The MNHQ Moderation Team: Thread 2

[BarrackerBarmer]

Follow on thread regarding the data breach situation:
___

Dear MNHQ

I'm very grateful for the commitment to free speech you've publicly taken, and for Justine's courage this week.

A former disgruntled employee of MN is writing on Twitter about the 'transphobia' of MN staff, and calling you TERFs. She is showing a great deal of bias and intolerance towards women with feminist views, this may well be her honest opinion, which is no big deal I suppose, since she is no longer an employee.

At least, it isn't an issue until she calls a shout out to her
'friends who still work at MN' to report and take down posts by 'transphobic scum', by which she appears to be referring to any poster objecting to being called TERF by her friend.

Regardless of the personal views of the MNHQ staff, who should be as free to hold their own views as I am mine, I am disturbed that there may be a small contingent of employees who are invested in unfair moderation and will not be applying fair-handed principles, at least if the claims of this ex-employee are credible.

Can you please give posters some reassurance that the difficult job of fair-handed moderation isn't being abused by the 'friends' of ex-employees who are 'reporting it all' and taking down posts because any gender criticism means the poster is 'transphobic scum'?

Thank you.

Bumblefuddle

I'm understanding everything you say, and agree with it.

Justine said it was about information collected at registration? Does this mean that legally, it's because we volunteer all the other information about ourselves?

That HQ can't be held responsible for what we say about ourselves? Only for what they ask us?

Emmageddon,

Emmawhoopsies!

more like

Personally Sensitive Information

Of course, I'm assuming that's the same as what the legislation calls "Sensitive Personal Data". It might mean something else. Who knows?

Bumblefuddle That's a damned good point. Posters may have changed NN to post sensitive posts then changed for the rest of the forum. Who's to say EH didn't collect that kind of data? No reassurance she didn't as MN don't know what she did collect.

“I just hand a warning pop up on my phone when trying to navigate off this thread and back to the main feminsm chat page.

It said “This website may be attempting to impersonate www.mumsnet.com to try to steal your personal data.””

Had this a few weeks ago, as did several other people where I live. We still don’t know what caused it, but BT seem to have fixed it at the exchange.

There's some very publicly available info connecting EH to LGBTQ+ Labour. Friends with LM, perhaps?? If she also has any connection to the list of Labour Women (the supposedly transphobic ones) that needs to be known. Is she part of it? Has she shared info from MN within that group?

It's really not just about the screenshots. It's about what else she stole and who this information has been shared with. If there have been any attempt by anyone else keeping TERF lists (Labour, Twitter, etc.) to "join the dots" in order to profile and then potentially doxx contributors, this is surely very serious indeed!

I agree this would be best practice if we were holding what's classed as Personally Sensitive Information (such as financial info or medical records). But that's not the type of info we are collecting on registration etc.

But you do.

Why EXACTLY do you think there are issues with FB atm?

You don't need a historical knowledge of women's rights to know that stealing from an employer is wrong.

Age not relevant unless an actual child.

I agree this would be best practice if we were holding what's classed as Personally Sensitive Information (such as financial info or medical records). But that's not the type of info we are collecting on registration etc.

In all fairness @JustineMumsnet the combination of email, IP address and all namechanges that an individual has (thereby the ability to search their entire posting history), put together is probably a more accurate picture of the users than Facebook and their medical records combined. This data is extremely sensitive where people are escaping DV, talking about medical/mental health problems or issues at work. It is extremely sensitive and people discuss far more personal issues on MN than they would in real life. Adversarial interns of dubious connections are being given access to it.

Please tell me you are taking measures that are proportional to this.

I have had to scrub and dereg my account, and hope that this individual does not hold any of the information that would lead violently abusive individuals from my past to find my children, let alone people who disagree with my political views so vehemently they would batter a 60 year old woman and be proud of it. I know I am not alone in this.

Regardless of what the intentions were, and regardless of Emma's LGBT views, actual human beings could have been in life threatening situations because of her.

