc.

TL:DR;

Look, I know what Trilema did a couple months ago (and seemingly hasn't updated, mercifully) sucks. I know it's scary to think you're more searchable now. But the real fallout of this is likelyxix to be nothing more than a few more creepy messages in your inbox than usual; he made you easier to find, but he didn't make you easier to identify if you're already protecting your identity well on Fetlife.

Please feel free to message me with questions, comments, things I can do to make this post better/more informative, etc. I wrote it in a bit of a hurry and it is not intended to be exhaustive.
Regards,
Ikon
P.S.:

I'm not trying to say people shouldn't be concerned by what's happened here, or even that the outrage needs to be toned down; my worry is with where the outrage is being directed, because from my perspective a lot of people are angry about the wrong things.

In no particular order, some of the bigger issues here (and elsewhere) are
1) Fetlife sent a DMCA takedown about this information months ago. Why are we only finding out about it now?
2) Fetlife has known the "Creeper contingent" is an issue on this site for ages, and yet no real proactive steps have been taken to empower people to dodge them.
3) Privacy controls here are currently limited to writings and photos, while huge swaths of other information can be crawled by any jackass with access to the site. Even Facebook has better options.xx
4) The "no talking about repeat predators" thing - need I say more?

I'm sure I'm missing things, but the reality is that until Fetlife drastically reconsiders the nature of "privacy" on the site, the onus to do so is on us as users.

462 Comments (leave comment)

SensualRogue: 12 days ago

Thank Ikon - was just writing up a note myself but this is a great summary.

FL could and should do a few things to make this harder - obfuscation of user ID's, connection/request throttling, better privacy controls, etc.

But, the point remains - if you post it, it's on the internet.

Use caution, protect yourself and while FL is fun and enjoyablexxi, it's also not a 'safe' place by any means, even if the communities it helps bring together try to be.

If you're on the list, and don't want to be, the only thing to do is start another profile. It links directly by ID, so there's no way to just change your name.

NerdcoreBecca: 12 days ago

Thank you for this simple and well-expressed rundown of what's going on. So necessary.

Finch_slc: 12 days ago

We're all gonna die!!!

ElisabethGreen: 12 days ago

These were my thoughts exactly. I couldn't for the life of me figure out what people were spazzing out over. Thanks for putting it plainly.

Lex_Icon: 12 days ago

Concise and accurate, thanks for writing this.

DespoenaCalypso: 12 days ago

Now this.. is useful.

plaisirnoir: 12 days ago

cake crumbs..

plenty_sassy: 12 days ago

Crumbs

KaiKillua: 12 days ago

I would also not recommend anyone to reach out to trimela or comment on his info dump even if it's to send words of disapproval. Giving him traffic and responses could just make him do something else stupid.xxii

NauttiBoy: 12 days ago

C R U M B S!

Hedwig: 12 days ago

Thank you for a good rundown on the techie part. I think what many people seem to be missing is the part which treat women like objects. I hold no illusions about internetsafety. fetlife.com/users/3162/posts/2892518xxiii wrote very well about. Also the silence from fl grand poohba's have been disturbing

May the rain of a thousand rusty scissors fall down upon his crotch and the fleas of 1000 camel infest his armpits. Then I'll show him what meat really looks likexxiv

-Chance-: 12 days ago

This is perfect.

-Josh-: 12 days ago

Now this takes a rational look at what's really going on. There's PLENTY FetLife can do to make things better...but some of it would require almost a complete site redesign on the back-end. They're (pretty obviously, if you'd paid attention to their response to this and other "breaches") unwilling to put forth the effort to do that, and instead rely on misinformation and placing all blame on the douches that point out their nakedness.

Then there's the heavy-handed approach at misusing the legal system (the DMCA notice, in this case) to try to silence their failures...which reminds me a lot of how Scientology shut down anything critical to itself back in the day.xxv

JerichoRose: 12 days ago

Thank you. The idea that anyones data is absolutely safe on the internet is laughable at best. People can and will find your data if its out there, regardless of security protocols for any given site.xxvi So the best course of action is to either not parciticpate in social media of ANY sort, or be smart about what information you decide to share on social media to begin with.

People simply don't realize how their digital footprint grows with EVERYTHING they do online.

And while it's true we shouldn't have to deal with this type of asshattery, this type of asshattery still exists. Nothing will change that. The world is full of awful people that do awful things 'for the lulz', especially when it illicits an emotional response like this did.

I suspect the attention this guy is getting will be enough spank bank material for him for a while.xxvii I aslo suspect the amount of attention this guy is getting will push him to try to l33+ h@xx0r more data at a later date.

blueshirt2: 12 days ago

crumbs

KingGrieverVIII: 12 days ago

crumbs

dammit_punk: 12 days ago

I'm more annoyed that a "meat list" is really disgusting and sexist.

anne-within: 12 days ago

thanks for taking the time to put this info down; I know for some this is a Captain Obvious moment. as I said on the "alarming" post...

I agree that the behavior of this self professed "shut in" is sad.xxviii and a meager attempt at some sort of control, inclusion and power in his otherwise socially awkward life.xxix

having said that, life's a bitch. and as some may have noted: this IS the internet people. everything is a data point. don't want some guy trolling you in search of females under 30 - change your data points.

or better yet: don't share them.

Pocketable: 12 days ago

Crumbs

SiRoberto: 12 days ago

I agree with KaiKillua. Don't engage the douchebag. He has an asinine way to make a point. This is a good warning for us to be more careful with our private info.

MsDemanda: 12 days ago

More crumbs

BenHart: 12 days ago

bump

Esox: 12 days ago

Best explanation of this that I have seen. Thank you.

eggCream: 12 days ago

Matzoh meal

BDSaM: 12 days ago

Folks should read this and understand — there's no security flaw here.

subtletest: 12 days ago

A very nice explanation. And some good advice.
☆☆☆☆ Four stars!

_Tantric_: 12 days ago

Crumbs. "Captain Douchenozzle" is a most excellent title for Trilema. Thank you for a great post.

I always limited identifying myself to friends. I work with technology and always felt identifying pictures were a risk. It goes to show how unfortunate it is that the dregs of humanity will act as they do. The information you provided in this post is excellent, and everyone on Fet who cares about their PII out there should manage their profiles accordingly. Thank you!

Danica23: 12 days ago

Crumbs

ManxRoper: 12 days ago

At last some sense.

It's a sexist list ...He gave you the code so you can trawl for whatever you like.xxx

It violates our consent ...err as long as you have a login, which he did, this was all available information you consented to supply.

It objectifies us! ...Only electronic fingerprint which isn't, in fact, you simply because there is no connection between your carefully crafted profile and the real you. (You did that didn't you? .. you didn't? ...not my problem.)xxxi

ScorpioKing: 12 days ago

crumbs

kyriet: 12 days ago

Crumbs

Aazer: 12 days ago

Thanks for the additional information!

LaughingWater: 12 days ago

I love Fet but the panic lemmings kill me. Thank you for this.

ladyinprogress: 12 days ago

This is a great summation of what's going on. Younger friends don't freak out - DO use this opportunity to review your information you have set to public on your account & take measures to clean up your profile/make it more secure.

-EM-: 12 days ago

Well said, OP. It isn't a good thing by any stretch of imagination... no. But the world also did not end.

Verseria: 12 days ago

Miette.

ReadyInPhila: 12 days ago

What a well written - informative & level headed post - well done.

And yes - linking or posting to this site or its content "off site" is douche baggy - but that's never been in question.

MrDark: 12 days ago

You just hit the nail on the head. Thanks for this.

ThoughtMonster: 12 days ago

^^ Agreed. The uproar is driving me crazy. Yeah, Trilema is a douchebag. But Santa isn't real, and the internet isn't private.

thehellkitten: 12 days ago

I'm glad to see someone pointing out that this is more of an info crawl/dump than a security breach. I don't see his code as "outing" anyone yet, but I do see it as a tool that individuals could easily use to out people. Say if someone at your job suspected you had a kinky secret life, it makes it that much easier to find your profile and show your boss.

Fetlife isn't a perfect website by any means, but the one thing that I have actually always appreciated is the lack of a search function like Trilema is attempting/suggesting. I'm sure a lot of people on Fetlife are attempting to use it as a dating service, but this isn't OKCupid.

Also, when it comes to BDSM, at the end of the day the community is a huge and important aspect to it. Without other people around it's much harder to vet potential partners, to catch predators before they go too far, or even to have real camaraderie in the scene itself. It's clear that the community aspect of BDSM means nothing to Trilema or to people have the same opinion, and that's worrisome.

tl;dr if you want to just find girls who are DTF you should just go get on OKCupid like everyone else

Bedbuglet: 12 days ago

The meatlist homeboy compiles is gross, that's true. It appears that people are irritated by this the same way that they are irritated with the periodically emerging suggestion that Fet facilitate searching by age, gender, role, etc.

It is never a bad thing to promote discussions about how to avoid inadvertently assisting people who intend to pester, stalk, or harass you--so at least there is that.xxxii

CreativeMayhem: 12 days ago

My sentiments exactly. Excellent summary!

AelwynFireKitty: 12 days ago

Crumbs for techie stuff about the "meat list".

Sir_Arastorm: 12 days ago

Crumbs for my friends.

Lady_Bird_Smiles: 12 days ago

Crumbs but I also voiced my distaste fetlife.com/users/3669379/posts/2892747

miss_RopeSlut: 12 days ago

I do believe this is the best writing I have read all day. Thanks for the crumbs @benhart

franzzzz: 12 days ago

Great summary. Hope it helps to unscare people.

Boymeat: 12 days ago

This. Thank you. I've been muttering this to myself and a few others all day.

Le_Bastard: 12 days ago

I want to change my gender to big, hairy manbearpig !!!

CRUMBS and thanks OP. That was needed.

_Raine_: 12 days ago

Great post. What bothers me is why couldn't the people who run Fetlife respond like this earlier, instead of total silence? And apparently removing the intitial post from the front page. All that does is let people freak out and lose faith in them.

MaillerPhong: 12 days ago

Crumbs for everyone who use their head for more than just a hat rack.

RDLShadow: 12 days ago

Human sacrifice, dogs and cats living together... mass hysteria!

SerWilliam: 12 days ago

I agree with this assessment as well as the recommendation of being able to set more (if not all) profile info "friends only".

Art_Amiss: 12 days ago

I'm glad someone broke through the hysteria. Is making a "meetlist" gross & dehumanizing? Fucking Yes. The sexism in that is so off the charts, it's not even funny. Unfortunately, all he did was compile a list of facts on a public site and posted them. Giving him attention, just makes it worse. The most terrible thing you can do to a Hacker Troll is react with boredom. It will make him crazy.xxxiii

_Raine_: 12 days ago

Oh and also..removing gender and location ID is one way to thwart said douchenozzle from making 'meat' lists. Since any muppet who cares to look at my profile in any detail can figure out I am a woman and not in my 90's or located in Antarctica, that feels fair enough to me. :)xxxiv

belovedpet: 12 days ago

Yes, we need to understand that online privacy doesn't exist. You can set your location to Antarctica but the groups you join say a lot about where you live. Last year I tried an an experiment; I was able to, after some digging, find out a Fet guy's real name, home address, make/model of car (Google street view of home), job, and hobbies. I was surprised at how easy it was, just by gleaning info from his posts and the fact that part of his Fet name was part of his real name. I never did anything with the info, and I never will; but it was an eye-opening exercise.

Lord_Tamhas: 12 days ago

(¯`v´¯) . . Very well said . . . . . . . applauds . . . . .
.`..¸..´Breadcrumbs .¸.•¨¯`•.•:¨¨:•..•:¨¨:•..•:¨¨:•..•...¸.•¨¯`•.•:¨¨:•..
.¸.•´ ¨)¸.•¨) ¸.•¨) . . . . . more breadcrumbs . . . ..•¨¯`•.•:¨¨:•..•:¨¨:•
(¸.•´ (¸.•´¸¸. .•´¸¸.•¨¯`•.•:¨¨:•..•:¨¨:•..•:¨¨:•..•....•¨¯`•.•:¨¨:•..•:¨¨:•
┊  ┊  ☆¸¸.•¨¯`•.•:¨¨:•.A TON of breadcrumbs.•:¨¨:•..•:¨¨:•..•....•¨
┊  ★¸¸.•¨¯`•.•:¨¨:•..•:¨¨:•..•:¨¨:•..•....•¨¯`•.•:¨¨:•..•:¨¨:•¸¸.•¨
☆¸¸.•¨¯`•.•:¨¨:•..•:¨¨:•..•:¨¨:•..•....•¨¯`•.•:¨¨:•..•:¨¨:•.•:¨¨:•..•:¨¨:•
ℒℑ ( ͡° ͜ʖ ͡°)

RedStapler: 12 days ago

TL;DR: Anyone can sign up for a free account on this site and post any info that they find here anywhere else. There are technical ways to make this more tricky but nothing foolproof. Public information is public.

anonymity90: 12 days ago

Crumbs to all my friends who don't "get" it.

I really wish I hadn't clicked on the link because I didn't really want to give him more hits on that page of his site than necessary.

Thanks for writing this in clear English, I hope more people read this and chill the fuck out. There is no identifiable info on that list. Just username, city, etc. Unless you happen to have your username as your real name, I'm pretty sure you're fine - the link to your profile is still "protected" by fetlife's login/signup. He didn't even include profile photos (which, hate to break it to you guys, would be super easy).

His "mad skillz" are severely lacking!xxxv

ArtemisKitten: 12 days ago

<3 <3 <3

_wyldefire_: 12 days ago

Trail of crumbs

SayMercy: 12 days ago

All your base are belong to us.

Thesser: 12 days ago

Crumbs for my friends to review!

Thank you.

BrattyLaine: 12 days ago

Big hairy manbearpig crumbs ...

AMP_Sir_Ez: 12 days ago

I saw the list...
It's just basic profile info most are looking for anyway.

evil grin

I have heard of other data bases for D types that was very ugly.
But that's another story...lol

I agree with the OP.

respect

Kimmologic: 12 days ago

I literally was just saying the same thing elsewhere about this topic.xxxvi And as someone that has actually been outed before, yeah, those two things are A LOT different.

aestelar: 12 days ago

Thanks for the info!

just_heather: 12 days ago

thank god im older than 30:)xxxvii

UnholyPassion138: 12 days ago

Crumbs

Tarin: 12 days ago

userID obfuscation is he easy way to solve all of this. You make it really least to crawl your website with userID1, 2, 3, etc. If you took my userID, added some random padding, and then pushed it through a hashing algorithm you wouldn't need to change all that much of the site (unless there is something in the back end I don't know about)xxxviii

Also, some sort of "big down" after accessing n profiles in Y time would also act as a deterrent.

KinkyBunnyGirl: 12 days ago

Amen.

Divergent_1: 12 days ago

"gigantic douchecanoe" is a fantastic phrase. Will have to remember that. . .xxxix

Marquis-de-Twizz: 12 days ago

Do what I did send an email with links to his countries cyber division. While the DMCA couldn't stop him hacking is still illegal and he admits to it.xl

SarifkaMorgan: 12 days ago

Massive breadcrumbs. Perspective matters.

diTailed: 12 days ago

Yeah what just_heather said. LoL

and_im_javert: 12 days ago

The disgusting and objectifying vocabulary of "meatlist" was very ugly, but everything else isn't that huge. Name, gender, given location, age, and role. Speaking in terms of explicit actions, all he did was take information anyone could get, and put it into a list. The implications and reasoning of such are deplorable, though, but nothing really changed. Things will be the same as they were before.xli

fruitpie: 12 days ago

LOL @diTailed and @just_heather - great over-30 minds think alike! I'm chuckling so hard right now.

UKDevil48: 12 days ago

Thank you for taking the time to write this and post.

CRUMBS to friends.

MaxGentleman: 12 days ago

I really don't want Obama looking at my shit.

LadyRah: 12 days ago

My big concern was the ease of search. The creep factor went up ten fold. When it comes to My House, we all work pretty public jobs, an should the wrong person search for and identify someone, shitstorm ensues. I've got My House double checking the accessibility of face pics and writings that could pin point us. That's all we can do. ;) stay safe(ish) guys and dolls!

Lou305: 12 days ago

Another reason to be thankful (for now) for being on the 'old' side.

LauraUnBound: 12 days ago

Wanna talk about how he's a giant asshole? Good, do it. Wanna be upset that you were reduced to a piece of browseable meat? Good, you should be upset. Yell about that. Get mad. Have important insightful passionate discussion and tell the world how that shit is not okay. We need that.xlii

What we don't need is scaring people into thinking someone hacked and outed them to the public. That didn't happen. Nobody's got your real name, home address, phone number, place of work, etc (unless any of that is in your username) you're not any less safe now than you were before. It takes one minute and a throw away email account to make a fetlife profile, if someone wanted to find you they were going to find you. You're probably all part of local groups, some more specific than others (women of ____, ____tng, under 30 in ______, women under 30 in _____, the group that goes to this very specific bar for munches, etc etc". The members lists can be trolled. You can be found. His list only made it more simple. And his list is just one of the dozens out there, the real scary people aren't openly telling you that they've compiled a list, they're doing it behind closed doors.xliii

It's fucking disgusting and dehumanizing, but it's not a hack. Be angry, not terrified due to misinformationxliv

Ponygroom: 12 days ago

I was going to write up something like this but Ikon, you have saved me the trouble.

Thank you.

