Gallery Image Leak

Status
Not open for further replies.

Moo

ADISC Admin
Staff
Messages
5,463
Role
  1. Private
It is with great sadness that I announce a despicable act by one of our (now former) members, redtails, that led to his being banned.

As you probably know, someone posted 4 of the images from the VIP gallery to a public website.
In particular, they posted them on a japanese-inspired imageboard (commonly known as a 'chan site').
The 4 VIPs who the images belonged to have been notified.

Redtails has now been identified as the one behind it, and that yesterday (Sunday), he went on to post the following message on that same website:

redtails said:
One of ADISC's mods quit and was concerned about the amount of pictures from their gallery to be on fapchan. So to pay my respects, here's the entire gallery containing everything, including regular and VIP galleries: |

(megaupload.com URL to zipfile edited out)

They say we just want fap material, I say this is truly for the lulz

The URL above went to page on megaupload.com, a popular file-sharing site.
The page allowed you to download a zipfile containing all of the images from the public, regular and VIP galleries, as well as all the images from the member albums which were not password-protected.

Please, don't panic, though. All is not lost!

Yesterday, within only a few hours of redtails posting that message, I managed to get it taken down, along with the original 4 VIP gallery images he had posted on that site.

I also used the server logs to identify that it was indeed redtails who stole the images, and I tempbanned him to lock him out of ADISC, before he could do any more harm, while I continued investigating.

When another staff member provided evidence that supported this, and I saw further evidence in redtails' history, we knew we had caught him, and I made the ban permanent.

Earlier today, another staff member was successful in using legal means to force megaupload.com to remove the zipfile containing our images.

Overall, the archive of our pictures was only available for a few hours before we managed to get them taken down.

I checked the images, and found that they were all branded with the 'ADISC.org' and 'Sharing Forbidden' watermark, but, other than that, there were no identifying marks as to whose pictures they were.

Again, let me re-iterate, do not panic:

  • The picture archive was only available for a few hours. After that, the post linking to where they were stored was removed (so nobody could find them), and in under 24hours, the archive of them on megaupload.com was removed as well.
  • The pictures in the archive were watermarked with ADISC's domain name, so if anyone did see them, they will know that sharing them is forbidden, and thus they are much less likely to be re-distributed.
  • The pictures were saved 'as-is', meaning that they had no identifying information attached to them. In particular, there is nothing in the pictures that identifies the people the pictures are of.
  • redtails has realized that the ADISC staff is very serious about protecting its members' privacy, and so, hopefully, he won't try something like this again. Yes, he still has the zipfile containing the vast majority of our gallery photos, but after experiencing how forceful we were in getting them, and links to them, removed from the public internet, this will hopefully deter him from trying to repost them.
As to redtails himself, I contacted him via email, asking him to explain himself.

Here's what I said:
Moo said:
Yesterday, we found that someone downloaded many ADISC gallery images, and posted them to a public website.
After further investigation, we're almost certain it was you.

Your account is banned, and the whole story (including your username) is going to become public, probably on Wednesday.

Before that happens, however, fairness requires that I give you a chance to defend yourself against the allegations that you perpetrated the worst breach of trust in ADISC's history.
So, here it is. Your chance.
You have until Wednesday (7pm EST) to email me back with an explanation.

-Moo

He replied with this:
redtails said:
Moo,


No, there is no reason or need to defend myself, I would only be lying to both ADISC and myself. The existence of logfiles is known to me.

According to statistics, the said file has been downloaded 0 times. I have erased it off of the filesharing website to prevent possible downloads.

You took the right logical steps. Good luck with your website.

Redtails

With regard to the 'downloaded 0 times' claim, I know he's either lying (most likely) or not getting the right stats, because two staff members did download the files, in order to verify that they were real, and perform a forensic analysis to help with tracking down the culprit.

