Wednesday, October 22, 2014

TV Tropes: where you have no privacy.

One of the things I find creepy and infuriating about TV Tropes is the fact Fast Eddie has full access to your private messages, quite possibly as you are typing them, whenever he wants.

For those who don't know why that's a bad thing, here's a hypothetical: He passes a decision you and a friend don't like, but you want to be smart and swap notes on how to peacefully object to the change and convince him to reconsider. He gets wind you might be a 'traitor", reads your PMs, and next thing you and your buddy know, you are suddenly "Google bounced" and can't even read the site, and you have no idea why.

If that sounds the slightest bit scary or disturbing, it should, because that means you have zero privacy, even though the feature is called "PRIVATE Messaging".

Now, to be absolutely honest, wikis are not platforms designed with privacy in mind, and even though most people are wise enough not to put private info on public pages, any private account info like passwords and real names are accessible via the database, which is still accessible by those with shell access to the wiki.

However, this is not usually a threat because most MediaWiki installs require very high privileges to even look at the database info (and that's encrypted), and those that can access that information are usually staff members who usually are forced not to reveal that info for any reason except to comply with law enforcement.

For instance, I have shell access to the Orain servers, and even though I only have limited access to the MediaWiki servers, I still have access to a lot of private info, but to get that private info access, I was forced to send proof of my IRL name, address, and contact info to verify my identity and so to give Orain something to hand law enforcement if I looked up private data without just cause. In fact, if I do look up private data without just cause, not only could I lose those rights, I could be in a crossbar apartment if I do anything illegal with that information.

That said, I am legally and morally answerable to Orain and laws protecting the privacy of our users. Further, I have a conscience and ethics, and causally accessing data that was never intended to be shared with me except under exceptional circumstances is something I'm not corrupt enough to do on a whim.

However, Fast Eddie has no such restrictions, and while he supposedly is the only one with these rights, TV Tropes is so secretive about the restraints put on their moderation you have no clue who actually has access to that data. On the other hand, organizations like the Wikimedia Foundation and Orain have clear privacy policies that have legal weight.

Worse, TV Tropes has, by Fast Eddie's own admission, NO SECURITY WHATSOEVER. They do not route through SSL, they do not use HTTPS, and even the passwords have no encryption whatsoever and are still stored in plaintext any unscrupulous turd could steal and thus hijack accounts with.

Why people would trust the private communications feature of a site where you have no guarantee against abuse of your privacy, I have no idea, but frankly, I find that disturbing, and given the amount of censorship this imposes on respectful dissent against the moderation (which I believe is healthy to prevent the moderation becoming god complexed egomaniacs), terrifying.

Update: Shortly after writing this, it was posted on their Ask the Tropes pages that ordinary moderators as well as Fast Eddie can read private messages.

6 comments:

  1. How is he getting away with all of this?!

    ReplyDelete
    Replies
    1. Short version: He owns the site and no one has sued him over this sort of thing, more or less.

      Delete
    2. Is there any way to get his advertisers to turn on him, since they're the only people he answers to?

      Delete
  2. There has to be something...maybe you could secretly make a sockpuppet account to call him out on it in Wiki Talk?

    ReplyDelete
  3. No. Fast Eddie told me never to post on his wiki again, and I promised I wouldn't, and I have no intention on going back on my word.

    ReplyDelete
  4. It's hard to just sit on the sidelines and pray for his viewership, isn't it?

    ReplyDelete

Gamergate 2 is on, and I want no part of it

 This will not be a long post, but I just want to make clear, as someone who was involved in the first go-round of Gamergate, I want no part...