LauraUnBound: 12 days ago

Also, changing your name, location, age and gender now won't help, he's already compiled all the data he needs.xlv Until your user id number changes, the link to your profile will remain intact. Someone's just going to see that you changed your info, they will still be taken directly to your page.

Sovereign_Shade: 12 days ago

The TL;DR breakdown will get more reads even if it isn't the full bulk of info. This post is one of the many reasons I never put pics of my face on here that are not set to Friends Only. FL has failed to really employ security measures that protect anyone. It's success as a social networking site has made it a target by all kinds of scumbags.

MyNewFuckBuddy: 12 days ago

Omg it's the Fetlife Apocalypse! Seriously though- Tks for this post. Everybody needs to calm the fuck down.

September-: 12 days ago

Thank you for the post. Please continue to write about how internet works and its infrastructure. It is really very helpful to learn about these things.
Trilema's action becomes successful only when it induces paranoia and fear in people. I think one way to resist is not to get scared. But still something should be done about this.xlvi

Lasivian: 12 days ago

Preach it brother! Amen!

The search I want is for "Intelligent people". Not by age or sex or location. And all the people doing the "Chicken Little" dance over this do NOT qualify.

RedheadWithRope: 12 days ago

Honestly this is probably a good thing IMHO. Why? Because too many do put alot of identifiable info on here, or pictures that are also on other well known social media sites. This kinda serves as a reality check that FetLife is not the Kinky DMZ of the internet. General internet rule of thumb is once its posted, it can't be erased, and someone you didn't intend to see it, will. So this is a great reality check. Anyone that knows how to view a pages source has long been able to get the URL of pictures, download them, search them with TinyEye, google, or such, and well. Its not really safe.
visiting a local dungeon has the benefit of "mutually assured destruction, meaning if a coworker or boss sees you there.... You see them too. But on Fet, where its all fairly anonymous, well just think twice before you post up a face pic, or phone number or anything else that can tie you to the real world.
Safe words dont apply to hackers and tolls.

Bhuvaneshvari: 12 days ago

It's something predatory, but it's no more a breach of privacy than what the internet already is.

SHUGOSHA: 12 days ago

Thank you. Crumbs...

johnhenry323: 12 days ago

Dropping crumbs. I got a bit alarmist and this is a perfect counterbalance for my friends to read. Thanks!

Armand_Ohio: 12 days ago

Very good explanation. This has been said many times, but there are still some who don't get it. Even for those who are rather ignorant about how the internet and the world wide web really work, it should be superficially obvious that anyone with a FetLife login can see your information. It is not unlawful for someone to post a link to your profile on another website. The information you post on FetLife is not private.

This is also an excellent discussion of what is and what is not "outing."

Armand

TrixieDelight: 12 days ago

I love being lectured by a man about thisxlvii

LeRougarou: 12 days ago

I so heart LauraUnBound right about now. Not that I didn't already, but, yeah.

MistressBeltane: 12 days ago

Crumbs! Great info!

TwistedDave: 12 days ago

Now the flip side of this is how FetLife responds (if at all). It could be awesome - adjustable public/friends only settings for various things like age and gender and location, or it could SUCK (all of them are either public or friends only, no granularity).

When thousands of profile names are added to a non-Fet list, it's a real douche move, but seriously, how many creeps are going to sift through it all? Even if they did, the only way they can get to people is by SIGNING UP. For that matter, it's still possible for people to crawl through local lists and manually search for targets. Chances are, these kinds of knuckle-draggers will have a big question mark or a dick pic for their profile pic, and savvy ladies won't fall for it.

What pisses me off is that this guy is saying FetLife is a DATING site. For those of us in the lifestyle for years, sure, we use it to meet people, but mostly it's for networking with others we either know or meet at munches. I really wish people would stick to other venues for their 50 Shades of Adultery and HowRULetsFuck shenanigans. The adults are busy here.xlviii

cylr: 12 days ago

Crumbs for the hysterics.

Maiitsoh_Yazhi: 12 days ago

Thanks for taking the time to add some perspective to this.

Apriil: 12 days ago

CRUMBS <3

SpanishRed: 12 days ago

It's about time someone wrote some decent erotica around here. Thanks, Ikonoclast. It's been grand.

secondnature429: 12 days ago

Interesting read about Fetlife Security/Privacy Issues: freze.it/1sZ

BeYouTflyBroken: 12 days ago

I think he is just a sick puppy lol, and not in a good way. He claims his list is to inform others of "our " deviations but why target women 19 to 30? Sounds like a troll to me......that a my only concern with the list being up, is the potential of young women being harassed not outted.

BeYouTflyBroken: 12 days ago

CRUMBS

Anura21: 12 days ago

A little info for everyone that's freaking out.

LadyBadger: 12 days ago

It's maymay all over again.

LordNeptune: 12 days ago

Crumbs for the worried.

September-: 12 days ago

I think suggestions like nothing is private, don't put any pictures there, or everybody can see everything leads to overprotection and paranoia. Nobody will look at these pictures or do anything to you, I mean maybe few friends, bosses (that's a different discussion), but not that which induces paranoia. It is already doing its job very well by making people overprotect themselves.

teeebone: 12 days ago

Breadcrumbs for my friends. :3

Ivy_Leigh: 12 days ago

Can I just change by gender to Old?

Thazar: 12 days ago

It's a spider crawl. Nothing more, nothing less however despicable

Lady_Wood: 12 days ago

Crumbs

Dr_Gray: 12 days ago

Thank you for this. Put into more rational words than I could. Crumbs for all.

Prettymaybee: 12 days ago

www.youtube.com/watch?v=ujg0Penfups

NonExistant1: 12 days ago

...BREADCRUMBS...

Cherise33: 12 days ago

Thanks for the info...what a douche this guy is, and as you point out, clearly not that bright of a douche.

Resk_Tailblend: 12 days ago

Thank you. This startled me and as someone who is transitioning, I was more scared for those who identify as female on fet but not irl but still had pics and might have gotten pulled in by this crawlers

-Josh-: 12 days ago

I was having a similar argument on Facebook...I love how someone's already chimed in with a dismissive comment based on the OP's gender...that somehow having a penis or vagina invalidates any assertions that person can make on a topic.

Mister_W_: 12 days ago

This is useful to read for those who are worried.

SweetRedWitch: 12 days ago

crumbs

rainbow_jen: 12 days ago

fetlife.com/users/430138/posts/2892894

WhyYesImEvil: 12 days ago

Breadcrumbs...

TrixieDelight: 12 days ago

Not any assertions, Josh. Just yours.

TrixieDelight: 12 days ago

I don't want you seeing my cuntxlix so I'm blocking you here too

wandering_st4r: 12 days ago

Crumbs!

TrixieDelight: 12 days ago

And YEAH, it does bother me that someone who is UNAFFECTED by his information being distributed wants to tell everyone to calm down about it.

AlphaGeek: 12 days ago

Crumbs.... great explanation.

CurvySub17: 12 days ago

Crumbs and I totally want to change my usernmame to big hairy man bear pig just for giggles

DarkInnovations: 12 days ago

As one who may have unintentionally contributed to the "fear mongering", I commend the well reasoned approach to this writing. My intention was to allow those in my community to both know of the list and the opportunity to determine their inclusion (or not) and go from there. I admit to being surprised by the reaction, pro and con. Thank you for a sanity check.

AlaraKantrain: 12 days ago

Provided they have well-designed code, it shouldn't be too hard to change the way they identify users to some sort of hash key. That would at least stop people from using the same method Trilema did to get information

acquiescence_: 12 days ago

Crumbs... and thankyous.

TerraVesta: 12 days ago

My only problem with the list is fet should have told the girls that are on that list that it happened. Just like my credit card company would tell me if my information was taken even the public stuff and posted on another site (yes this has happened I was told the day they found it). You don't have to believe it but these girls are now at risk not of their nilla friends and family finding out but of being hurt. He picked the age group that posts the most naked public available pictures with the persons face in it. We all know creepers use this site and others like it to find their victims. These girls/women are now on a user friendly list of potential victims.

Way to go asshat I hope you're happy with what you've done. If he really just wanted to point out the problem he would have used the older men's profiles on this site not the young woman he could help turn into victims. IMHO.l

Ikonoclast: 12 days ago

@TrixieDelight - so let's explore that. If I had been a 29-year-old woman with a decade of experience in web analytics, software development and information security, would there be a problem? Are you concerned about the factual content of my statements, or just unreceptive to it because I'm "not affected" and thus not allowed to talk about it?

sparkyfire: 12 days ago

Crumbs for all my indy folk.. I recognize a few cities on this list...

Ikonoclast: 12 days ago

@TerraVesta - I actually agree with this 100% - the fact that this happened a couple months ago and this is the first people are hearing about it is very concerning.

acquiescence_: 12 days ago

A possible personal vendetta? Have a close look and one person is categorised as a 'weirdo'...

ItzKat: 12 days ago

I just want to say that if FetLife wants to be around, you need to protect the women. This guy is a douche and it is annoying but your id is not on the list. You men are not targets. You say (sort of flippantly) that it is just a few more creepy messages in your inbox. But you really don't understand what we already put up with. We are already targets just being female on a sex oriented site.li I would think FetLife would want to do the things needed to ensure the female profile's privacy even it is a hassle. Just saying.

TrixieDelight: 12 days ago

Allowed? You're always allowed. Am I saying this should be taken down? No. But telling everyone to calm down when this doesn't affect you? Rubs me the wrong way.

Ikonoclast: 12 days ago

@ItzKat - just so we're clear, I don't work for Fetlifelii, I made this post based on my own experience with analytics, software design, and information security. But the above is exactly why I support the expansion of what can be set as "friends only" - I think Fetlife's users should be given more direct control over their own privacy settings, so that shit like this is, if not impossible, at least harder to do.

The_coffin_girl: 12 days ago

This. Thank you.

Ikonoclast: 12 days ago

@TrixieDelight - It's really less of a desire for people to calm down than it is for them to be angry about the right things. There's plenty of legitimate room for outrage with what's happened here without misdirecting it to things like security breaches etc.

OperationFilth: 12 days ago

@acquiescence_ - from what I've observed, all those who have their sexuality as "fluctuating/evolving" are categorised by the douchenozzle in this way.liii

@Ikonoclast - thank you for articulating my logic better than I could!

TerraVesta: 12 days ago

Very I sent a link to all my friends in the age group and put a status about it up. He picked 30 and under this time could just be slaves next time. I want everyone to understand yes showing off your body is find just keep your face out of the picture. The creeper that finds you on that list might just live right next door.

It's all public information and really he was kind of smart pointing it out, I just think he has other reasons for putting it up like he did. Like I said using men would have gotten the word out without the safety risk he's now caused.

_red_jade_: 12 days ago

Crumbs...

Ikonoclast: 12 days ago

To my above comment to @TrixieDelight:

Things it makes sense to be angry about: 1) Fetlife sent a DMCA takedown about this information months ago. Why are we only finding out about it now?liv 2) Fetlife has known the "Creeper contingent" is an issue on this site for ages, and yet no real proactive steps have been taken to empower people to dodge them. 3) Privacy controls here are currently limited to writings and photos, while huge swaths of other information can be crawled by any jackass with access to the site. Even Facebook has better options. 4) The "no talking about repeat predators" thing - need I say more?

sharingmyself: 12 days ago

CRUMBS to all

Baroness_Rips: 12 days ago

Crumbs.

I have no specific issues with this post.
My issue is exclusively on the access to our images, and other data therein.

Just because "it's on a website" should not just mean "it's publicly accessible for the world to see".

Being in IT security where DPA is integral to my job, as far as I am concerned any form of data access through a website which is password protected, and offers subscription based services with adverts for very highly paid development posts should at the very least be capable of ensuring the user profile and images etc etc etc stored on the website and through the databases held therein are only accessible via those members who are logged in.

Any link, should prompt a user to log in or sign up.

It is that simple.

I am aware of exactly how, and why this happens. After all even the biggest companies in the world get their data hacked, but quite simply, a service which is paid for should not be so easy to access.

Perhaps you need to start looking at the infrastructure of both the databases surrounding the site, and the general integrity of that with the 100,00s of $$$ you appear to have available.lv

Ember_Sea: 12 days ago

4) The "no talking about repeat predators" thing - need I say more?

THIS THIS THIS. Fet is fine with covering up for genuinely dangerous people, and indeed seems to welcome them. The fuck kind of people run this place?

Aside from that, this guy is still a toe-rag for being an objectifying cuntface. People are not meat.lvi People are not material for you to sexualize at your whims.lvii What he's doing may not be outing or explicitly illegal, but he's still a disgusting person for his attitude.

-Josh-: 12 days ago

Love being blocked because someone can't refute arguments and dismisses totally out of unrelated details like gender. Good riddance.lviii

September-: 12 days ago

Yes, this post is encouraging people to take action instead of being paralyzed by paranoia and fear.

whipher: 12 days ago

I think I will put a dick pic up dick just to piss em all off :o)

ThumbSkull: 12 days ago

Breadcrumbs...

VeryKerry: 12 days ago

Yeah, I don't feel outed. I think it's good to know that this creep and his site exist, and I even changed my age, but I think I'm gonna change it back. That list is not in any kind of order whatsoever.lix I seriously don't have the patience to look for myself on it, and I feel like although desperate horny men might be more patient with that, nobody is that patient. And if they are that patient I think maybe they deserve a pat on the head and/or a smack upside the head.

shrugs

Lasivian: 12 days ago

@TrixieDelight
I love being lectured by a man about this

The poster's genitalia has nothing to do with the statements made.

Also, females do not have the market cornered on "dealing with creepy" or drama or security issues.lx

confidenceinspired: 12 days ago

I agree with many that have said:
the problem that cannot be solved (remove online predators [with web-development skills] from the internet)

can be mitigated with better privacy controls and website security.

@MrBright has a good thread about "JohnBaku, it's time to enable privacy options for more parts of our profiles!"
fetlife.com/users/301130/posts/2892443
Remember what parts of one's profile can't be hidden from the masses yet:
* recent activity
* the "friends" list
* wall comments received
* the "fetish" list
* group memberships
* event attendance plans
* the list of one's relationships
you can help, vote for more privacy:

Privatize or restrict all/parts of my profile: fetlife.com/improvements/91
Make activity feed private from non-friends: fetlife.com/improvements/21

mia2003: 12 days ago

I've never been more happy to be 94, but god what a scum bag!!!! I hate that women on this site have to deal with being targeted in such a way. I scrolled through that list thinking god I hope there is not a bulls eye on my back, I knew I shouldn't be on the list because of my profile listed age but I was still scared.

LauraUnBound: 12 days ago

I don't think fetlife had any obligation to make this known to anyone. As we can see, it just leads to misunderstanding of what actually happened and fear mongering. All this guy did was break the part of the TOU that says you're not allowed to run a script on bitloves data, and he was (presumably) removed from the site, if he ever had an account, for violating the TOU. But what he did wasn't illegal, we don't need to be notified that someone did something icky but not actually wrong. Fetlifes TOU also says you're not allowed to fantasize about sex with a dog. Doing it is illegal, thinking about it isn't, I don't need to be notified every time someone gets thrown off the site for their dog erotica that is fucking icky but not actually illegal.lxi

Further, there's nothing the users can do outside of deactivate their accounts. Changing any of the info that list is filtered by doesn't remove you from the list, so what have you actually gained with this knowledge, what are you doing about it, short of removing yourself from the Internet? You might be rethinking those face photos or considering being a little more careful...but that's not fetlifes job either.

The more fetlife makes their job, the more they open themselves up to being liable for that one time they slip up, or when someone with a lot of time and money feels like they were failed by fetlife even if fetlife did their job correctly. Fetlife doesn't have the time and money for a court battle. They can't afford to be your babysitter, and they shouldn't be.

ClassyShyLady: 12 days ago

Crumbs

SavageRon: 12 days ago

The bigger issue that nobody is discussing is the shame inherent to the concealment of one's sexuality.
Seriously, how is society going to change is we are hiding in closets.
Look at the way the gay community has emerged from their closet (though it took them years to get this much mainstream acceptance), yet the majority of the BDSM community wants to stay hidden in a trunk in the basement. Attitudes won't change until people change them, and if your only outlet to the world is through fetlife, you're doing the community a disservice.
A munch that won't allow attendees to wear their collars is a really good example.lxii (Not naming groups specifically because I don't have time for the drama)lxiii, but what the fuck?? Groups like that are out there, but I won't attend....
I may not change the world by living in the open, but I have nothing to be ashamed of. My girl gets compliments from 'nillas for her collars, and we've had conversations with people who were genuinely interested but didn't know where to start.

What the douchecanoe did is completely wrong, and non-consensual. It needs to be attended to by a proud sadist in a dungeon away from prying eyes and witnesses, by someone who really enjoys it.
Fetlife should have been fast to respond and handle this situation, and I've not seen any evidence they've been aggressive at all, and should have more privacy protections available for those who want them.

If you're hiding in the dark, I hope you think about the reasons this pisses you off so much.

whipher: 12 days ago

Bravo
SavageRon

Hell my family knows im kinky so what !!!!

Eludecia: 12 days ago

I think we should be friends. :)

JoeDimwit: 12 days ago

This is a very well written piece.lxiv Thank you for explaining for people that aren't as tech savvy as some.

My issue isn't so much with the idiot, or that something like this is possible, it's that Fetlife was aware of this, and chose not to let the users know. My screen name isn't enough to identify me in the real world, but there are people on here that do have screen names that do make that possible. And when someone decides to target a segment of the community, we should be made aware so that we each can do whatever it is that we think will make us safer.

