MySpace Private Pictures Leak

Martin writes "We all heard about the MySpace vulnerability that allowed everyone to access pictures that have been set to private at MySpace. That vulnerability got closed down pretty fast. Unfortunately though (for MySpace) someone did use an automated script to run over 44,000 profiles that downloaded all private pictures which resulted in a 17 Gigabyte zip file with more than 560,000 pictures. The zip file is now showing up on popular torrent sites across the net."

You know what to do...

[grub]

fetch!

Re:You know what to do...

[BiggestPOS]

Downloading for uhhhhh research purposes. Are these divided up and tagged as to the myspace user profile they originated from?

Re:You know what to do...

[Captain+Splendid]

Are these divided up and tagged as to the myspace user profile they originated from?

Who cares? Wake me up when somebody offers up the "director's cut" of this torrent, ie only the really goofy and naked pics.

Re:You know what to do...

Show examples or it didn't happen.

*ducks*

Re:You know what to do...

[$RANDOMLUSER]

Yeah. Good grief, just what I need - 17Gb of pictures of other peoples cats.

Re:You know what to do...

[wiggles]

And risk getting busted for KP? How many idiot high school kids post naughty pics of themselves on there?

Re:You know what to do...

[Dada+Vinci]

You mean "this thread is worthless without pics?"

Re:You know what to do...

[carpe_noctem]

My dog only plays fetch when I throw her sticks... this would be like throwing a sequoia log!

Re:You know what to do...

[JeepFanatic]

If you read the wired interview, it says:

DMaul: The script that I wrote uses the myspaceprivateprofile.com interface to find the images. Therefore, it uses the same criteria. From my own testing, it appeared that myspaceprivateprofile.com did not return public images from public profiles. It only returned public images from private profiles. It did not return private images from either public or private profiles.

So ... I'm guessing the really good stuff isn't there.

Re:You know what to do...

[Big+Nothing]

Watch out, though, my goatse-pix is in there somewhere.

Re:You know what to do...

[ArsenneLupin]

17 Gb of pictures of other peoples' pussies? Indeed, I'm not very interested in those...

However, 17 Gb of pictures of other poeples' George W Bushes, that'd be groovy!

Re:You know what to do...

[lonesome_coder]

No, (s)he is just REALLY into ducks.

Re:You know what to do...

[sm62704]

CATS? Damn, I thought I was downloading pictures of the other kind of pussy. Damn damn damn! Miight as well stop the torrent...

Re:You know what to do...

[ArsenneLupin]

Unusually intelligent dog.

Most other dogs attempt to fetch no matter what you throw: sticks that are obviously too heavy to fetch, snowballs, small objects which you only pretend to throw but actually hide inside your sleeve...

Lotsa phun...

Re:You know what to do...

[gstoddart]

Yeah. Good grief, just what I need - 17Gb of pictures of other peoples cats.

But, you admit you've already got 17Gb of pictures of your own cat? :-P

Cheers

Re:You know what to do...

Screw that. You know there's probably illegal stuff in there and the torrent is going to expose your IP to everyone.

Someone post it to a newsgroup or put it up on Freenet (post the key here).

Re:You know what to do...

"640kb ought to be enough for anybody."

Re:You know what to do...

[TooMuchToDo]

That link is going to save people a TON of time =)

Re:You know what to do...

Yeah. Good grief, just what I need - 17Gb of pictures of other peoples cats. But, you admit you've already got 17Gb of pictures of your own cat? :-P

Cheers But... But Mr. Snookems is sooo photogenic... WHO could resist taking that many snap shots!

Re:You know what to do...

[Jugalator]

fetch! [thepiratebay.org] I currently see 6 seeds and 2684 leechers. Go, go, gadget Torrent! :-S

Re:You know what to do...

[HeroreV]

I once downloaded a file that was over 800 MB on 56K dial-up through bittorrent. Nowadays, it's not that big of a deal to download a DVD copy that's over 4 gigs, so this isn't really that extraordinarily big. Quite large, yes, but still entirely feasible.

Consider this: It's much smaller than an average Blu-Ray or HD DVD copy.

Re:You know what to do...

I saw this story very early on and immediatly torrented the link, thinking I would see some great secret adult porn, especially by some famous folks.

Your post has convinced me of the risk of accidentially seeing cp.

Some things are just not worth it. Thanks.

By the way, the US Fed gives a three time accidential discovery of illegal cp, provided it is reported to a appropriate ageny.

I would recommend the National Center for Missing & Exploited Children online tip form.

Once a "clean" version of the torrent is available, (there are some sick countries out there still) it should be reseeded.

Re:You know what to do...

[Meneth]

Let's have a link to TPB description/comments page.

Re:You know what to do...

[nevillethedevil]

Wait...That was YOUR asshole?

Re:You know what to do...

Yeah it's only twice the size of the double ISO of some Jenna Jamison DVD I downloaded the other day =)

Re:You know what to do...

[jollyreaper]

Yeah. Good grief, just what I need - 17Gb of pictures of other peoples cats. It'll go nicely with the 17 gigs you have of your own.

Re:You know what to do...

[ResidntGeek]

I, on the other hand, am guessing you're pretty optimistic about people's desire for and ability to protect their privacy.

Re:You know what to do...

[Cecil]

I would recommend the National Center for Missing & Exploited Children online tip form.

Yes, because teens on myspace who take nude pictures of themselves are clearly being exploited by... themselves.

The insane kneejerk hysteria surrounding the ever-growing umbrella of things that unfortunately technically qualify as "child pornography" is truly something to behold.

Re:You know what to do...

I care, how else am i goin to find naked pics of my ex to spread all over for the world to see.

Re:You know what to do...

[Kingrames]

Why do you want to see their douchebags?

Re:You know what to do...

You want to look at pictures of knobs? (Not that there's anything wrong with that.)

Re:You know what to do...

[corifornia2]

"i can has naked sluts?" -lmao.

Re:You know what to do...

[daeg]

Particularly his little mailman outfit, right? He adores it!

Re:You know what to do...

[Jugalator]

It may just be one cat picture, but that he owns one of those digital cameras competing in the Megapixel race.

Re:You know what to do...

[mouko]

No, no, you just have to grep for pus.... DANG IT!

Re:You know what to do...

[jollyreaper]

Yeah, I know it's redundant. He already has 17 gigs of cats. Tell him that, not me.

Re:You know what to do...

[gravis777]

Darn it! Well then I guess my pics are in there. I guess that is what I get for getting a Myspace to talk to all my friends who are too lazy to do any type of e-mail outside of myspace, and actually putting my pics up there instead of on my own webserver usign password authentication.

So I wonder if there are pics of like celebs or models or stuff like that who have private profiles. Oh, wait.

Re:You know what to do...

[aminorex]

"by Rupert Murdock", I think you mean?

Re:You know what to do...

[ArsenneLupin]

Nope, I'm a Linux user, thank you very much. But don't worry, it's a common stereotype...

Re:You know what to do...

I CAN HAZ DIGNITY BAK?

Re:You know what to do...

[chrish]

For fun, hit up flickr and search for the keyword "private" or similar. It seems that some people think adding a "private" keyword will somehow restrict access to their naughty pictures.

Re:You know what to do...

[General+Wesc]

Yes, because teens on myspace who take nude pictures of themselves are clearly being exploited by... themselves.

No, they're being exploited by the people who downloaded those private photos and made them public.

I can understand you not reading the story, and even not reading the summary, but couldn't you have at least read the headline before commenting?

Re:You know what to do...

How many idiot high school kids post naughty pics of themselves on there?

None, from what I've seen (about 4.5% of it.) Very few of the pictures are racy, and I haven't seen any nudity at all. About 25% of the photos appear to be of infants, with the rest being either typical vacation photos or typical party/prom photos. There do seem to be a lot of white kids flashing 'gangsta' signs, so if you're looking for stupidity instead of nudity, you might enjoy this.

It's a diversion..

[GreggBz]

It's p2p diversion... It was the RIAA. Brittney Spears or Brittney next door? Curiosity and perversion are certainly more powerful than greed.

Re:It's a diversion..

[FooAtWFU]

Where's my -1, Paranoid Conspiracy Theory moderation?

Re:It's a diversion..

[GreggBz]

I was joking, but I got all intellectual about it. :-p

Re:It's a diversion..

I believe it's +1, insightful.

Re:It's a diversion..

[MLS100]

One man's -1 Paranoid Conspiracy Theory is another man's +1 Insightful.

Solution:

[Normal+Dan]

Ask 'Who cares?'
Then ask 'why?'
Then ask 'so?'
Then keep asking 'so?' until you realize it's not that big of a deal.
Problem solved.

Re:Solution:

[CaptainPatent]

Ask 'Who cares?' Um, Anybody concerned with internet privacy along with everybody who had a myspace account with pictures posted privately they did not intend the public to see.

Then ask 'why?' Because this has huge implications for online security.

Then ask 'so?' So, something like this that is potentially damaging should have had much better security measures against it.

Then keep asking 'so?' until you realize it's not that big of a deal. I'm asking... it's still a big deal

Problem solved. I think not.

Re:Solution:

[Mikya]

So?

Re:Solution:

[Bob9113]

something like this that is potentially damaging should have had much better security measures against it.

Ummm, if you store potentially damaging photos on a third-party web site that is not intended to be a secure repository, why would you expect high security?

Because this has huge implications for online security.

Really? I think it just shows that MySpace is not (nor is it intended to be) a high security repository.

Re:Solution:

The site is also directed to teens and pre-teens.
Do you really think they have the common sense to know that?

Re:Solution:

[sm62704]

Um, Anybody concerned with internet privacy along with everybody who had a myspace account with pictures posted privately they did not intend the public to see.

Rule #1 of the internet: If you don't want anyone to see something, don't fucking put it it on the internet! There is no such thing as "posted privately on the internet". If it's REALLY something you don't want seen don't even put it in a computer CONNECTED to the internet. In fact, don't even take the damned pictures!!!

Gees, if brains were dynamite some people wouldn't have enough to blow their noses. I wonder how many pics in that 17 gig file are goatse?

Re:Solution:

[Aphex+Junkie]

They should, assuming that all the "Internet Safety" classes those hysterical moms created are actually doing their job. I often hear: "Do not give out personal information online.". How much more personal can you get than a photo (a nude photo especially)?

Re:Solution:

First off - Troll much?

