Cole, Don’t Be Such A Prude

Unlike Cole, I think this is pretty close to right. These celebrities who had their cloud data leaked were young people in long-distance relationships. I was young once, and I was in a LDR, and if we had smartphones, you’d be damn sure that we’d have been sending naked pictures back and forth. As far as I’m concerned, that’s natural and expected behavior for people in those kinds of relationships.

So, I’m not looking at this as some failure of self-control, but rather a failure of security at Apple, and a general failure of the cloud providers to give users a clear picture of what they’re storing online from their phones.

This breach appears different from other recent celebrity “hacks” in that it used a near-zero-day vulnerability in an Apple cloud interface. Instead of using social engineering or some low-tech research to gain control of the victims’ cloud accounts, the attacker basically bashed in the front door—and Apple didn’t find out until the attack was over. While an unusual, long, convoluted password may have prevented the attack from being successful, the only real defense against this assault was never to put photos in Apple’s cloud in the first place. Even Apple’s two-factor authentication would not have helped, if the attack was the one now being investigated.

Because Apple and other devices automatically upload so much to the cloud, by default—including full phone backups, which, if an account is compromised, could be downloaded by an attacker onto another device—these personal cloud services are particularly dangerous. Their usability in terms of content management is poor at best—does anybody really know what’s sitting in Apple’s or Google’s data stores from their phones? This, combined with ongoing threats like carefully-crafted phishing attacks and large-volume password cracking, makes it especially hard to protect mobile data in a world where everything on your phone is already on the Internet, protected only by your login credentials.

I have a Google device, and the rest of my family has Apple devices. Apple pushes cloud backup harder than Google, and from what I can tell, Apple’s cloud backup is less predictable than Google’s, but both of them don’t have a real clear way to opt certain pictures or videos out of the cloud. Google has an “incognito mode” on its Chrome browser – what’s needed here is an “incognito mode” for pictures and videos. Images taken in this mode would stay only on the device, and only be sent to places the phone owner sends them. If some jilted lover releases a picture to the Internet, we can blame the judgment of the person who sent the picture to an undeserving asshole. But when some hacker can get at pictures that were never meant to be anywhere other than someone’s personal device, then the blame for that should rest squarely with Apple.

Share On Facebook
Share On Twitter
Share On Google Plus
Share On Pinterest
Share On Reddit






292 replies
  1. 1
    cleek says:

    people simply need to recognize and acknowledge one little truth: “the cloud” = “someone else’s computer”

    when you take a picture, ask yourself “would i put that picture on someone else’s computer?” if the answer is No, then you shouldn’t put that picture on ‘the cloud’.

  2. 2
    David Fud says:

    Can anyone explain why two factor authentication would not have prevented this? It is specifically mentioned and I use that with a cloud backup service I use. If it is correct that 2FA wouldn’t have helped, I need to rethink what I am doing.

  3. 3
    ruemara says:

    1. Exactly. 2. If you don’t know there’s a cloud backup, you can’t make a decision that you don’t want it on someone else’s computer.

    @David Fud: because the nature of the hack wasn’t about stealing identity, it was essentially just breaking down a door and grabbing things.

  4. 4
    bbleh says:

    Yeah, this really seems to come down to what expectation of privacy is reasonable, aka assumption of risk.

    Is it reasonable to expect 100% security when you store in the cloud? No, and the prevalence of news about hacking and data loss would undermine any claim to that effect, I think.

    Is it reasonable to expect 0% security? Again I think no, based on advertisers’ claims and the existence of multiple verification steps, which again I think would undermine any such defense, no matter what the fine print may say.

    So where is the balance point? Personally, I never send anything — print document, email, text, image, ANYTHING — that I want to remain “completely secure.” Documents and data persist and are accessible to other people by one means or another, full stop. If I want it private, I say it in person. If I want it almost-for-sure private, I might say it over the phone, or even via IM. But otherwise, it’s a risk.

  5. 5
    Bobby B. says:

    Same as with the internet. Either you surrender your soul to God (The Corporation) or do without the internet. I am a member of the First Holy Church of Teeth-Grinding Impotent Rage. Wherever two are gathered in my name…

  6. 6
    Robert Sneddon says:

    There is a common delusion most Western folks have today, an expectation of privacy. There is no privacy, not any more if someone, anyone is willing to put a bit of effort into invading your personal or data space. The NSA may have a budget of billions to do this to persons of interest but “Tristan”, the reputed 15 year old boy living with his parents and supposed perpetrator of the Big data Leak Du Jour did it on a whim in his spare time, and there are thousands if not millions who are doing the same thing, because they can. People in the public eye have lived with paparazzi for centuries and have either grown a thick skin, hired professional security or become recluses since there’s no way to stop the intrusions, not even using the law.

    This “failure” by Apple is the way the iCloud operation is meant to work, to preserve data if a customer’s Apple device got lost and the only copy of that data was in its memory. There’s also the sync feature where someone can look up their selfies on any Apple device they own, a Big Thing used to sell connected-cloud data storage to people. Expecting perfect privacy while broadcasting such images across the internet for your own convenience is, well, optimistic.

  7. 7
    chopper says:

    @cleek:

    indeed. even your phone isn’t the smartest place to keep them. phones get lost or stolen all the bloody time. that doesn’t mean ‘don’t take those sort of pictures’.

  8. 8
    BGinCHI says:

    When you look up “First World Problems” in the dictionary, this should be the entry.

  9. 9
    constitutional mistermix says:

    @cleek: Yeah, but I hope you’ll agree that the UX on putting stuff into the cloud from a smartphone needs some work.

    @chopper: The countermeasure is remote wipe and having a passcode on the phone. Not perfect, but at least you know you phone was stolen, unlike your cloud data.

  10. 10
    am says:

    There is no need to try to reduce this to either slut-shaming or personal failings of people whose photos were leaked, and trying to do that isn’t going to go anywhere.

    If someone snail mailed polaroids of themselves to someone else through USPS, they would have every expectation of privacy, too. But envelopes break and even if they don’t you have to assume that rarely bad people make it through the hiring process. This isn’t victim blaming, this is just how I approach things in order to safeguard myself from bad people

    Things *I* don’t know about the circumstances are whether this was an inside job at iCloud (administrative tools are usually much more powerful than external apis), whether it really was a hack of Apple per se (maybe they used the same passwords as other services, and those other service were hacked), or what Apple’s ‘delete’ policy is.

    As other people have said, data lives a long time for a lot of reasons (what if a pedophile had deleted pictures of abuse? then cloud providers have to deal with the Nancy Graces of the world..). But everyone should be aware that delete can be as simple as setting a ‘deleted’ flag in a database. Even at a filesystem level it can just be unlinking an inode and all the bits can still be present. Data can be on backups, hard drives taken out of rotation… don’t rely on things being deleted.

  11. 11
    Steppan says:

    @cleek:

    So if someone hacks another website and steals your bank account info, because you bought something online once, you were stupid for ever purchasing anything online because your CC number is now out there somewhere?

  12. 12
    cleek says:

    i had a pass code on my iPhone until last week, when my phone stopped letting me enter the pass code every 3rd or 4th time i tried to use the phone. it would just lock up.

    so, no more pass code.

  13. 13
    different-church-lady says:

    Stop trusting the fucking Cloud. What is so hard about this?

  14. 14
    JGabriel says:

    OT, but The Washington Post has announced a new publisher:

    Washington Post owner Jeff Bezos is replacing Publisher Katharine Weymouth with Frederick J. Ryan Jr., a former Reagan administration official who was part of the founding leadership team of Politico, a primarily digital news organization that competes with The Post on political coverage, the company announced Tuesday.

    So WaPo will now be run by the Reagan-era political operative who co-founded Politico – because we all know how objective news outlets become when run by Republican political operatives (cf. Fox News).

    On the other hand, editorially, I’m not entirely sure that anyone will notice the change.

  15. 15
    SarahT says:

    @BGinCHI: BINGO

  16. 16
    C.V. Danes says:

    The cloud is a public commons, and I would not post anything there that I care gets stolen or misappropriated. No matter how secure the lock, there’s always someone out there who can pick it.

  17. 17
    different-church-lady says:

    @Steppan:

    …you were stupid for ever purchasing anything online because your CC number is now out there somewhere?

    Yes.

    Unfortunately the entire world is now stupid, and we have no choice but to go along with it.

  18. 18
    cleek says:

    @Steppan:
    the CC company will eat the loss and send me a new card. happens about once every 12 months to me, or to my wife. it’s a price everybody involved is willing to pay.

    there’s no such recourse if your nudie pics get leaked.

    the only thing i put on ‘the cloud’ are notes that i write to myself. i use Google Docs as a notepad. but nothing important goes there, nothing incriminating or potentially embarrassing. only reminders, sketches, ideas.

  19. 19
    Pharniel says:

    @swiftonsecurity (or if you prefer the long form Infosec Taylor Swift) has been all over this.

    It’s perfect for Balloon Juicers as it has the right amount of cynical jaunty wit combined with enough actual information.

  20. 20
    different-church-lady says:

    Because Apple and other devices automatically upload so much to the cloud, by default—including full phone backups, which, if an account is compromised, could be downloaded by an attacker onto another device—these personal cloud services are particularly dangerous.

    Not if you don’t have a cloud account in the first place.

  21. 21
    Steppan says:

    @cleek:

    Yeah, the CC company or bank has recourse, but it’s the same logic, and it ultimately boils down to “something bad could happen, don’t do anything!”.

    Saw it phrased pretty well I think somewhere else (responding to more direct “it’s their fault” accusations than here, mind):

    People are reacting like the celebrities are on the same level as someone who dives into the ocean wearing a beef wetsuit and then acts all surprised when he gets attacked by a shark, but I think they’re more like a pedestrian who has the right of way at a traffic signal being surprised when he’s struck by someone running the red light. Yeah, you know when you step out into the street you might get hit by a car, but under certain circumstances you just don’t expect it, and you certainly wouldn’t blame the pedestrian rather than the light-runner.

  22. 22
    boatboy_srq says:

    @cleek: Us Olds remember when the same equation was used to describe all the Interwebz, including AOH#ll/Faceplant/MyFace/Twitterpate/sTumbld.

    OTOH, in this age of aphrodisiac-and-floorwax-in-one tech gadgetry (it’s a phone! it’s a GPS! It’s a camera! it’s a Thumb! [see Hitchhiker’s Guide to the Galaxy]), it’s difficult to wag a finger at folks who get caught up in the shininess of it all. Dunham’s right that this isn’t hacking – it’s a sex offense – and treating it as the original posters’ fault doesn’t help as much as we’d like. “Don’t post stuff that could be embarrassing” isn’t far removed from “don’t wear that short skirt and those heels”. We really need to find good language to encourage caution without shaming the folks who don’t abide by the advice.

    This is also why I shudder slightly when businesses (including my employers/clients) talk about “moving to the cloud”. Your own security may be sh!tty, but at least it’s yours, and when it gets blown through like the tissue it is you can at least make substantial changes – even if it’s only replacing Kleenex with Brawny. What do you do when your provider’s security gets similarly hacked? There are three choices, none of them good: 1) work with the provider for better security (ha!), change providers (more of the same) or bring the functions back in-house (and go back where you started).

  23. 23
    John Cole +0 says:

    A.) I never said they shouldn’t take pics. I said, quite clearly:

    “I still don’t know why anyone would run around with nude selfies of themselves on the phone or stored to the cloud, but the fact that people did try to delete them should mute the musings of fatheads like me. ”

    B.) I don’t think it is being a prude to note that celebrities are going to be at heightened risk for this sort of thing happening, and should be smarter.

    C.) Before you fucking distort what I said in B.) as you have my original post, explain to me how these statements are mutually exclusive:

    “Having nude selfies hacked and published is an egregious violation of privacy.”

    “The hackers should be found and punished.”

    “Keeping nude selfies on your phone or stored on the cloud is insecure and considering how many other phones have been hacked in the past few years, you probably should realize that the only way to keep your privacy completely is to not store them on your phone or on the cloud. ScarJo and Blake Lively say HI!

    “Ignorance of what the cloud is is no excuse. Maybe you should think about where you are storing sensitive information.”

    “Having nude selfies published against your will is not the same thing as being raped. Traumatic and horrifying, yes. Rape? No.”

    D.) If Lena Dunham is the standard by which we define prudishness, most everyone in the country (with the exceptions of porn stars, the naked cowboy, most of the people at Burning Man, and my freshman roommate who would take off all his clothes and streak every time he got drunk) is by comparison a prude.

    Seriously. Find some other target to use in your war on straw. I’m not the fucking enemy- I’m sure if you wandered outside this sanctuary to reddit or 4 chan or Gawker, there are people saying actual offensive things, and you won’t need to lie about what I am saying.

    And were I to bother with a rebuttal post, I would title it:

    “Mistermix- Don’t Be Such An Asshole- There’s Enough Wrong Here That You Don’t need to Distort and Make Shit Up.”

    Nothing I have said is remotely controversial, and while you are entitled to your own opinions, you are not entitled to make up my opinion.

    Flame away.

  24. 24
    chopper says:

    @cleek:

    right. and if your card had no fraud prevention of any sort, it would be really stupid to buy shit online with it.

  25. 25
    John Cole +0 says:

    @cleek:

    people simply need to recognize and acknowledge one little truth: “the cloud” = “someone else’s computer”

    when you take a picture, ask yourself “would i put that picture on someone else’s computer?” if the answer is No, then you shouldn’t put that picture on ‘the cloud’.

    Sexist prude. Why do you hate women?

  26. 26
    different-church-lady says:

    Gee, I wonder whatever happened with that Ferguson thing everyone used to talk about.

  27. 27
    cleek says:

    @Steppan:

    but it’s the same logic, and it ultimately boils down to “something bad could happen, don’t do anything!”.

    not quite. it’s not “don’t do anything, it’s “be aware of what you’re actually doing”.

    if you’re cool with putting incriminating or embarrassing stuff under someone else’s control, go for it.

    i’m opting out.

    @John Cole +0:
    Sexist prude. Why do you hate women?
    bad upbringing, probably

  28. 28
    C.V. Danes says:

    @Robert Sneddon:

    There is a common delusion most Western folks have today, an expectation of privacy.

    The expectation may be a delusion, but the right to privacy is very real and necessary for a democracy. By ceding the right to privacy, people are also ceding the right to freely associate without the prying eyes of the government or others.

  29. 29
    Steppan says:

    Though really, any question of the intelligence of the decisions involved aside, holy crap this should be an incredibly embarrassing security breach for Apple. But they’ll get more slack than Google and waaay more slack than Microsoft would for the same problem, because Apple.

  30. 30
    chopper says:

    @Steppan:

    Yeah, the CC company or bank has recourse, but it’s the same logic, and it ultimately boils down to “something bad could happen, don’t do anything!”.

    no, that’s not it at all. the ‘something bad’ in regards to using your CC number online is a relatively minor inconvenience. you don’t lose any money, and you have to get a new card. it isn’t like having naked pictures of yourself all over the internet.

