Active discussions

Meet the Other Phone. A phone that grows with your child.

Meet the Other Phone.
A phone that grows with your child.

Buy now

Please or to access all these features

Talk

Back to thread
Original poster

The aftermath of the intern data leak?

4 replies

stealthsquirrelnutkin · 08/10/2018 15:17

Has anything has been done to tighten security in compliance with law after the incident in April when the paid intern doxxed the women of FWR and drove so many Feminists off the site?

www.theguardian.com/media/2018/apr/19/mumsnet-reports-itself-data-regulator-transgender-rights-row-ip-addresses-posted-twitter

Go to post
MNHQ

LilyMumsnet · 08/10/2018 22:01

Hi all,

Just wanted to let you know we have seen this thread and will be back with any new info we have. We just want to check in with some senior members of the team first. Hope you won’t mind bearing with us.

MNHQ

MichaelMumsnet · 10/10/2018 09:55

Hi everyone and thanks for your questions - we're very happy to update you on the changes we made.

As soon as we became aware of the data breach we removed IP addresses from the admin view of the site. They're now only visible to a restricted number of vetted moderation staff who need to access users' registration data and IP addresses to reduce troll activity, and to a small number of senior team members. We monitor all permissions and regularly review them.

We also looked very carefully at our entire approach to data in response to this incident, and as part of our preparations for GDPR. We put in place a number of measures to make sure that we go above and beyond what's required to keep your data safe - and if you're at all concerned, we've made it very easy to find out which personally identifying information you've given us, and to change or delete some or all of that data. You can find out about that over here.

Just to reassure you again, it's extremely unlikely that anyone could be identified by an IP address alone, and no-one was 'doxxed' as a result of this breach. As Justine said at the time, we're as sure as we possibly can be that the tweeting of three posters' IP addresses was genuinely unintentional, and that the aim was to draw attention to the content of the posts, not to reveal identifiers.

We did make the police aware, just as a precautionary measure; we haven't had any further communication from them so we believe they were satisfied that the IP addresses had been revealed inadvertently. As someone has mentioned we also reported ourselves to the ICO, and they were satisfied that we'd responded effectively to the incident and closed the case.

Hope that's clear - please do shout if you have any further queries.

MNHQ

KateMumsnet · 12/10/2018 09:50

While I understand and am completely happy with the idea that employees are entitled to hold their own opinions, I think I'd like some sort of reassurance that - expressing this sort of attitude towards users of the site is completely unacceptable within MNHQ

Absolutely - we'd never condone language like this and we'd take it extremely seriously if we came across it. Hand on heart, though, I've never heard anything remotely like this in the ten years I've been at MNHQ.

- the 'friends of Emma' who still work at MNHQ understand that they should be applying modding in an evenhanded and fair way

As you say, MN staff are entitled to hold their own opinions, but it's a point of principle that we moderate according to the TGs, regardless of personal views. Inevitably, different people will make different decisions - though we think that what often looks like a variation between moderators is actually because the context of the decision is different. We're always happy to take another look at something if you think we may have missed the mark somewhere.

If they're not actively dealing with troll activity, then for what purpose do the senior team members need to view IP addresses? What, in practice, is this information being used for?

The senior team will occasionally moderate tricky situations directly themselves, so they need to have top-level access.

Secondly, are the IP addresses constantly viewable, or does it need to be accessed separately, i.e. by clicking on a link to the user's profile, which might be key-logged.

IPs are available on the admin view of a thread, so that mods can make decisions as quickly as possible.

Finally, what level of access do staff have to private messages, including deleted messages, and are attempts to access these logged in any way?

Staff with mod clearance are able to look at PMs, and they very occasionally do so if they believe that it's necessary in order to protect other users. Once PMs are deleted they can't be viewed or retrieved.

MNHQ

MyGhoulMumsnet · 25/10/2018 15:07

Hi, and thanks for your patience.
We don't currently log access to private messages. We're researching how we can implement access logs on our systems.

As Kate mentioned earlier, 'Staff with mod clearance are able to look at PMs, and they very occasionally do so if they believe that it's necessary in order to protect other users. Once PMs are deleted they can't be viewed or retrieved.'

We have tight control over who is able to access PMs and there's also a 'delete' option that you can use for anything in your 'inbox' or 'sent' mail that you consider too sensitive.

Watch this thread for updates

Tap "Watch" to get all the latest updates

End of posts

There are no more MNHQ posts on this thread

Back to thread