Second - myspace has a large teenage and younger crowd who don't necessarily know all that is internet security. I agree that if you don't want a picture seen you shouldn't post it, but when Myspace says nobody but you and your friends or nobody but you can see these pictures, they should be able to back that up.

While Myspace did a timely job in fixing the exploit, they are just as much at fault as the users who put private pictures there in the first place.

Re:Solution:

[hercubus]

Because this has huge implications for online security.

huge? really? i think a zero-day exploit of ${web_server} and/or ${OS} would have huge implications for online security. but this hack?

you may turn out to be right of course, if say several congressman's kids got burned then maybe we're in for draconian legislature. naked pics of Bush twins could have similar impact. otherwise, i'm thinking "meh"

Re:Solution:

[orclevegam]

Have you actually seen the crap on MySpace? It's like the sewer of the internet. It's the sort of place you visit and come back with a headache, a lower IQ, and probably a malware infection. I also think it's disingenuous to refer to the pictures posted there as private. At best they're public, and semi-public. You want my sympathy, tell me someplace with a little substance behind it got exploited. Similarly I won't lose any sleep if someone puts all their tax records on a fresh install XP SP1, then hooks it up to the internet without a firewall and has their records stolen. In order to be bothered by a security breach, one must assume there was some actual security in the first place, a feature most definitely not associated with MySpace. So yeah, all I got to say is, so?

Re:Solution:

[lazy_nihilist]

Really? I think it just shows that MySpace is not (nor is it intended to be) a high security repository. It is supposed to be a high security suppository.

Re:Solution:

Third , thats not the first rule of the internet. Newfag.

Re:Solution:

[sm62704]

First off - Troll much?

Have you seen the latest journal? Actually, here in Springfield we do our trolling offline. I really am a geezer, I was born three months before the term "rock and roll" was coined.

when Myspace says nobody but you and your friends or nobody but you can see these pictures, they should be able to back that up.

I would agree with that, but teenagers ESPECIALLY (judging from the internet anyway) should know better than to trust a faceless, soulless corporation. Especially one run by Fox (MySpace was bought by Murdoch, right?)

While Myspace did a timely job in fixing the exploit, they are just as much at fault as the users who put private pictures there in the first place.

I'd say they were MORE at fault, and if a single one of the pictures is of a European I'd like to see Murdoch hung out to dry for it. The governments in Europe actually value privacy for the citizens, unlike the sleazy congresscritters in my once proud nation.

Re:Solution:

[cuantar]

Um, Anybody concerned with internet privacy along with everybody who had a myspace account with pictures posted privately they did not intend the public to see.

The intersection of these two sets is empty.

Re:Solution:

[timmarhy]

WTF, so in your world everyone has to be a security expert to be allowed to use the internet, and it's all the victims fault? get a clue.

Re:Solution:

[mstahl]

Really? I think it just shows that MySpace is not (nor is it intended to be) a high security repository.

With underage kids able to post whatever photos they want without moderation, it needs to be, though. If myspace can't hold their shit together with this then they're going to either have to start moderating photos somehow, start verifying ages somehow, or not allow youngin's to join at all. I doubt any of those is particularly palatable with them, but really this is just a consequence of appealing to the super-young crowd anyway. It's become a haven for all manner of shadiness.

Re:Solution:

[mstahl]

OMG you just gave me a great idea! *goes and posts something on pirate bay*

Re:Solution:

[Pendersempai]

Rule #1 of the internet: If you don't want anyone to see something, don't fucking put it it on the internet!

Really.

So you don't have an online interface for your credit card? You don't do online banking? You don't manage your IRA or 401K online? You don't write any emails that you wouldn't want published? You don't use SSH to access sensitive information? You don't send any instant messages that you wouldn't want published? You don't visit any websites that you wouldn't want the world to know about?

Oh, but that stuff's all different, you say. Sure, the information is all on a server, but the server will only send it to people who have the right password! Except, the MySpace photos weren't leaked by a mole; they were leaked because the server mistakenly sent it to anyone who asked for it.

This is a big deal, and your snide reply (essentially "don't use the internet") doesn't come close to offering a workable solution.

Re:Solution:

[Bob9113]

With underage kids able to post whatever photos they want without moderation, it needs to be [high security], though.

No, it does not. It is the job of the parents to provide moderation. It is not my job, my company's job (though I don't work for MySpace), nor my government's job to parent someone else's children. If we can have cars traveling down streets at high speed without child restraint systems to keep children from walking into traffic, we can damned well expect parents to keep their kids safe online.

Re:Solution:

[orclevegam]

WTF, so in your world everyone has to be a security expert to be allowed to use the internet, and it's all the victims fault? get a clue. caveat emptor.

Re:Solution:

[mstahl]

That's not really what I'm saying. You're already given the fact that kids are posting god knows what online, whether parents moderate it or not (and I agree with you: they should). Given that, whatever it is they've got up there be it really sleazy or not needs to be kept away from pedophiles and other shady characters anyway. The point I was making is that there are far too many users, far too many photos, for all of them to be looked over before they're made public. There's a reason profiles of children under the age of 16 are made private, anyway, and it's mostly to absolve Myspace of liability. I'm saying that they have failed even at this.

Look where you're posting. I don't think there's anyone here who's arguing that it's the government's job to raise people's children. The government's job is to protect the common good, which includes keeping children safe from predators.

Re:Solution:

Rule #1 of the internet: If you don't want anyone to see something, don't fucking put it it on the internet! There is no such thing as "posted privately on the internet". If it's REALLY something you don't want seen don't even put it in a computer CONNECTED to the internet. In fact, don't even take the damned pictures!!!

Rubbish. It's not about "anyone", it's about limited access. Possibly only access for the owner from various locations, or from one location that cannot be used as trustworthy storage, but also possibly and likely only for a designated group, like family.

Which if obvious but you've skipped sense to make a stupid rant. That's par for an open forum, but the question is what moron made this Score:5 Insightful?

Re:Solution:

[bcguitar33]

We need to take this further. What about children talking on the telephone? They could be talking to pedophiles, potentially making plans to meet up. The government has got to monitor all telephone calls made by people under 18. Then again, these children could be out in public meeting pedophiles, or worse, being abused. It's the government's responsibility to monitor these minors at all times, to make sure they're not being abused. It would certainly take a lot of man-power to keep know where all these children are at all times. We'd have to resort to some sort of model of distributed responsibility. How about, we have 1-2 adults focusing on every child, and become responsible for what the kid is up to? For the sake of convenience we could just have the people who birthed each child be the ones responsible for them, and if they're not available, we could assign other ones. Any takers? This could solve all our problems!

Re:Solution:

[Lumpy]

Which is why I LOVE how screwed up people are. it makes getting to the top in interviews easy. Lots of managers are googleing people and when they see you posing on myspace with a plunger up your bum and a ball gag in your mouth, I am guessing your PHD in Computer science is going to be worth less than the ITT graduate degree the next guy has that has a clean online profile.

In a few years all this crap these kids posted from highschool to college is going to bite them in the arse hard come interview time... Gotta love it!

Re:Solution:

[Minwee]

Anybody concerned with internet privacy along with everybody who had a myspace account with pictures posted privately they did not intend the public to see.

I think the term you are looking for is "people who were kidding themselves."

Rule number 2 of Fight Club is that you do not post pictures of Fight Club to the Internet. Extending that to the rest of your life is left as an excercise to the student.

Re:Solution:

[Cervantes]

I'd like to agree with the parent, and reiterate a very important point.

If you don't want anyone seeing something, don't fucking put it on the fucking internet,you fuckwad.

Thank you, have a nice day.

Re:Solution:

"So you don't have an online interface for your credit card? You don't do online banking? You don't manage your IRA or 401K online? You don't write any emails that you wouldn't want published? You don't use SSH to access sensitive information? You don't send any instant messages that you wouldn't want published? You don't visit any websites that you wouldn't want the world to know about?"

I'm not sure if the GP meant this, but I'd say there's a difference between what he ways and what you say. The examples you mention all have a real benefit (that balances the risk/cost) for being online - the convenience, for example. Just putting images on a website that noone else can see has no real (as far as I can see) benefit to outweigh the cost if they do get published.

Re:Solution:

[Jherek+Carnelian]

This is a big deal, and your snide reply (essentially "don't use the internet") doesn't come close to offering a workable solution. No big deal. Just change it to "don't put it on a server unless the server owner has a strong interest in preventing disclosure." Myspace doesn't really care if someone snags their customer's pictures because they have no legal liability. Your bank has all kinds of liability if your credit card, bank account, IRA or 401K accounts are compromised.

You don't write any emails that you wouldn't want published? You don't use SSH to access sensitive information? You don't send any instant messages that you wouldn't want published? You don't visit any websites that you wouldn't want the world to know about? The rest of your post is GOOD ADVICE - don't send sensitive IMs or email to people who don't care if they disclose them, and definitely don't post personally identify information on those dubious websites.

Re:Solution:

Because this has huge implications for online security.

I'm not sure "implication" is the right word here. Trusting another party (especially an unaccountable one) to protect your private data, is a pretty explicit risk. Maybe laymen don't really think about it, but it's right there in their face. MySpace users do not have a mechanism to keep their pictures private. What they have, is a mechanism to ask MySpace to keep their pictures private.

Furthermore, MySpace didn't even actively collect the private data. This isn't like a credit bureau actively assimilating data about you from various sources, and then leaking it. MySpace users create the private data and upload it MySpace!

On top of all that, we're talking about MySpace, which is functionally a pretty crappy website that should give users pause to trust them (I mean in terms of competence, not motivations and character). You know that when you mark something as private on MySpace, mark it as only accessible to friends or a preferred list, or whatever, that there's going to be quite an element of luck involved in whether or not it remains private. These are the people who can't figure out how to make hyperlinks work, and end up having to fall back on javascript just to navigate next/previous on a list.

So I just can't go along with "huge implications" for security. I'd say it's more of a great example of some concepts that are actually pretty common knowledge.

People need to stop and think, and remember that MySpace isn't some kind of weird special case. Everything you know about the Internet, applies to MySpace as well. If you transmit unencrypted private data to them, there's just no telling where it might end up. It has been this way since the beginning of telecommunications -- no, wait -- since the dawn of civilization.

So, something like this that is potentially damaging should have had much better security measures against it.

It does. The image files were on the user's local machines, where they ultimately had control over who to show the pictures to. And then the user uploaded them to .. somewhere. The security was there. The user opted to bypass it.