  31. 31
    different-church-lady says:

    @cleek:

    not quite. it’s not “don’t do anything, it’s “be aware of what you’re actually doing”.

    Corollary: be aware of the level of risk and act appropriately.

    Every credit card purchase puts you at risk. So maybe don’t use your credit card for every fuckin’ three dollar purchase at the convenience store because you’re too damn lazy to go to the bank every once in a while and get some cash.

  32. 32
    John Cole +0 says:

    The other thing that pisses me off about this fucking preposterous straw man MM has built is the short skirt thing- like I even remotely suggested they had it coming. Anyone who thinks I intimated that can show me where or toss off.

  33. 33
    Robert Sneddon says:

    @Steppan: Microsoft’s and Amazon’s and Google’s own cloudy-woudy offerings are probably as secure or insecure as Apple’s iCloud, it’s just the Cupertino Glass Doughnut’s turn in the spotlight since it was celebrities with iPhones who got exposed this time. Convenient to use or sorta-secure, choose one and only one.

  34. 34
    chopper says:

    @different-church-lady:

    exactly. the whole thing is weighing varying levels of security with varying levels of risk. there only real ‘underlying logic’ to it is ‘the bigger the risk to you, the more secure the interaction should be’.

  35. 35
    Cacti says:

    The hackers who did this shouldn’t be punished.

    Information wants to be free, man.

  36. 36
    constitutional mistermix says:

    @John Cole +0:

    And were I to bother with a rebuttal post, I would title it:

    “Anne Laurie- Don’t Be Such An Asshole- There’s Enough Wrong Here That You Don’t need to Distort and Make Shit Up.”

    Nothing I have said is remotely controversial, and while you are entitled to your own opinions, you are not entitled to make up my opinion.

    Flame away.

    I like your title, run with it.

  37. 37
    OzarkHillbilly says:

    I started out in the same camp as Cole, but after thinking about it I am far more sympathetic to the persons so abused. Can anyone tell me where I can see the naked pics of JL so I can affirm my outrage? (too soon? OK OK, I’ll take off my snarksexist hat). Seriously, this is one of those things that just shouldn’t be. A person has the right to choose who they share their body with, nobody else does.

  38. 38
    Mike in NC says:

    @JGabriel: WaPo continues to circle the drain. Film at 11.

  39. 39
    Violet says:

    @John Cole +0:

    And were I to bother with a rebuttal post, I would title it:

    “Anne Laurie- Don’t Be Such An Asshole- There’s Enough Wrong Here That You Don’t need to Distort and Make Shit Up.”

    @John Cole +0:

    The other thing that pisses me off about this fucking preposterous straw man AL has built is the short skirt thing- like I even remotely suggested they had it coming. Anyone who thinks I intimated that can show me where or toss off.

    I thought mistermix wrote this post. Not AL.

  40. 40
    Mandalay says:

    @John Cole +0:

    this fucking preposterous straw man AL has built

    AL???

  41. 41
  42. 42
    C.V. Danes says:

    @Steppan: Exactly. People who use Microsoft products have no illusion that technology will always work, because the BSOD is only ever one bad driver install away at any given time. People pay the price premium for Apple products because they just work (mostly) without having to deal with the notoriously painful setup issues that MS folks have had to deal with. It would be most embarrassing for Apple, but folks who have a vested interested in their Apple gear would just say: How is this different than Microsoft? To which my response would be: what are you paying your price premium for, then?

  43. 43
    Belafon says:

    @different-church-lady: Some wingers are now trying to come up with evidence to say that Browns friend was also attacking the cop. Something about how he had a bracelet that turned up missing later. Because, as we know, the cop had a real tendency to let people go that attacked him.

    Trying to smear the star witness.

  44. 44
    Jerzy Russian says:

    @Violet: Anne Laurie wrote a lengthy comment to Mr. Cole’s post from last night, and I assume Mr. Cole was talking about that.

  45. 45
    Sanjuro says:

    I show my age here, but when I was young there was still such a thing as a Party Line telephone service. Two or more separate households shared one telephone line and telephone number. When the phone rang it may be for me or one of the other parties. Also you could just pick up the phone to make a call and hear a conversation already in progress between other parties on the line. Consequently you had to be DISCREET about conversations because you never knew if somebody was listening in or not.

    Although today there is more security involved in point to point voice/data communication and security of data storage, it is pretty obvious from the daily/weekly/monthly reports of security breaches that 100 percent secure data is not a reality and that NO ONE should fully trust that any data stored online is secure from being hacked and abused. Some things you cannot control (financial transactions) and some things you can (personal pics). So you need to either not upload data/sensitive pics that can/will be hacked or you need to encrypt each and every one before sending it to the cloud. Even then encrypted data/pics can be hacked.

  46. 46
    OzarkHillbilly says:

    @John Cole +0: Uhhh John? Anne didn’t write this post.

  47. 47
    Belafon says:

    @Mandalay: I guess it sounded like an AL post. Even the owner forgets to check who wrote the article.

  48. 48
    Violet says:

    @Jerzy Russian: I know she did but mistermix wrote this post and Cole didn’t mention him. I’m confused.

  49. 49
    John Cole +0 says:

    @constitutional mistermix: God damnit. Apologies to AL. She emailed me the same thing last night and I thought it was her posting this. I should have known better.

    That’s also what I get for reading this website on my ipad and not paying attention author names.

  50. 50
    Punchy says:

    OT: This needs a front page discussion. Oh my. Holy shit. While it’s all man bites dog, I cant believe they’d be so blunt about it.

  51. 51
    Waynski says:

    @Steppan:

    So if someone hacks another website and steals your bank account info, because you bought something online once, you were stupid for ever purchasing anything online because your CC number is now out there somewhere?

    This. I’m a helluva lot more worried about that. Although, my wife and I occasionally go to the nude beach, so the nudity thing is no big deal to me. I wouldn’t care if someone spread a nude picture of me across the Intertubes. I doubt it would get very many clicks, but my financial information is another story. The wife and I were victims of identity theft once. You really want to feel naked. Have that stuff happen to you. You have to protect people’s privacy. Period.

  52. 52
    cleek says:

    @John Cole +0:
    beatings for everybody, then!

    i’ll fetch the cat-o-9

  53. 53
    John Cole +0 says:

    @Mandalay: @Violet: @Belafon: Guilty as charged. She emailed me this link last night and I thought this was a continuation.

  54. 54
    Jade says:

    John Cole is a rock star. A movie star is reading everything he writes and responding breathlessly. GO JOHN WITH YOUR BAD SELF. You are no longer man meat for the political crowd only.

  55. 55
    Marcelo says:

    It’s more than just a violation of privacy to me. The attitude behind the leak is one of having defeated someone, having invaded their personal private space and stolen something that isn’t meant for us.

    This article in Esquire sums it up the absolute best for me: http://www.esquire.com/blogs/n.....f-her-body

    Choice quote – “The titillation factor doesn’t come in her saying yes to the actual intended recipient of the photo, but because we know she’s tacitly saying no to us, and yet we’ve beaten her. We’ve beaten her.”

  56. 56
    Howard Beale IV says:

    @Steppan: There’s another lesson here as well: “Convenience has a cost-especially when its used for security.”

  57. 57
    Jerzy Russian says:

    @Punchy: Christ, what an asshole (the billionaire and not the Pope).

  58. 58
    kc says:

    @John Cole +0:

    Sorry, I think you’re in the wrong here. All that “I’m not slut-shaming, BUT blah blah.” Not a whole lot of difference from “I’m not a ______, BUT” type staetments.

  59. 59
    Violet says:

    @John Cole +0: No worries.

  60. 60
    John Cole +0 says:

    I also let my hatred of Lena Dunham trigger me. I feel the same way about the show Girls that I do about Mad Men- why would anyone voluntarily spend any time watching these uniformly awful people.

  61. 61
    constitutional mistermix says:

    @Violet: Yeah, I wrote it.

    @John Cole +0: Serious response: Calling you a “prude” was an attempt at ribbing you that obviously fell flat.

    On this: “I still don’t know why anyone would run around with nude selfies of themselves on the phone or stored to the cloud”

    I do understand why people would have these pictures on their phone — they’re in LDRs and people in LDRs send each other sexually explicit communication. I think, as you pointed out, having them in a cloud was probably them thinking they deleted something but they didn’t.

    On the rape stuff, I agree with you that a flat comparison of rape to this is way overwrought, but Dunham’s tweet, which used an analogy that is often used when discussing rape victims, had some truth in it.

    That’s it. Not trying to call you a bad, bad man, sexist, misogynist, or anything else.

  62. 62
    kc says:

    @John Cole +0:

    B.) I don’t think it is being a prude to note that celebrities are going to be at heightened risk for this sort of thing happening, and should be smarter.

    Look, he did it again.

  63. 63
    kc says:

    @John Cole +0:

    Ignorance of what the cloud is is no excuse. Maybe you should think about where you are storing sensitive information.”

    You said that too? What an asshole statement.

  64. 64
    Roger Moore says:

    @cleek:

    people simply need to recognize and acknowledge one little truth: “the cloud” = “someone else’s computer”

    Except that isn’t enough. As the article points out, the system is deliberately designed to make it difficult to use selectively. That’s especially true if you try to share the data selectively, since you’re creating additional records on the cloud in ways you may not have realized. Your suggestion undermines the basic utility of the system, since it means you can’t actually use your iPhone as a communications device for anything remotely sensitive. We clearly need better security than “don’t actually use your device for its intended purpose because it isn’t secure”.

  65. 65
    kc says:

    Because Apple and other devices automatically upload so much to the cloud

    Really? I didn’t know that. I thought you had to opt in and pay for cloud storage.

    I have assumed that if I took a picture on my iphone and didn’t upload it, text it, or email it, the only place it’s stored is on my iphone. So that’s not the case?

  66. 66
    bemused says:

    @Sanjuro:

    Ha, I remember those party lines too.They existed into the early 70’s in rural areas as I recall. Another party could and did jump to tell you to get off, he/she needs the phone. Weird when I think back. It was like your neighbors were listening in from another room in your home.

  67. 67
    Steppan says:

    @Roger Moore:

    Exactly right. The companies having their shit actually be secure (especially to something as crude as a brute attack) seems like a reasonable expectation of use to me. Obviously you want to be at least a little more deliberate for something like nude pictures, but also when you delete something on a service, it’s kind of the company’s responsibility to delete it.

  68. 68
    John Cole +0 says:

    @kc:

    Sorry, I think you’re in the wrong here. All that “I’m not slut-shaming, BUT blah blah.” Not a whole lot of difference from “I’m not a ______, BUT” type staetments.

    I don’t know how it is slut shaming to acknowledge the real world and that it is not a perfect place. Your chances of having naked pictures of you posted on the internet is closer to zero if you don’t have them on the cloud or on your phone.

    This reminds me of the brouhaha the other day when a bunch of people got mad because some college kids made a nail polish that would change color if the user was exposed to a date rape drug. The line of reasoning was that it shouldn’t be up to women to HAVE to do this and that forcing women to do use this kind of nail polish is subjugating them. And I can understand the argument.

    Now here comes your but- But I don’t understand why this is necessarily a bad thing. Sure, women should not have to fear being drugged and raped, but the sad fact is that they are, so I don’t see why anything that can keep someone from going through that kind of horror or trauma is a bad thing. Why does everything have to be either/or?

  69. 69
    constitutional mistermix says:

    @kc:

    Really? I didn’t know that. I thought you had to opt in and pay for cloud storage.

    I have assumed that if I took a picture on my iphone and didn’t upload it, text it, or email it, the only place it’s stored is on my iphone. So that’s not the case?

    Both Google and Apple make you sign in with a Google/Apple account when you set up your phone. That account is where “cloud” data is stored. Apple is very aggressive about storing pictures from your device in that cloud. It is absolutely possible to have stuff go into the cloud that you didn’t expect.

  70. 70
    CONGRATULATIONS! says:

    Android does the same thing – the extent of which, I do not know, just as the extent to which Apple does it, nobody really knows either. But I have stuff showing up in my phone that I put up originally on the cloud and vice versa.

    The entire “voluntary intelligence” gathering system by Apple, Google, and Facebook is lethally flawed and people really need to stop using it until these companies make user privacy a first priority, not the last.

  71. 71
    Eric U. says:

    I find comparisons to rape to be somewhat problematic. Unless it involves rape, then it’s ok. Sorta like white people talking about race, I’ve come to the conclusion that I have a somewhat limited understanding of these subjects and I’m not going to contribute much to the conversation. Even though I was sexually assaulted as a child.

  72. 72
    John Cole +0 says:

    @kc: Don’t have a cloud account is the easiest solution, but that is not possible for everyone. And even as simple as Apple is on some things, the cloud can be a clusterfuck for new users. if for no other reason, every iphone user should follow this list just to preserve battery life. We talked about this in another thread, and it is true- you can seriuosly watch your battery drain in real time with all the notifications and crap going on in the background.

  73. 73
    Sanjuro says:

    @bemused:

    Ha. Yes indeed it was weird. I always mentally pictured a ghost room that they lived in.

  74. 74
    cleek says:

    @Roger Moore:
    Settings / iCloud / Photos

    i agree Apple is aggressive about turning this stuff on.

  75. 75
    Roger Moore says:

    @Steppan:

    you were stupid for ever purchasing anything online because your CC number is now out there somewhere?

    You actually have a lot more protection in that case. If your personal information gets stolen, it’s at least possible to get your money replaced, card and bank account information changed, and put a lock on your credit. You can be made financially whole again, even though it comes at the cost of considerable hassle. OTOH, if other kinds of private information get leaked (e.g. nude selfies) it’s impossible to get them back under control; they’ll be out there for as long as people want to keep them.

  76. 76
    JPL says:

    Apple needs to get it’s shit together. If they falsely advertised a right to privacy, then they need to get their butts sued. Now let me go check my facebook account. (btw the only facebook acct. that I have is one under a dummy name.)

  77. 77
    kc says:

    @constitutional mistermix:

    Both Google and Apple make you sign in with a Google/Apple account when you set up your phone. That account is where “cloud” data is stored. Apple is very aggressive about storing pictures from your device in that cloud. It is absolutely possible to have stuff go into the cloud that you didn’t expect.

    Well, thanks. I honestly didn’t know that. I suspect many thousands of other people don’t know it.

    Shit, if my 1700 cat pictures are in the cloud, then you’d think my iphone wouldn’t be out of storage space . . .

  78. 78
    John Cole +0 says:

    @kc: Do you disagree? Is it really crazy to note that in the world we live in that celebrities and famous people are at heightened security risks? Should we tell the Secret Service to stand down, then? Should all celebrities fire their bodyguards?

    Have you ever heard the term paparazzi? Ever heard the name Princess Diana. Ever been to TMZ or Perez Hilton?

    You’re just looking for something to be pissed off about.

  79. 79
    John Cole +0 says:

    @cleek: I think the only thing I have turned on is find my iphone, which, amusingly enough, is rumored to be the exploit that led to this latest hack.

