Sophos Cloud Optix
4chan, the slap-happy imageboard that’s spawned or popularized internet memes such as Rickrolling and lolcats and more recently served as a launchpad for the doxing of 100 celebrities’ nude selfies, has decided to revise its policies to deal with similar foul-ups.
The new policy stipulates that the site will now comply with the Digital Millennium Copyright Act (DMCA), which allows content owners to get illegally shared material removed.
4Chan has also appointed a member of staff to oversee content takedown requests.
The move comes in the wake of nude photos of Oscar-winning Hunger Games actress Jennifer Lawrence and of 99 other celebrities having been posted online by one – or possibly a loosely affiliated network – of 4chan users.
Many of the private photos were pried out of Apple’s iCloud storage system.
As the BBC reports, up until now, there’s been little formal policing of content on the site – in part having to do with the fact that an upper limit on how much material the site’s boards can support means that content tends to expire within a few hours.
However, 4Chan has previously taken steps to find and remove content involving the sexual abuse of children, and several of its users have reportedly been busted for trading child porn.
The first reaction in cases like this is typically to advise that people simply avoid taking digital snaps of their pink parts in the first place.
Yes. That would work.
Unfortunately, we’re human, and we’ll probably do it anyway.
We memorialize our bodies and our sexuality, in spite of the risks of sextortion, revenge porn or celebrity stalkers profiteering off of the images, and then we share those images with our loved ones – or with guys pretending to be Justin Bieber.
But when we focus on telling victims not to take nude selfies, we’re putting the onus on them to change their behaviour, rather than focusing on other culpable parties.
In this case, of course, the culpable parties include the slobbering money-grubber 4chan poster who “collected” and publicised these images, as well as the private parties who were trading them last week and from whom he claims to have procured the shots.
But of course, slime trails are traceable, and both the FBI and Apple said they’re following this particular trail to track down the thief who took celebrities’ personal, private images.
Shouldn’t we also hold Apple as culpable to at least the same level as we hold humans who dare to take selfies? If not far more?
Naked Security’s Chester Wisniewski has been covering the feebleness of Apple’s iCloud protection for a while.
As he recently noted with regards to the celebrity photo grand theft, Apple says it hasn’t found evidence of security breaches in iCloud or Find my iPhone, and that users should always use a strong password and enable two-factor verification.
That sounds great. In fact, much news coverage is reiterating Apple’s advice, advising readers to turn on two-step verification (2SV) and choose a strong password to avoid getting nude selfies stolen.
Unfortunately, Apple’s 2SV doesn’t actually protect anything in the cloud.
Apple protects only these three specific applications of your Apple ID with 2SV:
- Making a purchase in iTunes/App Store.
- Managing or changing your Apple ID.
- Working with Apple’s technical support team.
… but when it comes to iCloud, Apple is evidently loathe to tinker with its glass-smooth user experience.
That turns Apple’s advice about turning on 2SV into a mere coating of Teflon, sprayed on in an attempt to get the security onus to slide off of its hide.
Hmmm, let’s see, which is more realistic: convincing celebrities to not take nude selfies, or expecting a major tech company to offer industry-standard security functions?
Apple, please do what Naked Security has been urging: start offering comprehensive two-step verification.
Image of camera courtesy of Shutterstock.
As for culpability: how about the phone owners having weak passwords? Let’s not just play a game of ‘others are too blame’
As I understand it, all of the victims didn’t have weak passwords but their security questions were guessed or they were phished.
This was Apples issue. They did not lockout or notify account holders that people were trying to access their stuff, and did not require 2FA.
“But when we focus on telling victims not to take nude selfies, we’re putting the onus on them to change their behaviour, rather than focusing on other culpable parties.”
WHOA!~ Really?
What a novel concept, someone should take personal responsibility for their actions, decisions and intellectual laziness. Your statement crystallizes the fundamental problem in society today – It is always someone else’s fault, and I don’t have to be responsible or accountable for my own poor choices or bad judgment.
What a bunch of whiny, arrogant, petulant 30 year old children. We are doomed.
Nobody, certainly not I, said that weak passwords are OK. But let’s be realistic. Do you really think humans are going to stop taking nude selfies, no matter how much security wonks hammer the dangers into their heads? (Or rather, no matter how security wonks hammer into security blog readers’ heads the danger of such, which I fear amounts, mostly, to preaching to the choir?)
How about simply being realistic about the fact that humans will take nude selfies, and that the primary issue has to do with 1) amoral crooks who break laws and trample on privacy and 2) the companies that could do more to protect users.
More, as in, offering truly comprehensive 2FA and not some partial approach that only serves to muddy the issue and makes people *think* they’re protected when they are *not.*
I don’t consider that whiny or petulant. I consider that realistic. People have been doing nude portraits since the dawn of time, and I don’t see that changing anytime soon.
Ultimately, people are accountable for their actions. Should we attempt to protect the data of the careless? Sure. Should we do so in a way that we have to bubble-wrap everyone? No.
Let’s not cloud the issue. The primary issue is not someone hacking their account. The primary issue is that they did something and refuse to accept the fact that there are consequences and risks for their decisions. Without nude selfies on a commercial network, publication would not have occurred.
So what if people have done this for ages and will continue to do so? The fact that they are upset about it validates that at some level they know it was not a proper thing to do, or that they have culpability by blind trust, a bad decision or intellectual laziness.
Should tech companies take reasonable precautions and have truth in disclosure? Sure. Do bad people hack? Sure. People will always take nude selfies and hackers will always hack.
It doesn’t absolve the celebs of the fact that they used poor judgment to begin with. Unfortunately their attitudes of no personal accountability have an inordinate amount of irresponsible influence over our society.
Now pardon me while I go spill some hot McDonalds coffee in my lap and sue them because I was stupid enough to put hot coffee in my crotch. It wasn’t my fault.
Spilling hot coffee on your lap is an extremely poor analogy. If the celebs had accidentally posted the photos publicly somewhere, then yes they would be largely to blame. However they did not – they were stored in their own private, supposedly secure accounts.
If someone breaks in to a celebrity’s house and steals physical photos (or anything else they own), we hold the thief to blame. Yes we might say they could have had better security, but we wouldn’t say that they are responsible for what happened.
Its easy to say the celebs shouldn’t take these photos, but why shouldn’t they? They are adults (mostly) and are very entitled to engage in legal practises in the privacy of their own homes. They may have been careless in their data security, they may not have, we simply don’t know. By pushing the focus away from the people who stole them, attempted to profit off them or disseminated them, we are simply engaging in victim blaming, nothing more nothing less.
Wow, so now that 4chan has some assets and profits it wants to follow the law. It looks like Moot is banking on 4chan since canv.as has sucked up $3.6m in funding without attracting the legion of 4chan users he had expected. 4chan has always been a stain on the internet. It’s like a containment area for undesirables.
Unlike the comment boards for a subpar anti-virus company’s blog. It’s all intellect over here.
protip: there are dozens of other chans. literally. you can google “list of chans”. i found your nudes on there!
There’s one piece to this whole puzzle that I haven’t seen talked about: were any of the celebs who were victimized actually using Apple’s 2FA-wannabe?
It would change the picture quite a bit if they were trying to use higher-end security that didn’t actually exist even though advertised as existing.
I wonder if they would have made such a fuss if they’d been paid; or whether what they’re really so cross about is the fact that their personal property was taken without licence and payment. That’s certainly my main grief with the internet and monetization: although this is a rather extreme example.
We also need to get far less bothered about nudity.