Cav's Place

Let’s start with the simple and easy part: It is a massive violation of privacy and those who actually hacked accounts to obtain all these pictures and movies should be caught and punished, along with anyone attempting to use this to spread malware, anyone who created any tools specifically for the hackers to use as part of this operation, and those who directly profit by trying to sell the images or posting them on sites that they obtain revenue from, be it through membership fees or advertising. In addition, it should go without saying that any threats or harassment aimed at those depicted in the images should be dealt with swiftly and the culprits punished accordingly.
Once you get past that point, however, it gets more complicated. For example, if anyone somehow obtained any such content without hacking, such as after accidentally receiving it or finding it when it wasn’t private, whether due to a bug or user error, should that person also be punished for keeping it? I hardly think so. Or should anyone sharing this content, whether by hosting it or merely by posting links, have to worry about any penalties? Well, depends on whether it’s done as a form of harassment or in a way that may directly harm those depicted, such as by including information on how to access their accounts, evidence of victimless illegal activities or private contact information. If that’s the case, then absolutely, but if not, my answer is a very clear no, which obviously also applies to anyone merely viewing what others share.

To get this out of the way, I don’t know all the details about what’s already out there, since all I did so far was quickly glance through some images, I assume from the initial release, dumped by someone on a site and some additional censored ones posted on another. I did not actively look for all of the content, refrained from clicking some of the links I saw, didn’t check AnonIB or 4chan at all, and didn’t download any of the archives claiming to contain most or all of what was released so far. Not exactly sure I intend to do so later either, though mere curiosity makes it quite likely, unless the materials will no longer be readily accessible by the time I’ll make up my mind.
I did occasionally check one dedicated Reddit page, however, clicking links that led to reactions, explanations and news pieces on sites I knew were safe, and also stumbled into a few other articles on my own as well. This means I probably have less actual information than plenty of Internet users, but nevertheless believe it’s enough to form a solid enough opinion about the impact this has, the ways in which it might have happened, the possible motivations and some potential solutions from this point forward.

Still, before moving on I’d like to also briefly mention the mess that started when Zoe Quinn’s former boyfriend released evidence of her cheating multiple times and which continues to plague the gaming community. Of course, the issue wasn’t necessarily that she cheated, but that she’s a developer and some of her partners work in the gaming press, which added another angle to the problem of the gaming industry and press working together against the interests of gamers. Worse, what followed was that little difference was made between misogynists using this as an excuse to throw shit and people trying to start a rational debate on the matter when several other developers released statements strongly condemning any attacks against her, major gaming sites immediately moved to censor any mention of the scandal and independent ones were pressured into removing their articles on the topic.
Now that would have made attacks against those seen as responsible for such censorship understandable and I dare say even fair, but nothing much seemed to happen to the sites directly responsible or to the men she actually cheated with. Instead, Zoe and a number of the developers who took her side were hacked and their personal information was made public, several on-line games and services were also attacked, while in what is quite obviously a related incident Anita Sarkeesian received particularly credible death threats, which instantly took the situation to an entirely different level.
Yes, a fair amount of background information is needed to properly understand all of this if it’s all news to you, but suffice to say that Zoe and Anita are particularly vocal activists who admittedly tend to go too far at times, but who lead an absolutely necessary battle against the traditional model that says games are made for young heterosexual men, female characters being typically relegated to the roles of prostitute, shallow love interest or damsel in distress while minorities, and sexual ones in particular, are depicted poorly or not at all. As such, it becomes rather obvious that the people behind these attacks are misogynists and trolls who were merely looking for an excuse, which the gaming press and some indie developers admittedly offered to them on a silver platter, and this makes it quite easy to see how the two events may well be related, at least if you take “The Fappening” as an attempt to publicly humiliate famous women.

That said, let me also get the part which may be considered victim blaming out of the way and ask why did these women store this content that they obviously dread to see made public in the cloud? This obviously doesn’t apply to anything the hackers obtained by intercepting communications or hacking devices to access content stored locally, and it likely also doesn’t apply to those who seem to manage to simply ignore the mess or had reactions that make it seem they don’t mind it quite so much, but if there’s something you absolutely want to keep strictly private, you must never store it on a server and must never use services that require you to do so. Not that avoiding this keeps you completely safe, of course, but if you keep such content out there longer than it takes to send it to the person you mean to send it to and it’s compromised during that time, you share the blame more or less equally with the hacker and the service you use.
Before anyone asks, yes, I have the exact same attitude when credit card information is stolen after stores or game servers are hacked, for example. Even yesterday, when I shared an article about this recent Home Depot hack, I did so with a comment asking people to get back to using cash, and whenever users are concerned about data theft from the servers of companies that require a permanent connection and personal information to even play their single-player games I tend to say something along the lines of “serves them right”, though in that case it’s also a matter of practices that need to stop being tolerated.

Now it does seem that some pictures had been deleted long before they were leaked, but this doesn’t necessarily mean they were somehow recovered by the hackers, since it’s perfectly obvious that such an operation required multiple people and a significant amount of time. If what some messages say is true, we’re talking at the very least of several months, but this still doesn’t explain the presence of images supposedly deleted years ago, the leaks that seem to be coming from different sources and the hostile reaction that some hackers seemed to have. It may have been one element of the operation, of course, but it’s the other explanation I saw that seems quite certain be true, and by this I’m referring to the fact that a group of hackers who kept a very low profile, obtaining such images and secretly trading them among themselves for years, was infiltrated by someone who then decided to make their finds public, therefore also making it impossible for them to continue, whether willingly or not.
Under these circumstances, discussions about the exact methods used aren’t particularly relevant anymore, since they couldn’t possibly apply to all cases. It does seem likely that at least a large part of the content was obtained by breaching the iCloud service, possibly using a mix of vulnerabilities that may have now been patched, social engineering and brute force attacks, but I also saw mentions of Google Docs and Dropbox vulnerabilities that were recent enough to be taken into consideration, plus the chance that at least a few smartphones were compromised directly. And that’s only the most obvious part of the list, since if we’re talking about a dedicated group that specialized in this and operated for years, there’s no way of knowing what else they may have found at one point or another.

Regardless of how it happened, however, what’s clear is that this is pretty much “the” story on the Internet these days and has the potential to have quite a significant impact in “real life” as well, so the question is how to minimize the negative consequences and maximize the positive ones. But 1500 words in two days without even getting to the important part is too much already, so I’m going to post this now and continue later with the rest.