  80. 80
    Mnemosyne says:

    @Marcelo:

    That’s a really good essay. This paragraph stood out for me, too:

    There’s a term for seizing access to a woman’s sexuality without her permission when it takes place in the physical world, and yet most of the people who consume these types of images and trade them back and forth like young men might have done with prized baseball cards in a previous generation would scoff at the suggestion that there’s any analogy to be made here to rape. Much like we’ve seen in nearly every other realm, however, our ethics here have not caught up to the technology. Very few of us would hide in the bushes outside of a woman’s home in order to catch a glimpse of her getting changed, but how is that any different from this?(emphasis mine)

    There’s always been a theory that the thrill of movies and photography (and later television) is that you get to anonymously spy on people in their intimate moments, and I suspect that dynamic may be at work here as well.

  81. 81
    Elizabelle says:

    @JGabriel:

    Saw that. Hope it gets its own thread later.

    Politico is everything that is wrong about journalism. How very sad.

  82. 82
    Randy Khan says:

    @JGabriel: Traditionally, the publisher has nothing to say about editorial matters at a newspaper. The publisher is responsible for the business side – buying the paper, negotiating with unions, selling ads, etc.

    In reality, there’s bleedover, and it’s more common today than it used to be. Most of it, though, has to do with whether advertisers are going to be mad about coverage than anything else. The publisher does not write editorials.

    Meanwhile, if I were worrying about something, it would be that he was a founder of Politico.

  83. 83
    kc says:

    @John Cole +0:

    You’re just looking for something to be pissed off about.

    Well, at least I’m not blinded by hatred of Lena Dunham. :)

  84. 84
    kc says:

    @JGabriel:

    Oh, great.

  85. 85
    Mnemosyne says:

    @John Cole +0:

    Sure, women should not have to fear being drugged and raped, but the sad fact is that they are, so I don’t see why anything that can keep someone from going through that kind of horror or trauma is a bad thing. Why does everything have to be either/or?

    It’s because our society, justice system, and juries treat it as an either/or. Rape and sexual assault are the only crimes I can think of where the behavior of the victim decides the verdict, not the behavior of the accused criminal. How often do you hear about a burglar getting found “not guilty” because the victim couldn’t prove that s/he didn’t voluntarily give the burglar their big-screen TV?

  86. 86
    bemused says:

    @Sanjuro:

    Our fellow party liners were not too intrusive and didn’t eavesdrop. However, it could be extremely annoying if you had a busybody with an obsession to be first with the latest gossip on the grapevine.

  87. 87
    John Cole +0 says:

    @constitutional mistermix: I’m even angrier with you than I was when I thought Al wrote it, because at least I thought while she was wrong, she firmly believed it.

    You’re just fucking with me.

    And I think I need to rethink trigger warnings, because Lena Dunham just sets me off.

  88. 88
    C.V. Danes says:

    @CONGRATULATIONS!:

    The entire “voluntary intelligence” gathering system by Apple, Google, and Facebook is lethally flawed and people really need to stop using it until these companies make user privacy a first priority, not the last.

    A good place to start would be encrypting the information in such a way such that even they could not access the data. However, NSA paranoia being what it is, who are you going to trust to do the encryption that the NSA hasn’t already broken?

  89. 89
    Helen says:

    @John Cole +0:

    This. The people on her show are awful. They’re all a bunch of WATBs.

    That Lena Dunham is considered a feminist is insulting to all of the true feminists who came before her. Boo Hoo Hoo; all those 20 somethings on her show have it sooooo bad. No. Really. They don’t.

    She sets back women’s causes 25 years. Or she would if she had any real power.

  90. 90
    Roger Moore says:

    @Steppan:
    The only way we’re going to have anything remotely resembling real security is if there’s an easy way of encrypting stuff before it gets uploaded to the cloud. If the cloud provider can’t read your backup, they can’t leak your pictures to anyone else. If your email is encrypted before it’s sent, it doesn’t do the NSA much good to intercept it (assuming they haven’t backdoored the public key algorithm you’re using). Mozilla is the one place I know of that’s doing this approximately right; they keep your browser profile on their server, but it’s encrypted first so you’re the only one who should be able to read it. The big downside is that doing things that way opens you up to loss of data failures; if you forget your password, there’s nobody out there who can help you recover your data.

  91. 91
    John Cole +0 says:

    @bemused: Are party lines the same thing as the phone calls advertised during Friday Night Videos on NBC in the middle to late 80’s on a Friday night where you could call and talk to LIVE HOT GIRLS?

  92. 92
    askew says:

    It turns out that a lot of the photos were stolen from the boyfriend/ex-boyfriend’s cloud not the women’s cloud. I am curious if that will shift any of the victim blaming that is going on. The blame should fall completely on Apple and the hackers, but there has been plenty of blame put on the female victims. But, if the men are the ones who didn’t secure/delete the photos properly, does that mean the women will stop getting blamed unfairly?

  93. 93
    may says:

    On the question of Apple storing photos in the cloud: If you don’t want photos in the cloud, but you have an apple id and use the e-mail, calendar, bookmarks, etc., just turn off the switch for keeping photos in the cloud. Then after any major upgrade be sure to turn it off again… that is the sneaky part. Plus, not storing photos in the cloud makes the storage needs small enough that one doesn’t need to buy a lot of storage.

  94. 94
    Roger Moore says:

    @cleek:
    Turning off cloud storage doesn’t help you if you send the picture using Apple’s messenger service, creating another copy of it on their servers. It might have helped in this specific case (which sounds like it was about compromised cloud backups) but it doesn’t help in the general case of somebody hacking Apple’s servers. The only way that works is if Apple doesn’t know what’s on their own servers, so that anything they leak is just a bunch of encrypted gibberish. It would still be useful to somebody who wanted to run traffic analysis on it to see who you’re talking to, but the bulk of the information would still be unusable.

  95. 95
    Mnemosyne says:

    @askew:

    But, if the men are the ones who didn’t secure/delete the photos properly, does that mean the women will stop getting blamed unfairly?

    You’re adorable. :-) Sadly, the answer is “no.”

  96. 96
    CONGRATULATIONS! says:

    However, NSA paranoia being what it is, who are you going to trust to do the encryption that the NSA hasn’t already broken?

    @C.V. Danes: I don’t worry about the NSA, because it’s kind of a given they’ll have a backdoor into everything. It’s everyone else that’s the problem.

    I worry about /btards posting my selfies to 4chan, where they will probably be mistaken for pictures of a manatee.

  97. 97
    Rafer Janders says:

    @John Cole +0:

    I don’t know how it is slut shaming to acknowledge the real world and that it is not a perfect place. .

    Because “hey, it’s the real world and it’s not a perfect place” is often the reasoning used by police and prosecutors not to pursue sexual assault and rape cases, and by judges and juries not to convict in them.

    Your chances of having naked pictures of you posted on the internet is closer to zero if you don’t have them on the cloud or on your phone.

    And your chance of getting sexually assaulted is closer to zero if you don’t go outside….

    Sorry, but this is still putting the onus on the victim of the theft, rather than on the thief. If someone breaks into my house and steals my TV, money and jewelry, I won’t have to hear a chorus of “don’t keep anything at your house that you don’t want stolen.” Why should it be otherwise in this case?

  98. 98
    Roger Moore says:

    @C.V. Danes:

    However, NSA paranoia being what it is, who are you going to trust to do the encryption that the NSA hasn’t already broken?

    I think you’re letting perfection be the enemy of good enough. If you accept that NSA will be able to crack whatever encryption you use, you also have to accept that they can trivially access whatever you’re doing now, so it isn’t a serious concern. Meanwhile, adopting encryption that only NSA (and similarly capable spy agencies) can crack should reduce the danger from random putzes like the ones who carried out this attack. That seems like a big enough improvement to be worth doing.

  99. 99
    Mandalay says:

    @Marcelo: That Esquire article was good, but the first post in the comments section was even better:

    It’s really hard to take this article seriously when the sidebar contains links to an article about the history of Victoria’s Secret catalogues and an article about women in American flag bikinis. I doubt we’re going to find a solution to the problem of this sense of male entitlement until we’re at least able to discuss the fact that a good chunk of the articles in this magazine contribute to that sense of entitlement.

    It’s impossible to take Esquire (or Huffington Post, etc.) seriously on issues like this while they also constantly drool and obsess over raised nipples and side boob shots.

  100. 100
    EdinNJ says:

    What annoys me about all this is the normalizing of taking nude pictures to share with others. Maybe I’m old (certainly not a prude) but while this is a disgusting invasion of privacy, you cannot just dismiss that we live in a different world today where so many think it is perfectly reasonable/almost expected behavior to take these photos. I certainly am raising my children (13 and 12), to never do this, not that they won’t eventually ignore me. But there is always a risk, because no relationship is ever permanent, and once you share these, you lose ownership and control of the photos.

  101. 101
    cleek says:

    @Roger Moore:

    Turning off cloud storage doesn’t help you if you send the picture using Apple’s messenger service,

    very true.
    once you give a copy of your secret stuff to someone else, you should probably assume there’s an increased chance it’s not going to stay secret. sucks, but that’s something everybody learns just about the same time they learn what the word “secret” means.

    this is exactly why Snapchat was invented.

  102. 102
    Roger Moore says:

    @askew:

    I am curious if that will shift any of the victim blaming that is going on.

    It may change which victims get blamed, or not, since blaming the women for taking the pictures in the first place is so attractive. Fortunately for Apple, it won’t succeed in directing attention to the incompetent security that really needs attention.

  103. 103
    Violet says:

    @John Cole +0:

    Lena Dunham just sets me off.

    Any idea why that is? She bugs me too but I haven’t been able to quite figure out why.

  104. 104
    Tommy says:

    Lets come full circle to the title of this post. I do not know the world I post a nude pic of myself. I am not a prude. Pretty out there from a sexual POV. But I do it behind closed doors.

  105. 105
    Rafer Janders says:

    @EdinNJ:

    I certainly am raising my children (13 and 12), to never do this, not that they won’t eventually ignore me.

    Eventually? Sure, if by eventually you mean within two to three years.

  106. 106
    bemused says:

    @John Cole +0:

    NBC really does that? I didn’t notice. I thought it was just on cable. Times have changed! When it was just network channels, they would sign off before midnight or so, iirc, with High Flight.

  107. 107
    constitutional mistermix says:

    @John Cole +0: Lena Dunham is not worth getting pissed about.

  108. 108
    Bob Munck says:

    I use a cloud provider named SpiderOak that stores everything in a strongly-encrypted form using state-of-the-art encoding. What really makes it safe, however, is that the encryption keys are stored only on my computers; they are never on any SpiderOak equipment. (Encryption and decryption are done by my processors.)

    I may be “storing my data on somebody else’s computer,” but it’s inside a strong safe that they can’t open.

    Obviously the encryption keys for the cloud data are stored in encrypted form on my computers. The password/key for that is long and complicated and a pain to enter, but I don’t have to do it often. The bottom line is that I feel safe, and I’ve published papers and been granted patents in the field of computer security, so I would know.

  109. 109
    Violet says:

    @askew:

    But, if the men are the ones who didn’t secure/delete the photos properly, does that mean the women will stop getting blamed unfairly?

    No the blaming argument will just focus on “You shouldn’t take naked pictures and send them to people! Stupid slut!”

  110. 110
    cleek says:

    @John Cole +0:
    i let it store my contacts and calendar and the FidnMyPhone thing, but nothing else.

    and i do all my backups to my desktop.

    and then those backups are encrypted and stored at work.

  111. 111
    bemused says:

    @John Cole +0:

    I glanced over the mid 80’s timing. Maybe in your area but it sure didn’t happen in mine then. I’m pretty sure I would remember something like that especially when I was up with babies late at night all the time watching tv.

  112. 112
    different-church-lady says:

    @Roger Moore:

    As the article points out, the system is deliberately designed to make it difficult to use selectively.

    Which is one of many reasons why I don’t fucking use it.

    Christ, when did not buying snake oil become rocket science?

  113. 113
    Mandalay says:

    @cleek:

    this is exactly why SnapChat was invented.

    An article on Saturday stated that SnapChat is valued at $10 billion, even though it hasn’t produced a dime of revenue. I suspect the valuation is way higher now.

  114. 114
    constitutional mistermix says:

    @Tommy:

    Lets come full circle to the title of this post. I do not know the world I post a nude pic of myself. I am not a prude. Pretty out there from a sexual POV. But I do it behind closed doors.

    The point is these people did not post a pic of themselves, they took nude pics of themselves to send to intimates and those pics were exposed by hackers since they were auto backed up to the cloud.

  115. 115
    different-church-lady says:

    @John Cole +0:

    Why does everything have to be either/or?

    Because my need to condemn slut shaming trumps others peoples’ need to not get date raped. Don’t you understand anything about self-centeredness in the 21st century?

  116. 116
    Lee says:

    @Rafer Janders:

    I assume then that you leave your door wide open when you leave the house & you never lock your car doors.

  117. 117
    Helen says:

    @EdinNJ:

    I agree (and I’m old too!)

    I just do not see this as blaming the victim as much as their failure to assert control.

    The people who were hacked had TOTAL control over whether or not their naked pictures got stolen. They could have exercised that control by not putting their pictures on the cloud. They could have exercised that control by not taking the pictures in the first place. The chose to abrogate that control by doing so.

    It is not their fault that they got hacked. It is their fault that they put the pics on the cloud. Which brings us back to “the world is not a perfect place.” No it is not. But the victims could have made their own world just a little more perfect by not making the pictures public. And yes the cloud is public. That’s just part of our imperfect world.

  118. 118
    rikyrah says:

    IF you are a celebrity and think you have any privacy in today’s age..

    you are a fool.

    Cole is not a prude.

  119. 119
    Doc Sportello says:

    @JPL: This is key. You can have multiple email accounts on your iPhone, but your AppleID (which must be an email address) shouldn’t be used for anything but communication with Apple. Yes, FirstName.LastName@iCloud.com looks good, but it’s too transparent. Come up something different so a hacker needs to guess both your ID and your password.

    And a robust password manager will help, too. The hacker did a brute-force attack using the 500 most common passwords.

  120. 120
    different-church-lady says:

    @constitutional mistermix:

    Both Google and Apple make you sign in with a Google/Apple account when you set up your phone. That account is where “cloud” data is stored.

    This is quite wrong. I had my iPhone for a month before I had an Apple account. Now that I have an Apple account I still do not have any iCloud capacities or accounts.

  121. 121
    Dick Dastardly says:

    How did Jennifer Lawrence get a great big load of goo all over her face while having a long distance relationship? I’m sure the guy who she was having it with would like to know too.

  122. 122
    Steppan says:

    @Helen:

    It’s their fault they had a reasonable expectation of a secure service?

    The cloud is *not* public. Apple sucks at security (hardcore).

    If your definition of “total control” means “the only way you have total control is to not do it at all” it doesn’t apply any more.

  123. 123
    different-church-lady says:

    @kc:

    Well, thanks. I honestly didn’t know that. I suspect many thousands of other people don’t know it.

    It’s a good thing most people don’t know it, because it’s wrong.