Re:Solution:

[ResidntGeek]

Right, but the set of people that cares is the union of those two.

Re:Solution:

[torkus]

But see it's myspace's fault for letting all this out...blame them for the KP. /sarcasm

In the same way we teach children not to take candy from strangers, parents should teach them to be careful what you put online. Oh, and not to make KP either. Instead of looking for someone to blame (i.e. myspace) just keep your kids from having xes at 12 years old and taking pictures of it. m'kay?

Internet safety classes are a great theory. So is sex ed. Unfortunately sex ed was memorizing a diagram (well 2) that taught little and then they split the rest of the time between scarign everyone with graphic details of every STD you could immagine and making everyone think that dry humping could, somehow, maybe, just slightly possibly get you pregnant or a STD. So yeah, i don't have high hopes for 'internet safety'.

They'll tell kids to be afraid of EVERYTHING online...and 3 minutes into the lesson not a single kid will be paying attention because they'll already know it's paranoia BS. Why? because by the time schools, teachers, and whoever figure out the youngest age kids are online and actually create the class and train teh teachers...younger kids will be using the 'net.

Re:Solution:

[corifornia2]

Heres a security disclaimer for the world. If you want to keep shit private, keep shit private. The internet is a public forum and myspace is know for security holes. As well as moist underclad teenage holes.

Re:Solution:

I wonder how many pics in that 17 gig file are goatse?

1273. /sigh

Re:Solution:

[ratboy666]

Um... Let's try this again:

        Rule #1 of the internet: If you don't want anyone to see something, don't fucking put it it on the internet!

Yes, that includes banking information, and everything else you don't want on the internet.

Now, the internet is a net of nets. It is, after all, the inter-net. It *is* possible to put things on securely -- on nets that are under your control or trust. That would be SSH, and (for your banking pleasure) https to your bank (you must trust your bank).

The information is NEVER unencrypted on a server that you do not have a trust relationship with.

It is still better to not have certain information on a trusted computer, and certain information should ONLY be in someones head.

So, let's review what the statement means:

        Rule #1 of the internet: If you don't want anyone to see something, don't fucking put it it on the internet!

"put it on the internet" means "put it on a server that you have no trust relationship with or that you do not, or can not, trust".

Do I trust "MySpace"? No. The ONLY data that you should put on "MySpace" is data that you want the world to see. Do *you* trust "MySpace". Well, if you did, you were a fool. Please note that this is "Rule #1".

Re:Solution:

[efbee]

Stop pretending to miss the point. Anything that goes across the internet, or is placed on a computer connected to the internet, has a chance of falling into the hands of people you probably don't want to have it.

People who know this consider the tradeoff between risk and reward. Risk of putting in CC# into a website when I buy something: having someone charge something to my credit card, and then have to go through the hassle of straightening that out. Reward: unparalleled convenience. I can live with that.

Risk of putting up embarrassing pictures online: having them exposed to people you probably wouldn't want to see them. Reward: the enjoyment of a select group of people. Knowing this, I could choose the level of risk I'm willing to accept.

We see numerous stories of large-scale credit card information leaks all the time. And of private information being exposed through system flaws. The solution is to be aware of the risks and make appropriate decisions, and let market forces punish those who don't seem to put sufficient effort into safeguarding information.

Re:Solution:

[torkus]

"The government's job is to protect the common good, which includes keeping children safe from predators"

Who defines common good? Who defines what level of 'protection' is appropriate or necessary? Sorry, but i disagree with you. It is the job of the *PARENTS* to keep children safe. No one else unless they agree to take the responsibility. i.e. you hire a babysitter, school, or other activities intended specifically for children. Even then, the ultimate responsibility still falls back on the parents. Check out the daycare. Babysitter isn't a pothead?

It's not myspace's fault if their site is mis-used by children. They make a reasonable effort to protect children on their site. There is NO guarantee of ANYTHING (read the 20 page TOS/disclaimer). Just like gun makers aren't responsible for gang shootings, myspace isn't responsible if someone uploads KP.

Re:Solution:

[torkus]

Sorry, have to disagree. Your CC and online banking? They have fairly strict methods in place to controll access. Remember maybe...6 or 7 years ago EVERYONE was paranoid about online CC transactions? Companies got smart and encrypted, passworded, and so on.

Those companies decided "hey, i want internet business. I'm going mitigate the risk and accept when my mitigation fails". There still is CC fraud online. banking fraud oline. Your 401k, IRA, and online brokerage account have some very strong protections usually.

As for IMs, emails, and so on: YES. DO NOT send anything you don't want public. There have been many cases where very embarassing things were made public from IM or email.

Why do you think they tell you not to write your PIN down in your wallet? Why don't you carry your car title or deed to your house with you to the mall? Hint: same concept.

Re:Solution:

[4D6963]

It's the government's responsibility [...] to make sure they're not being abused. [...] We could just have the people who birthed each child be the ones responsible for them

The irony is that most of this abuse you want to prevent is perpetrated by these people you want to rely on.

Re:Solution:

[CSMatt]

Considering the inverse effect that anti-drug assemblies seem to have, I would conjecture that these "'Internet Safety' classes" are actually making the problem worse.

Remember parents/teachers/nanny states: the more that you lecture to rebellious adolescents about choice evils, the more likely it is that they will start to ignore it. Do it enough and they will start to do the exact opposite of your warnings out of spite.

Re:Solution:

[susano_otter]

Heh. My rule of thumb is a definition:

"The Internet: Your stuff on someone else's computer."

I do banking online because I'm willing to accept the tradeoff between the perceived risk and the perceived reward. I perceive my bankers as being fairly trustworthy custodians of my information, and I perceive the reward of convenience and timeliness in banking transactions to be worth the risk I do perceive.

Facebook, on the other hand, I wouldn't trust with private photos, let alone my banking information. My stuff on the bank's computer is one thing. My stuff on Facebook's computer? Not fucking likely.

Re:Solution:

[CSMatt]

One word: ChildTracker(TM)

Re:Solution:

[CSMatt]

Then clearly people need to stop giving out their bank information to sites like PayPal, since they have no one to blame but themselves when the site gets hacked.

Re:Solution:

Why the hell is that modded +5 insightful.

He basically just detailed the wonderfully stringent methods that China uses.

Do you want to grow up like China?

Re:Solution:

[repvik]

When (if) PayPal gets hacked, I really don't care much. There's rarely any cash there, and if they grab my CC info my CC company covers any loss from fraud... Been there, done that.

Re:Solution:

[WNight]

Of course. Paypal has made more than a third of its money by closing down people's accounts for suspected problems and keeping the money. They're the biggest thieves who use Paypal, unfortunately they aren't the only ones. Luckily eBay is 50% criminal too, so few people notice.

Trust paypal and you might-as-well have given the money to a hobo at the bus station.

Re:Solution:

[S.O.B.]

It's not myspace's fault if their site is mis-used by children. They make a reasonable effort to protect children on their site. There is NO guarantee of ANYTHING (read the 20 page TOS/disclaimer). Just like gun makers aren't responsible for gang shootings, myspace isn't responsible if someone uploads KP.

I agree that Myspace is not responsible for how children use the site. They are however responsible for the hack that allowed pictures, that were supposed to be private, to be downloaded without permission. Just like a gun maker is not responsible for gang shootings but they are responsible if the gun blows up in the owner's hand because of a manufacturing flaw.

Also, the TOS is not an iron clad get-out-of-jail-free-card(tm). If people had a reasonable expectation that their pictures would remain private and didn't then it may not matter what the TOS says. However, that would be up to the courts to decide in the class action lawsuit that I suspect will be filed in the very near future.

Re:Solution:

[CSMatt]

So you aren't going to care about whether your financial information is secured simply because you have a safety net? If this is the case then you should care more about when your private information is exposed and you don't have a safety net, such as if someone broke into your e-mail account because the e-mail server was insecure.

Re:Solution:

[repvik]

My financial information? Hah! I don't have finances :-P
But really, if paypal is hacked, they can get a list of my transactions (which is really boring) and possibly my CC#. They can use the CC# to buy a car for all I care, I won't be the one paying for it. I'll just get another card, and hey, Presto!...
This does *not* mean that I give away my CC# to anyone... But I "trust" paypal enough.
(And if my mailserver is hacked, I'm the one to blame since I administer that server myself)

Look, I'm all for privacy and shit. But if some details are leaked, it's not that big of a deal. If I'm monitored 24/7 it's an entirely different matter.

Re:Solution:

[CSMatt]

I was just using an example. I could have easily said (and probably should have) online banking.

I don't know about you, but I expect my bank to take a bullet for my data, and I expect to be able to sue the hell out of them if they lose it due to on overlooking of security on their front. It's why we have these safety nets, because we expect both data security and redemption if something goes wrong.

Now, I'm not saying that MySpace is obligated to put the genie back in the bottle with this exploit. We all know that is just impossible now and any attempts will create a Streisand Effect. I'm not saying that MySpace should take responsibility for user error such as an insecure password, being duped by a phishing scam to give out said password, or someone deliberately posting information that he or she wants to remain private on a part of their profile that was make public. I'm not saying that it's the responsibility of MySpace to punish a trusted party (someone on the friends list) for publishing the private material elsewhere, or if leaks otherwise occur that are beyond MySpace's control. But is it really asking too much to ask MySpace to safeguard the privatized data of its users from third parties, except by consent of the user? Isn't that why people use the privacy functions? Is it so absurd to expect MySpace to automatically make the pictures private if the entire profile is also made private?

Yes, we know that it seems unreasonable to expect MySpace to guard our privatized data in the same way that a bank does because it is blatantly obvious that they don't. But that doesn't mean that they shouldn't. If I were a fraudster I would find it far more rewarding to hack into MySpace's database as opposed to an online bank's both because of MySpace's insecurity and its valuable user data. You really don't need to post much about yourself to become a victim of identity fraud these days, so just cutting back on personal details isn't exactly going to save you.

Re:Solution:

duh, he recommended that parents be responsible for their children. Get it?

PS I see what you did there!

Re:Solution:

Which is why I LOVE how screwed up people are. it makes getting to the top in interviews easy. Lots of managers are googleing people and when they see you posing on myspace with a plunger up your bum and a ball gag in your mouth, I am guessing your PHD in Computer science is going to be worth less than the ITT graduate degree the next guy has that has a clean online profile.