She did that all by her self, along with making it abundantly clear that the safety of women matters shit all to trans activists.

So with all due respect to MN, forgive me whilst I print that apology and wipe my arse with it.

There was definite intent to "do what you gotta do" to the TERFs and TERF-enablers

She posted these two thinly veiled threats on the 15th.

it's my genuine belief that she possesses more than just the screenshots she posted: also that a person with these motives will NOT have had the integrity to refrain from at the very least looking at personal user information whilst she had the chance.

It just isn't credible that she had a user info button above every post from someone she considered 'transphobic scum' (most of us, according to her) and that she exerted willpower in not taking a look at the very least.

Her apology is shockingly lacking. I am not a poster on the gender critical boards but a regular (far too much) browser and occasional poster with regards to issues that are very personal to me, my children and my relationships. For any of this information to be published on a whim by some jumped up busy body who thinks she is above the law would literally mean the end of it all for me. Not just myself though there are numerous other posters who live in vulnerable situations whose lives would be over if they were found out.

What other information has she taken a dislike to and decided to screen shot?

Fucking hell. What a basic mupisunderstanding of data protection.

Indeed. I'm starting to think that EH's utter lack of DP understanding was of a piece with her workplace. That claim that MN aren't collecting sensitive personal data is insane. The mitigation would normally be that it's anonymised, but the link here is absolutely straightforward: at signup they ask for an email address (identifiable), a name (ditto) and a postcode (ditto), and administrators can link that with posting on topics like sex and politics.

That's acceptable, given appropriate controls; mind you, telling people to create fake identities to sign up isn't an appropriate control.

But Justine's claim appears to be that they aren't collecting sensitive personal data in the first place, so don't need to operate an ISMS (formal or informal) which has that as a goal. That's simply insane. Who on earth is doing MN's data protection work? Noddy and Bigears?

I agree this would be best practice if we were holding what's classed as Personally Sensitive Information (such as financial info or medical records). But that's not the type of info we are collecting on registration etc.

@JustineMumsnet

Considering that MN currently finds itself at the centre of a contentious political situation re the trans debate, and considering that MN staffers have access to sufficient information on MNers to potentially compile “doxx lists” that would be desirable to extremist groups wanting to act unethically, would it not be advisable (and reassuring to your members) to act as though user data WERE sensitive information?

Is there a major cost implication?

She made it quite clear that she was posting those screenshots as an insider with access to the admin tools of mumsnet. With friends on the inside, remember? And the aim of it was to intimidate gender critical posters into submission and silence.

It took planning for her to screenshot the images, and transfer them from the workplace, then sit on them for a couple of months until putting them on social media.

She was however, rather thick that she put her own name to the breach and clearly implicated herself in breaking the law.

She broke the law, or laws, rendered herself unemployable by reputable organisations in order to falsely accuse others of invented transphobia. As the saying goes here: a pat on the back is only a foot and a half away from a kick in the hole, and no doubt EH is experiencing exactly that right now.

I imagine that a lot of mumsnetters who never gave much thought to the TERF war raging about them have peak transed today. So an own goal for them really.

Money can be replaced. Life and limb cannot.

The IP addresses shown on the screen grabs are not fixed,

Assuming this refers to the user's IP address then It is impossible to say this - you would need to know what kind of service provider is being used for the access point in question and if that service provider is direct or indirect.

and in isolation, cannot be used to pinpoint the location or identity of a user

This is also not correct - location can be identified (including for historic IP addresses where the IP address is dynamic). Identity of the human at the keyboard may require additional info.

Bumblefuddle and if someone wins a giveaway etc then real addresses are given too.

Now I want to know what OTW means.

Justine

PLEASE take some very specific data protection advice from a GDPR expert. There is one on MN who has offered you assistance and whose credentials can be checked in the public domain.

Your advice is very flawed it seems. It would be far better to over-respond to this than under-respond.

One to watch Chardonnay