  124. 124
    Tommy says:

    @constitutional mistermix: Kind of my point. The Internet is public. Anything you do on it is about to be found. I don’t think that is right but just a fact.

  125. 125
    Rafer Janders says:

    @Lee:

    I assume then that you leave your door wide open when you leave the house & you never lock your car doors.

    Actually, in the small town that I live in on weekends that’s exactly what I do — the house and car doors are not usually kept locked, just as is true for virtually of my neighbors.

    And if someoene broke in, it would be the thief’s fault, not ours.

  126. 126
    Steppan says:

    @Tommy:

    “is about to be found” via the digital equivalent of breaking into your house and taking your shit.

  127. 127
    lonesomerobot says:

    So it’s obviously all been said already. But as a parent of a daughter growing up in today’s narcissistic, cameras everywhere society, we’re teaching our child to have enough respect for herself to know that a nude picture is not required, and never has been, for a healthy relationship. Furthermore, the moment it’s digital, assume that it belongs to everyone, whether or not that’s the way it’s supposed to work. Anything can be hacked. ANYTHING.

    Also, about this ‘prude’ business: I had a few long distance relationships when I was growing up, and never once did it occur to me to either send nude pictures, or request them. So I guess I must be a prude. And here all along I just thought I had been taught to respect myself and the people I dated.

    But really, the notion that we just accept nude selfies as normal behavior, because, “that’s the way things are now,” I find to be nonsense. Parenting is hard enough without idiotic fuckburgers running around pushing this nonsense. It’s a case of giving in as a society to the lowest common denominator.

    And, seriously: Lena Dunham? Sheesh.

  128. 128
    Chyron HR says:

    @Dick Dastardly:

    TCP/IP.

  129. 129
    different-church-lady says:

    @Mnemosyne:

    Rape and sexual assault are the only crimes I can think of where the behavior of the victim decides the verdict

    cough-trayvon-martin-coughcough

  130. 130
    Keith G says:

    Lean Dunham is quite over the top on this.

    The “she was wearing a short skirt” comment is the type of discussion stopper most often employed by those unwilling or unable to advanced a reasoned and nuanced discussion.

    @Mnemosyne:

    Rape and sexual assault are the only crimes I can think of where the behavior of the victim decides the verdict, not the behavior of the accused criminal. How often do you hear about a burglar getting found “not guilty” because the victim couldn’t prove that s/he didn’t voluntarily give the burglar their big-screen TV?

    Huh?

    Have you been following the concerns that many have about the events in Ferguson and many other similar police shootings.

    I do feel that the predictable results of the reckless storing of embarrassing digital content should not be compared to rape. Ill-conceived behavior can have unfortunate consequences. I feel for the embarrassment of these and other such folks suffer.

    @askew:

    But, if the men are the ones who didn’t secure/delete the photos properly, does that mean the women will stop getting blamed unfairly?

    I wouldn’t and don’t blame the women. The hacker is the criminally liable culprit.

    Risk is attached to many behaviors in life. Posing naked for pictures assumes a certain level of risk. If the pictures are digitally taken and stored in a place that is web-connected, the risk shoots up. And so on.

    The celebrities that are central to this story participated in an behavior that many regular folks do as well, but many more do not because of the risks involved – because of possible consequences. Meanwhile for some, it is the very risk involved that makes this behavior a …compelling choice.

    These celebrities who had their cloud data leaked do own some of the responsibility for this embarrassing episode which will blow over rather quickly with no loss of earnings, I assume.

  131. 131
    Tommy says:

    @Steppan: I would not do it. You would not do it I bet. But people will. So you need to understand this. Act according

  132. 132
    different-church-lady says:

    @Rafer Janders: Yes, it would be the theif’s fault. And I guaran-fucking-tee you you’d still feel like an idiot.

  133. 133
    different-church-lady says:

    @Keith G:

    Lean Dunham is quite over the top on this everything.

    Why anyone gives a shit about what she thinks is beyond me.

  134. 134
    Steppan says:

    @Tommy:

    But this constantly comes back down to “don’t do it in the first place because you should have known better,” which is effectively victim-blaming again (or only a step removed).

    I know there are vulnerability and huge privacy/security issues all over the Internet. Yet nearly every time this line has been used – the Internet is, in practice, unprivate – that’s where the discussion stops. Dead end. Therefore, they should have known better. I would be a lot more okay with this if it kept going to “and this is not okay, not how it should be, privacy should be a realistic expectation” or “well, it’s only the case sometimes, and lots of times it’s preventable, Apple really dropped the ball here.”

    But nope. They should have known better, don’t go outside.

  135. 135
    Kay says:

    @EdinNJ:

    We have regular juvenile photo-texting prosecutions.

    I don’t know if this will help, but tell them it can be a huge deal for them if they’re caught, and if they’re passing the pictures around in a school they always get caught. They seem to believe the adults in school can’t hear or see them.

    A ton of them don’t know it can be such a serious charge, with all the sex offender potential. They really, really don’t want to get caught up in this. The sex offender laws aren’t rational. They’ll eventually be modified, but it takes a long time to swing the other way when we go on one of these herd-like panics re: children.

    Possessing child pornography is a fourth degree felony, punishable by six months in jail to 18 months in prison and a fine. Possessing a nude image of a child is a fifth degree felony, punishable by least six months (and up to one year) in jail and a fine. Child endangerment, and photographing or creating nude, obscene, or sexual images of children are second degree felonies, punishable by two to eight years in prison, and a fine. Disseminating harmful material may be a misdemeanor (punishable by up to 180 days in jail and a fine) or a fifth degree felony.
    Teen sexting cases may be handled in juvenile court, which often allows judges to exercise greater discretion in sentencing. In at least one Ohio county, prosecutors have also established a diversion program for minors who are involved in sexting. Generally, diversionary programs allow children who successfully participate in education programs and sometimes probation to have the charges against them dropped. This way, kids can avoid a criminal conviction and sex offender registration.

    They are children, so they can charged with disseminating their own image.

  136. 136
    askew says:

    @Tommy:

    Except the women didn’t put the pictures on the internet. In some cases, they were pulled from the boyfriend/husband’s cloud backup on the internet. Not the woman’s. Not sure how she can be blamed for that.

  137. 137
    different-church-lady says:

    @askew:

    The blame should fall completely on Apple and the hackers, but there has been plenty of blame put on the female victims.

    The hackers committed a crime.

    The “female victims” had poor judgement.

    WHAT IS SO FUCKING HARD ABOUT UNDERSTANDING THAT BOTH OF THESE THINGS CAN BE TRUE AT THE SAME TIME?

    I’m sorry. I’m in a very big, ugly mood this morning.

  138. 138
    cleek says:

    @Rafer Janders:

    And if someoene broke in, it would be the thief’s fault, not ours.

    why do banks have better security than donut shops?

  139. 139
    Doc Sportello says:

    The photos were encrypted, but the hacker got the password. Here’s a link to what is (most things) and is not (mail, notes) encrypted in the iCloud.

  140. 140
    RedKitten says:

    I think that a lot of people really do NOT realize that the photos taken on their phones are automatically backed up. And I think that this was very much the case here for many of these women. So how about we stop berating them for that? They took pictures with their phones, sent them to their loved ones, and then deleted the goddamned pictures. Any non-techy person would easily think that that was the end of it. So how about we cut them some slack, okay?

    Besides, it’s pretty telling when in this thread and the last one, we’re seeing an AWFUL lot of comments about how these women were so stupid to take nude photos/use technology/trust technology that they may not have fully understood. But we’re not seeing too many fucking comments expressing disgust towards the hackers or discussing the culture in our society that enables men to think that they have every goddamned right to see a woman’s body, whether she wills it or no.

  141. 141
    ShadeTail says:

    And thus we see the perfect case-in-point of my main argument against cloud storage: it means that *MY* data is being kept by someone else, who may or may not actually care about good security and may still suck at it even if they do care. I always turn off cloud storage for my devices whenever I can, because I refuse to not take personal responsibility for what I do. Screw the cloud storage assholes, I don’t trust them one bit.

    Oh, and a strong ditto to RedKitten immediately above. Even if someone is careless enough to leave stuff like this laying around where it can be stolen by someone, that doesn’t mean it’s their fault it was stolen. The thief could have chosen not to do that, but went ahead anyway.

  142. 142
    Tommy says:

    @Steppan: I am so not victim blaming. I hate this is the case. As an adult to an adult we should be able to do whatever the hell we want. Not put on public display. But I stand my comment you put shit on the Internet it might very well become public.

  143. 143
    different-church-lady says:

    OK, let me see if I can explain it to you big brains in small words:

    a) Some people are shitty.

    b) Other people are clueless.

    c) group a has an easier time preying on group b than non-group b.

    d) “don’t be in group b” is smart advice.

    e) observing the truth of (d) does not negate (a)

  144. 144
    different-church-lady says:

    I also kinda want to know when it became, “Oh, yeah, everyone’s got nudes of themselves on their phones, it’s just what we do now.”

  145. 145
    cleek says:

    @RedKitten:

    But we’re not seeing too many fucking comments expressing disgust towards the hackers

    it seems like a given, to me. is there anyone willing to stand up for the hackers? if not, there’s not much of a discussion to be had about them. dude broke the law, and presumably will be punished. and, this kind of thing happens all the time, literally. the only reason we’re talking about this event is the celebrity angle.

  146. 146
    Roger Moore says:

    @Doc Sportello:

    The photos were encrypted, but the hacker got the password.

    The problem is that the data is encrypted by Apple, and they will helpfully decrypt it for you if you provide the right password. IOW, the encryption did precisely nothing to defend against a password guessing attack, and Apple had a system that let hackers brute force the passwords by guessing an unlimited number of times without locking the accounts or generating any kind of warning. That’s a basic security flaw that goes against decades of experience.

  147. 147
    John Cole +0 says:

    Re: Snapchat

    Can’t you just hit prt sc/cmd shift 3/power button & siri button and defeat the whole thing just like that?

  148. 148
    Doc Sportello says:

    @Roger Moore: Agreed.

    Also goes to show the need to have a robust and unique password for each individual web site. It’s not obvious how to protect yourself from these kind of situations, but it’s fairly easy to do so. (And make sure the recipient of these works of art is doing the same.)

  149. 149
    Keith G says:

    @different-church-lady:

    e) observing the truth of (d) does not negate (a)

    Nor does observing the truth of (d) negate (b)

    Many of us who worked in public sector jobs in the boom-boom days of the (public) internet, late 90s+, saw colleagues go down in flames because of digital personal content that was made public due to carelessness and/or evil intent.

    Note: I was lucky.

  150. 150
    Roger Moore says:

    @different-church-lady:

    I also kinda want to know when it became, “Oh, yeah, everyone’s got nudes of themselves on their phones, it’s just what we do now.”

    When phones got cameras. Seriously, people have been taking nude pictures of themselves and their lovers for about as long as they’ve been able to develop the pictures themselves; if you talk to people who worked at photo developing places, you’ll discover that plenty of people took nude pictures even when somebody else was going to be developing them. That people would start taking nudes with digital cameras and camera phones was obvious to anyone who knows anything about photography.

    FWIW, I don’t think everyone has nude pictures on their phones. Some of us are prudes, some don’t think they’re good subjects for nudes, and others don’t have anyone they want to share with. But it’s totally unsurprising that a lot of people would use their camera phones to take and share nude pictures, since that’s what people have been doing with other kinds of cameras since the 19th Century.

  151. 151
    Roger Moore says:

    @Doc Sportello:

    Also goes to show the need to have a robust and unique password for each individual web site.

    Actually, it goes to show the need to switch to a better system than human created and remembered passwords as authentication tokens. Many people routinely deal with dozens of web sites that need passwords, some of which they will only deal with occasionally. It’s beyond the skill of ordinary human memory to remember that many robust and unique passwords for that long, even if we were capable of creating robust and unique passwords in the first place. There needs to be a better way.

  152. 152
    Walker says:

    As I have said on these threads several times:

    I am a big fan of Apple. I think they understand computing as a consumer device and get a lot of things right that Google does not.

    However, Apple is absolutely incompetent when it comes to the cloud. They are so incompetent that they have proved over and over again that they do not even understand how to hire the right people for cloud.

  153. 153
    Paul in KY says:

    @EdinNJ: If that ever happens to them, you’ll have some good ‘I told you so-ing’ you can do. So, there’s that…

  154. 154
    Sir Laffs-a-Lot says:

    I agree 100% with mistermix. This is the old Steven Jobs ‘we decide what’s best for you and control your life through youir devices we control”. Which should never have been permitted to happen sand which needs to end. Now.

  155. 155
    Paul in KY says:

    @different-church-lady: That you know of!

  156. 156
    Doc Sportello says:

    @Roger Moore: And that way is a password manager.

    I’ve used 1Password for years (other people prefer other programs, some of them free) and have ridiculously long and complicated passwords for each of the 200+ sites where I have an account. I can’t remember any of them, so I have the password manager do it for me.

    I also use two factor authorization for all important accounts. And I’m familiar with the known limitations of the cloud services I use. Evernote has has no encryption. DropBox is encrypted, but its employees have access to the raw files. 1Password has access to nothing.

    It’s not perfect, and the NSA can still do whatever it wants, but it’s pretty safe, pretty cheap and pretty easy to set up.

  157. 157
    Paul in KY says:

    @Rafer Janders: I think you’re a bit naïve. It is the thief’s fault (in both cases), but a few quick precautions will save a shitton of headache if reality bites you in the ass someday.

  158. 158
    flukebucket says:

    When you expect no privacy then you will never be disappointed.

  159. 159
    Paul in KY says:

    @Steppan: I think it’s usually implied that this is hindsight for the future.

    We find/judge the thief, but in the future, you do A, B, C so those creepy bastards can’t do that to you anymore (unless you want the creepy bastards to do that).

  160. 160
    Paul in KY says:

    @RedKitten: The creepy hackers should be prosecuted to the fullest extent of the law. They are POSes.

  161. 161
    GHayduke (formerly lojasmo) says:

    @cleek:

    Cleek gets it in one. Anything on your phone, or a computer connected to the internet is not secure.

  162. 162
    gvg says:

    Let’s start with an opinion that the internet, businesses that use the internet, modern devices that are new and use the internet need more regulation. there is very flawed security in all kinds of ways. The fact that people are saying there is no privacy anymore means that we need to do something and what we need to do is laws that enforce some kind of standard security expectation on all levels.
    At one time there were no food safety laws or standards. At one time banks weren’t really regulated. Yes we have regressed in recent decades but still compared to way back, things are much more regualated. We expect cars to be safe and bad things happen to companies when they aren’t. Water is regulated. These all started with no regulation and we had to invent laws and processes to deal. We invented traffic laws and still update them as needed. We decide on electricity standards and different countries have different standards. Radio waves are regulated, shared and sold.
    I guess the self encryption is one thing that should be standard? Perhaps the cloud needs to be outlawed? Restricted? Require companies to make it easier to opt out? I am not a computer expert. I try to keep up but in this thread alone there are several who claim expertise who are contradicting each other. How am I supposed to know who to believe and where is a list of all the other dangers and what to do about them? Because there seems to be an endless supply of things that might happen…people can’t hide under the covers.
    It seems to me the devices make it to hard for non experts to control. they do all kinds of sneaky things we don’t even guess at. Maybe they should just be required to be a better fairer safer design in the first place?
    I know we also need safer credit cards. What else? Because it’s the whole picture, not just one company or device or action.
    We got to this place by accident. Maybe we just need to figure out where we want to be. I imagine that there would be a chorus of screams that it’s not possible, not fair, inconvient etc. Maybe it’s just to bad companies we need a change and once it’s done I predict it will calm down and people will get used to it and start businesses that do things like safely store passwords or whatever it turns out makes the new world easier.
    Expecting me to become an expert is a waste of hope. Most people have different expertise’s and busy lives. We try not to be stupid but this is just overwelming. There is always something new. I am not a chemist but I still expect my food to all be safe. The internet just needs improving in safety.