I'm sure as soon as one person shows up to the interview with pictures of the hiring manager with a plunger up his ass and a ballgag in his mouth, there'll be a law banning the use of myspace in hiring and firing decisions. Ah, I love the smell of corporatism in the morning!

Re:Solution:

[TheLink]

I was never paranoid about online CC transactions, and I see no reason why cardholders should care so much. Sure check your card statements.

With online CC fraud, the loser is either Bank or the Merchant, and most usually the Merchant.

Direct debit fraud is a bigger problem. Given the "right circumstances" someone could transfer money from your bank account without your authorisation.

Re:Solution:

[trytoguess]

I recall a South Park episode like this, where the parents gave up their kids cause most molestations are done by someone the kid knows, or something. Think it had Mongols in it for some odd reason.

Re:Solution:

[zippthorne]

How can you post pictures privately? Isn't that a bit like sending in a letter to the editor and demanding that they put bars over the text when they print it?

Re:Solution:

NO, and that is the answer to all of your questions. I might be what you call paranoid, but I don't conduct myself online in any way that would come back and bite me. As far as financial stuff, I have my bank set so that I can check my balance online. I do suppose my credit card is on file somewhere, but the whole point of the credit card (for me) is that if it is stolen or misused I can dispute charges because it is not my money. I don't keep pictures of myself doing illegal things, nor would I transmit something I wouldn't be OK explaining to a authority figure (boss, police, etc) to any computer. I especially wouldn't trust the security of something like myspace, which also conveniantly cross references your name and all kinds of personal info along with your picture. If you don't want naked pictures of yourself on the internet just don't take them and store them on computers.

Re:Solution:

[Schemat1c]

It is supposed to be a high security suppository. Ouch!

Re:Solution:

[WNight]

IMHO it makes sense for us to expect MySpace to not unflag photos intentionally. But to expect security? It's not anything important, just a blog with some photos... There's nothing life-threatening there (unless you upload photos you'll get killed for) so it doesn't make sense to expect them to protect it like a bank would. Expecting secure systems leads to DRM-thinking, with "can't copy" flags on your email, which are defeated with a simple camera. Instead you need to realize there is no real safety net and not do unsafe things. Taking a picture, or posing for one, which you don't want to be seen isn't very safe. Putting it on a huge network site seems worse again. By letting the unwashed think that MySpace owes them security we're condoning their lack of concern with their own well-being.

Mainly though, I was ragging on Paypal for being fucking thieves.

Re:Solution:

[rastoboy29]

No, you're wrong.  You don't say stupid shit on IM, in email, or on Slashdot, unless you're willing for it to be spread all over the internet.  Any other attitude is asinine.

Re:Solution:

[novakyu]

For the sake of convenience we could just have the people who birthed each child be the ones responsible for them, and if they're not available, we could assign other ones. Any takers? This could solve all our problems! I have a better solution: take all the children, and you put them in a facility where they will be safe from the outside world. Of course, since children are curious beings, you should guard them against their own curiosity. I recommend putting a high wall around the facility to prevent them from getting out. Barbed wires at the top of the wall should help too. Also, to guard against their parents abusing them, we should allow them only limited visiting hours, and they should only be able to talk to their children through a glass with little sound holes. No touching or some such environment where the parent could become a menace to the children.

We probably should go a little bit further, though. Any children these days could use some more exercise. So we should have regular exercise hours, and aside from those hours, we should put them in their own room, which will be locked from outside, again, to protect them from their own curiosity. But, since we shouldn't stifle it altogether, perhaps we can make the doors and some of the walls out of bars instead of solid materials. That way, they can look out without going out.

I wonder what we should call this place. I guess we will put children, i.e. juveniles, there. So, in order to signify that fact, we could name it "juvenile hall."

Oh, won't someone please think of the children, round them all up, and put them all in these juvenile halls, please?

Re:Solution:

[JavaLord]

The government's job is to protect the common good, which includes keeping children safe from predators.

In a rational society, that is the parents job, not the governments.

Re:Solution:

[roger_and_out]

347 are Goatse

Re:Solution:

It doesn't? Here's a better analogy; lets say you let a bunch of teenagers hang out in your basement and leave photos of themselves down there and what not, it's not your responsibility to secure oversight of whats going on? Try and tell that to the cops. Also, Last time I checked kids were still getting hit by cars... Parents can't be expected to always watch over their kids, don't forget the child's agency. Try to remember how much you resisted your parents looking over you when you were growing up. It's an unrealistic, black and white kind of way of looking at things. I always feel the need to reach for my revolver when I hear excessive talk about individual responsibility, the only reason any of us are here is because of collective responsibility.

Re:Solution:

[ResidntGeek]

No, it's a bit like posting pictures to a website which denies access to the pictures for anyone who isn't a list of people you trust to see them.

I agree it's not the smartest thing in the world to trust such a website, but to speak like it's impossible to do is more pessimistic than even I'm willing to be.

Re:Solution:

[megaditto]

A 17 gigabyte tar file with nothing but goatse?

Re:Solution:

[torkus]

Ah but see, when you buy a gun you are buying a "thing" with a purposeful use. There's the expectation of merchantability nonsense. Myspace is free so they automatically get some leeway. You can't say you purchased the service with an expectation. The opposite, you were given the service for free in return for agreeing to the TOS.

Can you still argue expectations? Sure. But it's a service. Free. No measurable "harm" has actualy been documented. And a far, far cry from a defective purchased item malfunctioning during use and causing death or direct physical injury.

TOS isn't a get out of jail free card...deliberate actions - especially against the wording or intent of the TOS will get you in trouble. Accidental mistake in programming that's exploited by some hackers? Sue the hackers. Oh wait, you don't want to take the time, money, and resources to track them down so you just aim for the low hanging fruit.

Back to my theme of personal responsibility. Be aware of what you're doing. Any website can potentially get hacked. Heck, Tomshardware got nailed this week...and they ARE techies and hackers! If you're savvy enough to use the 'net then you're smart enough to know it can be hacked. If something's that private and you have no recourse (i.e. CC fraud protection) then you should know not to post it. Period. (assuming you're not a complete moron) Would you post evidence linking you to a murder? Ever? Anywhere?

Re:Solution:

[torkus]

You kind of missed the point with CC transactions though. You have limited liability ($50 or less) should your information be comprimised. So you balance the risk vs. convinience and use your CC online. You DO still have risk just like with posting private pics to myspace. Given the nature of unencrypted pictures, you don't have many options to limit your liability. You still post them, you take the risk.

Re:Solution:

[sm62704]

No, I dodn't say "don't use the internet", I said putting something on the internet you wouldn't want seen is stupid. Taking a photo that you wouldn't want seen is stupid.

That said, I will agree that MySpace did in fact screw up and should be made to pay to those it harmed. It made an even bigger mistake than the users; those running it should have warned its users that putting stuff on the internet you wouldn't want seen is a bad idea, that it would TRY (not gurantee) to keep private stuff private but that "stuff happens".

Re:Solution:

[Shotgun]

Rule #1 of the internet: If you don't want anyone to see something, don't fucking put it it on the internet!

Which is just an extension of the more general "Rule #1 of life: I you don't want your mother to read it, don't write it down." I've gone over this so many times with my two teenage boys that I sound like a broken record.

Re:Solution:

[ShadowsHawk]

To quote todays Dilbert:
"Stop ruining my slogans with your logic!"

I loved the post though.

4chan is gonna have a field day with this...

Oh lord...there are gonna be some angsty teenagers with real reasons to cry soon...

Re:4chan is gonna have a field day with this...

[spun]

I thought everyone on 4chan was an angsty teenager with a real reason to cry, being that no human woman will ever touch them.

Re:4chan is gonna have a field day with this...

[orclevegam]

I thought everyone on 4chan was an angsty teenager with a real reason to cry, being that no human woman will ever touch them. Funny, a quick browsing of 4chan leads me to believe most everyone on 4chan is really a collection of cleverly written troll bots. They certainly don't seem capable of passing a turing test. You know, that would be a great experiment. Write a bot that posts random images out of a shared folder with appropriate descriptive comments, and randomly replies to other posts from a database of oft used memes and see how long before someone notices it's actually a bot. My money is on at least 2 months.

Re:4chan is gonna have a field day with this...

[Mr.+Capris]

My money is never. Forced Anon is on, therefore, there would be no way to figure out which post was by the bots, unless you knew the photo source, and the comment pool. Which defeats the purpose of the test. At least in a Turing test, you have a name next to whatever is being said, even if it is Person on Other Side of Screen. 4chan, everyone is Anonymous. Shit, you can forget your own posts just as easy, too.

And if it used a sig, it'd be dead in the water within moments.

Re:4chan is gonna have a field day with this...

Pretty much, most of the people who made 4chan famous for that sort of thing moved to other sites around the same time random people on the internet started to know about 4chan.

Re:4chan is gonna have a field day with this...

trollbot is not a meme. LURK MOAR!

Re:4chan is gonna have a field day with this...

nice idea, but there's no point in pissing in the ocean of piss like that when your bot is going to be just as anonymous and the rest of the /b/tards

Re:4chan is gonna have a field day with this...

The funny part is you think we don't know you are a bot, mandated by consumist gods, using the chip implanted in your brain to post clever memes that are stored in the rational interneural colective tought networks of people driven by the same consumerism gods as you are.

Is someone willing to guess who's this guy chip from?

Re:4chan is gonna have a field day with this...

My money is on at least 2 months.

At least? I'm just about to hit 7 months!

Re:4chan is gonna have a field day with this...

TITS OR GTFO

Re:4chan is gonna have a field day with this...

No matter how much ive tried to figure it out (don't worry, i havent wasted THAT long, i have better stuff to do) i still cant figure out this whole Emo thing. Nor whatever anyone under the age of sixteen has EVER written on any forum i've been a member on.

4chan? sounds like the thousand monkeys with a thousand typewriters have been putting in a lot of practice.

Re:4chan is gonna have a field day with this...

DO IT, FAGGOT

whoa!

good thing mine were never private to begin with

Re:whoa!

[sm62704]

Dude, that video of you throwing that chair has been on the internet for a long time now.

Zip - Unzip

[AndGodSed]

C'mon, you know you wanna...

Maybe it's just me...

[Derek+Loev]

I personally have better things to do than waste 17gb of space -- and a large amount of time -- looking through other people's pictures.