I also know that he did not erase it. We filed a legal request with megaupload.com to force them to remove the file (yes, we filed the legal request within hours of it being uploaded).
Today, attempts to access the file give an error showing that it was deleted either due to violating their ToS, which I can only assume means it was deleted as a result of our legal request - he did not willingly delete it.

So, given that he was almost certain to be lying to me, I replied with:
Moo said:
The statistics are not accurate. At least two people downloaded it.
I ask that you delete all copies of it, and other gallery images you may have downloaded, including local ones on your computer.

-Moo

We can't know whether or not he has done so, as he has not replied to that email.

We can, however, take comfort from the fact that given the situation, given the situation, the damage was kept to an absolute minimum, due to quick detection, and countermeasures, undertaken by the staff team.

I realize this is probably a severe blow to all of you. Some of you may have known redtails as a friend.

There are still pictures of him in the regulars' gallery, dressed in diapers and babyish clothes.

So, he's clearly an AB.

The sad thing, is that he once posted this:
redtails said:
I won't betray a /b/rother or a fellow infantilist for anything, not even for lulz!

Clearly, he changed his mind about that by the time he posted "I say this is truly for the lulz".

Part of me wishes that I had banned him for his repeated use of phrases like 'lulz', called 'memes', which (IMHO) are usually a good clue that someone is not trustworthy. I diddn't, though, because I felt it unfair to remove him based solely on his chan site membership, without any actual evidence that he did anything wrong.
As you can probably guess, I now wish that I had listened to my gut, rather than the people who were complaining that it was unfair to discourage these 'memes' from being used on the site.

Regardless, what's done is done, and via prompt action by the staff over the last 24 hours, we have kept the damage caused by redtails to an absolute minimum, though inevitably, some damage was caused.

If you want to post something truly private to the gallery, try doing so in a password-protected, private album, the link to which you give only to your friends. Ultimately, VIP status was set up to measure contributions to the site, NOT trustworthyness. Trustworthyness is not something that can be accurately measured by any website, unfortunately.

To create a private album, go here, enter the album information, and ensure you set 'private' to 'yes'. When the album is created, you can upload pictures there, but nobody will be able to see them by default. If you want others to see them, you will need to go to the my albums page, and copy the URL for the album (the long URL, which contains "catp="). This is the URL you give to your friends, enabling them to see the contents of the album. If you wish, you can click 'edit', and then 'regenerate password' to change the password. This will lock out all the existing people you've given the URL to, and if you want them to be able to see the album again, you need to give them the new URL.

I'm not sure of what the solution to this sort of problem is (beyond people being more careful with their images).

I do, however, have some thoughts about what won't work:
* Raising the amount of time, rep points, or rep ratio to become VIP, or creating some kind of super-VIP group. Redtails joined over a year ago, had a ratio of almost 1.2, and 20 rep. Even if we raised the requirements, he'd likely still be included, but some decent members would be excluded. So, I don't think either of these will help us improve gallery security, without a big cost to our community. Raising the VIP requirements might strengthen the incentive for people to post quality stuff (in pursuit of rep), but I don't think it will enhance our gallery security. Targeting the new VIPs and saying that they're unworthy of VIP status is not helpful. They earnt their VIP status just like everyone else.
* Trying to 'run out of town' anyone who seems odd when they sign up. Again people make mistakes in their intro posts. We need time to get to know people. Targeting newbies is not helpful - it creates an atmosphere of hostility, rather than the welcoming friendship of a good community.
* Trying to create some other formula that determines who is and who isn't trustworthy. I don't think any website can truly know if its users are trustworthy or not.

Right now, I'm inclined to leave it up to the individual members who they trust with their pics, rather than having a system that encourages you to give blanket trust to all regulars, or even all VIPs.

I do, however, want to give things two weeks to settle down before deciding on anything. You can reply to this, but in order to avoid a dangerous knee-jerk reaction, I won't be making any decisions on these issues for two weeks. I feel this delay is necessary in order to avoid rushing into a hasty decision.

