We had a server outage, and we're rebuilding the site. Some of the site features won't work. Thank you for your patience.
imc indymedia

Los Angeles Indymedia : Activist News

white themeblack themered themetheme help
About Us Contact Us Calendar Publish RSS
Features
latest news
best of news
syndication
commentary


KILLRADIO

VozMob

ABCF LA

A-Infos Radio

Indymedia On Air

Dope-X-Resistance-LA List

LAAMN List




IMC Network:

Original Cities

www.indymedia.org africa: ambazonia canarias estrecho / madiaq kenya nigeria south africa canada: hamilton london, ontario maritimes montreal ontario ottawa quebec thunder bay vancouver victoria windsor winnipeg east asia: burma jakarta japan korea manila qc europe: abruzzo alacant andorra antwerpen armenia athens austria barcelona belarus belgium belgrade bristol brussels bulgaria calabria croatia cyprus emilia-romagna estrecho / madiaq euskal herria galiza germany grenoble hungary ireland istanbul italy la plana liege liguria lille linksunten lombardia london madrid malta marseille nantes napoli netherlands nice northern england norway oost-vlaanderen paris/Île-de-france patras piemonte poland portugal roma romania russia saint-petersburg scotland sverige switzerland thessaloniki torun toscana toulouse ukraine united kingdom valencia latin america: argentina bolivia chiapas chile chile sur cmi brasil colombia ecuador mexico peru puerto rico qollasuyu rosario santiago tijuana uruguay valparaiso venezuela venezuela oceania: adelaide aotearoa brisbane burma darwin jakarta manila melbourne perth qc sydney south asia: india mumbai united states: arizona arkansas asheville atlanta austin baltimore big muddy binghamton boston buffalo charlottesville chicago cleveland colorado columbus dc hawaii houston hudson mohawk kansas city la madison maine miami michigan milwaukee minneapolis/st. paul new hampshire new jersey new mexico new orleans north carolina north texas nyc oklahoma philadelphia pittsburgh portland richmond rochester rogue valley saint louis san diego san francisco san francisco bay area santa barbara santa cruz, ca sarasota seattle tampa bay tennessee urbana-champaign vermont western mass worcester west asia: armenia beirut israel palestine process: fbi/legal updates mailing lists process & imc docs tech volunteer projects: print radio satellite tv video regions: oceania united states topics: biotech

Surviving Cities

www.indymedia.org africa: canada: quebec east asia: japan europe: athens barcelona belgium bristol brussels cyprus germany grenoble ireland istanbul lille linksunten nantes netherlands norway portugal united kingdom latin america: argentina cmi brasil rosario oceania: aotearoa united states: austin big muddy binghamton boston chicago columbus la michigan nyc portland rochester saint louis san diego san francisco bay area santa cruz, ca tennessee urbana-champaign worcester west asia: palestine process: fbi/legal updates process & imc docs projects: radio satellite tv
printable version - js reader version - view hidden posts - tags and related articles

Mr

by Jim West Friday, Dec. 06, 2002 at 6:22 PM

A possible opportunity for someone to cause Little Green Footballs some grief. Copy of posting to LGF site under "Got another One"

Totally of topic but pretty interesting for anyone posting at LGF and interested in PRIVACY and LAW SUITES.

First of all, my sincerest thanks to h-man for explaining how you could ascertain my nationality from my postings (and #82 as well). I admit I would never have guessed it or looked for it in a million years.

There I was entertaining a bit of a conspiracy theory about some asshole actually having access to the LGF server, and using REMOTE_ADDR to get the IP address, then running that through one of those "use the IP address to get the country" services. But h-man was implying that the "professional" web designers at LGF would be so negligent as to post the email address given back into the generated HTML.

Surely not, I thought. Surely the email address was for LGF's use, so they could check that you were a real person, with a real email address, and maybe so that they personally could fire a little warning shot over the bow if the postings got too OTT. I mean, if its real intended purpose was so that any one could contact you, surely it would be posted visibly below the main body of your posting, so you knew the deal. I mean, what would be the point of slightly hiding the email address, so that the casual user didn't suspect that it was public knowledge for any semi technically literate wannabe geek with too much time on his hands, right?

But no, h-man was right. There it is, directly readable for anyone who can hit view then source. I was staggered at such an obvious oversight, and was about to write to LGF to complain, but first I did a bit more checking. I mean, there was a legitimate use to which they were putting the email address, e.g. checking that the posters actually had email addresses and could be contacted. But no! put in a totally bogus email address, and it works just fine. Just check it out here in the source code under jimwest@totally.bogusadd.com. Things just kept looking weirder.

Of course, it had dawned on me by then that I should check my email, and sure enough a couple of semi-techno pin-dicks (or one semi-techno pin-dick with 2 accounts), with a deep cmmitment to free speach as long as it is theirs, was were already launching mass hate-mail (although it looks like the useless fuckers are actually sitting there clicking away at a send button. Never mind, I suspect more high tech attacks are to come).

Oh well, I fucked up, I trusted LGF. Serves me right, the email address is voluntary, etc, etc. I'm sure I've got h-man's sympathy at this point. (Yeah, fuck you too).

By this point I was sufficiently pissed of to start to thinking conspiracies yet again, but I now discount that idea again. I simply can't believe anybody sufficiently devious to do this with malicious intent would be stupid enough not to see the following scenarios:

1) The system would be used (misused) exactly as it is being used against me, and without serving a useful purpose that I can discern. After all, if people are intending for their email addresses be publically posted on such a contraversial site, wouldn't LGF display it below the post? Admittedly, this scenario is not too important, as most of the targetted couldn't really give a shit, and aren't going to expend much energy in retaliation.

2) That on such a controversial site, the facility could be easily be used as follows: Small business A doesn't like it's competitor, B, and decides to attempt to compromise said competitors email ordering side. Business A goes to the LGF site and makes highly controvrsial posts, guaranteed to attract flood of hate mail and other garbage. Wiley Business A uses competitors email address. This is a more serious scenario.

3) Enterprising young lawyer, motivated by greed, actively encourages and colludes in the scenario outlined in 2) above, as a sham, with the ultimate aim of all getting to share in damages against LGF. It may not be motivated by greed. I rival site such as some of the lefty anti-war bloggers might be motivated by the same respect for freedom of speech demonstrated by some of LGF's own posters. This could be more serious for LGF.

These scenarios seem all too simple and open to exploitation, I'm sure there are flaws there. But I really would be intrigued to know the original intended purpose of the email field. I'd enjoy feed back from LGF posters (hell, I'm already getting plenty from the under employed amongst you). I really think it's a "bug" that deserves immediate attention.
Report this post as:
Share on: Twitter, Facebook, Google+

add your comments


© 2000-2018 Los Angeles Independent Media Center. Unless otherwise stated by the author, all content is free for non-commercial reuse, reprint, and rebroadcast, on the net and elsewhere. Opinions are those of the contributors and are not necessarily endorsed by the Los Angeles Independent Media Center. Running sf-active v0.9.4 Disclaimer | Privacy