The MNHQ Moderation Team: Thread 2

[BarrackerBarmer]

Follow on thread regarding the data breach situation:
___

Dear MNHQ

I'm very grateful for the commitment to free speech you've publicly taken, and for Justine's courage this week.

A former disgruntled employee of MN is writing on Twitter about the 'transphobia' of MN staff, and calling you TERFs. She is showing a great deal of bias and intolerance towards women with feminist views, this may well be her honest opinion, which is no big deal I suppose, since she is no longer an employee.

At least, it isn't an issue until she calls a shout out to her
'friends who still work at MN' to report and take down posts by 'transphobic scum', by which she appears to be referring to any poster objecting to being called TERF by her friend.

Regardless of the personal views of the MNHQ staff, who should be as free to hold their own views as I am mine, I am disturbed that there may be a small contingent of employees who are invested in unfair moderation and will not be applying fair-handed principles, at least if the claims of this ex-employee are credible.

Can you please give posters some reassurance that the difficult job of fair-handed moderation isn't being abused by the 'friends' of ex-employees who are 'reporting it all' and taking down posts because any gender criticism means the poster is 'transphobic scum'?

Thank you.

Humans are one of the most frequent and serious causes of security issues, really.

Absolutely this. Lets not make it too easy for their idiotic actions to have serious effect though.

Hashing IPv4 numbers is a waste of time: there are only 2^32 of them, so you can trivially recover the original from the hash. Another reason to do IPv6 :-)

It may be trivial for a computer, but it isn't trivial for a 21yo intern glancing over a user's record. If we're talking about "what can an individual staffer see?" then "gobbledygook" is more reassuring than "your date of birth and postcode".

I'd be extremely disappointed if MNHQ accepted an offer of help from a random poster claiming both knowledge of this area and that they are supporters of MN. It would be foolish to assume that everyone posting on these threads is (a) who they say they are (b) posting with the best of intentions.
It's in the interests of the TRAs to continue to stoke fear and upset and distrust over this issue and giving them access to MNHQ's security systems so they can install a backdoor would be beyond foolish. If I were MNHQ, I would be looking for an external company that isn't contacting them from the boards.

Yes I agree Jessica

@JessicaJonesJacket, yes, that would be a textbook example of humans being the foremost security risk in IT.

You'd salt it, so it's no longer trivial to reverse them.

Then they're useless for the job you want them for.

Salting passwords works because the task is "does this plaintext match this precise hash?" That's easy: extract the salt, hash the plaintext, compare. If your salting and iterating regime requires time t, you can run that test in time t. let's say t=1ms, which is a pretty good stopped on brute forcing.

OK, now suppose I give you an email address, and a list of one million MN accounts each with a salted hash of the email address used to sign up for it. I ask the question, "does this email address match any of the previously used email addresses?" That takes one million times t: I have to burn 1000s CPU seconds to answer the question. OK, that might be acceptable.

But that's not the question I probably want to answer. What I almost certainly want to do is ask "does this account, which is behaving badly, match a list of previously banned posters?". Suppose all I have is a salted hash of the suspicion account's email address, and a salted hash of the email addresses of each of the previously banned posters. Your move. How do you compare the equality of the original input to two salted hashes? Take the iteration out and assume you can to 1THash/sec with that bitcoin mining rig you've got out back. Your move, again.

The whole point about salting is to prevent attacks based on the hashes of the same input being equal. Which is great, if what you're doing is storing passwords. But not so useful if you want to compare inputs for equality, which is what MN want to do.

Hence implementing a need to know based access control system would arguably lead to significant improvements without even thinking of the possibility of highly trained Russian hackers and the likes. Pragmatic solution.

Absolutely.

Doesn't this rather show that the whole thing was no accident? I'd say it was an admittance of intent.

Of course it was planned and international.

When was that posted villandry?

Sunday. Someone posted the screenshot on Twitter. (I don't follow EH myself)

Possibly. I have to say, having read both threads (inc Justine's responses) my immediate assumption was that Emma has a relative who works at MN who got her the job and that's who she's 'apologised' to - hence no public apology but an apology to `another member of staff' instead. If I'm right, I can understand Justine's minimising reaction - I don't agree with it at all, but I can empathise that it must be difficult to decide to report a friend's/colleague's daughter for criminal activity...

I assumed the same.

But it’s tough shit.

It’s amazing that anyone can think this was accidental or naive. EH’s own words make it quite clear how much she loathes women who don’t obey men, or at least the men who proclaim themselves women. She will find out the hard way, I suspect, that being a handmaiden to the trans lobby will get her nowhere. However loyal she is, she is still the enemy, simply because she is a woman.

Fgs Justine has said EH has no personal connection to MN and that she isn't a relative of anyone in MNHQ.

I can't see that screenshot properly Villandry. What is it about?

YetAnother:

it says

"Ruining my relationship with past employers and fucking over any chance of ever getting a reference wasn’t on my to-do list for this Sunday but when TERFs and TERF-enablers try and portray themselves as victims, you gotta do what you gotta do"

Posted alongside the screenshots with "transphobic comments", insider info into how transphobic the MN staff are, and slating Justine.

This was posted in response to Justine's feature in the Sunday Times, "portraying herself as a victim" at the hands of TRAs.

Her "fuck you" post to me reads as all about herself and her not getting references from MNHQ etc. I don't see it as the "thinly-veiled threat" to dox people so they can be hounded by TRAs and I don't think she thought the information she released would be enable people to do that. I think she's thinking all about herself but, hey, like everyone else here, I'm just speculating.

"Ruining my relationship with past employers and fucking over any chance of ever getting a reference wasn't on my to-do for this Sunday, but when TERFs and TERF enablers try and portray themselves as victims, you gotta do what you gotta do..."

Posted on Sunday evening, BEFORE all of this kicked off.

miralis - that's my speculation too. If this was an 'attack', releasing the IP addresses of 3 users would be the shittest attempt ever.

Thank you mirialis! I'm losing track of time, but I gather that that was posted before she actually tweeted the screenshots, thus showing reasoned premeditation?

villandrychat Is that a transowmen making that rude gesture?

insider info into how transphobic the MN staff are this doesn't make sense. Why is this insider info? Anyone can see the posts . EH doesn't sound like the sharpest tool in the shed.

I really didn't rate Emma's apology in the Guardian. How ignorant and patronising of her to talk about MN's mental health. She seems bonkers quite frankly. I wonder if she has a history of reckless behaviour and black and white thinking? What a gullible woman!

Can you imagine when future employers Google her and THAT image comes up?

No sane company would touch her with a barge pole

Does anyone actually believe that this person went from "fuck MN and TERFs" to "oh I'm so sorry for what happened I am a naive little lamb that meant no harm" apology in less than 5 days?

Come on now. We're not idiots.

By which I mean - I'm sure she's sorry that she's been reported to the police. I very much doubt that she's at all sorry that she got to do some damage to people she doesn't like first.

Spring - no it is Veronica Mars, teen detective.

Villandry - do not get the relevance of the fact she posted this stuff in response to Justine's ST article and it took a while for the message to get through to MN for it all to kick off?

Kittens - no I don't think she "meant no harm" but I don't think she thought she was doxing people for TRAs to hound. I think she was deliberately trashing MNHQ.