In exchange for me taking a breather on this one, and not rushing into anything, I ask the same of you.
Please take a deep breath, a chill pill, and give yourself a day or so to calm down, before you reply to this thread. Remember, possibly having a few extra people have access to our gallery images for a few short hours is not the end of the world.
Obviously, I'm not trying to make light of members' concerns that their privacy may have been violated.
I'm simply saying that there's no reason to panic.
Right now, it seems that the situation is under control, and that we should be careful to make any reaction to this a carefully considered one, made calmly, and after we have got over the shock, rather than in the heat of the moment.

Pretty much every site with a gallery has their images ripped off at some point. It is a fact of life on the internet. We will survive, and get past it.
The difference with ADISC is that we dealt with it swiftly, and did everything we could to protect your privacy, including notifying you that it happened.

Thank you all for reading this, and I hope this tragedy will not divide us, but rather, that it will unite us.
 
Messages
3,464
Role
  1. Private
Speaking from a strictly mediative perspective, I'd just like to quote something for emphasis.

Please take a deep breath, a chill pill, and give yourself a day or so to calm down, before you reply to this thread.


Don't fill this thread with hate and backlash, I'm sure we all feel that to some degree, so no need to entertain what he's done. I urge you all to be mature and constructive in your replies.
 

Dream

Est. Contributor
Messages
2,296
Role
  1. Diaper Lover
  2. Carer
One suggestion I can make is removing all his pictures from gallery and his msn, aim, and home page from his profile before someone post his stuff on sites to get revenge at him or something.

I have more to said but it 3:00 am and I need the sleep :/. So I'd post some more tomorrow.
 

Spiro910

Est. Contributor
Messages
381
Role
  1. Diaper Lover
  2. Babyfur
I'm sorry for what happened, but really happy about the swift steps the staff followed to get the images removed from MU.

Thanks :)
 
F

FullMetal

Guest
Who were the four pictures of?

Sorry, this is making me extremely uneasy.

FullMetal
 

Martin

Est. Contributor
Messages
3,833
Role
  1. Adult Baby
  2. Diaper Lover
  3. Little
One suggestion I can make is removing all his pictures from gallery and his msn, aim, and home page from his profile before someone post his stuff on sites to get revenge at him or something.

I have more to said but it 3:00 am and I need the sleep :/. So I'd post some more tomorrow.

He's banned so his contact information isn't available anymore

Who were the four pictures of?

Sorry, this is making me extremely uneasy.

FullMetal

The people of those four pictures know it.
 

Raccoon

Est. Contributor
Messages
4,161
Role
  1. Diaper Lover
  2. Diaperfur
I feel ill.
I considered redtails a friend.
I hate to say I told you, I mean I really really hate to say I told you so.

While ADISC 2 may not be the answer to such threats, we now know such threats are not only potential, but imminent.

What really disturbs me is that, sure 'nuff, Redtails had been a year old, 20 rep guy who never hurt nobody, though he had some personal issues (which he aired publicly.) So what could make him turn on us? Obviously approval seeking. Clearly approval from us started to matter less, and he turned to a place whose approval mattered more to him. This could be to do with him, and his troubled mind. It may also be that the nature of ADISC had changed, so he valued it less, and felt alienated from it. Another anecdotal symptom of creeping malaise. If you respond to this post specifically, please do first read
 
Messages
1,240
Role
  1. Diaper Lover
  2. Carer
  3. Private
I'm glad the immidiate problem was taken care of, but don't you think someone should lurk on that sight for a little bit to see if anyone re-posts the pictures? Otherwise this was a pritty cool story. Quick and amazing work by our staff.
 

Rissy

Est. Contributor
Messages
1,148
Role
  1. Diaper Lover
  2. Little
Meh... whatever...
Redtails was only proving a point...
 

closet dl

Est. Contributor
Messages
541
Role
  1. Diaper Lover
Moo,

Thank you and all the staff for your rapid and thorough investigation and action. Your interest in protecting the members' privacy is one reason this site is successful.
 