CyberAvatar: 12 days ago

He actually posted how fetlife could improve the security on the user id using salted values and such. I agree with himlxv, the user stuff was poorly handled by the site. There should also be some rate limiting and anti crawling software running.

SirElwing: 12 days ago

Nice reality check.

The truth is, a secret is only a secret if only one person knows it. If you have a secret you don't want told... keep it. Everything beyond that is (or should be) informed risk. If you don't want to die in a skydiving accident, don't skydive.

hot_legs: 12 days ago

Okay. Crumbs.

Little_Notes: 12 days ago

@TrixieDelight nothing about this post was lecturing. And it's not just women who were affected by that list. How many relationships were listed on those profiles? How many of those relationships were with men, MtF, FtM, etc etc? Yes, the original list was only women. Women who were listed as meat. That's disgusting. But this goes much further than a gender identity.

BRyan671: 12 days ago

Crumbs, especially for the last bit...

knotheadspace: 12 days ago

Good info.....

mysterygirl6982: 12 days ago

Crumbs... My screen name is on the second list. All of my photos are set to friends only other than my profile picture in which I'm fully hooded in latex. There is nothing on my profile that makes it me until you are my friend. Considering I'm picky about my friends list and won't friend just anyone, I'm not too worried about this. I hope the injunction does help though.

mia2003: 12 days ago

I am sorry I think this is not only about keeping our secret lives secret or being outed (which sucks). I think it's also about being put on a "MEAT LIST"!!! Not every women under 30 wants to be on a meat list!lxvi believe me if there was a sign up on fet for a "meat list" plenty would happily sign up, but no one was given that choice! It's a fucking violation!lxvii

mantucket: 12 days ago

look, at a glance this fellow

a) craves attention, so the more crumbs the post is given, the more 'streisand effect' will happen, which is what he seeks.

b) Clearly doesn't understand the fet world nor the social network context of fetlife. he might even be one of these sad 'PUA' boys with no social skills.lxviii

c) has a lot of insecurity regarding his own intellect and technical ability ... not how he keeps calling others morons, etc for supposed flaws in their code or understanding of technical things.lxix

d) meanwhile, his own code is inept, to put it mildly. Do view-source on his lists and you'll see HTML tables, wow, extremely inefficient and years out of date. it's how a noob would code.lxx All he did was copy an existing scraping script and modify itlxxi - ineptly again, as it comes up with lots of inactives, dommes, inappropriate, and duplicate profiles, etc. so we aren't looking at a tech wonderkind here.

So, short term, fetlife could:

1) block referrer codes from that domainlxxii, or better yet, redirect them to honeypot profiles designed to identify users who created profiles just to contact members of the list.... maybe even send them bogus autoreplies so they waste lots of time.

2) send alerts to users who appear on the list, or better yet, when any external backlink to one's profile is detected. easy.

3) also flag messages from accounts which appear to be newly created after a referral from some external link.

finally don't panic it feeds the instigator's sense of self-importance.lxxiii

venonymous: 12 days ago

Thanks for the info. People are afraid they've been doxed or something and all it is is a link to their profile (which they have complete control over.)

One thing that's kind of hilarious: women who are over 30 being deeply offended that they didnt make the list of some rando perv while women who are on the list are terrified that their lives are in jeopardy.

Girls; you're all pretty (pets your hair)lxxiv

latexsafi: 12 days ago

@Baroness_Rips Since when has fetlife been a paid for service, I get it for free. If I try to follow a link without being logged in then I am requested to login which surely meets your criteria.

Once logged in I can do manually what the script used can do and copy the data into a spreadsheet/database. Of course my bandwidth is limited and it will take me quite a long time to access some 3,000,000 accounts but I can do it (unless I have been blocked by a user).

The list created by the script only provides links to which users meet the selection criteria but you still need to be signed in to see the full profile.

Yes the guy is unpleasant but neither he nor Fetlife are in breach of the DPA as no personal data has been revealed other than that which you (the fetlife user) have made available to the public (any member of the public can join fetlife and view the same data).

As many people will say if you don't want it to be in the public domain then don't put it on the internet.

I do understand the concerns raised by the young ladies on the list but the guy has only broken the TOU of fetlife, not the law of any jurisdiction, and the script he published can be used (with suitable modification) by any member to find other members who match the criteria they specify.

I do think that fetlife should be more responsible and if they don't want a search on the site then they should make it more difficult for others to develop one especially as they have been told how to close this specific loophole and seem unable to do so.

Cusitsweet: 12 days ago

Yes this doesnt look too good!

HowTheNightCame: 12 days ago

I think a bunch of dudes should set their information to 23F in solidarity. That would fuck with the next fuckwad who tries to do something like this.lxxv

SupremeOverlord: 12 days ago

"Unless you can set it to "Friends Only," you should operate on the expectation that literally everyone on the Internet can see it."

I just want to point out that this is not exactly true. It is possible to view any picture on this website with out ever logging in regardless of permissions. Finding that picture is not exactly easy. I have had to warn several people of this in the past and I kind of wish that something can be done about it. (It may be fixed by now. It has been a long time since I actually found this problem. I shall test using my own profile.)

fiddleronthmoon: 12 days ago

Thanks for this. I didn't know about any of that stuff, so I appreciate that you took the time to explain like I'm 5.

CyberAvatar: 12 days ago

The image issue is down to the use of cdn rather than keeping it in house. I wonder if that could be easily fixed and doubt it...

Lady--Morgana: 12 days ago

OK, now I want big, hairy manbearpig as a gender option!

SupremeOverlord: 12 days ago

If you can see this image which is set to friends only on my profile then the issue is not fixed

flpics0.a.ssl.fastly.net/304/304783/0004d9dlxxvi

adrenaline_lust: 12 days ago

This is what happens when people with no social skills and access to a keyboard try to bruteforce a problem.

Why won't bitches fuck me?lxxvii Better dox 100,000 of them and play the numbers game. Bitches love being stalked on the internet.

Coming up next, a script that sends a vapid inbox message to each one. I recommend, "Hey baby, I haxxored Fetlife. I bet you want to be my slave now." I'm sure that will work.lxxviii

Longarms_McGee: 12 days ago

boosting this one a lot harder than the other

Ronindom: 12 days ago

crumbs. I think identifiable pics are possibly the largest problem for some folks.

VeryKerry: 12 days ago

@SupremeOverlord I'm able to see that picture. Thank you for the heads up.

LilClouds: 12 days ago

While I largely agree with you, I do consider being able to enumerate the users from a database to be a security flaw. Vulnerability may be too strong of a word as it does not give any direct means of exploiting the security of the system. And to be honest, if you're putting your information on a site that allows unrestricted sign-up, you can't be too mad about 'anonymous' users accessing your profile.

All this being said, as I'm sure you're well aware, the solution to the problem is relatively simple; I only wonder if it's implementation that is a bit complicated for the system that they already have in place (although I couldn't imagine it being too big of an issue).

As far as the other privacy issues......yeah......lxxix

Shedao: 12 days ago

Ok lady friends..... Read this too! BREADCRUMBS people. Breadcrumbs.

feelings_happen: 12 days ago

Thanks for passing on this info

The_Link: 12 days ago

Breadcrumbs. T_L

Artemis_phx: 12 days ago

@ikonoclast: I agree with the points you made, but the bottom line is that this explanation should have come from fet proper, when the issue was discovered. As with politics, it's not the fuck up, it's the cover up that scares and pisses people off. If fet had gotten in front of this, they could have told the community what happened and what the ramifications were.

Unfortunately, that's not how it went down. A good number of people saw the post, went to the linked website and saw language about "security breach" without the information or technical knowledge to understand what really happened. Shame on Fet for lacking basic customer service and PR know-how.

Also, although it's not a technical "security breach", it still appears to be a security flaw. I have to believe that fet developers intentionally designed fet so it isn't searchable. To the extent it is so easy to develop your own functionality, this appears to be a failing. You can't make things impossible to circumvent, but this seems like really low-hanging fruit.lxxx

Teach-HoH: 12 days ago

Darn OP you got this out before I got home Now folks worried about the "Meatlist" read this and stay calm dont panic

Snark_Attack: 12 days ago

sigh signal boost

Ikonoclast: 12 days ago

@SupremeOverlord - I wasn't aware the pictures were still navigable without accessing the site in the case of a "friends only" setting - that is a huge flaw.

forevamber: 12 days ago

Eh, I've apparently aged out of his age range. Pity. yawn

Ikonoclast: 12 days ago

@SupremeOverlord - I've updated the original post to reflect your comment - this is a hugely important thing to note, thank you for bringing it to my attention.

FairFolly: 12 days ago

I'm not concerned about being on some master list. I am irritated with knowing some assholes out there are compiling lists of people they view as meat so HNGs can flood the in boxes of women who don't want them and think themselves justified because they are under the mistaken impression this is a dating site. If there is anything worse than an asshole, it's a lazy asshole.

SupremeOverlord: 12 days ago

I just messaged @johnbaku about it just incase he wasn't aware of it

Ikonoclast: 12 days ago

@SupremeOverlord - Good. That, in context of the other issues I've pointed out here and the relative simplicity of fixing a lot of them, just makes me sick to my stomach.

ViolinsOfAutumn: 12 days ago

In technical terms, enumerating accounts like this is called a "Direct Object Reference". It's not a traditional security flaw, but it's sometimes discouraged for security reasons partly as it allows this kind of intrusive usage.

Replacing user IDs with an indirect reference (i.e. getting rid of user IDs) or random GUID might help, but would be hard to implement, break all sorts of things, and potentially make the site less user friendly & URLs quite ugly (or direct linking to profiles impossible). It probably wouldn't prevent someone from spidering the site and building a database of users another way.

Perhaps more effectively, fetlife could attempt to throttle accounts accessing multiple profiles to prevent automated abuse - potentially in conjunction with temporary account bans (for instance, for accounts that accessed hundreds of profiles in a few hours), or a CAPTCHA to attempt to prevent scripted access. These aren't perfect solutions, but they potentially make this sort of information gathering much harder to accomplish (or impractically time-consuming).

More granular privacy controls aren't a bad thing, and it's also never a bad idea to consider anything put on fetlife to be 'public' unless it's access controlled.

Going beyond the technical stuff, a huge +1 on the OP & others' comments to the effect that whatever the technical details, this is a toxic and intrusive thing to have done. Invoking 'chilling effects' wording in an attempt to brand attempts by fetlife to take down this information as anti-democratic or oppressive is also a pretty cynical thing to do.

everchanging: 12 days ago

I agree with what you have to say... but you may want to consider that some of the people changing their profiles aren't just overreacting. Perhaps you should consider that for some of us it was the push we needed to further protect our identities. I wasn't included in the list because I'm too old, but the list made me realize that one day it might be easier for a coworker to find me based on my age, gender, and location. Personally the list just motivated me to make the changes I felt were necessary to protect myself. Last summer a man at my workplace was showing other men fetlife profiles of local women. I should have changed my info then, for me this list was the push I needed to make changes that I feel good about... just something to think about.

SupremeOverlord: 12 days ago

Would it be particularly difficult or even possible to stop Direct Object Reference through use of cookies?

Lewdo: 12 days ago

thats funny

Ikonoclast: 12 days ago

@Everchanging - Please understand, I don't feel like the people changing their gender are overreacting; my commentary above isn't to diminish people's emotional response to this incident, but rather to discuss the effectiveness of that particular action as far as "putting the cat back in the bag" goes.

Ikonoclast: 12 days ago

@SupremeOverlord - I wouldn't think so. There's always the possibility of someone spoofing the cookie, but as I'm sure you're aware the ultimate goal of a security measure isn't to make things unbreakable, but to make them such a pain in the ass to circumvent that most attackers get frustrated/bored and fuck off to an easier target.

Ikonoclast: 12 days ago

@LilMisDomlyPants - I FUCKING LOVE THIS IDEA.

slave_Shirin: 12 days ago

People like you are so awesome to do all the work for us lowly indecent people. Thank you.

LittleDisneyShan: 12 days ago

Thanks for explaining this.

Loyal_Cerberus: 12 days ago

this can happen on almost any website or internet related service for example Microsoft and Sony (fair enough Sony's security was rubbish when information was retrieved by anonymous), there will always be someone who breaks the "code" its evolution but on a internet level.

internet services evolve and hacks (or script kiddies) evolve with them.

p.s. for anyone who recognises my mask I am not from lizard squad I just love the anime that it is from :)

T|A|O: 12 days ago

Finally someone who knows how to internet. Worst part, people don't know this list is one of potentially many. I've even seen scripts that allow Fet to essentially be searchable. This site isn't an island outside of the rest of the cyber world, anyone can join, thus anyone can see you. Thing is, the majority of the real world doesn't give a fuck and the only reason people here care now is because the shit went kinky & popular. No need to bite those cyanide capsules yet fellow kinksters. You're as safe as you ever were

--SCRATCH--: 12 days ago

I had to laugh at the soap box commentaries of "Dehumanizing women" and "outing" everyone in such an unconscionable manner. Histrionics indeed. I found the responses more amusing than alarming.
That being said, I decided to reel things in for the time being with my profile and my partners until we can get a better sense of what was happening. Where there is one breach, there may very well be another.lxxxi yes, yes, yes... i realize this was not "breachy", but I still feel a need to be cautious for the time being until I have confidence in Fetlife plugging the hole or at least addressing the issues.

I won't ever pay for Fetlife, made that decision years agolxxxii on the simple premise that I don't pay for anything I don't have full ownership of. I also won't line the pockets of someone else for my kinks, especially if I am not confidant they can do their job in the first place.

ViolinsOfAutumn: 12 days ago

@Supremeoverlord the site will already use cookies to keep track of who you are and if you're logged in - but there isn't really a direct use of them which would prevent this sort of flaw. The most cost-effective mitigation is probably some sort of throttling (which could include revoking session cookies - i.e. forcibly logging users out - if they're abusive).

Kiwisaurus: 12 days ago

I was definitely more annoyed about the obvious intention behind a thing called a "meatlist" and I think that shitlick needs a good long burlap sack ride down a waterfall.

everchanging: 12 days ago

To clarify I appreciate this note/ discussion. I didn't think you were attacking the people changing their profiles, I guess I was feeling that in some of the comments and thought it would be worth mentioning. Thanks :)

noisefreak: 12 days ago

@jkonclast - it is certainly possible for fetlife counteract automated crawlers, and many sites built with security in mind have such controls in place. You can try rate limiting (which makes the crawler much less effective) or ids rules which flag users who use sequential queries.lxxxiii There is even behavioral analysis software which flags security anomolies. There are other much more creative ways to ensure the user is human as well.

That user's daily number of requests was probobly skyrocketing. Most log monitoring tools would have caught that.

While you are right, at the end of the day, what you put online isn't private, it is worth the effort to make people operating scraper's lives miserable.

growly: 12 days ago

Well written piece, something nice to point people to!

Ikonoclast: 12 days ago

@noisefreak - there's also the issue of accidentally throttling legitimate usage; requests/time throttling tends to be a bit finicky, but I imagine they'd eventually get it right.

RiggerJay: 12 days ago

For those already ON that asshole's list..

while that list still exists, changing A/S/L won't help as it's a link to your profile. ie (fetlife.com/users/2904) It will help when list goes away OR if the list is rebuilt. Until then if someone clicks on link in that list, after they log in to FL , will see your profile.

Only way right now to break that list , is to delete your profile and create a new one that does not list any demographic information

AllThingsIntense: 12 days ago

Got it, get it, and all that. We all know and accept that anything we post anywhere on the internet is potentially (very) public. What the #/&$#" who violated the TOU (which was obviously his intention from the beginning) did is just the simple thing that many could do. Yet...in choice of targets he has done something more, which is to intimidate younger women who are statistically the most likely to be sexually assaulted and who therefore have the greatest basis for concern.

The fact that the posted information contains geographic data and an active link allows a would-be predator to do things which I'll not detail but anyone can imagine (and many have).

Sharing facts with the community is helpful. Telling us that there is nothing we can likely do and so just should suck it up...not so helpful. For example, collecting n a civil judgement may be difficult to the point of impossibility; but such a judgement if also linked to his egregious exposure of women to greater harm were also produced the European Union could take steps, and at a minimum the sleazebag would be effectively barred entry to the U.S.

In fact not "any idiot" could do what has people so upset. As an idiot myself and lacking certain knowledge, I could not do it. Wonder what in terms of denial-of-service attacks and hacking personal info about that sleazebag which allowed everyone he exposed to go after him the same way -- wonder what "any idiot" might do to help with that.

noisefreak: 12 days ago

@ikonoclast a lot of people worry about that, but once they set up the system they are usually happy with the result. I mean, if you are making 100 profile GET requests a second via natural traffic maybe you fetlife a little TOO much.

Tigrrrr: 12 days ago

seems http://trilema.com is down and offline

Edenmuse: 12 days ago

Breadcrumbs no matter who you are .

Teach-HoH: 12 days ago

Btw the easiest way to make this less simple for a scrape is use a small php script to convert the text to an image

JenKat: 12 days ago

Thank you so much for posting this. if I was better at spelling and braver well I wish I could post something like this. Thank you for clearing it up.

noisefreak: 12 days ago

@tigrrr maybe hacker revenge? Or maybe just traffic crashing it.