  163. 163
    Steppan says:

    @Paul in KY:

    I think it *should* be but frequently isn’t, and since the logic is also used often by those who think it’s the victim’s responsibility/slutty sluts being sluts/whatever, it’s an important distinction to make.

  164. 164
    Marcelo says:

    @Mandalay: It’s a fair point you’re making. I would argue 2 things in response:

    1) The message of the piece is quality regardless of the source. Maybe you shouldn’t take Esquire seriously because there’s all that stuff, but that’s different than the question of whether what they’re saying is a valid point. It’s a valid point whether it comes from Esquire, Feminist Frequency, or Rand Paul.

    2) The author’s whole point is that the stuff in Esquire magazine is packaged and presented with the consent of the models/actresses involved, and that it’s different than private photos. The whole point of the private photo reveal isn’t just the boobs, it’s that they’ve defeated the person’s attempts to hide what they don’t want to show you – they’ve gone beyond the packaged Esquire presentations of the very same boobs. The fact that these photos are intimate – they’re not for you, they’re for whoever they were privately sent to – and yet you still get to see them, THAT’S the rub. So the fact that the author is making this distinction means that when you compare the criticism of the private photos with the material Esquire normally puts out, they’re apples and oranges. One is something the model wanted you to see, the other isn’t.

  165. 165
    kc says:

    @Keith G:

    I wouldn’t and don’t blame the women . . .

    Risk is attached to many behaviors in life. Posing naked for pictures assumes a certain level of risk. If the pictures are digitally taken and stored in a place that is web-connected, the risk shoots up. And so on.

    The celebrities that are central to this story participated in an behavior that many regular folks do as well, but many more do not because of the risks involved – because of possible consequences. Meanwhile for some, it is the very risk involved that makes this behavior a …compelling choice.

    These celebrities who had their cloud data leaked do own some of the responsibility for this embarrassing episode which will blow over rather quickly with no loss of earnings, I assume.

    I love how you say “I don’t blame the women” and then immediately proceed to blame the women.

  166. 166
    Paul in KY says:

    @Steppan: Fair enough.

  167. 167
    askew says:

    @kc:

    I love how you say “I don’t blame the women” and then immediately proceed to blame the women.

    Exactly.

  168. 168
    WereBear says:

    @Doc Sportello: That’s the solution I came up with. I use Password Wallet on my iTouch, and it’s worth every penny of its small price.

  169. 169
    Mnemosyne says:

    @Keith G:

    Have you been following the concerns that many have about the events in Ferguson and many other similar police shootings.

    I did not realize that the people who stole these photos were members of law enforcement, who most judges and juries consider to be above the law. Do you have a link?

    I do feel that the predictable results of the reckless storing of embarrassing digital content should not be compared to rape. Ill-conceived behavior can have unfortunate consequences. I feel for the embarrassment of these and other such folks suffer.

    In other words, it was all the victims’ own fault for being stupid. But you’re not blaming the victim because shut up, that’s why.

  170. 170
    Bobby Thomson says:

    @Punchy: Better not let Langone know what that Jesus cat said about rich people.

  171. 171
    LAC says:

    @kc: just keep this in the back of your pocket when he goes on a dystopian “Big Brother 1984” rant when snowflake snowden news floats into our consciousness and fear of theoretical exposure of dudebro emails to the evil NSA in order to drone us happens.

  172. 172
    Doc Sportello says:

    The Unofficial Apple Weblog just published a piece on the limitations of Apple’s two-factor authorization. Shorter version: it’s real good at protecting your credit card; not so hot at protecting pictures and bookmarks.

  173. 173
    LAC says:

    @Mnemosyne just keep this in the back of your pocket when he goes on a dystopian “Big Brother 1984″ rant when snowflake snowden news floats into our consciousness and fear of theoretical exposure of dudebro emails to the evil NSA in order to drone us happens.

  174. 174
    Mnemosyne says:

    @Keith G:

    I wouldn’t and don’t blame the women. The hacker is the criminally liable culprit.

    Oh, well, I’m glad to see you —

    Risk is attached to many behaviors in life. Posing naked for pictures assumes a certain level of risk. If the pictures are digitally taken and stored in a place that is web-connected, the risk shoots up. And so on.

    The celebrities that are central to this story participated in an behavior that many regular folks do as well, but many more do not because of the risks involved – because of possible consequences. Meanwhile for some, it is the very risk involved that makes this behavior a …compelling choice.

    These celebrities who had their cloud data leaked do own some of the responsibility for this embarrassing episode which will blow over rather quickly with no loss of earnings, I assume.

    Uh, dude. Right there? Those three paragraphs above? That’s where you blamed the victims. It’s becoming kind of a tic by now: I don’t blame the victims, but it’s their own fault. Guh?

    And the amount of money they make has nothing to do with it, either.

  175. 175
    p says:

    I was in a film called “slipstream” that starred luke askew (“cool hand luke”) that won “best Canadian film/best photography/best director” in 1973 (predating the genies).
    there was a brief long shot of the leads (luke and I) walking a horse, nude, thru a lea.
    in 1978 I had a brief scene as a stripper in a film called “but all in good taste”.
    it was a most curious thing when, in 2004, I googled my name and found it linked to numerous porn sites.
    funny,too. I am white haired now, not “brunette”, but my breasts are still “small but perky”, just 2 feet lower than they used to be.

  176. 176
    Mnemosyne says:

    @different-church-lady:

    And yet you were somehow able to figure out that Martin was not, in fact, to blame for his own murder. Why are you having such a hard time extending the same courtesy to celebrities who had their photos stolen?

  177. 177
    Joe Bauers says:

    A young woman who chooses to go to a frat party and get blackout drunk *should* be able to have the same expectation of not being raped as a young man who chooses to go to the same party and get blackout drunk. If she does get raped, the person who did it *should* be punished and her choice to attend the party and drink that much *shouldn’t* matter either legally or extra-legally.

    Since life doesn’t always go as it should, I’m still going to counsel my daughters to not go to parties and get out of control drunk, even as I teach my son to not rape.

    Both/and, not either/or. Applies here too.

  178. 178
    Robert Sneddon says:

    @Doc Sportello: So if someone breaks into your 1Password wallet they get all your accounts and passwords in one convenient easy-to-carry lump. Like I said upstream, convenient or secure, you gotta choose.

    One of the online password wallet systems went bust overnight recently, stranding its users who didn’t have local copies of their wallets and leaving them unable to access their accounts on various internet websites. What fun…

  179. 179
    Mnemosyne says:

    @different-church-lady:

    a) Some people are shitty.

    b) Other people are clueless.

    c) group a has an easier time preying on group b than non-group b.

    d) “don’t be in group b” is smart advice.

    e) observing the truth of (d) does not negate (a)

    So when do you get around to berating Group A for their behavior rather than berating Group B for being clueless and telling Group B that you would never be as stupid as they were?

    That’s what bugs me about this — people hand-wave away Group A (because everyone knows they’re assholes, amirite?) and focuses all of their ire on Group B for being so stupid as to be exploited by Group A. Could we maybe spend 10 minute talking about what assholes Group A are and how to minimize their assholery, or is it always and forever up to the victims to stop being victimized?

  180. 180
    Lee says:

    @Rafer Janders:

    Actually, in the small town that I live in on weekends that’s exactly what I do

    But during the week you lock your doors. Funny how that works.

    Like others in this thread have pointed out, if you have private photos of yourself, then you should lock your doors.

    It is as simple as that.

  181. 181
    Roger Moore says:

    @Doc Sportello:
    The one thing I would definitely want is the ability to export all my passwords. I would be terrified that the program will stop being developed and all my passwords would be locked up and inaccessible.

  182. 182
    Keith G says:

    @Mnemosyne:

    I did not realize that the people who stole these photos were members of law enforcement, who most judges and juries consider to be above the law. Do you have a link?

    Here, let me type slowly for you:

    You stated:
    Rape and sexual assault are the only crimes I can think of where the behavior of the victim decides the verdict, not the behavior of the accused criminal

    Many of use feel that Darren Wilson should be charged with a crime. If the grand jury no bills him, or if indeed he is brought to trial and found innocent, it might be the case that the supposed behavior of the victim decided the verdict, not the behavior of the accused criminal. At least, that is what many of us fear – that the defense will put Brown’s behavior on trial.

    The above is a simple contra example of your quote that I blocked up there.

    In other words, it was all the victims’ own fault for being stupid. But you’re not blaming the victim because shut up, that’s why.

    ::Typing even slower now::

    Sometimes one can contribute to an unfortunate outcome without being the focus of “blame”.

    The other night in our neighborhood, a person was killed as she was legally walked down the side of a very busy yet poorly lit road. She had other, safer, routes but this was the most direct path. Many of us avoid walking or jogging down that stretch since there is no sidewalk.

    The driver who was not paying enough attention (and possibly driving faster than the speed limit) is to blame, as it seems that the woman was not on the road bed when struck. Again, she is not to blame. She did make a regrettable choice that put her safety in more jeopardy than many others feel is acceptable. She is not around to tell us why saving about 400 yards of walking was worth the risk.

    Sometimes one can contribute to an unfortunate outcome without being the focus of “blame”.

  183. 183
    different-church-lady says:

    @Mnemosyne:

    So when do you get around to berating Group A for their behavior…

    I believe calling someone shitty used to count as a pejorative. Not sure when that changed.

  184. 184
    Rafer Janders says:

    @Lee:

    But during the week you lock your doors. Funny how that works.

    No, during the week I live in a large apartment building in the city where the doors lock automatically.

  185. 185
    PJ says:

    @Rafer Janders: Because there is no real security on the internet. The appropriate analogy to a burglary situation would not be “don’t keep your stuff in your house”, but rather, “don’t keep your door unlocked when you’re not at home and, if you live in the city on the first floor, put bars on your windows.” The bad guys are the burglars, but taking these simple precautions reduces the likelihood of burglary.

    I wish we lived in a world where people would respect other people’s rights, but that ain’t the case. I lived a long time in DC, and whenever I locked my car, I had to make sure there was absolutely nothing visible in the interior – even a penny or a paper bag full of trash would be enough to entice a crackhead to break my window (which cost about $200 to replace, plus time off from work). Was it blaming the victim when I strongly advised visitors to also not leave anything visible in their cars? The fact was, there was no effective security on the streets and if you had a car, you had to expect this was going to happen.

  186. 186
    Lee says:

    @Rafer Janders:

    So you leave your door to your apartment completely open when you leave?

  187. 187
    chopper says:

    @askew:

    from a security standpoint, what’s actually worse than having this sort of information on your own phone or cloud account is letting someone else have it on/in theirs.

  188. 188
    Roger Moore says:

    @gvg:

    The fact that people are saying there is no privacy anymore means that we need to do something and what we need to do is laws that enforce some kind of standard security expectation on all levels.

    This. IMO, the biggest difference between a liberal and a conservative is how we respond when we discover that the world is an awful place. A conservative says, “Good thing it’s nasty to other people; sucks to be them.”, while a liberal says, “We need to do something about this so the world sucks less.” It’s all well and good to recognize that online security sucks and people need to take steps to protect themselves, but we need to take the next step and improve the bad situation so that it sucks less. That means finding and prosecuting the attackers to the full extent of the law. It also means holding Apple accountable for their poor security practices and generally making companies liable when they do such a bad job of protecting their customers’ data.

  189. 189
    different-church-lady says:

    @Sir Laffs-a-Lot: Good for you, you’ve confirmed your biases. I suppose the fact that Steve Jobs did NOT in fact decide that I must have an iCloud account doesn’t really change things for you, does it?

  190. 190
    FridayNext says:

    I once had a co-worker who was mugged 3 times in one year. After listening sympathetically for a few minutes he said something like “but this ATM is so convenient.” At which point I asked him what he meant and it turned out he was mugged three times at the same ATM in the middle of the night. (midnight-ish) At which point I asked a couple of question like, why not go to another ATM (one in a better neighborhood or better lit or more traffic) or why not plan ahead so you don’t need cash in the middle of the night? At which point I was denounced for blaming the victim. He claimed he should be as safe using that ATM whenever he felt like it as any other ATM at any other time. To which I replied “you’re right. You should. But you can’t.” Not and minimize your chances of being mugged and maximizing your chances of keeping your $100. (Oh yeah, that was another thing I asked. Why not just take out $20 to get you to the morning when you can visit a safer ATM in the light of day. Again, I was blaming the victim.)

    The discussion spread to the rest of our office and we were split down the middle between people who thought asking someone to change their behavior to minimize being a victim was blaming said victim and those of us who thought that it was possible to assign all blame and fault to the perpetrator (which we all agreed was the case) WHILE AT THE SAME TIME behaving with all due diligence to minimize the chances of being a victim in either a crime or an accident.

    We talked past each other for about an hour and as far as I am concerned people on either side of that divide are still talking past each other 20 years later. (You people certainly are.) It seems to me there should be a reasonable conversation to be had about exactly what behaviors we are willing to alter to maximize our safety from crime and injury, and which are such an imposition on our person hood and citizenship that even merely discussing it is an outrage. But I have yet to see three people in a room at once who were capable of having that conversation.

    ETA: I have no opinion about the nude selfies. Given my “simple” (aka dumb) phone (and the fact that I am, and have always been fat and ugly) it’s just never something I have ever pondered.

  191. 191
    different-church-lady says:

    @Rafer Janders:

    No, during the week I live in a large apartment building in the city where the doors lock automatically.

    Well, la DEE freakin’ da for you!

    Did I mention I was in a mood today?

  192. 192
    Mnemosyne says:

    @Keith G:

    Sometimes one can contribute to an unfortunate outcome without being the focus of “blame”.

    Ah, so when Trayvon Martin was called a “thug” and accused of attacking George Zimmermann with a sidewalk, he wasn’t being blamed, he just contributed to his own unfortunate outcome.

    When Michael Brown refused to get onto the sidewalk after being ordered to do so, people didn’t blame him for his own death, they were just pointing out how he contributed to his own unfortunate outcome.

    Again, she is not to blame. She did make a regrettable choice that put her safety in more jeopardy than many others feel is acceptable.

    And if the driver is let off with no penalty, that will be acceptable to you, right? After all, she put her own safety in jeopardy, so why should he face any penalty for her mistakes?

