28 December 2010

Wikileaks, Gawker leaks and netiquitte

I've been following closely the scale and impact of wikileaks ever since I "met" Julian Assange in late 2006 because I was trying to start a whistleblowing website.*

(Here's a good interview with Assange and here's a post-prison video interview)

WL as an institution is very interesting. What I find more interesting is the reaction to different leaks. Release bank data? Get shut down by a judge (and return with more fame). Release collateral murder video from Iraq? Business as usual. Release State Department cables? Now we're talking...

Funny, but WL was founded to expose the misdeeds of corrupt and dangerous governments. It turns out that such exposure doesn't do much; those governments (Russia, China, et al.) just shoot protesters.

So WL has more impact in countries with decent institutions for the press and civil society:
So WL has done quite a bit in terms of improving citizen's access to information.***

Then we get reverberations. First, there was the Swedish arrest warrant for rape that was not really about rape and totally blown out of proportion (but in proportion to Assange's high profile prosecution). Doesn't exactly look like a US-led dirty trick, but I still worry that the CIA will try to kill him or torture him to get WL pass codes.

Then there was the backlash against Gawker for saying bad things about WL. Some hackers stole 1.5 million sets of usernames and passwords. My information was in that bucket.**** I got this from Gawker:
This weekend we discovered that Gawker Media's servers were compromised, resulting in a security breach at Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot. As a result, the user name and password associated with your comment account were released on the internet. If you're a commenter on any of our sites, you probably have several questions.
Although this was annoying, the REALLY annoying problem was that this theft involved my "low security" password, which means that anyone with it can comment on various websites under my name. (XKCD shows why you need BOTH a weak and strong password.) In other words:
All of gawker's user accounts were published... we compared to see if any [website X] emails were identical. Alas, your email address turned up in this mess.

This does not mean your password is compromised - for all we know you were a Really Good Internet User and used a different password for gawker than for [website X]... All password data from the gawker leak is expected to be cracked in a week or so (if not already).
I'm not too worried about that sort of identity theft (and, to be sure, there's no way I can track down every site where I am registered), but I WAS worried about the sites (like eBay) where I had a weak password, so I spent 3-4 hours tracking down these sites, logging in and changing my password.

In the process:
  • I learned more about the dilemma of different passwords everywhere (can't use one, can't remember many), during which time I became a big fan of LastPass
  • I was reminded that the internet never forgets: I made ONE comment on Gawker, in 2007. Arg!
  • I thought up a good idea: websites should auto delete accounts if there is no activity for one year -- except when they owe you someting ($, freq flyer miles, etc.). They can send an email reminder that allows someone to prevent this sunsetting action, but the default is to delete if no response is received within two weeks.
Bottom Line: Our online identities are very useful but also very easy to compromise. Be careful with your private information (in case you get gawkered) and don't break the law (in case you get wikileaked).

* I am looking to revive this site, renamed "microleaks.org," as resource for anyone who wants to leak anything of any size anywhere. If you're interested in this project, contact me.

** Totally unrelated, but nice post: Ten amazing bee facts.

*** Jaron Lanier has a good perspective on nerds and excessive transparency. He also notes that WL's "attacked" the US -- not Russia and China -- because it was more open. He questions if the cable leaks have a positive impact for the US (no) or the world (maybe), but asks an important question: De we really want to live in a world without secrets, in a Zuckermanesque facebook fantasy? More on that problem here.

**** You can find out if you were "gawkered" here or here.

3 comments:

  1. Marina Della Giusta28 December, 2010 09:23

    Bravo! Some lessons for me there...

    ReplyDelete
  2. Same with me re Gawker and my "weak" password. Re Wikileaks, NYT's David Sanger was on Fresh Air, making the case that "cablegate" might help things with North Korea and Iran. And see Gary Shteyngart's most recent book for a Facebook dystopia.

    ReplyDelete
  3. I'd add som other useful workaround for the too many-passwords issue: set up registration on websites to use OpenID (or similars) -based authentication.

    ReplyDelete

Spammers, don't bother. I delete spam.