StealthJAG: 12 days ago

If Anthem can't ironclad protect your health information, or Home Depot can't protect your credit card information, you can't really expect FetLife to have the kind of security that can protect your dick and slit pics.lxxxiv

Ikonoclast: 12 days ago

@Edenmuse - what a shock. I wonder if someone got bored and fired up the LOIC... :P

ViolinsOfAutumn: 12 days ago

@Teach-HoH That probably carries a significant penalty in usability (and bandwidth) and is minimally difficult to bypass - there are lots of quite good anti-captcha tools out there which could be used to OCR the characters. It probably wouldn't be particularly efficient or cost-effective.

bes_sub: 12 days ago

Breadcrumbs to my Houston People! I checked the list and I did not recognize any names as I scrolled through and there are 21 people from Houston on the list when I did control + F. Be smart!

wandering_st4r: 12 days ago

I'm on the list and locked it down for the time being so that if anyone clicks the link, they're getting nowhere. So there is a little bit of something the girls on the list can do! Confuse the fuck out of the possible predators! :D

noisefreak: 12 days ago

@StealthJAG neither of those were trying very hard, to be honest.

Brimstone_Lord: 12 days ago

@ Icon .. Someone knows who he or she is .. I could give a damn , This isnt isn't the Ed Snowden type . I want his or her familys name ! I want to know where they live and what preperations they made before doing this .

His bleeding face on a camera , That would be worth spending a few bucks on !lxxxv

Fucking PC geeks with an agenda don't cut it , Someone knows who he is ? Let's make all this possible and not make us hunt him . Who is he ?

I'm a hard man to piss off but , If he's willing to risk his family , I am just dumb enough to ask him why ?

noisefreak: 12 days ago

@Teach-HoH it's a moot point if it's rate limited anyway. At any rate, I doubt this guy has the dollars to pay people to solve his captchas for him.lxxxvi

Ikonoclast: 12 days ago

@wandering_st4r - I like the cut of your jib.

Replikat: 12 days ago

All the crumbs! I was trying to write something explaining "outed" to everyone who's panicking, and this is so much better.

NotoriousSOG: 12 days ago

Ike, how will this help me get more babes? Please msg me, evil genius. Thanks!

Hawkeye: 12 days ago

That about sums up the reality of the situation...

duckie: 12 days ago

So, recently found out I'm (along with however many other ladies) on this list. My first reaction and continued one (for myself) is "meh". I put stuff out on the web, and live by the "if you wouldn't want it on a bill board outside your home town for all to see, don't post it" rule... and I have nudes up. So, for me... its sad someone put me on something as tritely named as the "meat list". Hopefully, the sheer number of people makes it easy to be lost among the shuffle were anyone to go searching. . . and if not? Well, that is something that will require awkward conversations for whoever asks.

thebee: 12 days ago

breadcrumbs!!! thank you Ikon- I love and miss you dearly!! I had a friend tell me I was on the first page today but I haven't seen it yet. sigh I guess it was about damn time for a fet update and friendsweep anyway- might as well start over instead.

Ikonoclast: 12 days ago

@thebee - let me know what you change to. Miss your face as well. :)

chipped_teacup: 12 days ago

thank you. this is exactly what i was trying to briefly express in my comments to the original post, only much better presented.

Konige: 12 days ago

may be why women and men choose to live in Antarctica, be 90 years old and not have any selfies or nudies in their profiles. :P

Konige: 12 days ago

but really at least the fetters on the list should have been told. THAT is the site's responsibility as soon as they knew

noisefreak: 12 days ago

Maybe there should just be a nic cage option. All of your vital stats are synched to Nick Cage's current stats, including location.

Papabear_Grimm: 12 days ago

one nice option, like the use at FUBAR, is to be able to make it so your entire profile is only viewable by people on your friends list.

wtfeva: 12 days ago

Meh. There are things that can be done to prevent scraping to some extent. I understand that are info is basically public, but if a user was able to scrape that much data in a short period of time then fetlife should have better practices and monitoring in place on the backend. I'm not concerned about the scraped data as far as that info, but in the 'If Fetlife couldn't prevent a simple site scrape, then how well is the rest of my data protected' type of thing.

Just my 2 bits.

Teach-HoH: 12 days ago

@ViolinsOfAutumn: most scrapping scripts don't use ocr. As for usability only relay for folks using screen readers, bandwidth well all security carries a bandwidth overhead, however it was a first suggestion of a possible way to make it more difficult for this to happen and surley any suggestion that can make this sort of thing more difficult is worth investigating.

LunachickXXX: 12 days ago

Due to the viral nature of this article the community has effectively DDoS'd the website in question. isitdown confirmed.

Keep hitting f5.lxxxvii

noisefreak: 12 days ago

@wtfeva yes, this.

shaktee: 12 days ago

the web page doesnt work

Ikonoclast: 12 days ago

@Shaktee - I believe his site is experiencing what used to be called "The Digg Effect" :)

Ikonoclast: 12 days ago

a.k.a. the Slashdot effect, Link Farking, etc.

ViolinsOfAutumn: 12 days ago

@Teach-HoH: there are a bunch of tools out there for solving captchas - it wouldn't be at all hard to plug one into a scraping script and use it to turn the appropriate bits of the page into text whilst harvesting; maybe an hour or two's work.

There are plenty of bad captchas which are vulnerable to this, and captchas are designed to be difficult for humans to read. It's unlikely presenting information meant to be easy to read would be compatible with defeating even a fairly rudimentary scraping script built in this way.

Even if you solve this problem, you have an accessibility problem - this would immediately make the site less friendly for visually impaired users. And the bandwitg dth cost of an additional 20-30KiB per page may not be inconsiderable. Security sometimes makes things less efficient, but there's always a trade-off and it needs to be thought through. I'm not sure if the benefit here would outway the various costs - bandwidth-wise, cost-of-implementation-wise, or accessibility-wise.

So sure, definitely worth investigating or discussing. My money's on rate limiting or throttling as the most effective first-order mitigation, though.

shatteredplaster: 12 days ago

It's experienced the FetLife Hug of Death

LifeLovingEyes: 12 days ago

Look at the dialogue
this incident is provoking
to me it says two things

FL technical team
get your shit together

People on FL
know that expressing
yourself here
is at one and the same time
a joy
and a risk

Wolf_ofthe_Storm: 12 days ago

Is this clown a know fetlife member? Strikes me he might be more of a terrorist. It is too much for one person in a reasonable amount of time. Who has time to go through over 100,000 profiles? And not get distracted by boobies. Unless he has no job and no life.

Teach-HoH: 12 days ago

well id look at both ViolinsOfAutumn

kolker: 12 days ago

I agree, We Are Not Being "Outed" and there hasn't been a "Security Breach"lxxxviii

Mo_Funky: 12 days ago

Would sending someone by this assholes place to break every bone in his fingers be a "Denial of Service Attack"?

Zaldar: 12 days ago

His twitter account has apparently been suspended, which is interesting, and I can't get the list to even load on multiple devices. Sucessful DDoS can explain the site, but the Twitter is neat.lxxxix

Ikonoclast: 12 days ago

@Wolf_ofthe_Storm - he did this programmatically. An automated browser can cruise through 100k profiles in very little time.

LifeLovingEyes: 12 days ago

sorry but I somewhat
disagree with parts of this original post
we can either accept and lie down

or let the dialogue on this event

and it is considerable
over a lot of different posts
even ones that
are making K&P

challenge us all to innovate
and make this kind of crude
Internet Info Rape
much much harder
in this community
known as FL

come on
JB's tech team
see this as a challenge
and not a defeat

leophd: 12 days ago

This is helpful.... Thanks!

His_sweet_prey: 12 days ago

Thank you for posting this. You managed to articulate everything I've been thinking about it, along with explaining the more technical aspects of how he did it (which, as someone that's not super computer-saavy, I appreciate immensely).

Cheers.

LupineLady: 12 days ago

Yup. This.

rosey-fox: 12 days ago

Also crumbs

CalamityBrain: 12 days ago

More BreadCrumbs

mrs_leorex: 12 days ago

Thank you for clearing this up for me.

shatteredplaster: 12 days ago

LifeLovingEyes, why are you writing stanzas?

G_W: 12 days ago

I clicked on Ikon's link basically out of curiousity and got this: Internet Explorer cannot display the web page so all I can guess is that the site was taken down or blocked. So everyone that was all in a panic about being on this list can chill.

Forbin70: 12 days ago

Op, you sir, win the internet for the day. Deftly handled.

Fetlife is still the internet. While many of us may have always been comfortable here and some of us may have recently decided to be more out and have become more comfortable here (that would be me), its STILL the internet and no one has any reasonable expectation of privacy beyond what simple friends-only features can offer. Your public photos and writings in all forms here are, like it or not, out in the jungle once you post them. No matter how much anyone wishes or insists the contrary should be the case. Those are the simple facts.

The fact is, webcrawlers happen all the time, it's just in this case it seems it was for less than nice or honorable reasons. But as the OP points out, it is NOT a hack or even a crack. It does nothing that a person with enough time and effort couldn't do by hand.xc

And I think this is an opportune time to point out to the party players, local community folks, and social networkers that all of the above is why not everyone is comfortable with having a detailed profile, photos displayed, or attending local events: Because many choose to UNDERSTAND and grasp the simple realities of the internet and the real life world and they want to maintain their privacy for any of a number of legitimate reasons that are no one else's business to know or question.

So, before people go bandying about suggestions that having an undetailed profile, a lack of photos, or no interest in attending local munches and events are RED FLAGS they might consider that the people they are attempting to shame and cajole from doing things in the ways in which they, personally, are comfortable, that those people may simply just have a better grasp on the reality that this is the internet and the world is as it is than they do. Or just simply don't accept the risks associated with it as they do. I see this constantly on FetLife and it was at an epidemic level amongst many in my local area in particular for quite a while, although it seems to have toned down a bit of late, thankfully.

In fact, I would go so far as saying such a thing constitutes a consent violation on a level. Simply because YOU have had a good experience with social networking here and because YOU have had a good experience with going to events and gatherings, local or otherwise, and because YOU accept the risks of exposing yourself to whatever degree publicly irl and on FetLife doesn't mean that everyone is. And it is no one's business to suggest that they are required to be. Suggestions to the contrary are not only wrong, but they are pretty fucking obnoxious, too, IMO. And, here, we see why that is, exactly.

Thank you again, OP.

Brimstone_Lord: 12 days ago

Someone knows who Trelima , can out him . I'm sure he's ready for a run for the roses . Let's just get his name pubic . If anyone has any information , Just spill it .xci

ViolinsOfAutumn: 12 days ago

@G_W More likely than not (and as suggested above) the site has gone down due to the load of thousands of fetlifers hitting itxcii; it's unfortunately likely that the data still exists (somewhere), and it's not impossible it could surface again, on the same site or elsewhere (pastebin, bittorrent, etc).

Brimstone_Lord: 12 days ago

Never attack an innocent man but , if YOU know its him .. PC geek or not , Dont Don't let him get back to his car ..

Daggerdom: 12 days ago

Ok, this is not going to give any comfort, but the reality is once certain borders are crossed the DMCA is not worth it's weight in used toilet paper. It simply will not be enforced. Second, to make a site really difficult to crack would take some serious money and serious hackers on the payroll. Fetlife probably has neither. A good cracker can probably access the entire database in less than an hours work. And a website that comes down can be back up in a very short time. Blocking never works very long. There are too many ways around it.

The wisest course is to assume that everything you put on here is going to end up on a website out of Russia and nothing can be done to stop it.

noisefreak: 12 days ago

Actually, just another thought, if FL had used a properly sized userid - maybe one computed from a secure hashing algorithm, none of this would have been possible. It's because the userids were sequential and small that this was easy.

Papabear_Grimm: 12 days ago

I type
in short lines
making it hard for
people to read what I type

DeeplyDesired: 12 days ago

I agree with the comments of the OP but I would like to consider what is now possible, because of this searchable list of FetLife accounts, that was more difficult before it was published.

It is now possible to go through the profiles of all 30 year old ladies who live in... say Brighton... one by one and examine their photographs and writing. The point being... if you know Brighton well you might be able to identify somebody from some background detail or some hint in their writing.

Of course this was possible before the publication of this list, but it would have been much more difficult to target all the profiles, of a defined age group and sex, all from one location.

DD

Wainskote: 12 days ago

Fetlife could also include code to detect potential crawling and data scraping, and either flag it to a person for action, or automatically disable the account doing the scraping. OK Cupid does this, for example. Its a fairly standard thing to do, for companies that sell access to databases.

PurryLady: 12 days ago

Thanks for the OP and so many great comments. Breadcrumbs.

Daggerdom: 12 days ago

My guess is the site is down because it has been overloaded by people trying to look at it, mostly due to the Fetlife PR it has been given.

danceinmypants: 12 days ago

Well I hope this puts everyone off the idea of profiles being searchable by A/S/L

Ijustwanttoknowyou: 12 days ago

@G_W
...why are you using IE? Seriously, now THAT'S a safety violation.

As for this...absolutely this is not a hack. And, frankly, as it's publicly available information, (and it IS publicly available information. No ID of any sort is required to sign in to this website, anyone can join, and is thus, by any practical definition, public) any legal issue is purely in methodology, not in the publication itself. Immoral, yes, beyond question. Illegal, not likely. (Ironically enough, there are any number of things we do in this community on a daily basis with mutual consent that are far, far more likely to end with international extradition and jail time than this).

My highschool library had multiple books on how to do just this. I mean, I'm sure the specifics have changed, slightly, but the basics? Easily available information.

Absolutely. We should keep hammering that website until his web host drops him like a hot rock.xciii In fact, it would be worth finding out who his web host IS and contacting them, as it's quite likely that what he's doing is in violation of their TOU.

ViolinsOfAutumn: 12 days ago

@noisefreak randomly-generated GUIDs would be the most obvious thing, but at the cost of nasty URLs. Facebook does something ~similar using a combination of an ID and the custom URL ( /profile.php?id=ID will redirect to the custom URL), which is probably not a bad balance of usability and ease of implementation, and would be simple to do with non-incremental IDs and a huge searchspace.

Observer: 12 days ago

I think that it shows that a lot of people have a sense of false security - if it is visible by users, it's searchable by a computer, and it can be collected etc. I think that the "size" of the internet (millions, billion of users!) give people the impression that they have "the anonymity of the crowd"). We do not.

There are no doubts that the guy who did this was a jerk, and that FL could do more to safeguard our data, but stopping this is impossible.

SadieCakes: 12 days ago

Crumbs!

Ponygroom: 12 days ago

Picked this up from your status messages @Ikonoklast,
fetlife.com/users/48475/statuses/16343736
... watching a post that is, essentially, on privacy, technology, and their intersection with dumbfuck misogynists beat out all the T&A is making me giggle like a schoolgirl.

Now I am visualizing you giggling like a schoolgirl.

This is getting better all the time.

LeelooMelissa: 12 days ago

@Teach-HoH: And the most expensive way.

Considering that the reason the images are not behind the login system is that they are hosted externally because bandwidth and servers are already too expensive...

ViolinsOfAutumn: 12 days ago

@deeplydesired The data that had been published (as far as I'm aware) consisted of two fairly short lists, "2 of 30", with a few hundred users' key stats and links to their profiles. This doesn't make it less nasty or diminish the possibility that what you're describing (universal search) could be possible, but that (thankfully) hasn't transpired so far.

PeteMosq: 12 days ago

Anybody got a million dollars? :)

I said this on another thread but it bears repeating.

Look at the 'Suggestions Page'

Notice how many suggestions are up and how little are even being close to implemented - even years later? That's not a criticism, it's a fact.

The people who run this site have a tough enough time doing that -running the site.
I have nothing but respect for John Baku and co.xciv but calling on him to solve everything wrong with Fetlife is like calling on the President to fix all of the problems in the country. It feels good but it's unrealistic.
The fact remains that Fetlife needs lots of people (and lots of dollars) that it doesn't have to do these things. If Bitlove and co. made any mistakes, it was at the beginning when they didn't put mechanisms in place to control growth, but that horse left the gate long ago.
If any of those suggestions are even going to stand a chance to be implemented, the thing that JB & co needs is a serious buyer with the resources to do it. So that said, anybody got a million dollars? :)

ozzz1: 12 days ago

Interesting

_Little_Lily_13: 12 days ago

Wow that site will NOT load for anything on my computer.

Parebo: 12 days ago

An excellent reminder of the inherent dangers in comminicating via a public website rather than emails+GPG/phone/face to face.

For all the benefits of "social media" sites, it's important to remember that they're akin to posting everything you say on a gargantuan orbital billboard, visible by everyone on the planet.

Cosima_: 12 days ago

Anyone who is reacting to this "breach" needs to take a deep breath and chill. Then take a moment and consider WHY they are on this site in the first place with all their nude selfies and revealing info...(something they should have done before posting said information). No website... I repeat: NO WEBSITE is ever 100% secure - even the government gets hacked from time to time.

@Finch_slc: ROFLMAO!

slutscream: 12 days ago

Being the butt of somebody's sexual agenda more than once, I am so done with it.

If some little twankerscrap is ohh so desperate to have his phallus get attention from an anonymous pair of boobs...

Well then he should feel free to drop by...

Meat-kabobs on a pine dowel are a lovely way to start any season...

Especially if you get the seasonings just right to enhance the texture of the meat and set off the flavor of the juices, with some old bay, Tabasco, Frank's Red Hot sauce...to make a delightful gift he will never forget, served hot and wrapped for his instant pleasure.