Re:Maybe it's just me...

[Blimey85]

A port scan of your machine shows you are currently downloading the torrent in question... better things to do you say? Obviously not. lol

Re:Maybe it's just me...

I'd love to know the amazing magical portscanner you use that can magically identify which ports are open for torrent purposes, and even better, what is being transferred on them.

Go back to your high school tech class, you clueless moron script kiddie.

Re:Maybe it's just me...

Without having ever bothered looking at the bittorrent protocol closely...

First you'd scan the target machine for open ports, and connect to each twice, once with the unencrypted bittorrent protocol and once trying to begin an encrypted session before again attempting to communicate using the bittorrent protocol.

Then, making a wild-assed guess that the protocol involves requesting torrent blocks by hash, you simply request a smattering of known block hashes for the torrent you're checking for, and would either get "unavailable" errors or served data. If I'm really lucky, there's even a different error for "don't have that block of the torrent yet, might later" and "don't know what the fuck that block you're talking about is from"

Even if the data's requested by some other method, it's still pretty damn likely that there's a way to accomplish the same thing, since legitimate clients do have to be able to request it and whatnot.

Re:Maybe it's just me...

[MacarooMac]

It's called a multiphasic scan or sweep and can be conducted accros multiple targets by modifying the navigational sensors to operate on a multiphasic bandwidth.

Re:Maybe it's just me...

[gnick]

Agreed. I'm not sure who this cache of pictures appeals to. If you're looking for porn, go download some porn. If you're looking for a bunch of stranger's vacation pictures, snapshots of their pets in cute poses, and cell-phone-cam pics of them making funny faces, then you're just weird.

Re:Maybe it's just me...

It was a joke. Laugh.

Re:Maybe it's just me...

[xactuary]

Given our current Pop Culture, it is just you. ;^)

Re:Maybe it's just me...

[bogd]

And this gets modded informative? Funny, yes, but not informative - do modders even look at the links?

Re:Maybe it's just me...

[X0563511]

Well then what you have just described is NOT a port scan. A port scan simply sweeps for ports that are open/closed/other.

You are describing a finely-tuned reconnaissance tool combined with a service/version probe.

Re:Maybe it's just me...

So when will there be a torrent of the top 1%?

Slight Tweak: Myspace Privates Leak, Pictures!

[webword]

Title says it all...

Re:Slight Tweak: Myspace Privates Leak, Pictures!

[Firehed]

If only there was a -1, Gross moderation...
(other sites could have earned you a +1, Gross yet Intriguing point, but we're talking about MySpace)

so much time, so much waste

44,000 people, 17g of data, but all they could come up with were a million goatsx pictures and cowboyneal artwork!

Re:so much time, so much waste

[Lewrker]

The GNAA would be proud.

Anyone know what the vulnerability was?

[dildog]

Looking for technical details... anyone?

Re:Anyone know what the vulnerability was?

[LiquidCoooled]

yer, PEBKAC.

If you take private pictures, for fucks sake keep them to yourself.

Re:Anyone know what the vulnerability was?

[corychristison]

No idea, but I suspect someone hacked into Tom's profile (as he was added to everyone's friend list by default - I think)

.. or they left the directory public-facing or something retarded.

I have no idea how or what it was... but these are what I suspect.

Re:Anyone know what the vulnerability was?

[Stavr0]

Looking for technical details... anyone? Having not read TFA or anything about this, let me venture some educated guesses:

- The URI for the pics are based on a timestamp
- The URI for the pics are based on a sequential number
- ... a combination of the above
- The pics are not access-controlled in any other way than not being listed on a user's page

The hack was discovered when a user cut and pasted the URI of one of his private pictures, noticed one of the above and attempted to change a digit of the URI, then automated the process with a garden variety for() loop.

Crappy analogy: Even unlisted telephone numbers can be discovered by telemarketing wardialers.

Re:Anyone know what the vulnerability was?

[flerchin]

I had an exploit that worked when i last checked it a couple days ago, and now does not. There is a flash photoslideshow app that will display the pics of any myspace UID you feed it, or it used to. The user id I have provided used to go to a hot asian girl's naughty pictures, but they no longer display. I merely changed the 8-digit number in the url to get the pictures off of anyone's myspace, private or not. Now it seems to work for public myspaces, but not private.

http://lads.myspace.com/slides/photoslider.swf?u=33750788

Re:Anyone know what the vulnerability was?

This wasn't your exploit dude. Been around for months now.

Trap!

[fictionpuss]

No way would I touch that torrent.. all it takes is one underage myspace kid to have posted one nipple.. cue child pornography charges/public outcry/p2p filtering mandated/end game. It's the wet-dream of the **AA crowd.

Re:Trap!

[L4m3rthanyou]

Actually, I think this is more of a threat to myspace itself. After all, they were hosting all of these pictures... when people discover how much kidporn is stored on myspace (I'm sure there's a significant amount of it), THEN there will be a public outcry, and no one is going to care about the people who downloaded the leaked photos. The backlash will be against myspace itself, by the "think of the children!" nutjobs.

Figures... and they just put further measures in place to attempt to "protect" children from themselves. Oh well, I have a hard time feeling sorry for myspace since (a) it's myspace and (b) it's owned by News Corp.

Re:Trap!

[Travoltus]

**AA? Forget that.

You're talking instant drowning death in 3 letter alphabet soup.

Re:Trap!

[Firehed]

I know the legal answer is yes, but should it really count if they take and post the pics themselves?

Re:Trap!

[orclevegam]

Actually, I think this is more of a threat to myspace itself. After all, they were hosting all of these pictures... when people discover how much kidporn is stored on myspace (I'm sure there's a significant amount of it), THEN there will be a public outcry, and no one is going to care about the people who downloaded the leaked photos. The backlash will be against myspace itself, by the "think of the children!" nutjobs.

Figures... and they just put further measures in place to attempt to "protect" children from themselves. Oh well, I have a hard time feeling sorry for myspace since (a) it's myspace and (b) it's owned by News Corp. This does bring up the interesting question though, of how one deals with kidporn that's being posted by the kids in the pictures. Obviously the nutjubs are going to go after whatever company is doing the hosting, but unless I'm missing something, if they're not aware of the content then all they have to do is make a good faith effort to delete anything they find, much like the case with copyright violations. Any legal experts on the laws concerned here no for sure what sort of issues this brings up?

Re:Trap!

[Sergeant+Pepper]

No way would I touch that torrent.. all it takes is one underage myspace kid to have posted one nipple.. cue child pornography charges/public outcry/p2p filtering mandated/end game. It's the wet-dream of the **AA crowd. The article says that "the script cycled through MySpace users sequentially by MySpace Friend ID number, and did not target users of a particular age group."

If I had to guess, I'd guess that it didn't target underage people - probably for the exact reason that you mentioned.

Re:Trap!

That depends heavily on the interpretation of "child porn." For it to be child porn, it has to be PORN, and nudity in and of itself is not pornographic. However, sometimes simply "intent to arouse" can make a picture classified as pornography... It's a grey area, and like you, I wouldn't touch it.

Re:Trap!

[meringuoid]

This does bring up the interesting question though, of how one deals with kidporn that's being posted by the kids in the pictures.

You charge the perpetrator with child abuse and with making and distributing indecent images of a minor. And you try them as an adult just for the glorious irony.

Re:Trap!

[L4m3rthanyou]

I'm pretty sure that myspace has already gone above and beyond what the law technically requires of them. The whole thing is a PR nightmare, and "We're just doing what the law requires" isn't going to satisfy a horde of pissed-off soccer moms. Mob mentality can be a dangerous thing, and it wouldn't be the first time that the law has singled out myspace, either.

It wouldn't surprise me if myspace began to disallow underage users to post pictures because of this fiasco.

Re:Trap!

[jandrese]

Yes, I'm sure he programmed it in the easiest way possible just to avoid child porn charges... That's defiantly the most plausible explanation.

Re:Trap!

From what I have seen, who actually took the photo isn't the problem. It is the actual possession of the photo that is the problem.
Can't find article (actually can find some references, but can't find actual article, hey found a Register reference) of a 15 year old who took photos of self, then posted them, and got charged with child porn. That person got charged with both possession of child porn, as well as distribution of child porn.

So in this case, person who took photo, myspace, seeders and lechers all would have problems (possession or at the very least distribution for every one except maybe some jerk lechers).

Re:Trap!

[Jarjarthejedi]

Mod Parent Up for best use of a humorous sad but probably true prediction :P.

Re:Trap!

[thatskinnyguy]

Think about the children!

Re:Trap!

[AuMatar]

Prediction? Hell, its already happened.

Re:Trap!

[Sergeant+Pepper]

That sounds like sarcasm. How is it easier to add in a check for age and then change the result than to not do anything?

Re:Trap!

Why is this modded funny? This happens. It should be insightful.

Re:Trap!

[davidsyes]

"THEN there will be a public outcry"...

Oh, I thought I read:

"THEN there will be a pubic outcry"... Butt, it DOES seem there might be pubic outpouring...

Re:Trap!

I am!

*fap*
*fap*
*fap*
*fap*

Re:Trap!

Think about the children! They are thinking of the children... while those pedophiles touch themselves.

Re:Trap!

[afidel]

Yeah anyone who reads fark on a regular basis knows that kids who make home movies often get charged as adults for laws meant to protect the childish innocence. It really is very ironic and very SNAFU.

Re:Trap!

[corsec67]

It is really easy to predict something that has already happened.

Re:Trap!

[MBGMorden]

Ironic. It's little known that parents are explicitly allowed to have nude photos of their kids as long as they are obviously not being abused and the pictures are not distributed. It keeps all the parents with the pictures of babies in the bathtub from going to jail. Kinda stupid that your parent can have a picture of you naked but this girl gets charged with child porn charges for having pictures of HERSELF.

Re:Trap!

Yes, it counts.
Minors are considered legally incompetent.

Re:Trap!

[ImTheDarkcyde]

"and distributing indecent images of a minor" What does that make the torrent's Peers?

Re:Trap!

You can have all the pictures of naked children you want. Yours or anyone's. You can create them, distribute them, whatever. They just cannot be "sexually suggestive" pictures.

Re:Trap!

[ShieldW0lf]

Ironic. It's little known that parents are explicitly allowed to have nude photos of their kids as long as they are obviously not being abused and the pictures are not distributed. It keeps all the parents with the pictures of babies in the bathtub from going to jail. Kinda stupid that your parent can have a picture of you naked but this girl gets charged with child porn charges for having pictures of HERSELF.