B

Butterfly Mage

Guest
Meh... whatever...
Redtails was only proving a point...

Considering that Redtails was here over a year and had a moderately high REP, all the finger-pointers who wanted to change the VIP system to be more exclusionary still wouldn't have protected themselves from Redtail's betrayal of our community. The security breach didn't come from a newbie. It didn't come from a recennt VIP promotee. It came from someone firmly establlished, with 42 registered friends, 20 REP, and hundreds of posts. This should be a lesson to the finger-pointers that a traitor can just as easily be one of your clique as anybody else.
 

Darkfinn

Banned
Messages
3,676
Role
  1. Diaper Lover
  2. Incontinent
Again... may I suggest that we remove the rep system completely. If you want to make VIPS or some other "exclusive" group of old-schoolers with increased special privaleges let's do it on a case-by-case basis... and not have a set system, because all systems can be abused.

Secondly... this is really what happens when you post your images online for public viewing. Even if you think it is safe it gets out eventually. It just takes a click of a button to save or copy an image and spread it anywhere. POSTER BEWARE.

Edit: Personally I think we should ban and block any member here who is also a member of any of the "chan" sites. I know we have ways of determining this.
 

chevre

Est. Contributor
Messages
1,434
Role
  1. Diaper Lover
Wow, honestly I did not think you would find the culprit (mostly because I didn't expect cooperation from any chan-site, though I guess the megaupload thing may have been enough). So, bravo!

But yeah, like Moo said, this was perpetrated by a long-standing user who had all the marks of a VIP, and not the maligned "quickie VIP" who got in after two weeks, nor the "fringe VIP" who has just the bare minimum requirements. The bottom line is that, though these things might make us feel better, they do nothing in terms of security.

Anyway, I must express my surprise that it was redtails. I never knew him very well, but he always seemed pretty decent. I guess it just goes to show that appearances may be deceiving.
 

Talula

Est. Contributor
Messages
3,344
Role
  1. Private
Moo,

Thank you and all the staff for your rapid and thorough investigation and action. Your interest in protecting the members' privacy is one reason this site is successful.

This.

I too feel really quite awful, I thought I knew him. I talked to him outwith here and he always seemed to me like a good well-balanced guy. I shred with him a lot, and I thought he was sharing with me too, but now I doubt that.

I just don't understand how anyone would or could turn against such a great community so quickly? :( :dunno:
 

Pojo

Est. Contributor
Messages
5,919
Role
  1. Private
I found out Redtails (through him on MSN) did this yesterday. I didn't really think he would do this, as we had talked through PM for over 700 messages (I don't believe he ever mentioned the gallery though). Either way, I removed all of my pictures that I know of from this site. I'm sad that I can't seem to trust anyone, and I don't think I will ever post pictures of myself on here again.
 

babibear

Est. Contributor
Messages
445
Role
  1. Private
It is with great sadness that I announce a despicable act by one of our (now former) members, redtails, that led to his being banned.

Ahh, I was wondering why he had banned under his name, yet still seemed to be able to post. A bummer for sure since I did have a short conversation with him a while back.

Oh well, you just can't tell with some people.

And I'd somewhat agree with semantics and use of lulz and other such l33t phrases. It's far too often an 'indicator' :/
 
Messages
3,351
Role
  1. Private
I see that redtails also had his identity verified.

Which means, I suppose, that mods/admins would know to beat his face in if they saw him in public.
 
B

Butterfly Mage

Guest
I see that redtails also had his identity verified.

Which means, I suppose, that mods/admins would know to beat his face in if they saw him in public.

It also goes to show you that the idea that an ID-Verified person is automatically trustworthy is an idea that doesn't hold water.
 

babibear

Est. Contributor
Messages
445
Role
  1. Private
I see that redtails also had his identity verified.

Which means, I suppose, that mods/admins would know to beat his face in if they saw him in public.

I was wondering this morning just what happens to those verification photos we submit. Erased after verification or?
 
Status
Not open for further replies.
Top