The only side-effect is that he may not have these random urges to generate lists again. Fet-Life could enact a FB-type "checkbox" option for Close Friends privacy. It's easy to just unfriend, or deny requests from any person you haven't met in real life, but that defeats the social network experience...how do you meet in real life, or be aware that a person exists, if you haven't dealt with them online? Sort of like belling the cat in that tale*

LeelooMelissa: 12 days ago

My response to all the suggestions on how to fix this became too long to post both here and on the other thread, so I put it in a note:

fetlife.com/users/873445/posts/2893347

MrProsser: 12 days ago
Do what I did send an email with links to his countries cyber division. While the DMCA couldn't stop him hacking is still illegal and he admits to it.

What was done is not hacking, unless some massive new information has come in, where they have admitted to finding an exploit to access Fetlife servers and database, so I doubt anything will come of that. They just automated the process of looking at the website, logging in using their credentials, and crawling the pages, saving the data, automatically rather than manually looking at each profile. Someone that has a lot of time on their hands could do the same thing manually.

I do not understand why Fetlife issued the DMCA request, it seems to have no basis, was bound to go nowhere, and just end up being used to smear them. I seem to remember them doing something similar a few years ago when a similar event happened, where people signed up to a third-party service that saved their data, and they were rightfully taken to task for that.

TheWindUpBoy: 12 days ago

Crumbs

hawtndangerous: 12 days ago

In other news, douche canoe is my new favorite insult

shameless_bratt: 12 days ago

My curiosity was piqued so I tried to click on the link to this person's site, but no dice...taken down maybe?

LeTigreDominor: 12 days ago

Thanks for the clarification IKON, and crumbs for all...

Serendipity_Jen: 12 days ago

Crumbs

shamelessSiren: 12 days ago

Cheers to u dear Sir! And Thank U! So Well said!!!!

LthrAussie: 12 days ago

I read this with great interest. As a gay man of a "certain age" the word outing has very different connotations from what is being described here. Outing for us was a risk...a risk of having your family disown you...a risk of having your employer fire you....a risk of having your landlord evict you. Serious consequences. Used here (and I don't mean to minimize the effect this action has) the risk is what...an embarrassing conversation with parents or friends. I hope the word itself has changed meaning however to me this isnt outing.

yourlittlesiren: 12 days ago

This is the first I'm hearing of this.. I must have missed a lot in the week I didn't log on

PrincessBrassy: 12 days ago

Ya know... while everybody's talking about getting outed and shit... where's the outrage over this dicknozzle calling all of these women "meat", as if they're not even worthy of basic human dignity and respect?

WhipBound_Seraph: 12 days ago

You know, I admit I was probably guilty of overreaction-though my comment in the matter was along the lines of "this fucking fucknozzle is violating our personal haven and identities without our permission", to paraphrase.

This actually enormously helps me be less anxious. I am not techy, so this helps out a lot. Thank you for writing it.

Rowan_minicooper: 12 days ago

demonic giggles escape here perfect perky pink lips

CountVonRex: 12 days ago

The site is, at time of writing (1:41am GMT) non-responsive. I've no idea why, but hopefully someone has managed to get some legal action to stick.

FollowMe210: 12 days ago

I wanted to publicly announce that it looks like the hacking group "WhiteHats" have DDoS'd the site and it is currently down. If you try and access the doucebags site, you will not be able to as of 7:41 PM central time 4/10/15xcv

Ramenth: 12 days ago

Crumbs for this.

FollowMe210: 12 days ago

@CountVonRex

It is not possible to get a reaction legally this quickly. The site was hacked.

-Diablo-: 12 days ago

TL;DR Why can't Fetlife use the crawler program's user-agent to block requests from non-real people browsers. Combine that with the rate of page requests and you can ID crawls as they happen?

-Amalthea-: 12 days ago

All the crumbs.

SwaggedyAnn: 12 days ago

Crumbs.

TheStudent70: 12 days ago

I agree with Finch_slc.

ameriah: 12 days ago

If you are that damn worried about being "outed" don't post your shit on the internet.

FluffysHubbie: 12 days ago

I had a conversation about this with a friend earlier. There's mention earlier in this thread about some mitigation measures that could be taken- connection pattern analysis and throttling, userID obfuscation, things like that.
My take is this- for the kind of stringent qualifications they seem to require for developers and devops staff, I would like to think they would have a handle on that sort of thing. In my professional life, that's just day-to-day considerations.
Of course, the other thing I've observed (that's likely the case here) is mitigation tactics like these are usually on a list of things to handle which are ignored until someone exploits them in big, splattery embarrassing ways.

IntricateMuse: 12 days ago

Crumbs....

Franck: 12 days ago

Apache has a module to rate limit the number of pages you can access per minute. Also with a few links with an unused user id, if the same ip hits a couple you just block this IP. Anti Web site scraping measures is standard security ops.

Luna_Mentis: 12 days ago

Douchenozzle mentioned something about how this could've been avoided if FL "fixed their broken code", but it's beyond me what's broken about a site that allows one to click through profiles. He just got a program to copy and paste things for him, nothing much to be done to prevent that.

Luna_Mentis: 12 days ago

And fuck this guy for labeling his little display a "meatlist".

amazonv: 11 days ago

Quick note i am dropping around for people

If you are on the list i recommend NOT changing your username won't help as it's linked by profile ID - please note if you do change your username it will now be associated with your old username forever as the link was by ID, so now a person has you "old" username, and "new" username which links the two - to you.

I wrote a quick privacy guide for people affected (anyone's ideas are welcome!)

sites.google.com/site/yourbasiconlineprivac……

also the homepage above that site has general privacy tips

Fetlife has never been safe if you aren't careful (what he has done is still a horrible thing but there is really nothing stopping any of us from copy pasting each others data)

Franck: 11 days ago

Please vote: fetlife.com/improvements/7726

PennsylHart: 11 days ago

Awesome post, but. Still keeping my changes because ... there is literally no upside to presenting as female and/or younger on this site just generally speaking

RussianPrincess: 11 days ago

@LthrAussie

>>>the risk is what...an embarrassing conversation with parents or friends.

Yes, I believe nothing more than this. And if you are assertive enough and politely tell that your intimate life is none of their business, in most cases they will shut up real fast. Only Sadists, employed with vulnerable groups (kids, seniors, disabled), could risk their work.

MizRoxy: 11 days ago

Holy crap what a thread, how about lets gets this bitch fixed and call it a day in the land of Kink or SsDd

Not a fan of letting others take away my freedom and I won't live in fear.

2punishu: 11 days ago

If you can live with the worst case scenario, then you've removed their power - first rule of dealing with a bully. I don't give a fuck.

Hazelbite: 11 days ago

I feel like OP has not really aknowledged that this also overlaps with the social issue of women being discriminated against, specifically. It's targeted and annoying that a group of people (women under 30) need to change their online behaviour to avoid what is clearly actions developed from non-consent culture and societal attitudes towards women.xcvi

That aside the post was well written and a good read.

Smurfer: 11 days ago

A good post. Thank you.

ruru67: 11 days ago

Crumbs. Also added a note about Fet's alleged "lack of security" to my Occasionally Asked FetLife Questions post.

Sparlock: 11 days ago

There are companies where compiling and selling this information is a business model (eg. Facebook, Twitter etc). Companies do this ALL the time. If FetLife were to go bankrupt, what do you think the bankruptcy lawyer would sell (It happened to RadioShack recently when they went bankrupt)?xcvii

The way this person did it is to get a rise out of people but it shows how little people think about their privacy online and the endless possibilities of damage someone with even minimal technical skills can do.

I personally have developed a minimal API to post events to FetLife from Drupal Rules and the code is also open, took me an hour. A "search" function is equally trivial, I've thought about making an anonymous 'friends heat map' for purely informational purposes but I don't have the time to spend on non-functional pieces.

There is no 'fix' for this issue. If you don't want to be found, don't post your info. FetLife allows you to see any pictures on the site without needing to login, that can be fixed, disallowing people to copy info they can already see is impossible.

SwaggedyAnn: 11 days ago

Semi-unrelated, but Trilema is nuttier than squirrel shit, and his writing definitely shows it.

Trigger warning: completely next-level misogyny and references to rape ahead.

Selected quotes:
The woman's job is to find a great man (not good, by the way), suck his cock, wash his socks and write his eulogy. That's it, forget all the rest of the shit you think you're doing with careers and "your own life" and whatnot, it's an exercise in derpitudinous ridicule. There isn't a life outside of life. This is life...
The point of an eulogy is to use the surviving woman's worthless body to pay homage to the very valuable, now extinct soul of the man. Thus the best eulogy is suicide on the grave...
Great men don't get the eulogies they deserve and artificially inflated boobs get eulogies they don't deserve because women have turned mediocre these days. Because women aren't raped nearly enough, aren't beaten nearly enough, don't go hungry and don't cry nearly enough, they've forgotten to appreciate greatness and instead hum along like objects, between a "battery low warning" and a "you've got new messages" notification.
It's no way to live, not for any woman, and a "career" is no substitute, a sex tape is no substitute, nothing can really ever substitute. Grow up, stop clinging to your prepubescent sarafans, go find a great man and give him a great eulogy already.
Online, it's the women that rape.
It's an inconvenient but incontrovertible fact that the "online threat" variety of pseudo-rape is a form of typically feminine communication, employed generally by women.
Patriarchy is a thing because nobody likes living in a world populated by little girls
There you go, the complete story of rape as required life experience. Girl says no fifty times and nobody cares. It’s not her place to deny.

So, to anyone who thinks he was just trolling or doing this "for the lulz": nope. This is actually a dude who hates women.xcviii

Smartfirst: 11 days ago

Bravo.

januarygrace: 11 days ago

Hacked or overloaded & crashed or can't take the heat - whatever the case, the infamous link & website is DOWN according to Is It Down Right Now. Hopefully, that's permanent.

imsweet: 11 days ago

This was a VERY informational writing. THANK YOU. I do agree that it would be nice not to be forced to disclose location as MANY MANY of us have to fake it (Antartica, etc) but aside from that... I actually am going to go back and see what just happened with my few days away.

Mojo_69: 11 days ago

Excellent - thank you

-LynxKelley-: 11 days ago

"I put pictures on the internet so people could see them, and now people SAW THEM?!?!"

FUCKING INTERWEBBING HOW DOES IT WORK?!

BlackPrince: 11 days ago

Thank you... this is very pertinent material for ALL of us.

Not being a techie I was unaware of the machinations referred to, but frankly the security here is pathetic and people should know that, so they can make vital decisions to protect their own lives, careers and relationships or at least have the option to do so if they feel the need to.

EskimoHuntress: 11 days ago

Crumbs

Epona_Le_Gray: 11 days ago

Noted

Sugar_Bear: 11 days ago

/breadcrumbs

TripleJ: 11 days ago

Please consider, if you go to douchebags website, you are more than likely providing him with your Internet IP address, which is to say, an IP address of you the FL user. This may be used as part of his metadata database or for directed Internet attacks against you!!xcix

Nycroth: 11 days ago

Couldn't have said it better.

SoftTies: 11 days ago

99.99% agree with the OP, but...
The statement that no one was outed is false,
www.easycounter.com/report/trilema.com
Mircea Popescu has outed himself, and I for one think that further outing him is poetic justice...c

rukia330: 11 days ago

there's more that can be done but a web-crawler is fairly easy to do and rather low on the creeper scale unfortunately. there's much more that could be done if said douchebag was actually determined which i will not mention since i don't want to give the douches ideas. as for privacy and settings you bring up some very valid points that would be nice if it were able to restrict who finds things.

Mr-Rob: 11 days ago

Crumbs

TrixieDelight: 11 days ago

Thank you, @SwaggedyAnne. Yes, this is about women. Against women

bes_sub: 11 days ago

@TripleJ my computer savvy Dom says not necessarily true, so don't go scaring people, we don't need leather wearing, whip carrying, Kinksters that also need their foil helmets...

Father-Lucifer: 11 days ago

The NSA can pretty much get into anything electronic and it already has almost everything else there is to know about you! I'm not hearing any complaints about that? www.nsa.gov/public_info/contacts

The NSA LOVES F-L. Everyday we make their gray, numeric, encoded, boring existence a bit more tolerable. Hey! Some of the boys and girls at Fort Meade may even be F-L members. I wonder what THEY shared here about themselves?

The Good Father

Father-Lucifer: 11 days ago

Just by putting that acronym in that post, I have doomed us all to endless scrutiny. SORRY! ;-)

Ivy_Leigh: 11 days ago

And when I made the suggestion to make our profile page private in the Suggestion Box, I was poo-pooed. Mmm hmm.

FromAlphaToOmega: 11 days ago

Change. Your. Location. To. Antartica.

Simple.

Also, depending on how the original info was posted, if it was only the 'username', then yes, changing that will make it so that no one can track your old username unless they find a 'link' through fl posts or similar.

Also, this isn't news. And it's far from the 'only trick' that exists. You can 'mine' fetlife for all sorts of info that could be a lot more useful than finding females in a particular area.

Drama. As usual.

MizRoxy: 11 days ago

There are far more bigger concerns within social media sites really? I don't see the big deal other than all of our privacy with pedophiles and others lurking. They have always been among us so why the hype now ?

MizRoxy: 11 days ago

sarcasm

MizRoxy: 11 days ago

The issue is securing the database breach, self containment should be paramount in the network security gods primary objectives.

DrFier: 11 days ago

I'm sure it has been mentioned in the comments already, but pictures can definitely be downloaded from the site. Notice how this picture appears within this one? I had permission, but I was able to directly pull it from fet(or rather their hosting service); and without much effort either.

Ijustwanttoknowyou: 11 days ago

There was no database breach here. All information was collected from publicly posted information on user profiles.

dr_stabby: 11 days ago

@Drfier - It's been mentioned repeatedly, and it's misguided. If you can look at a picture, you can download it. That's not a "security threat".

bittercrow: 11 days ago

Okay, but still, I just wanna beat this guy in a non consensual way, just a little...ci

Franck: 11 days ago

It is not too hard to avoid someone abuse your service by scraping your site and run away with the data, so vote for some added security: fetlife.com/improvements/7726

cherished_LA: 11 days ago

Very well said!! Breadcrumbs and bottom line: If you a post a recognizable photo of yourself (that includes your face) anywhere on the web, or send it via phone to someone, sooner or later you should expect some douche will find a way to harvest/hack it and very likely post it where his fapping buddies can see it, and Google can crawl it. And it might very well have your real, vanilla name/career/family/life associated with it, as Google Image Search gets better and better at face recognition. You can be as angry as you wish about how wrong and unfair and gross that is, but it does not make that fact any less real.

knot2nice: 11 days ago

yay logic!

2punishu: 11 days ago

NodeXL...a very basic network visualization tool. You, your network, and your connections....open for all. Relax, it's been happening for years. Amateurs and professionals have been having their way with your data for years now...don't lose your shit because some douchebag claims to own you. This guy is going to get a righteous wedgie at one point. The take away? Don't put shit on the intertubes that you can't live with.

Voidsincision: 11 days ago

chances are its irrelevant, because your mom, coworkers, and boss are probably not reading Trilema's blog. possibile information is not information, and he is probably simply outside of the ambit of your vanilla friends information horizons, even if its in concievable possible access range.cii

DeeplyDesired: 11 days ago

Although the techies have managed to convince us that this was not a big deal and I really to not want to stir more drama but there are two points I wish to make about this incident.

1. Douche canoe could have made his point about FetLife security by listing all males who live in Antarctica over the age of 65. He didn't.ciii He chose to target what is the most vulnerable group on FetLife.civ Kinky women under the age of 30.

2. The 'cost' of being outed here is not just a difficult conversation with family or employer or an increase in unwanted FetLife traffic. It is possible that the identified group will now be subject to stalking or harassment by predators when outside of FetLife. This list has, perhaps only marginally, nonetheless increased the ability of unsavoury people to identify all kinky women under the age of 30 who live in a specific location (ie a small town).

DD

ACaringBeast: 11 days ago

Mark the date: today was the day that everyone on FetLife became as dumb as everyone you know on Facebook.

Pointless scare tactics? Check.

Linking to "outrageous" things? Check.

People piling just to show the group how with it they are and how much they feel everyone else's pain? Check.

Fetlife is now nothing more than Facebook with a dark color scheme and dick pics.

It was a good run.cv

Bound_Mnementh: 11 days ago

Very well said, thank you

Zebrianna: 11 days ago

Well written! CRUMBS

Furneaux: 11 days ago

A very good summary. There's also some more info here:

andrewdieppa.kinja.com/indecent-exposure-or-…

The sort of thing this guy has done is pretty trivial from a technical viewpoint; there's even a Firefox extension that can achieve much the same thing:

youtu.be/gBy6Twe2fZw

What I find concerning are the overstated claims of safety and security by FL which are probably what lull many into a false sense of security in the first place. It is disingenuous at best and misleading at worst.cvi

BFs_sassy: 11 days ago

Seems to me most people are missing the bigger picture. If Ikonoclast is right about how the information was obtained, changing anything in your profile now isn't going to help. It's all linked to your ID number. So at any time a new list could be posted from the original information he got of any age/gender or location he wanted, all linked to the log in ID.
Change all you want now, but what you had posted then is the information he has.

fromtheprof: 11 days ago

I think this thread starts with a very useful post. It's so easy to criticize the administrators of a social networking site. Frankly, in the social networking realm Fetlife is a breath of fresh air.

Why? Because this site most of all is a "discussion/forum" site with lively discussions like this. If you look outside Fetlife at the social networking world you will find that most discussion boards have been abandoned in favor of sites like Twitter and Facebook where intelligent discussion largely never happens.cvii

Facebook is a site about community and community building - something that really has to come back into the social network world in general. Fetlife sets a great example.cviii That's why this site is so popularcix - in spite of the fact that the great majority of the population doesn't share our lifestyle so the pool from which Fetlife members are drawn is tiny compared to most other social networking sites.