Just to play devils advocate: If we consider publishing nude photos of yourself to be pornography, why would we consider it not pornography when a young person does it?

You might make the argument that child pornography should be treated differently when the perpetrator is also the child in question, but trying to say it's not pornography is nonsense.

Re:Trap!

[YrWrstNtmr]

One word: Context

Trusting a judge/jury to determine the right context is another matter, though.

Re:Trap!

[Altus]

Theres a loaded phrase if Ive ever heard one.

It takes all types... and as such, you can probably find someone aroused by pictures of just about anything.

Re:Trap!

[dgatwood]

Of course, this whole is pretty silly since any possession conviction must, by definition, be willful possession with presumption of illegality. A UPS driver can't be charged with possession of kiddie porn for delivering a package that happens to contain it unless the driver has reason to suspect that something in the package is illegal. Is there reason to have a presumption of the existence of kiddie porn in this torrent? I would say that there is not, since MySpace has people who go through the private photos and look for that stuff and report it, IIRC. No guarantees, of course. Therefore, I would find it highly unlikely that somebody downloading this torrent would get prosecuted for kiddie porn possession. Invasion of privacy, perhaps, trafficking in stolen proerty, perhaps, copyright violation (all photos are copyrighted by their creator), perhaps, but not kiddie porn possession....

That said, IANAL, so do not take this as legal advice.

Re:Trap!

[cyphercell]

so all pictures of nude people are pornographic? I think there's a word for that world view, oh yeah, prude.

Re:Trap!

[Mr2001]

Just to play devils advocate: If we consider publishing nude photos of yourself to be pornography, why would we consider it not pornography when a young person does it? The issue isn't whether or not it's pornography, but whether it merits all the outrage that usually accompanies "child pornography".

"Child pornography" is generally considered bad because in order to make it, you have to have a minor in front of your camera who's posing erotically or having sex. Since the law presumes that minors are incapable of knowing whether or not they want to pose erotically or have sex, this means that producing these photos or videos involves an act that's equivalent to rape: putting a minor in that situation without her (legally recognized) consent.

In the case of a minor posting her own pictures, however, there's no third party who could be accused of putting the minor in that situation against her will. It isn't even conceivably similar to rape, because the "victim" is making all the decisions on her own - if that's analogous to rape, then so is underage masturbation, and every teenager in the world is a sex offender.

Re:Trap!

Yeap--I read about a case in PA a few years back--the girl was 15 or 16 and took a topless on the webcam. They not only charged her with production of CP--but charged her as an adult and forced her to register as a sex offender!

Re:Trap!

[PlusFiveTroll]

The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws.

Re:Trap!

[ILuvRamen]

there's like 7 determinations always used to test if it's pornography in cases involving minors. The major ones are what part of the picture is the focal point of attention, what actions are being depicted in the pictures, how old does the person appear to be, what the intention of the picture was (education or arousal), release environment context, etc. So yeah that's the big art vs porn determination courts use. Call me a pessimist but somehow I think it's not 100% art being uploaded by kids to myspace.

Re:Trap!

It wasn't that long ago they wanted to try going after suggestive non-nude photos. Basicly take any picture in a bikini where the DA thinks she has an unchildish pose, off to jail you go. They called it the swimsuit illustated of kiddie porn. God forbid you take picture of them sucking a lolipop or eating a banana or anything else that some pervert may find exciting. And don't film them mimicing a music vid, that's just a crime against humanity. There's a crazy fear campaign going on, and it didn't get better with the Maddie case. Am I the only one that find it suspicious that they right from the start seem to have a better PR agent than Britney Spears and Paris Hilton put together, and probably stand to make millions off this? Kids have died for less...

Re:Trap!

[aminorex]

Do you mean that Rupert Murdock is distributing c.p.?

Re:Trap!

[fuzzix]

It takes all types... and as such, you can probably find someone aroused by pictures of just about anything.

I guess you've never seen a Telefunken U 47...

Re:Trap!

[Kjella]

if that's analogous to rape, then so is underage masturbation, and every teenager in the world is a sex offender. Well, it is a more credible threat than that you'll go blind. "Stop that little Johnny, or the police will lock you up." Next thing you know, you'll get arrested for indecent exposure if you look at yourself naked in the mirror.

Re:Trap!

[glitch23]

This does bring up the interesting question though, of how one deals with kidporn that's being posted by the kids in the pictures. Obviously the nutjubs are going to go after whatever company is doing the hosting, but unless I'm missing something, if they're not aware of the content then all they have to do is make a good faith effort to delete anything they find, much like the case with copyright violations.

Anyone who downloads the torrent and doesn't delete anything they find that is child porn (if any exists in the file) could end up in a similar situation like this one. In this story, the prosecutor wants all kids who received the pictures to come forward or else they will be charged in juvenile court for possession of child porn despite not asking for them or actively pursuing them. At the end of the article the same prosecutor says they are't charging the kids for possessing the images so who knows what's going on.

Re:Trap!

[Pharmboy]

In order to earn that +5 you have been graced with, care to actually link to the example of "its already happened"? Thanks.

Re:Trap!

[TheLink]

Yeah good for Florida, protecting the children from evil adults by prosecuting them, (and I bet having their photos spread amongst the police force and probably elsewhere ).

Oh wait...

Re:Trap!

[AuMatar]

http://netscape.com.com/Police+blotter+Teens+prosecuted+for+racy+photos/2100-1030_3-6157857.html

Forgive me, but I didn't want to google child porn at work.

Re:Trap!

[corsec67]

Yeah, "get tough on crime" by fucking up the lives of other people. They both are now "sex offenders", and even if the list does give particulars about their crimes, they were sending pictures of people under 18 in sexual positions. And NO "sex offenders" list is ever going to say "oh yeah, they were sending pictures of themselves".

Just like the drug war and every other war on the people, the cure makes the problem FAR worse.

Re:Trap!

Which means she's both the perpetrator and the victim. What a world.

Re:Trap!

Laws are observed by a following plan.
1.law is created
2.someone breaks the law
3.???
4.arrest
minor details such as spirit or purpose of the law are ignored.

Re:Trap!

[tv_dinners]

I wonder what would happen if teenagers as a group became sick and tired of these unjust laws that turn them into instant sex offenders and just decided one day to take pics of themselves and distribute them to the world.

I, for one, would welcome our new bare-breasted tee... er, nevermind.

Re:Trap!

[EdIII]

"then so is underage masturbation, and every teenager in the world is a sex offender"

If that is true, I was a criminal mastermind :)

Re:Trap!

"Child pornography" is generally considered bad because in order to make it, you have to have a minor in front of your camera who's posing erotically or having sex. Since the law presumes that minors are incapable of knowing whether or not they want to pose erotically or have sex, this means that producing these photos or videos involves an act that's equivalent to rape: putting a minor in that situation without her (legally recognized) consent.

Except that "child pornography" definitions do not correspond with ages of consent. Thus you have the really daft situation where people can consent to sex (in some cases with anyone of any age) but any photographs/videos of their perfectly legal activities are illegal.

Re:Trap!

[TheLink]

Isn't being put on a sex offender list thing a "cruel and unusual punishment"? In a way it's like "precrime".

The assumption appears to be that sex offenders WILL offend again no matter what.

In which case why don't you just lock them up permanently or execute them?

Are rapists so much more likely to rape again once you let them out of jail, compared to say a violent person being likely to bash someone else up again?

Re:Trap!

The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws. And when that's gone on for too long, we can always have the blood of revolution clean it away.

Re:Trap!

[LiquidFire_HK]

You fail at English comprehension. "did not target users of a particular age group" means there wasn't any age group that it specifically targeted, not that it avoided some age group.

And if that's now how you misinterpreted it, your comment doesn't make any sense.

Re:Trap!

[mdwh2]

I don't know if this has happened in the UK yet (unlike the US), but the Government agency have threated to prosecute teens: http://news.bbc.co.uk/1/hi/uk/6757827.stm .

The particularly wierd thing is that the age of consent is 16 here, but a 17 year old who takes a picture of herself faces being locked up as a pedophile for making and possessing child porn.

Re:Trap!

[mdwh2]

Just to add to this - this Government agency is the same agency that have tried to get the media to always refer to 'child porn' as 'child abuse'. So I guess, Jim Gamble really thinks that a 17 year old taking a naughty photo of him or herself is "child abuse".

Re:Trap!

[mdwh2]

The intent of the laws should be to target images of abuse.

Plenty of laws only apply to things done to other people. Someone can grope themselves, but do it to somebody else and you might be charged with sexual assault. Indeed, consider applying the child porn logic to sexual acts - do you think it makes sense that a minor who masturbates should be charged with sexually abusing a child?

The problem is also a double standard here with respect to ages - we say the child is not old enough to consent to appear in a photo, but we say they are old enough to understand and accept the legal ramifications of taking a photo. Some places have sensible underage sex laws that only prosecute the partner who is over the age of consent where there is some significant age difference (and so two underage people is okay). This idea of prosecuting minors for child porn is just an extension of the madness of locking up teenagers for 10 years for consensual sexual acts.

Re:Trap!

[cyphercell]

Call me a pessimist but somehow I think it's not 100% art being uploaded by kids to myspace.

That may be a fair assessment, but I would hardly say a child's first few attempts at looking sexy or being sexy should be considered a nose dive into the world of hardcore pornography. IANAL, but it seems to me like the interpretation of child pornography laws is a bit skewed in these cases. It's not considered child molestation when a child masturbates for the first time and historical attempts at punishing children for masturbating (addictive behaviors aside) have been considered highly damaging to that child's self image and future sex life. I can't imagine the world image some of these children develop when being punished so harshly for what is akin to a type of masturbation, or worse signs of a disturbing sexual sophistication. It hardly seems fair to punish them for growing up in a world they don't quite understand yet. I tend to think that charges of public indecency would be far more appropriate unless the child was actively trying to garner the interest of an adult. For instance a child that lies about their age and sends pictures to adults in order perpetuate a romantic situation or for the receipt of money might be an accurate application of child pornography laws, but still may result in the overaggressive punishment of a child that likely would do far better with some counseling sessions and remedial education.

