Their latest target? Pron.com. Yes, that’s “Pron” as in “Pr0n”. Not only did LulzSec compromise the user list, they correlated that stuff with Facebook users and posted embarrassing stuff to the users in question. And people are obviously having fun looking for some .gov and .mil email addresses.
This stuff kind of illustrates some things that definitely should be discussed.
Here, I’d like to point out the fact that Patrick Gray mentioned: The elephant is definitely in the room.
There’s a big debate about the methods and legality of what LulzSec does. And a few commenters in Slashdot immediately called out LulzSec for hypocrisy. Why point out embarrassing things about other people, when LulzSec members, in all likelihood, are also using porn sites?
Why indeed. And perhaps that’s not the right question to ask. That’s politicking, plain and simple - drawing attention away from the issues at hand.
And this incident shows that we shouldn’t really be concerned about LulzSec themselves. What we really should be concerned about is the damage they’ve managed to do so far.
Whether or not LulzSec folks are top porn consumers is completely irrelevant. The elephant’s here. Do something about it.
This hack raises some very, very good issues. We’ve seen some pretty gigantic security problems lately from supposedly ultra-secure companies like RSA. Now, porn sites may not have national secrets in them, but they do have secrets that have, shall we say, social sensitivity. Porn sites don’t necessarily invest a lot of money and thought in the security, when this incident clearly shows that they should.
It also raises one fascinating question: How should users be prepared for breaches like this?
I think that there’s two parts of the problem - technical and social.
The technical problem is that it’s fairly obvious that sex-related sites should be doing more to protect the identities of the users. For purely technical functionality, all the sites should care is that the user is identified properly - user name and password. Depending solely on an user name and password is problematic if the password is lost, of course. Perhaps there should be some kind of a secure token system that would be based on OpenID concepts: do not store the user’s OpenID, only a hash the OpenID identity provider bakes. Not part of a protocol currently (as far as I know), but something like this could be done in the other end, if you also demand the users to be identified by user name. (Log in with user name and OpenID, store user name and salted hash of OpenID URL.)
But I digress. Porn sites fall in the category of sites that should be only provided information that the user is comfortable parting with, and user name and password are the bare minimum details.
Which leads to the social problem: People aren’t comfortable parting with the information. Perhaps it’s time to change that.
If you have followed porn sites at all, you may have noticed that many of the sites are busy hopping on the Web 2.0 bandwagon. Perhaps we should admit them as part of the social landscape, whether we are comfortable with that fact or not.
Perhaps we should finally admit that the Internet is a big place, and that our families can’t, and really shouldn’t if they value their sanity, be aware of what the hell we’re doing in some of its corners. Perhaps it’s better that we only pay attention to things that we explicitly point out and share with other people. Because, really, it’s their own fault for coming to those sites and being interested of that stuff. It’s not like I’d be shoving that stuff to their face. And if someone else shoves that stuff to their face, I fully trust them not to find out more.
Because that’s all I can ask for. All of that is part of the social issue of this hack.
Perhaps we should continue the Web 2.0-ification of “adult” content. Perhaps one day we don’t need to question whether we put our name on the thing or not.
I only have a problem with community standards, or lack of thereof. I’ve seen plenty of sex-related forums, but most of them don’t actually have a lot of interesting conversations. I’ve seen adult video sites, but a) heheheheheheh, I don’t exactly have anything to share, and b) again, I don’t exactly suppose there’s a lot of high-flying conversations going on.
So, for me, it’s not a question of “will my family see this?”, but rather “is this a clueful community that people actually want to associate themselves with?”… If someone has a suggestion of a sex-related site that doesn’t suck and people are actually fine with attaching their frequently seen handles to the site, I’m definitely all ears.
Because if the site has a clueful community, and seems to have actually nice, respectful, interesting content in it, I’d have no problems telling people that I’m part of the site. Here, have my email address; have a link to my homepage. If anyone asks, I’m telling them I’m part of an awesome site. No blackmailing opportunities - being on the site is no secret.
That’s one of the oldest problems people face in the Internet: It never forgets, and people are worried that someone finds their old stupid stuff. Oh yeah, I’m worried about that too - except that I trust that people find a lot more of the not-so-stupid stuff. Yeah, I’ve made mistakes. Everyone does. I hope the interesting things I’ve done outweighs the stupid ones.
Perhaps the part of the situation is the Greater Internet Fuckwad Theory: when people are afraid to use their normal online identities, they realise they then have no obligation to behave like they normally would, and the discussion generally degenerates.
Art sites seem to fare somewhat better in this respect… but again, they usually cater to rather narrow audiences (e.g. hentai) or lock stuff up from non-members. Perhaps sites should be more like, say, deviantART - except deviantART is one of those sites that lock “adult” material down for no reason. I have another blog post coming up about the problems (and opportunities) of the age limits in web, so I’ll ramble about that later.