So - in a site with as many members as this one has, you are going to get a bunch of douchebag assholes. That's just life. Get over it.

DeeplyDesired: 11 days ago

@BF_Sassy. Agreed.

But it is worthwhile for everybody to go through their profiles and work out how easy it would be to identify the owner (and if you care, of course) and be aware that anybody can access their profile, (including that weird guy who lives down the block and never goes out), inspect the writing, steal the pictures and reverse-search them.

Changing these aspects of a profile is worthwhile now if there is a concern.

DD

wildwitch: 11 days ago

And Fetlife users shouldn't give people a hard time if they chose not to have face pics on here or if they don't want to end up in the back ground of photos at events.

miec: 11 days ago

Fantastic, informative post. Thanks for sharing.

Electra-73: 11 days ago

So this is some sick attempt at making a 'hot list' database of kinky women? hmm.. then shall I change my age to under 30?

hardon-collider: 11 days ago

please allow me to say something, and please bear in mind i do find this an abhorrent and vile act and i do not condone this at all. i really am appalled by it.

The act itself is not purely misogynistic. though it is in part at the same time.

when we look at the response at this and how it has brought up discussion again of security fetlife should probably have, it highlights how protective people can be (THANKFULLY!) of the safety of female identified individuals. but one has to wonder if the same reaction would happen if it was towards males. i.e imgur.com/CQ5qgvucx

again i think it is a stupid fucking thing to do, and it IS largely misogynistic but the flip side also is that people are much more likely to react strongly if the detrimental act is against women.

i do apologize if that sounds offensive and that certainly is not my intention.

point is this act has (though at the cost of peoples safety and privacy that they were more than likely innocently unaware was not as protected as they thought and should be) made a big reaction and has spread a lot of this awareness and may indeed make fl a safer place for all users.

just a pity the act was fucking horrible.

Want2BUrSB: 11 days ago

@AllThingsIntense and @HazelBite

THANK YOU.

Lg1983: 11 days ago

Fetlife might be able to change security settings redesign the site and so on much as facebook is doing it but that wouldn't change anything. As stated a couple of times everything you put on the internet can be found and every site can be hacked; even though that wasnt even the case here.
i truely don't believe fetlife has the proper funds to get this done. I tried to get to this trilema link someone posted bit couldn't open it. probably taken down already (??).
Also the biggest problem for people posting information on fetlife that links them to their real life is (my opinion) that having a kink is still a huge taboo.
In some states/countries it is more accepted you are for the same sex (nothing wrong with that; just comparing!) than when you would claim you love or are turned on by whips/ponyplay/orgy's/pain/... (list is too long ;-) )

Seems best way to protect privacy in this matter is probably just don't post it if it shouldn't be in the open unless you just don't give a f*ck.
This is my own opinion on this matter; if you feel personally insulted of wronged my sincere appologies because that is not my intention.

Ps: don't look at the typos; english is not my mother tongue

cashbat: 11 days ago

I'm far from an expert on these things, but know from experience that a lot of sites will block an IP if a lot of bot-like behaviour is coming from it, is that not something FetLife could do without massive restructuring?

lildevilrose: 11 days ago

Thats why i dont put my face on my profile or my real name

cashbat: 11 days ago

P.s. The fact that it's trivial to scrape a load of user information doesn't make it less of a security breach.

Furneaux: 11 days ago

But that's the point @cashbat... it isn't a security breach because there isn't any security to breach in the first place.cxi

InnocenceCharmed: 11 days ago

I wonder what happened because it seems not to be accessible anymore, I doubt he removed it so the question is.. who crashed it! Hehe

LilyLips: 11 days ago

Crumbs

MakoManiac: 11 days ago

what did we learn today? Hysteria and panic spreads faster than fire on a oilrig.(and giving too much attention to individuals that was trying to steer shit is only doing him/her/they wanted).

cashbat: 11 days ago

@Furneaux, I think that kind of misunderstands the nature of security, though. Security is a matter of degree, something isn't either secure or not secure, it is more or less secure.cxii The people who are on that list have seen their information go from one state to a less secure state; from a members only site (albeit not a very secure one, relatively speaking) to a public, searchable table, that's the breach of security (and consent) here.

P.s. Why does every argument I have end up being about whether things are binary or not?

NiceGalWTwist: 11 days ago

I just clicked on the link to that site, and it was not working. Let's hope someone took it down.

Shibari_San: 11 days ago

Yep - as of now the entire domain trilema.com is offline; its not responding to PING (although this may be by design if ICMP is not allowed) and the pages time out. Hopefully someone has either downed him via DDOS or the domain host/registrar has pulled the plug.

pinkpantyslave: 11 days ago

Methinks its about time someone paid the asshole that did this an after dark visit and busted all his toys and ripped up his dirty mags. Then one of the more assertive ladies from this site should put him over their knee and gave him exactly what he really deserves a damned good spanking that he wont EVER forget, simply because its posted on You tube.cxiii

Apart from that there is not much anyone can do and unfortunately it is unlikely we will ever know who he is.cxiv Most likely he is either some timid church mouse attempting to impose his religious morality by intimidation or just some brat with a "because I can attitude" and an affinity for creeps.

Chances are with scruples like this we will see him in congress within 10 years.

RedD_ciara: 11 days ago

Crumbs

Miss_Strangelove: 11 days ago

Follow-up crumbs

artemis1883: 11 days ago

Thank you! Bottom line is this: now those on the list can be found... but should still be able to determine how to handle a few extra creeps in their inbox. Unless one of your photos is a head shot with your name and address as the caption (in which case, you're a dumbass anyway), nothing changes that I or OP can't see anyway.
I appreciate the flood of "OMG, crumbs!", but honestly, it's not all that terrible.

JayCynic: 11 days ago

What I find most disturbing about their site was the use of the term "meat" and the objectification it implied.

What I find most disturbing about the responses is the resort to violence and revenge, which in my view places the proponents on an even lower level than the idiot.

And what makes me sad is that people use terms like "hack" and "outed" as lightheartedly, and have really so little insight into how this Internet thing works, and what it means for information to be machine readable. Anyone could do that.

If I cared, it'd probably take me an hour or two, a day if I wanted to cross-reference likely matching profiles from other sources like OkCupid, more like a week or two if I wanted to link to public Facebook and/or LinkedIn etc profiles. (And that's because I have absolutely no clue on how to do graph analysis, but mix in some facial recognition, and you're done. The code is all out there, it's just a matter of plugging the pieces together.)

Seriously, extracting a sequential list of all matches for a given area is beyond trivial. If that already scares you, you really should run for the hills. The idiot herecxv at least had the basic decency to link to the profiles, so non-members can't follow up or see confidential information.

And yes, of course, @JohnBaku is not without fault here. FL makes many things way too easy; sequential user-ids, etc. I'd not be surprised if there was absolutely no rate limiting or other features to drag such a crawl outcxvi (not that it can be avoided, but if at least some precautions are taken, then it's at least somewhat more believable when someone calls foul).

And while FL is hiring, us supporting members are still waiting for some of those suggestions to be implemented one day when hell freezes over. Privacy and security being just one of them.cxvii

And yes, someone who publicly exposes such a list, calls women "meat", clearly violates the intentions of the women affected and the site itself, clearly is a misogynist bro and an asshole. But please realize that this is trivial to do, and that FL doesn't take any steps to prevent that.

My conclusion, by the way, is not to hide, but to instead work towards a society where "Oh, you're on FL, this idiot said? I told him to mind his own business. So, how's your day, we still on for lunch?" But I realize that not everyone is in a position to do that.

Skeptigirl: 11 days ago

I agree. You are right. what fetlife really needs to do is to get a mobile app. I look really weird reading this thing one eye closed and lip curled up on that side to make it easier. It just does not work on my phone web browser. Stupid vision problems that can't be corrected with glasses. :(

Harry_Kink: 11 days ago

@OP thanx for the analysis

Guilty: 11 days ago
And what makes me sad is that people use terms like "hack" and "outed" as lightheartedly, and have really so little insight into how this Internet thing works, and what it means for information to be machine readable. Anyone could do that.

Automated access is a clear violation of TOU so imho could qualify as hack. Also, for some people their FL nickname is readily traceable to real names or non-kink online media, so posting it publicly is posting personally identifiable data and could be considered outing. That it's easy to do doesn't make it less so.
My conclusion, by the way, is not to hide, but to instead work towards a society where "Oh, you're on FL, this idiot said? I told him to mind his own business. So, how's your day, we still on for lunch?" But I realize that not everyone is in a position to do that.

Agreed. But the broader issue is that if this jackass had stolen more data, FL had become searchable, which had broken the very thing that makes FL good. It would have ruined FL in the long run.

BringIt: 11 days ago

I bet that the ($$ investment needed to fix this) / (# of people willing to pay $ to get it fixed) might be more than what each person is actually willing to pay. Especially given that the people not paying would get a free ride. What if the omnipotent creators of this site posted the $$ needed to code true security on the site and we, the community found a way to raise the money?cxviii It takes the will to get it done, which I think the community has, it takes the skills and god knows there has to be enough geeks on here who can figure this shit out, it takes organization and it takes money (which I also equate with time) which might be where things really fall short. I am all for striving for the world we want but we have to live in the world we have.

Vanilla_Facade: 11 days ago

Crumbs

Ed_Ward: 11 days ago

Thank you, that was a great post.

Guilty: 11 days ago
I bet that the ($$ investment needed to fix this) / (# of people willing to pay $ to get it fixed) might be more than what each person is actually willing to pay.

The problem is FL structurally spends its money on making Fetlife cooler instead of safer. We've had new features aplenty, but some huge security gaps haven't been fixed for six years or longer. Not fixing security but implementing chat, new feed stuff and inbox version 4 or so is a choice.

I do think more people should be paying for FL, but as a lifetime supporter I'm not willing to pay more at the moment and I wouldn't bet my ass extra money would indeed go towards safety.

MrDawn: 11 days ago

Sorry for my english, i'm french,

Trilema.com seems offline, i think someone make something,maybe a DDOS with LOIC, i don't know ,or maybe somebody make a whois and ask at the provider to remove the page.

For information if someone can give me the text who was in the page, i can say if penal prosecution can be done in France ( and it's more easy to make things right with the french and european right on this case : romania is an part of the Euopean union )

for informationi give you the whois
So if you want to use legal way : As long as the service hosting know somebody do something illegal they have to make the site down.

And after what i read about (so i'm not sure) what the guy say on this site it's a Criminal prosecution in France (that is a "call to rape" and that will cost you 5 year's on prison and 45.000€ )

Domain Name: TRILEMA.COM
Registry Domain ID: 1558394076_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.enom.com
Registrar URL: www.enom.com
Updated Date: 2013-05-24T08:32:15.00Z
Creation Date: 2009-06-07T16:19:29.00Z
Registrar Registration Expiration Date: 2015-06-07T16:19:29.00Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Registrar Abuse Contact Email: Email Masking Image@enom.com
Registrar Abuse Contact Phone: +1.4252982646
Reseller: NAMECHEAP.COM
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: MIRCEA POPESCU
Registrant Organization: SC POLIMEDIA SRL
Registrant Street: DUNAREA, 13
Registrant City: GIROC
Registrant State/Province: TIMIS
Registrant Postal Code: 307220
Registrant Country: RO
Registrant Phone: +1.0731076827
Registrant Phone Ext:
Registrant Fax: +1.
Registrant Fax Ext:
Registrant Email: Email Masking Image@POLIMEDIA.US
Registry Admin ID:
Admin Name: MIRCEA POPESCU
Admin Organization: SC POLIMEDIA SRL
Admin Street: DUNAREA, 13
Admin City: GIROC
Admin State/Province: TIMIS
Admin Postal Code: 307220
Admin Country: RO
Admin Phone: +1.0731076827
Admin Phone Ext:
Admin Fax: +1.
Admin Fax Ext:
Admin Email: Email Masking Image@POLIMEDIA.US
Registry Tech ID:
Tech Name: MIRCEA POPESCU
Tech Organization: SC POLIMEDIA SRL
Tech Street: DUNAREA, 13
Tech City: GIROC
Tech State/Province: TIMIS
Tech Postal Code: 307220
Tech Country: RO
Tech Phone: +1.0731076827
Tech Phone Ext:
Tech Fax: +1.
Tech Fax Ext:
Tech Email: Email Masking Image@POLIMEDIA.US
Name Server: NS7.POLIMEDIA.US
Name Server: NS8.POLIMEDIA.US
DNSSEC: unSigned
URL of the ICANN WHOIS Data Problem Reporting System: wdprs.internic.net/
Last update of WHOIS database: 2013-05-24T08:32:15.00Z

BettyCooper: 11 days ago

Serious breadcrumbs for anyone in my friends list who is called out be the current Meatlist debacle.

ponos: 11 days ago

Fun fact: I thougt about doing similar things just to show people how careless they are about which information they make available. :D

LanaDelPain: 11 days ago

I think the site has been hugged to death.

dr_stabby: 11 days ago
What if the omnipotent creators of this site posted the $$ needed to code true security on the site - @bringit

Then they would build a site nobody would use.

Do you share pictures with your friends exclusively over Textsecure or Silent Chat? Do you shop at online stores that only accept Bitcoin? Thought not. Because you use practical services instead.

Picture a Fetlife that solves the "issues" everyone here is talking about. You're at a munch. You meet someone you like. They give you their Fetlife account name. You come to Fetlife, and try to add them as a friend, but can't. You can't even look at profile content they wanted to make public.

Because in Trilema's "easily secured" world, that person has to first obtain a 20 digit hash from you, and you theirs. Account names can be leaked remember. And you can't just send a "friend request", you sit back and wait until you both happen to key in each other's hash, at which point the system confirms you've "consented" and you become friends.

You want this friend to see a photo. You try to upload one, but photos on the Internet can be copied, so Fetlife helpfully denies your ability to do so.

You try to add fetish of yours. It's niche, and you've never heard of anyone being into it. But somehow, Fetlife manages to find a thousand people you can share your desire with. Except you can't. Because you add the fetish, and Fetlife won't let you see who shares that fetish. Otherwise it would be a "leak".

Noone gets upset about security on sites like Adult Matchmaker. Not only would this exact same thing work there, but your profiles there contain a postcode, which can be very precisely searched. And, unlike Fetlife, they are almost always completely accurate regarding sex and location. About all that's different is that it's easier to get upset at John than a faceless organisation.cxix

HisSmiley: 11 days ago

Thank you for all sharing interesting read :)

roninbear: 11 days ago

A brand-new website with sonewhat better security is [dungeonlist][www.dungeonlist. com]

ConfuzledGeek: 11 days ago

My response: fetlife.com/improvements/7729

dr_stabby: 11 days ago

@roninbear -

Doesn't even support HTTPS.
RDP accessible from the outside world. I give this five minutes until it's actually hacked. Security: Are they even trying?cxx

And oh look, /user/id.

quinn_direwytch: 11 days ago

Yep this sucks, I am going to play devil's advocate here. If You are so concerned about privacy, and protecting your life style. Never go on the inter webs. Never send an email or text, never get a social networking site. Ever. Get paranoid and delete everything you have ever posted on line, for little good that will do its already out there your electronic footprint is imprinted inn cyber space for ever.

I think the onus should be on the individual. it is down to You to protect your selves. You are an adult. You don't have to post those pictures, your name or your actual location. Be smarter. This is an electronic age, are people really this blind? Like omg somebody wrote a little program and got information about me? Please, advertising companies have been selling your information for years.

Jump on the no accountability band wagon, blame FL because it is easy to blame somebody else, roll over go belly up and play the victim. Yes, what Trelima did was seriously uncool. There is always going to be somebody out there being be a kill joy. Just out bullshit the bullshitter.

The_Dark_Queen: 11 days ago

Douchecanoe. Best word ever.

The_Dark_Queen: 11 days ago

Also, I really want to see this meat list. Not loading whatsoever. So maybe you're in fact, safe. Regardless, I'm too old. So that's cool. Actually cool.

Impurist: 11 days ago

@ quinn_direwytch

That's just it, if you post a bunch of personal information on a public website it is there for public consumption.

Don't want people to be able to identify you, omit details that allow them to do so.

Don't want people using your pictures or posting them elsewhere, don't post them.

The sky isn't falling, chicken littles, you just aren't being very smart with your personal information.

This is a free public site, and well, the internet.

_Mister-D_: 11 days ago

Crumbs!

SweetCaramel: 11 days ago

Thanks for being the voice of reason.

Hunraev: 11 days ago

Thank you for adding the balance of personal responsibility and risk assessment back into this issue.

ObsequiousX: 11 days ago

Damn. Just tried to love this but already loved it :(

Hcara: 11 days ago

Well said. any half-decent programmer could replicate what meathead did in an hour, and now you pointed it out, have a second linked table of photos now that into is out there.

Not displaying the profile ID in the url would be a great start.

LadyMaureen: 11 days ago

Hate saying crumbs so ZOMBIES

River1: 11 days ago

Thank you for the much needed and very helpful clarifications.

To that effect and to my friends - CRUMBS

HypnotistZ: 11 days ago

A potentially simple tech fix would be replacing the numerical member URLs with md5 hashtags, making them much more difficult to crawl in a serial way.