  193. 193
    Mnemosyne says:

    @different-church-lady:

    So one sentence about how shitty it is to steal people’s photos is equal to paragraphs about how stupid people were to take those photos in the first place?

  194. 194
    Doc Sportello says:

    @Robert Sneddon: My vault is stored in Dropbox, but you’d have to figure out the name of the user account. Plus the password. Then you’d have to hack into the 1Password vault itself.

    It’s possible, but highly improbable. Brute-force hacking would take millions of years.

    1Password and Dropbox then allow me to keep my vault on my phone, iPad and computers (as well as in the cloud). I’d have to lose all of them to lose access to my passwords. And I’m not dependent on either of 1Password or Dropbox staying in business.

    There is no perfect security system when going on-line, and yes, there are trade-offs between convenience and security. But with very little work, you can build some strong defenses and still scoot around the web pretty freely.

  195. 195
    different-church-lady says:

    @Roger Moore:

    A conservative says, “Good thing it’s nasty to other people; sucks to be them.”, while a liberal says, “We need to do something about this so the world sucks less.”

    And a consumer electronics executive says “We need to do something to make it suck easier and faster!”

  196. 196
    Roger Moore says:

    @different-church-lady:

    I believe calling someone shitty used to count as a pejorative

    One word of criticism for the perpetrators, many paragraphs for the victims, but you still have a hard time understanding why people think you’re blaming the victims.

  197. 197
    different-church-lady says:

    @Mnemosyne: Look, just give me a quota that will satisfy you ratio requirements and I’ll fill it up with verbiage.

    Or you could move on with your life. I don’t care either way.

  198. 198
    PJ says:

    @cleek: There seems to be a large enough community of people who use the internet who think that anything hackable should be hacked and distributed – these are the “information just wants to be free, man” crowd, who gladly violate copyright and right of privacy.

  199. 199
    different-church-lady says:

    @Roger Moore: Hey, I got an idea: why don’t you go back and count the fucking words in MY posts and calculate out the ratios and then figure out the difference between me and people who are not me and then fuck off.

    You don’t even have to do it in that order.

  200. 200
    PJ says:

    @askew: If someone leaves their bike unlocked on the street, and it gets stolen, is it blaming the victim to tell them, “Well, this probably wouldn’t have happened if you’d locked your bike.”?

  201. 201
    Roger Moore says:

    @different-church-lady:

    And a consumer electronics executive says “We need to do something to make it suck easier and faster!”

    They say, “How can we turn this into a profit center.”

  202. 202
    Mandalay says:

    @Marcelo:

    The message of the piece is quality regardless of the source.

    I completely disagree – the context in which a message is delivered is inherently part of the message, where the context consists of the credibility of the author, and the forum used for delivering the message.

    Now the author of the Esquire article may have impeccable credentials. but look at the image Esquire chose to use to open his article, and also the image used to open another of his articles which he links to. The scantily clad women are part of the message being delivered, even though I am sure that the author would much prefer that they weren’t there. So while the author’s article was good, but it would have automatically been better – more credible – if it had appeared in (say) The Atlantic or the New Yorker.

    And Rand Paul certainly had some worthwhile observations on Ferguson that were relayed in credible forums such as the NYT. But what about the credibility of the messenger? Was his primary concern for the treatment of minorities by the police, or the militarization of the police? Well, perhaps he cares about those things, but it seems more plausible that Paul’s real motivation for his message was the reduction of government (by demilitarizing the police). While Paul’s message was appealing we shouldn’t ignore his motivation for delivering that message.

    Messages don’t exist in splendid isolation; context really matters.

  203. 203
    different-church-lady says:

    @PJ:

    The appropriate analogy to a burglary situation would not be “don’t keep your stuff in your house”, but rather, “don’t keep your door unlocked when you’re not at home and, if you live in the city on the first floor, put bars on your windows.”

    The problem, of course, is that we don’t have a physical world analogy for a bunch of digital marketeers saying, “You can have a virtual version of your house everywhere you go!” There’s a seduction going on.

  204. 204
    PJ says:

    @Mnemosyne: So what’s your plan to reduce the assholery on the internet? It seems like the internet, due to its built-in anonymity and ability to copy and distribute copy files to millions, encourages and amplifies behaviors that people would be ashamed to demonstrate in broad daylight.

  205. 205
    stonetools says:

    See, I can keep two things in my head:
    1. I can blame the hackers.
    2.I can think the victims should take extra care to secure their nude selfies.

    @Mnemosyne:

    Uh, dude. Right there? Those three paragraphs above? That’s where you blamed the victims. It’s becoming kind of a tic by now: I don’t blame the victims, but it’s their own fault. Guh?

    And the amount of money they make has nothing to do with it, either.

    Er, wrong. Saying the victims should be more careful is NOT blaming the victim-it’s pointing out a fact.

    So when do you get around to berating Group A for their behavior rather than berating Group B for being clueless and telling Group B that you would never be as stupid as they were?

    Well, OK. These hackers are scum. They’re perverts. They’re the lowest form of life known to man. Hanging is too good for them.

    Now that we have called them names, guess what? They’re still going to do what they do, and people are going to still have to take precautions. You’re not going to scold them into stopping their aholery.

  206. 206
    different-church-lady says:

    Here’s another attempt: the place where the criminal circle and the naive circle overlap on the Venn diagram is where the real shit goes down.

    Apparently telling people not to hang out in latter circle is now politically incorrect.

  207. 207
    Keith G says:

    @Mnemosyne: I think that somewhere in your idea salad of decoy argumentation were four questions. I will address them.

    1. Not sensible or relevant I think…I am still trying to unpack this.

    2. I do not know what those “people” were getting at. Maybe you should ask them.

    3. No.

    4. If the driver violated laws governing the safe operation of a motor vehicle, and that violation killed someone , that is a very serious offense that should be prosecuted. Such a conviction will have zero chance of bringing that woman back to life.

    I bet her family can both be mad at the driver and wish that the woman had chosen a safer route.

  208. 208
    Doc Sportello says:

    @Roger Moore: They’re exportable as csv or txt files.

    Disclaimer: Not affiliated with the company. Just like it’s products.

  209. 209
    stonetools says:

    Iphone owner here. Photo backup is NOT turned on by default. You have to turn on Icloud back up and you have to turn on Photo Stream-Apple’s photo sharing solution. You can find their support page here . It’s quite clear about what happens when Photo Stream is enabled. (reading-it’s fundamental). Its also clear about how to delete photos that you don’t want in iCloud.
    Again, if you want to do nude selfies-great. But understand what you are doing.

  210. 210
    PJ says:

    @different-church-lady: Right. Most people don’t want to have to think about how their computers and phones work (I certainly don’t), they just want them to work. Where I grew up, it was safe to leave you car unlocked, and it was certainly safe to leave stuff in it overnight; after I moved to the city, it took a couple of auto break-ins and being laughed at by the police (“Why did you leave anything in your car?”) for me to change my behavior. For most people, the internet is only about 20 years old, and they are encouraged by the tech industry to use it without thinking. At the same time, other people see the internet as an opportunity to illegally take and distribute whatever they want with impunity. It will take some strong public outcry to change these behaviors.

  211. 211
    Mnemosyne says:

    @PJ:

    There seems to be a large enough community of people who use the internet who think that anything hackable should be hacked and distributed – these are the “information just wants to be free, man” crowd, who gladly violate copyright and right of privacy.

    This right here. And apparently we’re supposed to just accept the actions of those bad actors and do our best to protect ourselves without demanding that the companies who hold our information protect it better. Why aren’t we demanding that companies that hold our information keep it protected? How about making US credit card companies switch to those cool PIN-based credit cards they have in Europe to cut down on fraud? How about making Apple liable when hackers exploit holes in their security and steal peoples’ private information?

    But, nope, we can’t talk about any of that because we have to spend all of our time lecturing the victims about how stupid they were to trust the internet and brag about how much smarter we are than them. We can only talk about personal prevention and never, ever talk about what the companies using our information should be required to do in order to protect that information.

  212. 212
    Mnemosyne says:

    @PJ:

    after I moved to the city, it took a couple of auto break-ins and being laughed at by the police (“Why did you leave anything in your car?”) for me to change my behavior.

    And, of course, they left without taking a police report because you shouldn’t have been so stupid, right?

  213. 213
    Lee says:

    @PJ: That lesson is apparently lost on half of the commenters here.

  214. 214
    Mnemosyne says:

    @stonetools:

    Now that we have called them names, guess what? They’re still going to do what they do, and people are going to still have to take precautions. You’re not going to scold them into stopping their aholery.

    Hey, here’s a crazy thought — maybe the companies who hold all of our information can take precautions, too! Maybe they can be held liable if their security fails and their customers’ information is stolen! I know, it’s insane to think that maybe private corporations should have a responsibility towards their customers that includes not allowing their customers’ information to be stolen from them, but it just might help, and it would probably help a lot more than exhorting tens of millions of people to rely on themselves for protection against thieves.

  215. 215
    PJ says:

    @Mnemosyne: I think a serious legal effort needs to be made to get tech corporations to take security more seriously (including civil liability) and for law enforcement to address these problems criminally. But I also think there are inherent structural flaws in the internet (anonymity, copying of files) which encourage bad behavior by users, and trying to introduce notions of morality or ethics regarding hacking and illegal distribution only induces lulz.

  216. 216
    different-church-lady says:

    @Mnemosyne: In other words, you’re incapable of comprehending a world where both those things actually do happen.

  217. 217
    stonetools says:

    @PJ:

    For most people, the internet is only about 20 years old, and they are encouraged by the tech industry to use it without thinking. At the same time, other people see the internet as an opportunity to illegally take and distribute whatever they want with impunity. It will take some strong public outcry to change these behaviors.

    Public outcry-and some legislation making this illegal and imposing stiff penalties. Of course the dudebros will call this tyranny.

  218. 218
    Rafer Janders says:

    @PJ:

    If someone leaves their bike unlocked on the street, and it gets stolen, is it blaming the victim to tell them, “Well, this probably wouldn’t have happened if you’d locked your bike.”?

    Yes.

    That is, in fact, blaming the victim. Because the mere fact that a bike is left unlocked should not be an invitation to theft. Anymore than, say, a woman wearing a nice necklace out in public is an invitation to rip it off her neck. And if you then told her “well, this probably wouldn’t have happened if you hadn’t worn such a nice necklace”, that would also be blaming the victim.

  219. 219
    PJ says:

    @Mnemosyne: I actually got a police report the first couple of times, until I realized I was never going to reach my deductible, and stopped bothering the police altogether (which, of course, is one reason why they didn’t take auto break-ins seriously, but there were much bigger crime issues they couldn’t handle either, and I saw no reason to fight with the sea, so I let it slide after that.)

  220. 220
    Mnemosyne says:

    @PJ:

    But I also think there are inherent structural flaws in the internet (anonymity, copying of files) which encourage bad behavior by users, and trying to introduce notions of morality or ethics regarding hacking and illegal distribution only induces lulz.

    As I said yesterday, the lulz for me were that the same Reddit dudebros who were outraged that the NSA might be hacking into their emails were all, Moar illegal boobie pictures, please! Apparently it’s good for people to hack into Jennifer Lawrence’s personal account, but bad and evil for people to hack into those Reddit dudebros’ accounts.

    But you’re probably right that none of them will ever see the hypocrisy in their position. They’ll probably make the But it doesn’t matter if it happens to a celebrity! argument that we’ve seen in these very threads.

  221. 221
    Eolirin says:

    I think it bears repeating that this specific attack should not have been possible, and that Apple has a *lot* to answer for.

    Brute Force attacks have been in use since before there was the web. You just do not build an access point to a cloud service that doesn’t lock itself down after just a handful of access attempts. That’s a kind of oversight that hasn’t been excusable since the 90s.

    So yeah, any cloud stored information is at risk to an extent (though really so is everything – stolen computers and phones are a big source of leaks too), but this is the equivalent of putting a deposit into a bank and the bank leaving the vault doors open and the cameras off, and having one security guard at the front of the building with the back doors wide open; I doubt anyone making an anti cloud argument would be saying the same thing if the leaks were the result of photos in a safety deposit box being stolen, or wouldn’t be blaming the bank for having utterly stupid security protocols in the above example.

    That a hack of this nature occurred signals either gross incompetence or serious negligence on the part of Apple.

  222. 222
    different-church-lady says:

    @Rafer Janders: Maybe we should all let our kids play in busy streets too. Because what ought to be will keep us safe from what is.

  223. 223
    Mnemosyne says:

    @different-church-lady:

    Show me when the successful lawsuit happens against Apple for allowing this breach of privacy. I think it’s going to be a long wait.

    Heck, show me a past lawsuit where users successfully sued a company for not properly protecting their information. Right now, as far as the law is concerned, Apple can tell all of its users to go pound sand if there’s a security breach. They won’t do that because it’s bad publicity, but they won’t face any legal penalties for this.

  224. 224
    different-church-lady says:

    @PJ:

    But I also think there are inherent structural flaws in the internet (anonymity, copying of files) which encourage bad behavior by users…

    The biggest structural flaw that encourages bad behavior is not in the technology — it’s in the marketing.

  225. 225
    stonetools says:

    @Mnemosyne:

    You do understand that Apple made it easy NOT to post any photos to iCloud that you didn’t want posted there, right? You had to take affirmative steps to have your photos posted to iCloud.What’s more, even if you had it set up so the photos were posted,you could have deleted any photos you didn’t want in iCloud.
    Moreover, you could also have set a long, complex password that was not one of the commonly used passwords that every hacker knows.If you are posting nude selfies to your iCloud account, then maybe you might want to be careful about securing that account, and not just trusting that things will work out and that everybody will be gentlemen.

    It’s not about blaming the victim: it’s about ascribing agency to adults.

  226. 226
    chopper says:

    @Mnemosyne:

    that’s what happened when my wife left the car unlocked in NYC and my shit got stoled.

  227. 227
    chopper says:

    @Rafer Janders:

    Because the mere fact that a bike is left unlocked should not be an invitation to theft.

    it is not, and it should never be. yet it happens. and if your kid came home telling you they left their bike out unlocked on a busy sidewalk downtown and it was stolen, i guarantee you at some point you’d bring up the fact that they probably should have locked it.

  228. 228
    Steppan says:

    @stonetools:

    At least one of the sets of photos had been user-deleted already

  229. 229
    different-church-lady says:

    @Mnemosyne: Apple took precautions. They fucked up and their precautions failed.

    Part of Apple’s product line is seduction. “Use our servers to magically make all your trivia instantly available on all these Apple devices at once.” It’s a devil’s bargain, with usually relatively low consequences for losing. I’m sure there’s paragraphs of legal jargon that insulate them from their own fuck ups.

    From a moral standpoint I’d like to see them stop doing the seduction. If a court case can be made for negligence can be made I’d be all for it. But it’s not going to solve the larger problem of people falling for the next seduction. There will never be an entirely safe way of releasing sensitive data into the larger world. There will always be better mice following the better mousetraps.