Then you have to take a look at the type of nude pictures you see uploaded by adults to myspace. You get things like vague nipple shots, wet tee shirts, spanking photos, and nude shots where the "essentials" are covered. All of these, while sexual in nature, are hardly anything I would personally consider pornographic. I don't think it's fair to say that even 98% of the nude photos uploaded by children on myspace should be considered pornographic, they don't belong there, but I don't think it's pornography.

Re:Trap!

[CarpetShark]

I think you misunderstood the "devil's advocate" part of his post ;) You're agreeing with him.

Re:Trap!

[CarpetShark]

but trying to say it's not pornography is nonsense.

Actually, you could easily argue that. Is it pornography when someone documents a hot date in their own diary? You could make the argument that it is. You could also make the argument (perhaps more strongly) that it's a therapeutic tool, or a historical account, or a memory aid, or just a personal method of progress monitoring or sanity checking. I don't see why any other form of personal documentation -- be it video, tattoeing meaningful symbols on oneself, or anything else -- is any less valid.

Re:Trap!

[PastaLover]

... and then get tried as adults.

Yeah, I see the logic.

Re:Trap!

[cyphercell]

Just for a little disclosure here where I say:

I don't think it's fair to say that even 98% of the nude photos uploaded by children on myspace should be considered pornographic, they don't belong there, but I don't think it's pornography.

I don't think kids should be taking nude pictures of themselves, I just don't think they should be charged with distributing child porn for doing so. (I know how some people can't read a forum thread around here)

Slashdot effect on Bit Torrent?

This will be interesting to see...

Will someone please filter out all the non-porn pictures. ;)

Re:Slashdot effect on Bit Torrent?

[CriminalNerd]

Have you heard of the Japanese porn game "Artificial Girl 3"? A torrent came out a few months ago, and well, it's still kicking. Here's a screenshot.

Private?

[Eberlin]

I understand the general idea of privacy...but to expect any sort of privacy by putting your pictures online onto a server out of your control isn't exactly the smartest thing to do. I say if you've voluntarily uploaded it on one of the social networks, it can't be THAT private.

I know, I know, the myspace demographic doesn't know any better.

Re:Private?

Not to mention, 560,000 pictures to sort through is at least a half-way decent example of security through obscurity.

Are the pictures even correlated to usernames or ID's or anything like that?

Not to mention: Oh look a picture of a drunk girl taking a shot. And a drunk guy doing a beer bong. And some fat girl riding a jet ski. Another drunk girl taking a shot.

Sounds like non-stop voyeuristic fun.

Re:Private?

[Basehart]

"I know, I know, the myspace demographic doesn't know any better."

They've got more important things to do, like buy $150 HD-DVD players from Wal-Mart.

Re:Private?

[sm62704]

I know, I know, the myspace demographic doesn't know any better.

The myspace demographic is supposed to be the generation that grew up with the internet! It's us geezers that aren't supposed to understand this intarwebs thang.

That said, you can find me there. But it's not a picture I wouldn't want seen; the one I wouldn't want seen's on my driver's license.

There is probably still a picture of the signboard at George Ranks where Meg played a practical joke on Danny (before Danny got himself fired and barred and before the place went out of business) and rearanged the letters to say something obscene.

I haven't seen Meg in a while, she's so hot she makes Amy look plain.

Re:Private?

[Ajehals]

The myspace 'generation' *are* supposed to be the ones using and seeing 'value' in all the weird and wonderful crap out there geared toward them, they are the ones who are supposed to be massively connected with their mobile phones, email and social networking account. They are supposed to be benefiting from a massively connected world, identifying and receiving wonderful services and consuming all those wonderful products geared toward them. They are the generation that (apparently) cannot tell real life from role playing, are emotionally and mentally damaged from playing video games and browsing the web. In short they are the generation that everyone is referring to when they scream "think of the children".

We, (I refer to the /. crowd, although I may be being over simplistic) are the demographic that saw the internet evolve, have technical knowledge of how parts work and can separate out our real lives and what we want to keep private, from our on-line identities and what we wish to be public. Unfortunately we are also the generation who don't understand nor see the appeal or utility in of many of the new and wonderful social experiments going on on the web, we see the real dangers involved in using them in an inappropriate or irresponsible manner.

We know the danger is from information about us being harvested, being used by future employers, insurance companies, the government, other corporates etc.. They (the 'myspace' generation) are worried about paedophiles and stalkers, whilst simultaneously being drawn to having deep personal relationships and generally being interesting (by whose standards I don't know) and pushing their personal information to anyone who will give them a linden dollar, a discount voucher or a chance to win an iPod.

Or am I just getting old?

Re:Private?

[Xcruciate]

Damn, I wish I had mod points, that was brilliant. So true, at least from my perspective as well.

Re:Private?

[Kjella]

I understand the general idea of privacy...but to expect any sort of privacy by putting your pictures online onto a server out of your control isn't exactly the smartest thing to do. I say if you've voluntarily uploaded it on one of the social networks, it can't be THAT private. I understand the general idea of privacy...but to expect any sort of privacy by putting your [credit card details] online onto a server out of your control isn't exactly the smartest thing to do. I say if you've voluntarily [bought something] on one of the [webshops], it can't be THAT private.

I know comparing myspace and credit card processors is like comparing apples and porcupines, but if that was true in general I don't think the Internet would be quite the same. It's all a matter how secure you need it to be...

Re:Private?

[Raenex]

I understand the general idea of privacy...but to expect any sort of privacy by putting your pictures online onto a server out of your control isn't exactly the smartest thing to do. What about email? Hardly anybody uses encryption, yet there's a general expectation of privacy (though Google feels it's ok to use the content of your email for advertising purposes).

What about web searches? Remember all the trouble when AOL released their "anonymized" data?

anything interesting?

[boxlight]

Is there anything especially interesting in the batch?

Re:anything interesting?

[mac1235]

No.

Privacy

I don't understand why anyone would put anything up on MySpace that they don't want others seeing. If it is that private, don't store it on MySpace. You'll have to excuse me, I'm on my way to go download the file!

Re:Privacy

[ArsonSmith]

Then why call it "MySpace" shouldn't it be called "OurSpace" if it isn't meant for me to store my stuff?

Legality of downloading this?

Who owns the copyright to all those pictures? Myspace or the individual users? And can they come after anyone downloading this?

I want to grab it myself actually. I'm being serious when I say it's to check to see if anyone I know might need to be concerned some of their pictures are now in the wild. I just know some of them are stupid enough to put up stuff they should not have.

Re:Legality of downloading this?

I think this is very illegal to download in the United States. Not even counting the child pr0n laws.

Re:Legality of downloading this?

Who owns the copyright to all those pictures?

Either way, the bigger question is how many underaged teens posted nude pictures of themselves on myspace, making this collection really illegal to download?

I'm being serious when I say it's to check to see if anyone I know might need to be concerned some of their pictures are now in the wild

"I'm serious, officer, I thought it would be important to tell the 17 year olds out there that their breasts were in the wild!"

Re:Legality of downloading this?

Good point. I think I'll stay away from this one.

Plus apparently they just downloaded in friendid order which means mostly the oldest accounts?

Re:Legality of downloading this?

[Titoxd]

I want to grab it myself actually. I'm being serious when I say it's to check to see if anyone I know might need to be concerned some of their pictures are now in the wild. I just know some of them are stupid enough to put up stuff they should not have. You're talking about 44,000 accounts in here. Unless the leaked pictures have some sort of metadata that points back to the original UID, in which case you could theoretically run a script, you're going to have to look one-by-one at the 17 GB of pictures. Are you sure you want to do that?

Re:Legality of downloading this?

[nitio]

I want to grab it myself actually. I'm being serious when I say it's to check to see if anyone I know can be blackmailed. I just know some of them are stupid enough to put up stuff they should not have.

there, fixed it for you.

Re:Legality of downloading this?

[WK2]

I'm being serious when I say it's to check to see if anyone I know might need to be concerned some of their pictures are now in the wild.

I wouldn't bother. There is nothing positive you can do about it. Them knowing won't help. Unless of course you're just trying to give yourself an alibi.

I want to grab it myself actually.

There is no shame in that. Have fun!

Re:Legality of downloading this?

in terms of copyright law i'm fairly sure that myspace has an eula that makes people agree that the they own the copyright, and agree to allow myspace to share those photos, so most likely nobody can go after you for 'copyright' however, there seems to be a sizable amount of 'child-porn' in this 17 gb file, (based on the discussion here on slashdot, anyways) so while you don't have to worry about copyright laws people downloading this file may be subject to anti-pedophilia laws.

the previous poster who mentioned this wasn't sure and i'm almost 100% sure that the copyright on these photos is nil, due to EULA laws. however, if someone in a country where DL'ing this is legal would go to the trouble of 'deleting' all the child porn from the file, and redistribute a 'child porn free' version that then yes you could DL it. also, if they distributed it as a torrent, with all the files able to be individually blacklisted by the torrent program, then you could just use a whitelist or blacklist to avoid dling the child porn, but proving that is a pain, it would just really be much easier if someone scanned for the nudes quickly and deleted any that 'seemed' too young and verified the ages of the ones they thought were old enough. but if they went to all that trouble they might as well just keep the nudes that were 'legal' and skip over the boring pics. but i suppose there might be interesting photos that people had private, that weren't nude... ah well.

Re:Legality of downloading this?

[tv_dinners]

...you're going to have to look one-by-one at the 17 GB of pictures. Are you sure you want to do that? Isn't that what our government is for ? Don't they have office buildings full of people that look at porn all day, separating the underage ones from the adult, giving us all the old adult porn back and keeping the underage ones for themselves ? Am I right ?

well..

Who cares?

Misplaced Trust

[Dragonshed]

Although I do think people should have a reasonable expectation of privacy when marking/tagging pictures as private though services like MySpace, I think it's a risk anytime you upload a picture or document or anything else to any computer that isn't physically your own property.

If anyone was actually exposed by this, it's their own fault.

Re:Misplaced Trust

[LWATCDR]

Imagine that. You upload pictures to someone server and have little to no control who downloads them.
Top it off with the fact that MySpace really seem to be pretty poorly written to start with and it is no big shock.
What I don't get is how they didn't notice this one IP address sucking down this much data.
I guess they don't look at logs.