2c from a former software developer :)

SuzanneC: 11 days ago

Thank you for taking the time to make this clear to me.
We are basically out there as soon as we click on post and a lot of responsibility for privacy lies with ourselves.

ApatheticPenguin: 11 days ago

I didn't hear anything about this o_o

Big_Bear_Tony: 11 days ago

...crumbs...

desert_rabbit: 11 days ago

Thank you, sir. Accurate, concise, and rational.

The sad thing is the relatively low level of understanding and tech that are required to pull off this hat trick. People, do you have Microsoft Excel on your machine? This is Douchebag McGee, not Neo from the Matrix. You can do this with EXCEL.cxxi Heck, you could do it in Notepad with JAVASCRIPT.cxxii

How much knowledge do you need? I'd say, either (1) a freshman/sophomore getting a C in computer science, or (2) ability to use Google search to find someone with a C in computer science.cxxiii

But I can understand the hurt feelings. I'm personally annoyed by FL's lame handling of the issue. But please - please - think about this each time you post anything:

If some douchebag CAN get an account and look at what you post, then assume that douchebag WILL get an account and look at EVERYTHING you post. And the moment that douchebag sees it in a browser, it is on their machine. That's how the internet works. And if it is on their machine, they can do ANYTHING with it.

For the time being, "Friends Only" mitigates, but doesn't eliminate, the risk. So USE Friends Only. If you still feel anxious, then don't post it!

Barry_Friedman: 11 days ago

It sucks to be crawled/compiled in any way of course, but I have to agree that this isn't as much of a breach as it is someone being a douchecanoe (qic).

To the points about internet security, they are valid. Especially if you send/receive email from the US in any way (we aren't all americans, and gmail users this means you as well) its all accessible to someone who wants to get a hold of it, if they have the connections (think US gov't).

XenitH: 11 days ago

The thing I find slightly amusing about this whole situation is this guy basicly just created the feature loads of people on fetlife themselves have been asking for. A way to search for people in a specific area and their gender, orientation, dynamic, and availability within site : /

canababy: 11 days ago

Brilliant

VelvetGardens: 11 days ago

Well, the webpage you linked to comes up as 'Unavailable', so maybe it's been taken down?

Boris4040: 11 days ago

I had someone threaten to "out me". Nothing scarier then that feeling. Tried to black mail me. I finally stood up to them and they went away. Had a great friend here for long time but things went sour. Both our faults. I want needed anymore. Some friend. We knew each other well snd she pointed out I know where you work and where you live. People pretend to be your friend and say they have your back.,.well my experience is the ones who say this will stab that back they say they have in the blink of an eye. Not on fet much anyways anymore. Plenty of two face phonies! Watch your own back. That's why my site is clear. Just watch from a far now. It's safe that way. But that's just me. Your post brought back those memories. Best of luck! Seriously

HistryLuvr69: 11 days ago

I haven't had a chance to read through the comments, but I would like to say that while this is clearly not a "security breach" it is a result of FetLife's piss-poor privacy settings. The lack of granularity and customizability in privacy settings is at the heart of this issue. These are not "features" for social media sites these are requirements.

Crayzed: 11 days ago

Lol. It is already mirrored.

DarkHarbinger: 11 days ago

the main thing to remember here is that even with whats happened... no one can view your profile without being a member so anyone finding your profile from that or any outside list has to become a member first and at that point NOTHING HAS CHANGED because every member on this site HAS ALWAYS had the ability to see your profile... stop freaking out all in all this recent event means absolutely nothing.

HistryLuvr69: 11 days ago

Well, it means a lot, @DarkHarbinger. It means that FetLife's privacy controls are, as they always have been, absolutely atrocious.

MissEmmi: 11 days ago

I never thought I'd ever say this... but I'm happy to be 32.

My concern is more of the fact that I use a very cross-community name. I certainly don't want my profile popping up on a google search.

MissGrey: 11 days ago

Thanks for writing this up. I, too, wanted to write something up but your respose is flawless. (and I've always had my age as 99, just so y'all know).

allenas: 11 days ago

What I still don't get is why 'make fetlife searchable' has been the #1 suggestion since I joined this site.

And now that someone made it searchable, people are getting pissed.

I mean, I thought searchability was a bad idea from the get go, so I'm with everyone in being pissed now.

I'm just surprised everyone had this reaction despite the populatiry of that suggestion

GabrielPendragon: 11 days ago

Honestly, such things are probably a good thing in the long run...people might start to think a little more about their internet presence. It really isn't hard to find all the information a person could want on anyone they want just from publicly available sources. This is why googling yourself is a good idea, both your name and your screen names, see how hard it is for you to connect the two. That is about as hard as it is for anyone else to do the same. Anything you post online is available to everyone and anyone that wants that information. If you don't want people to know, then don't post it online. If you can find it and don't want people to, delete it, and then feel silly cause the info is still on the web. Once your on the grid, it is really hard to get off of it, and really lonely once you do.

Don-1959: 11 days ago

Thank you for sharing

cursgeorge2013: 11 days ago

Excuse my ignorance, @iconoclast, but how do I make sure that my profile has the appropriate privacy & is set to "friends only"?

ache: 11 days ago

why don't you just point ANONYMOUS his way?

dragonfly417: 11 days ago

Crumbs

Doctor_Pepper: 11 days ago

'crumbs for this, and +1 for @HypnotistZ's proposed tech fix.

Masters_Pumpkin: 11 days ago

I still consider it a form of outing. Why? Because to view any of this information. you have to already have an account. That is how you are meant to find these. but a list? Only the young females? It gives age. gender, and location. That alone married it down. Many people can be recognized in a small group just by tiny identifiers. You don't pick something you hate to identify yourself, after all. MyLittleTardis along with age. gender. and location can tell friends, family, or often random Facebook friends all they need to know to know it's you. Many people here reuse screen names, so now they can be harassed elsewhere. No, this jerk didn't tell your friends and family, but he still posted information that was supposed to be sealed to outsiders. Yes, Fetlife needs to fix these holes. But to prove a point he could have ONLY used his friends top do so. Also, he called us all meat. That's a bigreason arwe're all pissed.

Armand_Ohio: 11 days ago

People are actually changing their gender because of this?

That seems like a very extreme reaction...

You're gonna start taking hormones and stuff because somebody put a link to your FL profile on their blog??

Seriously?

-
-
-

Okay... never mind.

A.

LittleMissLilly: 11 days ago

It seems his website is being DDoS'd or has been taken down. So much for hacking skills.cxxiv

feyqueen: 11 days ago

I really appreciate this post. I think it's important not to take posts like these as indications that people who don't deliberately protect themselves "deserve" to have others do bad things to them (and likewise I hope that's not the spirit this post was written in, though I didn't read it that way).cxxv That would be like when assholes tell women not to dress a certain way if they don't want to get assaulted. Nonetheless, knowledge is power, and it's important to understand what is/isn't actually happening in this situation. And, by extension, then I think it becomes clearer how right now the onus is upon us as individual users but it doesn't have to be, not to the degree it currently is. I just voted for a feature on FL's suggestion page— to create selective privacy tiers on our accounts— and I strongly suggest that others do the same. It's frankly unconscionable for FL's developers to not have tackled this issue yet.

jess6534: 11 days ago

douchecanoe...lol...ok that's my new favorite word

bonnie_turtle: 11 days ago

!ns!ghtful Headline me thinks. ( :

Literatedom: 10 days ago

Good article, but it misses one important point. One key advantage of FL is that it is not "google-indexed." That means, for example, if I type in my screenname into Google, I won't see any hits from FL.

By moving profile information outside of FL, it becomes google-searchable. Depending on whether you practice good information hygiene or not, that might or might not be a problem. If you use the same picture on both FL and FB, you should consider changing one of them.

At a minimum, FL can and should disable accounts that host automated crawls (an ordinary user will not need to view millions of profiles!). That will fix the immediate problem.cxxvi

Literatedom: 10 days ago

No, this jerk didn't tell your friends and family, but he still posted information that was supposed to be sealed to outsiders.

There are no 'outsiders.' It takes 30 seconds for anyone to make a profile.

Hizgirl: 10 days ago

Wait....these complaints from the folks who want kink mainstreamed????? You expose more than he did every week at your local munch.

Tmacar: 10 days ago

@DrStabby
AdultFriendFinder is a dating site (although it's more a sort of subset of dating, a find a sex partner site). That's why people can search by sex, location, what the person is looking for, etc. It wouldn't work otherwise. If someone wants to find someone of the right sex within so many miles who is looking for someone like him or her, they can find those people. If they couldn't, the site would be useless. The nature of its purpose makes those kinds of searches a requirement.

That's not the case here. People (most of them) are not looking for a sex partner. Lots of people aren't even looking for a BDSM partner. In many ways it's an information sharing site, people talk with people they'll never meet about BDSM topics. It only way it goes farther than that is if someone decides to join a group that's local to them which has parties and such.

And someone looking for people of a certain sex, of a certain age, within a certain area, are almost certainly looking for sex. Since that's NOT why most people are on here, they understandably don't want to be bothered with emails or friend requests from people who are trying to hook up. That having been said, though, emails and friend requests from people wanting something you aren't particularly interested in is the worst thing that will happen to anyone as a result of the asshole's "meat list". Nobody is going to get anyone's real name, address, or even cell number from it.

As far as disrespecting women, those over 30 in one way and those under 30 in another way, ultimately, so what? This clown obviously sees women in the way that he sees him, there's no realistic way to change his attitude, and why even care about what someone like that thinks?cxxvii And I don't see his attitude leading to the creation of more men who see women as pieces of meat. Men who already think that way will continue to do so, and men with at least two brain cells to rub together won't change their attitude because of his silly little lists.

Since someone pulled his data, we know he's from Romania and the sad fact is that the men in the societies in that part of the world, as a group (although not necessarily as individuals - every society has people who don't follow the group), do have a male-centric, very paternalistic, and misogynistic attitude.cxxviii The only thing that will ever change that is time. About 60 years ago the general culture in America had the same attitudecxxix, even if we were maybe more polite about it. Now the people here with that viewpoint that used to be in the vast majority are in the minority. With Romania having emerged from about a century of isolation and super authoritarian rule, ans becoming engaged with the modern world, I expect things will change there just as they did here.

But what will change it is time, not stressing about the attitude of one complete fucktard, who right now is nothing more than a reflection of the society he grew in and was socialized by.cxxx

work to change the things you can, realize that there are some that you yourself can't change, recognize which is which, and don;t let the latter stress you out.

Raevael: 10 days ago

Crumbs

x-butterfly-x: 10 days ago

Could someone please inbox me the site where all the females are listed

_Daira_: 9 days ago

"Why is this not really a security breach? Because any idiot could do it, and once again the information is not really protected - a real security breach involves accessing data you're not supposed to be able to access, i.e. passwords or email addresses."

This argument isn't valid, even if the conclusion is. Suppose a site has a failure of access control (that is, a failure relative to the controls that are believed to be in place), that "any idiot" could exploit. Does the fact that the flaw is publicly exploitable have any bearing on whether we consider it a security breach? No.

FetLife's implementation of image links, for example, has a security flaw because a user of the site would not reasonably expect that an image will be publicly linkable in a way that allows it to be accessed by people who are not their friends logged into FetLife. (Yes, the image could be copied, and you need to be a friend to get the URL in the first place, but it's making linking easier in a way that users don't expect.)

I agree about the more serious problems listed at the end of the post.

_Daira_: 9 days ago

^ I meant the statement about image linking above to refer specifically to images that are set to Friends-only.

dr_stabby: 8 days ago

@ _daira_ - this "security flaw" that you are talking about in relation to linking images is raised often as an attack on Fetlife. You're not even the first person to raise it on this thread.

The same exact "vulnerability" exists in private Facebook galleries, private Instagram galleries, private Photobucket accounts, private Flickr galleries, even pictures you messaged directly to someone privately on Facebook, Instagram or Twitter.

I am also aware of a Government service that provides healthcare related data in this fashion.

It's time to stop bagging Fetlife over this. There are valid arguments to certain privacy controls. This isn't one of them.cxxxi

slimswitch: 8 days ago

Listen to _Daira_. _Daira_ is a copper-bottomed expert here. I'm sad to hear that so many services don't do the best thing here, but given the sensitivity of Fetlife's data they really should.

jameshung: 6 days ago

But how come Fetlife IDs are not hashed to form the URL. Its so naive to keep them in sequence making it so easy to crawl.

Ponygroom: 6 days ago

The site that hosts "the meatlist" is back online.

It is likely that one or more of the pages are now behind a paywall. He wants a Bitcoin payment in exchange for a password, which will set a cookie, he says, that will permit access to the entire site.cxxxii

xChainReaction: 6 days ago

To my fortune, I do not need to worry about being outed. I am already out to anyone who matters to me and anyone else knowing is just one less person I need to censor myself around. I already operate under the idea that nothing is truly private, and as such don't post things that I would not want found.

I also understand that the changes that I have made to my profiles are not going to 100% prevent the things that I do worry about. Such as being located in real time and stalked. I do hope that it would make things inconvenient enough that the less motivated would become easily deterred. (which in my opinion, if they are using someone elses "meat list" then they are probably lazy enough that easy targets are all they are interested in.)

All I can say is protect your identity if you are worried about it. Protect your safety if you are worried about it. But bitching on a post and doing nothing, expecting someone else to protect your privacy is asinine. Don't join a website on a machine that is never truely secure and expect someone else to wipe your ass behind you because you drunk posted something. Deciding that your life will be absolutely burned to the ground if you are outed and then posting identifiable information is also a stupid move.

2cjustme: 1 day ago

Had it been women over 30...would there have been such a fuss :-?
lol
Its public domain, nothing is really safe on the internet. Even your own computer can be hacked into. Everyone wants this site to be Free and not pay for memberships, well... if everyone paid for use then maybe the upgrades will be made faster.
Now, quick the boat is leaving to Antarctica and the Vatican is reserving spots.

That's it for now, maybe I get around to the other whiny posts later on.

———
  1. Which, from what I hear, they never did, which in turn might explain why their software stack looks like it was made by three Pakistani web designers for five hundred dollars. []
  2. Apparently there's an entire kabuki relating to the proper adjectives, nouns, adverbs, comparatives and so on that SJWs are permitted to use when discussing politically charged topics. For some reason these all seem to be references to a particular vaginal hygiene device widely employed in uncivilised spaces where females lack access to a bidet.

    I suspect this is presumed to be offensive to someone, somewhere, though I can scarcely imagine why exactly. Then again, having lived most of my life riding around in my atomic dirigible / golden helicopter with my slaves and my money, far far removed from the problems of the TGI Tuesdays crowd ("let's solve the problem of fastfood merely pretending to be food by merely pretending it's not really fastfood"), I seem to be missing some memos.

    Should anyone feel inclined to clue me in, I confess a purely professional interest in the topic - I am, after all, sort-of a practicing anthropologist and the SJWs are quite certainly a degenerate sort of monkey, not quite autonomous enough to make it with the chimps in the wild yet not quite sophisticated enough to make it with the humans in the towns. Any material you might have handy will be appreciated. []

  3. It's very strange to me that I'd be referenced by the name of my blog, especially seeing how my name's right there, and the guy actually is aware of this. What sense does this make ? []
  4. It is also very strange to me that this claim is made. While I do have a very good sense of the superiority of my skills, this is on one hand very well documented, and on the other hand impersonal. Yes, I'm one of the maybe five people currently drawing breath who can run a Bitcoin service safely, out of thousands of varied and assorted failures. Nevertheless, I disclaim "hacker skills" publicly and with some regularity (I don't see "$ki11Z" seriously contemplated by anyone) and so on. The articles discussing the Fetlife failure to thrive on the web certainly don't make any such claims, but on the contrary. For that matter, the one line of bash employed is actually published.

    It almost seems like the general public has an array of preloaded notions on various topics, and so if anything to do with the appalling security of some scamsite is forcefully brought to the fore by individual action they automatically misrepresent the situation as "the actor claimed mad $ki11Z", whether this actually happened or not. If this process actually exists it would go a long way to explain a number of hallucinogenic avatars of US political discourse, for instance. I would like to also underscore that this pseudo-thinking process of the cvasi-chimpanzee mind is, historically, how the Jews ended up "killing goy boys to make blood-Challah" and so on. Maybe something the chimps in question themselves would be well advised to keep a close eye on ? (It's also how advertising works, by the way, which is why you're poor and frustrated). []

  5. Check it out, "we in the data world". What is this "data world" ? Who's in it ?

    Are "we" in the making up words as we go along world part of a low income bracket pretending the contrary or not ? []

  6. And it was also not a real Scotsman! []
  7. Doesn't this miss the point ? []
  8. Anyone can also set their name to any value they wish, I have a friend that's done exactly that and as a result had to re-buy his US-exit-to-Argentina tax token. []
  9. Quite searchable, but I'm kinda lazy atm. Plus I lack the requisite "skills".

    Take, for instance, user Ikonoclast (#48475). Would you believe that all his pictures appear under... fetlife.com/users/48475/pictures ? Clearly, it is not trivially searchable. You can not simply add /pictures to the end of any profile url in the meatlist and thus obtain a nicely sorted view of all their pictures - and I certainly couldn't trivially iterate all this through the exact mechanisms already described.