    In my view iCloud and Bitcoin are part of the same category, in different degrees. You have to be an idiot to “trust” either one with stuff that really counts.

  230. 230
    Doc Sportello says:

    @Eolirin: Apple says “none of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone.”

    They’re blaming “a very targeted attack on user names, passwords and security questions.”

    Still unclear as to what steps, if any, were used to deter a brute force attack.

    Security questions are a pet peeve for me, as many of them can be answered via Facebook or some good internet sleuthing. Consider providing fake, gibberish answers, and storing them someplace secure (like a good password manager). Again, not perfect, but pretty strong.

  231. 231
    stonetools says:

    @Steppan:

    At least one of the sets of photos had been user-deleted already

    Then Apple or whoever would be on the hook if that were true.

  232. 232
    Eolirin says:

    @stonetools: If you’re going to tell people that they should use strong passwords, which is sound advice as a general thing, you also have to tell Apple that they shouldn’t have blindingly obvious security faults in their systems and that they should be adopting processes to avoid having blindingly obvious security faults in their systems.

    Apple has a responsibility to maintain the security of their systems, just like an individual has a responsibility to good security practices.

  233. 233
    Heliopause says:

    The “don’t take naked pics if you don’t want them online” argument is the “she was wearing a short skirt” of the web. Ugh.

    No, the issue is that we’ve trained an entire generation to think nothing of storing absolutely anything, whether it be nude photos, bank statements, drunken reveries, idiotic poetry you wrote in high school, or whatever, on someone else’s server. This is primarily an issue of propaganda.

  234. 234
    chopper says:

    @stonetools:

    OTOH, someone upthread pointed out that in at least one case it was a boyfriend/whatever whose account was hacked. could be that he was told to delete the stuff by the subject of the pics and didn’t and is now all ‘oh yeah, i totes deleted them! apple must have fucked up!’.

    or apple could be doing a shitty job deleting things from the cloud. just coming up with another theory.

  235. 235
    Omnes Omnibus (the first of his name) says:

    Irrespective of the quality of the decision making process that led to the pictures being taken or stored on the cloud, those images were the personal property of the who owned them. They had a right to share or not share them as they chose. A right to delete them and expect that they were deleted. The images were theirs. The images were then stolen. Speculation about and advice to these (mostly) young women about how different actions might have had different results doesn’t really matter because they behaved at worst foolishly. The people who stole the images behaved criminally. There is a big difference.

    @Dick Dastardly: What a nice comment. You seem like a lovely person.

  236. 236
    Suzanne says:

    Even talking about security, which is important, misses the point: this is a failure of patriarchy even more than a fuck-up by Apple.

    I am of the opinion that men have the responsibility to correct sexism, just as white people have to sacrifice to correct racism.

    So, dudes, what have you done to make the world better for women today? Hint: “advising” me what to do with my phone and/or my data is not making the world better for women.

  237. 237
    stonetools says:

    @different-church-lady:

    Part of Apple’s product line is seduction. “Use our servers to magically make all your trivia instantly available on all these Apple devices at once.” It’s a devil’s bargain, with usually relatively low consequences for losing. I’m sure there’s paragraphs of legal jargon that insulate them from their own fuck ups.

    i’d like Apple to be held to account if they did wrong too. But what do you want? Should Apple put in big red letters:

    DO NOT POSE NUDE SELFIES TO YOUR ICLOUD ACCOUNT BECAUSE THEY COULD GET HACKED?

    It seems that for some people nothing else would be sufficent.

  238. 238
    stonetools says:

    @Eolirin:

    If you’re going to tell people that they should use strong passwords, which is sound advice as a general thing, you also have to tell Apple that they shouldn’t have blindingly obvious security faults in their systems and that they should be adopting processes to avoid having blindingly obvious security faults in their systems.

    And I hope JLaw and others sue Apple’s $$es off if this were true. We’ll see if this is the case. I suspect operator error here, though. But we’ll see.

  239. 239
    Roger Moore says:

    @Mnemosyne:

    Right now, as far as the law is concerned, Apple can tell all of its users to go pound sand if there’s a security breach. They won’t do that because it’s bad publicity, but they won’t face any legal penalties for this.

    They won’t say it so crudely, but that will be the message. It will be made quietly by their lawyers and written in the form of their contract limiting liability and requiring all disputed to be settled by arbitration, but pounding sand will absolutely be the underlying message.

  240. 240
    Keith G says:

    @stonetools:

    DO NOT POSE NUDE SELFIES TO YOUR ICLOUD ACCOUNT BECAUSE THEY COULD GET HACKED?

    It seems that for some people nothing else would be sufficent.

    Ah…These, among many others, are the words of stooges of the patriarchy

    Repent!!!

    /sarcasm (just in case….)

  241. 241
    Lee says:

    @Rafer Janders: So you do leave your door wide open when you leave your apartment.

  242. 242
    different-church-lady says:

    @stonetools: I’d like to answer that question seriously, but I’m not sure it’s possible without going down the rabbit hole. It’s linked to too many other issues: is corporate morality possible? Where does the home end and public begin? Who owns data on the internet? Etc. etc.

    IMO, it would be nice if there was enough cynicism in the world where people just rejected “The Cloud” as a good idea. But too many people are fascinated by their gadgets and discretion has become something only old fogies value, so I don’t see the problem ending any time soon.

  243. 243
    chopper says:

    @stonetools:

    a lot of places have been enforcing stronger password security, which is great. so you can’t choose some bullshit easy-to-break password but are required to throw in some extra crap.

    tho the whole ‘get your password via these security questions’ like what town were you born in? and what was your first pet’s name? is fucking laughable. isn’t that how that dude hacked sarah palin’s email way back when?

  244. 244
    Randy Khan says:

    @kc: You do have to affirmatively decide to use iCloud when you set up your iPhone. It’s a yes/no question.

    Apple has released a statement: Apple says

    It’s pretty clear that Apple doesn’t think it was a problem with iCloud’s basic design or that access was achieved through the reported “Find my iPhone” vulnerability. Reading between the lines, it sounds like the targeted celebs probably had lousy passwords (which is hardly a celebrity-specific problem).

    There’s a fair argument that Apple should protect people from themselves by forcing them to use more secure passwords (and, honestly, mine isn’t so hot), although there are limits even to that. Either way, even if it was bad passwords, the fault still lies with the person who cracked them, not with the targets.

  245. 245
    different-church-lady says:

    @chopper:

    tho the whole ‘get your password via these security questions’ like what town were you born in? and what was your first pet’s name? is fucking laughable. isn’t that how that dude hacked sarah palin’s email way back when?

    I had one where I ran out of options that applied to me. I got two, and then the rest of the questions were things like, “What is your sister’s name?” I don’t have a sister. I finally picked a question at random and answered it, “These are idiotic questions”

  246. 246
    Roger Moore says:

    @stonetools:

    i’d like Apple to be held to account if they did wrong too. But what do you want?

    Substantial monetary damages would be a good start.

  247. 247
    different-church-lady says:

    @Roger Moore: BANKSTERS!

  248. 248
    Randy Khan says:

    @chopper: I have to admit that I wonder who picks the security questions. My favorite hack on that (in the old, positive sense) is the people who give extremely wrong answers: “Where were you born?” “Rover” “What was the name of your first pet?” “Pi R squared”).

  249. 249
    Roger Moore says:

    @stonetools:

    We’ll see if this is the case.

    We know there are substantial flaws in Apple’s security, or at least there were. There was a recent presentation at which somebody showed that Apple allowed attackers to guess passwords an unlimited number of times without taking any steps to lock the account or, apparently, set up any flags that would make Apple security take a look at what was happening to the account. They claim to have fixed the flaw since it was published, but there was enough time for somebody to try this hack in the meantime.

  250. 250
    PJ says:

    @Suzanne: That advice about what to do (or not to do) with your personal files is applicable to anyone who uses the internet, whether you are a man, a woman, or a dog. If someone is made aware about the lack of security for their personal files, how is that unhelpful?

    As to making the world a better place for women, it seems to me that is the responsibility of everyone (I would also note that probably half of the people who were responsible for raising the hackers at issue were women). The tech industry is overwhelmingly male, and the hacker/reddit/anonymous crowd also seems to be overwhelmingly male, with a general lack of respect for anyone who isn’t part of their group (e.g., women). They celebrate their insularity and lack of empathy. How do you think we can reach these people and get them to change their attitudes and behavior (outside of law enforcement)?

  251. 251
    John Cole +0 says:

    @Roger Moore:

    Substantial monetary damages would be a good start.

    Halle Berry received a 500k bonus for going topless in Swordfish. How much money would Jennifer Lawrence or one of the other’s have made had they negotiated for their first nude on film? Damages doesn’t seem like that crazy of an idea.

  252. 252
    Suzanne says:

    @PJ: Because the overarching problem is disrespect for women. Talking about the insecurity of data is rearranging the deck chairs on the Titanic.

    The first thing to do, in this case, is to bring the wrath of God on the guilty parties. It’s a serious crime and should be treated as such. And men who are in a position to have any sort of influence over other men or boys need to step up and let them know that women, as people, do not exist for their sexual gratification. This needs to start from the minute you’re first slapped on the back, because patriarchy sure does.

    Once again, this is a social system that exists for the benefit of men, and women just get branded as bossy bitches when they try to deal with it, so men should do it.

  253. 253
    Suzanne says:

    @PJ: Not to mention, I think that if society shuns the perpetrators as disgusting, criminal freaks, we could start to send the message that this is disgusting, criminal, freakish behavior.

    But I expect plenty of backslaps, cheers, and above all, DISTRACTIONS—making this once again about what WOMEN have to do within patriarchy.

  254. 254
    Keith G says:

    On one of the related issues:

    I have some hardware (for now) that makes dealing with iTunes necessary. I know that Apple is supposed to be the shit for hardware, but iTunes has been a bane to my existence for nine years. They seriously cannot develop useful software that is intuitively useful and non-glitchy…well…less glitchy.

    Every time Apple comes out with a new version of iTunes, I hold my breath as I poke around to see what damage has been done. Usually it takes several patches and/or work arounds to iron out the wrinkles.

    On a continuum of trustworthy locations to store important data, I would put Apple farther away from the good side than some other well known names. I just don’t think that they have given as much thought or care to this as have others.

  255. 255
    gwangung says:

    @different-church-lady:

    I had one where I ran out of options that applied to me. I got two, and then the rest of the questions were things like, “What is your sister’s name?” I don’t have a sister. I finally picked a question at random and answered it, “These are idiotic questions”

    Somebody suggested using a deliberately wrong answer that you can remember (or keep on a password program like 1Password).

  256. 256
    stonetools says:

    @Roger Moore:

    Sez Apple:

    None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
    Read more at http://9to5mac.com/2014/09/02/.....x4g9upP.99

    So the security flaws you referenced were not the cause of the privacy violation.Seems weak passwords and security questions were the problem.Maybe we we should introduce JLaw and others to “correct horse battery staple”, etc.Or maybe speak of other options vfor conveying such pictures:CDs, flash drives, and the US Post Office.

  257. 257
    PJ says:

    @Suzanne: I think talking about insecurity of data is more like deciding whether to buy a ticket on a ship which, despite the advertisement, is highly vulnerable to icebergs (and there are a lot of icebergs out there) or to just stay at home. The internet is insecure, but people treat it as if all their information were protected.

    @Suzanne: No one is saying “this is what women have to do” – it’s what everyone has to do, or should at least think about. All kinds of personal information gets hacked, but in this instance it’s personal photos.

    The issue of disrespect to women is a distinct and much more pervasive problem. Part of the problem with shunning the perpetrators of hacking violations like this is that they are anonymous (+1 for the internet) and also that they get off on being considered “disgusting, criminal freaks.” Shaming or scolding just isn’t going to work unless it is in public, but anonymity makes that impossible.

  258. 258
    stonetools says:

    @Suzanne:

    Not to mention, I think that if society shuns the perpetrators as disgusting, criminal freaks, we could start to send the message that this is disgusting, criminal, freakish behavior.

    Everyone agrees that these hackers are scum. You seem to believe that if only we condemn these guys enough, they’ll turn into gentlemen. I’m afraid you are wrong about that. They’re going to keep doing what they’re doing.
    What we have to do is:

    1.catch and punish them (hard to do).
    2.protect ourselves from them (easier, but still hard).

  259. 259
    Suzanne says:

    @PJ: @stonetools: If these guys were really, REALLY treated like scum, and they lost their friends and their jobs and their girlfriends, I don’t know that these chumps would be different. But other guys would. This is the problem: you’re looking at this as an isolated thing. It is not. It is one example of what women go through in this society each and every day.

    This behavior happens because there is incentive. Financial, or social. Those incentives exist because of patriarchy, because of lack of respect for the humanity of women.

    Shaming and scolding SHOULD be public, when someone says or does something that causes harm to an equitable society.

    Dudes mansplaining about what women should do with their data, when what they should be doing is TELLING EVERY DUDE THEY KNOW THAT THEY ARE ASSHOLES IF THEY LOOK AT THESE IMAGES.

  260. 260
    Roger Moore says:

    @John Cole +0:

    How much money would Jennifer Lawrence or one of the other’s have made had they negotiated for their first nude on film?

    I was thinking more about the emotional distress, bad publicity, etc. that the victims had suffered than economic consequences. That way is also more helpful to Jane Doe, who has no chance of landing a Hollywood role, topless or not, when her account is hacked.

  261. 261
    Doc Sportello says:

    “Christopher Chaney, a “Hollywood hacker” who infiltrated email accounts and leaked nude photos of celebrities and other women, has been sentenced to 10 years in prison, the AP reports. Chaney was caught three years after he began efforts to illegally gain access to private accounts and photos, and broke into accounts belonging to Hollywood notables including Christina Aguilera, Mila Kunis, and Scarlett Johansson — prosecutors said that he accessed more than 50 email accounts between November 2010 and October 2011. Prosecutors recommended a nearly six-year sentence for Chaney plus $150,000 in damages, but the court landed on a harsher penalty, opting to lock him away for a decade.”

    Verge

  262. 262
    Bob Munck says:

    @cleek:

    why do banks have better security than donut shops?

    Donut shops have more cops.

  263. 263
    Roger Moore says:

    @stonetools:

    So the security flaws you referenced were not the cause of the privacy violation

    They absolutely were. The security flaw was that Apple let people guess passwords an unlimited number of times without locking the account. That’s what the part about “very targeted attack on user names, passwords and security questions” means. And that is absolutely terrible security practice on Apple’s part.

    Anyone who cares about security has known for decades that you should limit the number of times somebody is allowed to try entering their password precisely because giving them unlimited chances lets attackers brute force guess weak passwords. Limiting the number of guesses, either by straight locking the account or by imposing a wait after a number of failed attempts, is absolutely standard practice. Smart security people who use the imposed wait approach will also send a warning to human sysadmins after some number of incorrect guesses. That kind of thing could have prevented the attack.

  264. 264
    stonetools says:

    @Roger Moore:

    They absolutely were. The security flaw was that Apple let people guess passwords an unlimited number of times without locking the account. That’s what the part about “very targeted attack on user names, passwords and security questions” means. And that is absolutely terrible security practice on Apple’s part.

    Apple specifically said that the Find my Iphone security flaw was not the one exploited in the this case. And that was the one that allowed the unlimited guesses.

  265. 265
    Doc Sportello says:

    Assuming the Find My iPhone exploit wasn’t used, I’m very curious as to how this happened.

    If password were reset using security questions, then the user would have known about it immediately if two-force authentication were used. If it weren’t, the user would be locked out the next time she used her device. (This is, in part, how Mat Honan learned about his hacking.)

    If the passwords were just awful, they could have guessed and then not changed, allowing continued access to the account. I believe that, after three or five attempts, Apple would have asked the hacker if he had forgotten the password and wanted to reset it. Then there need to be some time lag before the next attempt (or else the user would be locked out). Assuming five wrong guesses per day, it would have taken a little over three months to try to the 500 most used passwords. Doable, but time consuming.

  266. 266
    Rafer Janders says:

    It appears to be that iOS devices are automatically opted-in to Apple’s Camera Roll feature, which uploads all photos to Apple’s iCloud backup service. As a result, many users are likely using this service without realizing it and a result, do not understand the associated security and privacy risks

    https://www.aclu.org/blog/technology-and-liberty/lessons-celebrity-icloud-photo-breach

  267. 267
    Suzanne says:

    I can’t help but think about the Michael Brown case w/r/t this. Often when we hear about a famous case of police brutality, we read these heartbreaking essays by black parents about how they tell their sons how to behave around the police. And they rightly point out how this is fucked up, but they want to protect their kids anyway, so they advise them to be almost ludicrously deferential.

    But it is almost always underscored by the fact that this is a shitty state of affairs, and that sometimes, there is no way to live your life the way you want to without bring fucked with, deference or no. And I would hope that AT LEAST AMONG LIBERALS AND PEOPLE THAT READ THIS BLOG, they shouldn’t have to, and 200 comments about how their deference wasn’t exactly the right flavor would be condemned as supporting a racist social structure rather than fostering a society in which they have genuine equality.

    Instead, we have tech dudes dissecting ad infinitum which specific “mistakes” women made, rather than discussing how to dismantle a patriarchal social structure that literally makes me afraid every time I go outside.

    Thanks, y’all.

  268. 268
    Mnemosyne says:

    @different-church-lady:

    Apple took precautions. They fucked up and their precautions failed.

    And now Apple should be held legally liable for that fuckup, just the same as they would be held legally liable if someone slipped and fell in their store. But that’s never going to happen, because people would rather scold internet users than hold the companies that provide internet services to account.

  269. 269
    MomSense says:

    @Suzanne:

    This is the problem: you’re looking at this as an isolated thing. It is not. It is one example of what women go through in this society each and every day.

    This behavior happens because there is incentive. Financial, or social. Those incentives exist because of patriarchy, because of lack of respect for the humanity of women.

    Shaming and scolding SHOULD be public, when someone says or does something that causes harm to an equitable society.

    Dudes mansplaining about what women should do with their data, when what they should be doing is TELLING EVERY DUDE THEY KNOW THAT THEY ARE ASSHOLES IF THEY LOOK AT THESE IMAGES.

    Thank you!

  270. 270
    stonetools says:

    @Rafer Janders:

    Frankly, Im not sure about that. The default is that the phone does NOT back up to iCloud. You have to enable iCloud backup.
    I’m going with what Apple says for now, which is that the violation was not done through an iCloud security flaw, but by exploiting weak passwords and security questions.
    One issue here is why would Apple allow for the possibility of weak passwords? It should design the system so as not to accept weak passwords.
    That said, I do online banking and my password is as strong as an 8-digit code can be, and my Visa account has still been hacked.

  271. 271
    stonetools says:

    @Mnemosyne:

    But that’s never going to happen, because people would rather scold internet users than hold the companies that provide internet services to account.

    oh, I think JLaw and friends can hire the legal talent to hold Apple accountable. That’s what matters, not who scolds who on the Internet.

  272. 272
    Doc Sportello says:

    @Mnemosyne:

    Legally, this is probably a non-starter. I would suspect the user agreement (which no one reads) presents the risk of a breach and has the user acknowledge it. I don’t know for sure, as I gave up reading user agreements a long time ago, and simply assumed I’m screwed.

    As others have noted, nothing is truly secured ]when you’re online. Ed Snowden and others employ an air gap. They have one computer which is never connected to the internet — no updates, nothing — and they do all their work on that. They then transfer their work to a computer which is online and transfer their work from there. Their original computer remains immune — kind of a boy in the plastic bubble set-up.

    The transfer was usually done by a UBS thumb drive, but there have reports of firmware malware which cannot be removed by reformatting the disk. So I assume they’e using a non-UBS alternative.

    If you’re connected to the internet, you’re at risk. Systems can have robust security, but there are always ways to circumvent them. (See Mat Honan’s article on how he, a writer for Wired, got hacked.)

    I don’t rely on Apple for security. I like their products and recommend them to friends. But I also explain to my friends where the (known) security weaknesses lie, and how to cope with them.

    Internet security is not a Ford Pinto, where a $10 shield would prevent the gas tank from exploding. It’s enormously complex, and (generally) the vendors take care of the weaknesses they see. Some are better than identifying those weaknesses than others. But even if a vendor’s software were security-perfect, it would incorporate or involve other software, such as OpenSSL, which was vulnerable to the Heartbleed attack.

    As online activity will always be vulnerable — and more so, as we increasingly rely on wifi in lieu of ethane cable — we are behooved to protect ourselves. The good news is that you can do — not perfectly — but cheaply, quickly and with a low level of inconvenience.

    We all have things we’d like to consider to be private. There are steps we can take to help keep them that way. Curse the darkness, etc.

  273. 273
    different-church-lady says:

    @Mnemosyne: All those words against the cloud company, and no condemnation of the thieves?

    See, two can play that game.

  274. 274
    PJ says:

    @different-church-lady: C’mon, someone has to scold the internet commenters for not scolding the cloud companies and the hackers in the proper word ratio. Anyone who suggests precautions against the ills of this world is just supporting the patriarchy.

  275. 275
    chopper says:

    @PJ:

    I must admit I sometimes discuss issues in the wrong order, according to some. I’m working on it.

  276. 276
    Doc Sportello says:

    Daring Fireball points to this piece by Nik Cubrilovic, who did the most extensive research I’ve seen on how the photos were stolen.

    Sample:

    Hackers use “use the target data [obtained from Facebook, etc.] to retrieve passwords or authentication keys. There are numerous methods here and most have tutorials available online. The most common are RATs, phishing, password recovery and password reset. RATs are simply remote access tools that the user is either tricked into installing via private messages or in an email (link or an attachment) or that someone close to the target will install on their phone or computer with physical access. Phishing is sending the target an email with a password reminder or reset that tricks the user into entering their password into a site or form the attacker controls. Password reminder is gaining access to the users email account (again using secret questions or another technique) and then having a reminder link sent to access the cloud storage. Password reset is answering the date of birth and security question challenges (often easy to break using publicly available data – birthdays and favorite sports teams, etc. are often not secrets).”

    And:

    “There is no software that users will ever be able to install or upgrade that will make them completely secure. The responsibility is on both vendors and users. Users need to be aware of good password practices (unique passwords, long, passphrases) as well as the basics of anonymity and security (more on this in another post – attempting to tl;dr security tips in a few, small and simple to understand points)”

  277. 277
    Mnemosyne says:

    @different-church-lady:

    All those words against the cloud company, and no condemnation of the thieves?

    See, two can play that game.

    If you really, really want me to, I’ll be more than happy to re-hash everything I said yesterday about the thieves and the misogynistic society that provides cover for them. It’s probably about 5,000 words — do you have time for all of the links?

  278. 278
    Mnemosyne says:

    @Doc Sportello:

    Legally, this is probably a non-starter. I would suspect the user agreement (which no one reads) presents the risk of a breach and has the user acknowledge it. I don’t know for sure, as I gave up reading user agreements a long time ago, and simply assumed I’m screwed.

    You realize that this kind of learned helplessness is part of the problem, right? Why are we not allowed to demand that the companies who take our money protect our private information and pay a cash penalty when they fail? Why were people not allowed to sue Target when Target’s security breach affected millions of their customers?

    We can change things. But corporations don’t want to have to change, and people are willing to let them slide because they think it won’t happen to them … until it does.

  279. 279
    different-church-lady says:

    @Mnemosyne: No need, I’m sure you’ll say it all again eventually.

  280. 280
    Mnemosyne says:

    @different-church-lady:

    I wouldn’t bet against it.

  281. 281
    Doc Sportello says:

    My learned helplessness takes the form of assuming responsibility for my own online security.

    Apple — and Google, and Facebook — offer internet services for free. No one pays for them, and no one is obliged to use them. (And part of the way I manage my o\line security is by not using Facebook, and by using Google sparingly. BTW — check out DuckDuckGo as a search engine. Very good, and no tracking.)

    Others may well decide to forego Apple and use other services. No problem there at all — we all manage risk in our own ways.

    My point, though, is that you can’t rely on a provider for security. I think it’s Bruce Schneier who said security is not a product, it’s a process. I think few people are aware of this. Our devices allow us an incredible view onto the entire world (and more), but it also allows the entire world into our devices, where our most sensitive and important information resides.

    Apple actually does a decent job at suggesting what constitutes a good password:

    “Your password must have a minimum of 8 characters, not contain more than 3 consecutive identical characters, and include a number, an uppercase letter, and a lowercase letter. [It also cannot be identical to the account ID, a common password or one used within the year.

    You can also add extra characters and punctuation marks to make your password even stronger. Using a strong password is the most important thing you can do to help keep your account secure.”

    I’d like to see the length requirement kicked up (mine is 26), but otherwise the advise is solid. And I know Apple doesn’t want to require longer passwords, as people will complain that it’s inconvenient. There’s always a trade off between security and convenience, and if it becomes too inconvenient, then people will sidestep security completely. Supposedly more than half of all cell phones users don’t even use a four-digit passcode to unlock.

    I encourage you to check out the Nik Cubrilovic piece. Those of us who aren’t celebrities are unlikely to be victims of these kinds of coordinated attacks, but this shows what a bunch of very clever people can do to you if you’re online. And we’re all online.

  282. 282
    hilts says:

    Louis C.K. nails it once again with these comments about cloud computing

    http://www.huffingtonpost.com/.....52370.html

  283. 283
    Omnes Omnibus (the first of his name) says:

    @Doc Sportello: I think that part of the problem in this thread is that two basic conversations are happening; one about the invasion of privacy and the theft and how it related to sexism and a variety of other problems and another about security and convenience. Where these subthreads cross, it creates opportunities for misunderstanding.

  284. 284
    Doc Sportello says:

    @Omnes Omnibus (the first of his name): Agreed. I only spoke to the part where I felt I had something new/helpful to offer.

  285. 285
    different-church-lady says:

    @hilts: Of course he did. Louis CK is right about everything.

  286. 286
    kc says:

    @different-church-lady:

    For example, Anthony Cumia.

    Oh, wait.

  287. 287
    Paul in KY says:

    @Rafer Janders: I look at it as counseling the victim on what to do to avoid repeat victimization (which I assume they want to do).

  288. 288
    MBunge says:

    This isn’t about privacy. This is about being able to recognize reality.

    Mike

  289. 289
    MBunge says:

    @Mnemosyne: Why are we not allowed to demand that the companies who take our money protect our private information and pay a cash penalty when they fail? Why were people not allowed to sue Target when Target’s security breach affected millions of their customers?

    Are you willing to pay a lot more and have it become a lot more difficult to purchase things with credit?

    That’s the trade off.

    Mike

  290. 290
    Doc Sportello says:

    More from Wired:

    “If a hacker can obtain a user’s iCloud username and password with iBrute, he or she can log in to the victim’s iCloud.com account to steal photos. But if attackers instead impersonate the user’s device with Elcomsoft’s tool [EPPB], the desktop application allows them to download the entire iPhone or iPad backup as a single folder, says Jonathan Zdziarski, a forensics consult and security researcher. That gives the intruders access to far more data, he says, including videos, application data, contacts, and text messages.”

  291. 291
    Dan says:

    A few points, not all of which go in the same direction:

    1. There is a difference between this case and the typical rape victim blaming situation: In most rape cases, the perpetrator claims consent and argues that because of that consent there was no crime. Same thing in the Michael Brown/Trayvon Martin cases. Smearing the victim as a “thug” (or “slut” in the rape context) is supposed to show that the perpetrator is blameless and that the victim is actually the bad guy.

    That’s pretty different from a property crime situation. Nobody seems to argue that stealing an unlocked bicycle is not a crime or that leaving your bicycle unlocked makes you a bad person. There may be tut-tutting, and police may not pursue the matter very hard, but that’s different from saying that no crime occurred.

    So discussions of victim behavior may be wrong in this context, but if they are wrong they are wrong in a pretty different and less pernicious way that in the rape context.

    2. In spite of 1, if you were a victim of this crime it would be pretty obnoxious to see your victimization discussed exclusively as an object lesson for others. This suggests that there is some room for what you might call politeness, or simple human decency, in how and where one discusses supposed mistakes by the victim.

    3. Victim blaming is a real and very ugly phenomenon, particularly in the rape/shooting cases mentioned in 1 above. But there is a different phenomenon that also goes on in these kinds of cases that is a lot less evil and deserves to be distinguished. When a person reads a story they tend to identify with one of the participants. That participant becomes “them” in the story – the subject – and other participants become more like objects. When reading a story in this way, which everyone naturally does I would argue, people tend to focus on the agency of the subject, not the object. They focus on what they would have done if they were in the subject’s shoes.

    To see an example of this read any discussion of a sporting event on a site focused on one team and then read a discussion of the same event on the opposing teams site. Nearly always, Team A’s site will focus on how Team A’s players won the game or blew it, and Team B’s site will focus on the reverse. I.e., Team A (“Pitching wins it”), Team B (“Our offense fails to produce”).

    In crime stories, this same phenomenon can lead to focusing on the victim’s behavior without necessarily believing that the perpetrator should not be punished – if you identify with the victim and see yourself in his/her shoes, you are going to think about what choices the victim could have made differently. The perpetrator, on the other hand, is objectified and his/her choices are not considered in the same way. This is wrongheaded thinking because obviously both victim and perpetrator are human beings capable of making choices, and there is nothing wrong with pointing that out. But it is pretty different from the victim-blaming behavior in rape cases, where people are pretty obviously imagining themselves in the shoes of the perpetrator.

    In short, it is reasonable to discuss how, where and to what extent victim’s behavior should be discussed in certain contexts, but collapsing all discussions of victim’s behavior with the very specific sort of victim blaming that happens in rape and certain shooting cases is not right.

  292. 292
    No One of Consequence says:

    “When you make something digital, it is, *by definition*, no longer secure nor is it reliably secure-able.” – NOoC

    “Locks only keep honest people out.” – NOoC’s father

    – NOoC

Comments are closed.