    Here's a hint :

    <ul class="page clearfix">
    <li>
    <a href="fetlife.com/users/48475/pictures/36348553">
    <img alt="Ikonoclast: I do so love elegant instruments of pain... $5.99 NPS find. " src="https://flpics2.a.ssl.fastly.net/48/48475/00051082-df78-783d-7814-fe032939a17d_110.jpg" title="Ikonoclast: I do so love elegant instruments of pain... $5.99 NPS find. " width="110" />
    </a> </li>
    <li>
    <a href="fetlife.com/users/48475/pictures/36021697">
    <img alt="Ikonoclast: I'm so much gayer when Ginger is out of the house. Spent all day prancing around in Corcorans, 501s, a wifebeater, and a daddy cap and loudly singing showtunes while I cleaned the house." src="https://flpics2.a.ssl.fastly.net/48/48475/00050fa5-f1f8-c9a3-75c4-414b2542d6d8_110.jpg" title="Ikonoclast: I'm so much gayer when Ginger is out of the house. Spent all day prancing around in Corcorans, 501s, a wifebeater, and a daddy cap and loudly singing showtunes while I cleaned the house." width="110" />
    </a> </li>
    <li>
    <a href="fetlife.com/users/48475/pictures/35679156">

    Here's my favourite from his collection :

    ikonoclast-beats-women-lol

    Not bad, huh. []

  10. Actually, the fix is quite trivial, but why think, right ? PR's not paid to think, PR's paid to pretend. []
  11. Except for the part where I actually said exactly what I did. BTW, does curl and grep qualify one for "$ki11Z" ? []
  12. By this reasoning, writing War and Peace What Is It Good For is not literature, because similarly any idiot could have done it. For that matter, even an infinite number of monkeys equipped with typewriters could have done. On the other hand, the practical verification of this ancient conjecture as implemented by "the social web" seems to fall short. Maybe they need more infinite time. []
  13. This somehow made sense, at some point, I'm told. []
  14. Actually, it doesn't, as random nobodies don't get to foist "TOU" on people. []
  15. "Pursuable from a criminal standpoint" doesn't make a whole lot of sense, unless Internet lawyer is also Internet District Attorney. []
  16. Yes, I'm seeking damages, but from the only entity capable to pay. The poor DC in question is going to be stuck hunting down a bankrupt Canadian company, the wonders of joint and serveral liability being what they are, and it will quickly discover that yes, this guy is right : claims against Bitlove are worth exactly what claims against random auslander spammer are worth. Sucks to be them, I guess. []
  17. Actually, the DMCA counter-notification does specify an US venue and it dutifully includes a service address. But I guess reading's not our forte, Chukcha not reader, Chukcha writer!. []
  18. I might, actually, except it by definition wouldn't be open to the sort of retards involved here. So...

    Anyway, the word he's looking for is WoT. []

  19. My bet is that the fallout of this is an end to Bitlove, actually. I guess we see what a year brings. []
  20. Except the "photos" bit turned out to be just another lie on the lightest of examinations. What now. []
  21. Hardly. Fetlife currently works as mostly a venue for some derps to try and sell dildos or whatever. []
  22. Whoops... []
  23. Shit, there's even more drama! Maybe this goes in a future installment. []
  24. Wait, seriously ?!

    Guy needs better butchers. []

  25. You know it's funny, because that's exactly what the lawyer said. "So is this BDSM thing like a Scientology offshot or something ?" []
  26. This is actually exactly wrong.

    Go find my private keys to go with my public key, go follow "Bitcoin taint" and so on and so forth. Privacy is a thing, much like meat that's not "rusty scissors & 1000 fleas" exists.

    If it's not accessible to you... well... maybe you're just subhuman like that ? Don't blame me for it. Fix yourself. []

  27. Dudes, lay the fuck off already. I'm a billionaire. I bitchslap US senators and NY "comissioners". More importantly :

    Factually, the unreserved appreciation, esteem, love of the entire world of muppets is not worth much, with their boundless ire following close behind. It's not just that the "social media" clicks aren't worth squat. It's that the very people behind those clicks are not actually worth squat. Whether they like or don't like, whether they agree or disagree, whether they love or hate - it's not even a statistic. They could be gone tomorrow - indeed they will be gone tomorrow - and nobody will even notice.

    Stop thinking anyone gives a shit about you, in any sense and to any degree. Seriously. Nobody cares. []

  28. Wait, seriously ?! Link ? []
  29. Yeah, totally. I lack power. That's what I lack. []
  30. Actually yeah, I did. []
  31. But... the consumers have come to expect ? []
  32. For the record, this redefinition of females being sought out as "stalking" or "harassment" is most bizarre. Yo, sexuate reproduction, this is how it works in mammals - the males seek out the females. Get with the program. []
  33. Good plan, seems to be working alright. []
  34. Elides the point of why exactly would anyone give a shit, but anyway. []
  35. Or maybe he just opted not to ?

    There's something fundamentally dysfunctional with this "thought process" where one makes a determination on very little data - or even no data at all - and then proceeds to fit ulterior findings in the scheme. So I'm a "douchecanoe" (btw, isn't this a funny term ? could I be a braeroplane, I wonder ?) because reasons, and the fact that I didn't do X means I... couldn't. Because clearly manichean universe is black and white and I being the absolute evil the only limit to my evil is inability, rather than choice. I not being a person but one of those Jews making challah out of goy baby blood. Cool how this works, huh. []

  36. This is literally in so many words absolutely inconceivable. You mean to tell me derps all say the same thing anyway, lacking the ability to differentiate in the first place, and the ability to distinguish one thing from another in the second ? Iiincredibru. []
  37. How often do you get to say that these days! []
  38. Tarin has it, actually (not that it wasn't discussed in the comments of original post on Trilema, as a response to a direct question from Baku no less!). But there is something else going on : fetlife is a scamsite. []
  39. I can't imagine who might wish to date this derp. []
  40. This sounds like a winner. Think about it, sharing social media stuff! Raising awareness! This has got to like... matter, right ? []
  41. There's little doubt of that. Meat stays meat. []
  42. Well... problem is not everyone can do that. For one thing, passion is a poor substitute for insight. For the other, you don't just wish these things into being. Gotta work. It's hard work. []
  43. O look, someone with a clue. Everyone else gotta growl at the messenger, right ? Because hey, form is the only thing meat's equipped to interact with. []
  44. Pointing out that subhumans are subhuman is not dehumanizing. The dehumanization happened before. []
  45. Haven't, no. Also quite deliberately. []
  46. No, actually, the only way to resist is getting the fuck off these shitty sites, and learning a little about crypto etc. Get out of the pens, cowsy! []
  47. So go make him a sandwich ? []
  48. Eventually they too will not be able to get it up anymore and will join you "being busy", peripherally. []
  49. Seen better, but anyway, let's assume anyone cares. []
  50. Yeah, not like older men are by far the most vulnerable demographic, what in between being uniformly rejected sexually and broadly technologically inept. Not like "Russian brides" scams took out more old guy savings accounts than Katrina.

    But hey, let's all focus on the teensy/adolescent cunts, because that's what's important. []

  51. Of... course ? []
  52. I find this claim kind-of dubious, on the strength of the fact that no one else "working" for Fetlife actually works (in the sense of, salaried) for Fetlife.

    So... since nobody is doing it for a salary... you are, aren't you ? []

  53. Eh get out, it's the proper word. []
  54. Because you're clueless, naive idiots being herded around like cattle ? []
  55. Actually the correct design would be to make single-use url proxies for all images, allowing qualified users to view pictures once. Sadly, this doesn't work with caching or CDNs (obviously) and Fetlife has other priorities for that cash. Like paying Baku's (modest) rent. []
  56. People generally may or may not be. You are, or else we wouldn't be having this discussion. []
  57. Orly. []
  58. Selfdrama! []
  59. It's actually in fetlife order, which probably means "from oldest to newest account". []
  60. Seriously, gotta love all the self-drama this site spawns. []
  61. This is perhaps the most contorted bit of Fetlovesplainin' I saw yet.

    Seriously, this is the executive comparison here ? []

  62. I agree this is idiotic. Who would go to such imposture ? []
  63. Wait... did you just... sigh. Fucktard. []
  64. One wonders how the clueless score pieces. "This one is well written", "This one is badly written"... []
  65. Check it out, someone that reads.

    And yes, the sort that tends to read also tends to end up agreeing with me. Must be that old patriarchy thing. []

  66. Becoming a woman (as opposed to a little girl) is all about coming to terms with the fact that you are on lists whether you want to or not. That's what womanhood means, that's what sexual maturity means in females. Grow up. []
  67. No. This is normal. []
  68. Or he might be a stove. Why not ? []
  69. Or he could actually have little patience for idiots. Why not ? []
  70. I.. can't... even.

    Seriously, putting tables in a table element is how noobs would code ? How does the cool crowd do it, stuff everything in a scrolling ajax container ? Mmmkay. []

  71. Aaactually... no. All you people getting all insecure about computing : get off Windows, and learn to bash. You'll be shocked what can be done in one line. []
  72. O wow... I didn't know we had an expert over here. Fetlife could also backtrace it, amirite ? []
  73. Twisted instigata! []
  74. Ok, I lollered.

    Seriously, all this is the result of 30somethings being butthurt at not making the cut ? Whodda thunk it. []

  75. Well.. that bunch of dudes should probably also cut some bits off in solidarity. The world could definitely use more English speaking cuckolds, there's like... a shortage o.O []
  76. Of course you can see it. What, security ? Whassat! []
  77. Dude, get the fuck out, seriously. []
  78. It probably would, actually. []
  79. Actually, casual inspection of their RoR backend by anyone with any serious experience will reveal so many holes it's not even funny. []
  80. That's because it is. []
  81. Check it out, someone can think. Well done. []
  82. Amusingly enough, I actually had a paid account. I made that decision on the basis that wtf do I care about ten bucks or w/e it is. []
  83. "Enumerating badness" doesn't work for the reason it doesn't work. For one thing, the current crawler is set to go pretty slow. For another, a thousand or so IPs are about a dime a day. []
  84. Bad examples. Those shitshows can't because they don't want to because USG is inducting market distortion as part of its collapse. Don't bank on such anomalies surviving long. []
  85. Lol @Internet warrior guy. Here : making Coran BBQ. Closest you'll get I guess. []
  86. Doubt is healthy eh. []
  87. I imagine if they gave them more F5s they could have also taken Tikrit, these people. []
  88. And the SSI isn't collapsing and the US Army isn't being regularly humiliated in the field by anyone who cares and Putin didn't piss on Obama's dumb skull every time he felt like it and inflation isn't happening and McDonalds jobs are jobs and so on and so forth.

    Promising line of thought. []

  89. It's also about a year old. []
  90. How the fuck do "hacks or even cracks" happen, by divine transsubstantiation ? []
  91. Mmmmkay. []
  92. This is actually untrue. The server was fine, the DC ineptly chose to null the IP, possibly under pressure from the Fetlife Brigading Contingent. For which mistake they're going to be losing their shirts, but that's another discussion. []
  93. It was/is a dedicated server, of a better make than what Bitlove itself can afford for Fetlife. Long story short : if you can't take Fetlife offline, you can't take Trilema offline.

    I, of course, can do both. I can't be bothered to, but that sort of distinction is perhaps too much for the sort of human cattle that properly belongs on meatlists while entertaining delusions about "consensual". Pro tip : consent is not for everyone. []

  94. At this point, such misplaced respect is a marker of idiocy, nothing more. []
  95. Lol bandwagoning derp. On one hand, there was no observable DDoS here. On the other hand, there's a lengthy story of derps trying the DDoS angle. The lulz of today : DDoS attacks, ransom notes, Tor anonimity and other faits d'armes of the retarded generation, O hai let me wanna-be! etc.

    But sure, taking your picture in front of events is how YOLO, right ? Mustele la arat. []

  96. It's also natural. Grow up. []
  97. Excellent point, as it happens.

    But hey, Baku is the good guy here, the chumps got Stockholm syndrome coming out their ears. []

  98. I dun hate them, I just beat them into shape. Too many pressed shits walking around claiming to be "women" as it is. []
  99. While I don't particularly care, this is a valid point and a valid risk. Use proxies whenever going to dubious sites. []
  100. It wasn't ever much of a secret. []
  101. Hm... I thought nonconsensual isn't broadly appealing ? Lots of comments on Fetlife seem to point to the (banal) contrary. []
  102. Trilema is actually shockingly well indexed. Try googling for your Fetlife handle if you're in the range and see. []
  103. No, he couldn't have. Think about it. []
  104. Ironically, women under 30 are the least vulnerable group of all. Think about that, too. []
  105. Shit always comes back to what it is. I guess I win. []
  106. Exactly. []
  107. Don't flatter yourself. This "discussion" consists of a handful of sane people (the original poster not included) and two degrees of magnitude more derps shitposting (like you are). This is how "social media" on the broken paradigm works while its small. Should Fetlife ever grow, not to the millions they fraudulently claim but even outside of the five figure ghetto, it'd go down exactly the way it went down for Facebook, Twitter, Reddit, Wikipedia et all.

    This necessarily, because the non-WoT social media is like the non-plumbing town : a shitpile. []

  108. You're retarded. []
  109. Very, very retarded. []
  110. Nope. Nobody gives a shit about trannies. By the time you have to discuss in terms of "so and so identified" it's time to go die in a fire. Which - you know it's what you want, anyway. []
  111. Sounds pretty reassuring, yeah.

    Similarly, the US Army wasn't utterly defeated at Tikrit, because well... there wasn't any US Army there to defeat. Har har, congrats Obama! []

  112. Sure, like you're not alive or dead, you're more or less alive. Mostly braindead. []
  113. If any of these putatively assertive ladies (behind a monitor) wish to try, the street address is in the DMCA counter-notification. I'm sure it'll be an unforgetable experience, no youtube necessary. Hey, if Kaufman could wrestle women, why not I. []
  114. Check out the brains on derpy here. []
  115. Urmom, buddy! []
  116. There aren't. []
  117. Saying "it's hiring" does not mean it is. It isn't. []
  118. What if you read all about what being a chump entails ? []
  119. Poisonous BS, but so amply addressed already, on Trilema and other places, and so clearly the guy has read all that (by the way he tiptoes around it) that I shan't bother with a rehash here. []
  120. Nope. []
  121. What am I, a Special Agent (“SA”) of the United States Secret Service (“USSS”) from the Orlando Field Office ?! []
  122. Hopefuly behind seven proxies. NOTEPAD PROXIES! []
  123. This is good enough for a C in "social studies", I guess. Thank you for your leadersheep! []
  124. Clearly. []
  125. That is exactly what it is. Either you use your hands like a human or you are a chimp. Either you are savvy or you are meat. Don't like being a black slave in the slave owning South ? Be a yankee then. The onus is on you, forever so. []
  126. If cows were spherical and lived in a vacuum. []
  127. Not to mention the impression is mutual. I don't happen to care what a bunch of pointless derps like or don't like either. []
  128. Those societies have also survived more than the US ever will. The two are not unrelated. Female-centric societies collapse, male-centric societies endure. []
  129. And back then "America" was actually a thing, and the US actually mattered. []
  130. Perhaps it will rot like the West, yes. Or perhaps it will survive once more. Romania was around, and Romanians spoke Romanian at a time the Golden Horde was a thing and America hadn't been invented yet. There's perhaps some hope that the current Orc Horde of SJWing and assorted derpage will pass too, unknown, into forgotten, dusty history, like the mongol[oids] that they are. []
  131. Everyone shitting in the soup doesn't make shitsoup hygienic. []
  132. This has always been the case - if you are a heavy Trilema user you have to pay. For the record, Trilema pioneered this system on the Internet - the New York Times copied it a year later. []
Category: Meta psihoza
Comments feed : RSS 2.0. Leave your own comment below, or send a trackback.

10 Responses

  1. xcvi. It's also natural. Grow up.

    Didn't you mention something in the logs about 'being natural offering little ethical indication' ?

    So if natural behaviour isn't necessarily ethical, is ethical behaviour the honest, trustworthy, and upstanding subset of natural behaviour ?

    I admit I can't conceive of a behaviour that would be exterior to either classification...

  2. Mircea Popescu`s avatar
    2
    Mircea Popescu 
    Thursday, 23 April 2015

    Here. While it's true that something being natural offers little ethical indication, it seemed to me that the explicitly unsupported statement was being implicitly supported by a claim to un-natural-ness. That removed, it has exactly nothing to stand on. So women gotta deal with being women. Great. Rocks gotta deal with there being an atmosphere, what of it ? The atmosphere actually is. "Oh but what if there weren't..." ?

  3. > "Why is this not really a security breach? Because any idiot could do it".

    So much win.

  4. Mircea Popescu`s avatar
    4
    Mircea Popescu 
    Thursday, 23 April 2015

    It's all the same "my real self hasn't begun yet" bs.

  5. > https://fetlife.com/users/48475/pictures.json
    > https://fetlife.com/users/48475.json

    Nice Rails feature, returned format inferred from the URL and/or the "Accept" header, makes for easier crawling.

  6. Mircea Popescu`s avatar
    6
    Mircea Popescu 
    Thursday, 23 April 2015

    Is this even supposed to be open on production ?

  7. Yeah, why not?
    After all it's the same data, just presented in a different way.

  8. Mircea Popescu`s avatar
    8
    Mircea Popescu 
    Thursday, 23 April 2015

    I guess I'ma go download this year's wikileaks off fort-meade.mil brb.

  9. Hi! My name is Adalin and I very want sex! e

  1. [...] won't work. ———The quote comes from an article detailing the collapse of Bitlove LLC, a scummy company offering "Fetlife", a website for BDSM people. How "the press" failed to connect [...]

Add your cents! »
    If this is your first comment, it will wait to be approved. This usually takes a few hours. Subsequent comments are not delayed.