Re:Misplaced Trust

[John+Napkintosh]

Well, people should have an expectation that if they upload a picture marked private to a service like MySpace, it will appear on MySpace tagged as private. Beyond that... :)

Re:Misplaced Trust

[Belial6]

I know you are not the only one saying this, but really... At some point you are trusting third parties with your data. Just because you physically own the computer doesn't mean that your data is even close to being secure. We are specifically talking about pictures here. Even if you trust Microsoft, who has shown that they believe copyright is only to be used to their benefit, you also have to trust the phone manufacturers, as well as trust the employees of every driver producer you install drivers from.

While there are ways to reduce your exposure, there is no black and white answer to who you should trust and who you shouldn't. Only shades of gray.

Just look at the number of people that trust private information to Google or their ISP. It is no less reasonable for most people to trust MySpace than it is to trust Google with their data.

Re:Misplaced Trust

What I don't get is how they didn't notice this one IP address sucking down this much data.
I guess they don't look at logs.

Logs what logs? Actually, it might not even registered a blimp for myspace. It would have been limited to that other person's connection speed. So o.k. the person batched it out and it's downloading at cable/DSl speeds. It'll still take awhile to download 17 GBs. From there POV, that person was just making what looked like valid requests for data, so they just gave it all to the person. Would it have even shown up that the single person was using that much download bandwidth for a major site?

Re:Misplaced Trust

[caluml]

I guess they don't look at logs. I would imagine that tail -f /var/log/apache/access_log scrolls past pretty quickly... :)

Re:Misplaced Trust

[griffjon]

And from TFA: "...an automated script to run nearly 44,000 MySpace user profiles through one of the ad-supported sites, MySpacePrivateProfile.com -- a process he says took about 94 hours"

uh... seriously? Did no one notice a huge spike of requests for only images from one IP, over the course of almost four days?

Though I guess this seems to be just the most egregious violation of this hole (any double entendre based on the potential content of said pictures is unintentional); as "The MySpace hole surfaced last fall, [...] A YouTube video showed how to use the bug to retrieve private profile photos. The bug also spawned a number of ad-supported sites that made it easy to retrieve photos. One such site reported more than 77,000 queries before MySpace closed the hole last Friday following Wired News' report." (emphasis mine)

So, as long as your privacy hole doesn't get on Wired's front page, you don't need to close it, I guess?

Re:Misplaced Trust

[luke923]

tail -f /var/log/apache/access_log | more doesn't, though. Besides, I always thought they were a ColdFusion/IIS shop, and the last time I checked IIS didn't run on Linux.

Well

[Nysem]

I don't use Myspace anymore, and the only picture of me that I have on my old, rotting profile is an ancient one of me holding my parakeet. Needless to say, my parakeet is now dead (I actually have no idea how) and I look very different from the picture.

The majority of Myspace's userbase, by now, consists of middle school/high school girls (And guys to a lesser extent), and the stalkers who attempt to prey on them.

Long story short, if you don't want the world the know what your name is, what you look like, and possibly what school you go to, don't put it on Myspace. As of this article, don't think setting your profile/pictures to private will do any good either!

Re:Well

[Bill,+Shooter+of+Bul]

You should check your parakeet, he's probably just pining for the fjords.

Re:Well

[msuarezalvarez]

So, when you used MySpace, were you (a) a middle school/high school girl, (b) a guy, or (c) a stalker?

Re:Well

His head fell off?

Yeah...he was really old

Re:Well

The majority of Myspace's userbase, by now, consists of middle school/high school girls (And guys to a lesser extent), and the stalkers who attempt to prey on them. Oh really? I beg to differ, but hey... 17gb later and we shall see.

Re:Well

he was the last stronghold of intergrity. at least everyone who uses myspace and leaves wants you to think that.

and to be frank, no one probably cares whoo this n00b loser is anyway. just look at his uid. what a johnny-come-lately.

Re:Well

[Nysem]

I'm a hermaphrodite, thank you for asking.

Re:Well

[msuarezalvarez]

A stalking hermaphrodite?

Re:Well

[Nysem]

I only stalk other hermaphrodites. It's just not as good being only one gender you know.

I redefine getting the best of both worlds.

Re:Well

You consistently make the dumbest references and yet you consistently get +5, Funny. How many accounts do you own?

Re:Well

[Bill,+Shooter+of+Bul]

Ok. I'll tone it down. For the record, I have two. Although, I haven't used the first since 2000 or so.

never underestimate

[circletimessquare]

the power of bored horny teenaged males

Re:never underestimate

Agreed.

After reading the headline, the first thing I imagined was somebody like Napoleon Dynamite sitting behind a computer screen clinching his fist and saying... YES!

Can someone run porn detection on this and reseed?

Porn-Detection Software

Looking through all the junk is going to take too long.

On the plus side

[Weaselmancer]

Yeah. Good grief, just what I need - 17Gb of pictures of other peoples cats.

But on the plus side, you could head over to Fark and be a LOLCAT GOD.

Re:On the plus side

[gosand]

But on the plus side, you could head over to Fark and be a LOLCAT GOD.

What was the plus side again?

Re:On the plus side

[Jugalator]

I agree, the advantage doesn't lie in posting this junk on Fark, but rather watching others do it! You'll learn the syntax for LOLCODE in the process! Think of it as a free programming course.

Re:On the plus side

Ceiling cat say position already r ful. And Fark are teh wrong internets for it anywayz, try again, k?

Script to upload them to HotOrNot

[xmuskrat]

Somebody is going to write it.

It bears repeating:

[snarfies]

If you want to keep something "private," DO NOT PUT IT ON THE INTERNET.

Re:It bears repeating:

[Albert+Sandberg]

Very true. And makes you think twice about online apps like word processing etc. I even feel a bit paranoid about stuff like gmail.

Re:It bears repeating:

[RiyazShaikh]

Hmm... that's almost like saying "If you don't want people taking your money, do not put it in a bank".

Re:It bears repeating:

[snarfies]

1) Money put in the bank is insured. FDIC and all that.
2) Money put in the bank is physically guarded. A robber would have to put life and limb on the line to get at it.
3) You can't identify me or anything about me from my money. Its just a pile of green paper.

NOTHING online is insured. And the hackers on steroids from Ebaumsworld are anonymous, so there's pretty much no risk to them haxing your shit.

Re:It bears repeating:

[caluml]

Also, do not supply said information to any UK government agency.

Re:It bears repeating:

[jd]

I dunno. If you supplied private information to the British Government, it might take centuries for anyone to filter it out from everything else that's getting accidently released.

Re:It bears repeating:

[mqduck]

If you want to keep something "private," DO NOT PUT IT ON THE INTERNET. Really? THIS is your response? This is the angle you're taking? When did Slashdot fall in with the Luddite crowd?

(Note: the Luddites did indeed have many good reasons for opposing the industrial revolution, so don't just say "well, its true!")

Re:It bears repeating:

[WNight]

Okay, if you want to keep something a secret, don't share it with anyone.

Putting it on the net just implies that you're trying to show some people, but not others. That's a mistake (see above). Even if you assume perfect cryptography and perfect server security, your friend could send it to someone else.

Let me guess

You are uploading 17GB of yourself as we speak.

Re:Let me guess

[BosstonesOwn]

Im willing to bet 14 gigs of the pictures are aerials of some fat chick in the midwest , who all the guys told her she was hot just to try and bang.

Any port in a storm !

Re:Let me guess

Any port in a storm ! Hey, fat girls are great:

a) low self esteem means you don't have to try particularly hard to make them feel good about themselves
b) low self worth means you could even ignore and be cold to them and they'll still be ok with you
c) since they don't have many future possibilities available, they have reckless sexual abandon
d) oral fixation
e) they won't ask if you think they're fat because they know the answer.

Just close your eyes, don't tell your friends, and avoid getting eaten.

One of the first rules on the internet?

[Animaether]

"Um, Anybody concerned with internet privacy along with everybody who had a myspace account with pictures posted privately they did not intend the public to see."

I thought one of the first rules on the internet was that anything you put out there can fall into the wrong hands / become public?

I certainly wouldn't trust MySpace with personal affairs - if not because of technical glitches / hackers, then because of a disgruntled employee who decides offering the entire database up is so much more rewarding than going postal.

Though the whole idea of using MySpace - a site where everybody openly shares information about themselves.. that's the whole point, after all - for *anything* private at all sounds ridiculous to me in its very premise.

Just my 2cts.. I do feel sorry for those who are/will be affected, especially in the days to come as the juicier bits are filtered out and plastered all over the web and into youtube videos for truly everybody to see, as even though my opinion is that there's no reasonable expectation for true privacy on those sites, that doesn't mean they asked for some stupid hacker and a scriptkiddie to go running amok with it.

Re:One of the first rules on the internet?

[MarkGriz]

"I thought one of the first rules on the internet was that anything you put out there can fall into the wrong hands / become public?"

No, the first rule of the internet is we don't talk about the internet.

Oh crap...

Re:One of the first rules on the internet?

That only applies to one ancient protocol, not the entire Internet itself.

Re:One of the first rules on the internet?

[networkBoy]

Something about news? Or a burrowing rodent? I'm going with news.

Re:One of the first rules on the internet?

[maxume]

It's OK. The next step is to go crazy. Then, you need to find a way to take down the internet. After that, simply shoot the part of your brain making you crazy out of your head(making sure to survive a gunshot wound to the brain).

Re:One of the first rules on the internet?

[TheSkyIsPurple]

>I thought one of the first rules on the internet was that anything you put out there can fall into the wrong hands / become public?

So you belong to a bank that doesn't have a web interface to your account? I wasn't aware those existed anymore.
Or are you OK with people being able to take your money?

Re:One of the first rules on the internet?

Rule #1 isn't too scary in regards to your pics forever being on the internet, it's rule #34 you should be afraid of.

Re:One of the first rules on the internet?

so what's the second rule of the internet again?

Re:One of the first rules on the internet?

[GrayNimic]

The problem is that the younger generations, who have grown up with the net, likely missed out on the "first" rules. They came in after that was no longer the blaring omnipresent message - now it is but the quiet background, where it is easy for those unfamiliar with it to miss its cautioning cry.

Gee Thanks

[TI-8477]

By covering this story, Slashdot has exponentially accelerated the spread of these images, and the number of seeders.

Re:Gee Thanks

Thank you captain obvious. Do you have a point to make?

Re:Gee Thanks

[DTemp]

Yes, you're correct factually that these will get more disseminated because of this news story. However, your negative connotation to it is incorrect.

News needs to be covered. People need to be aware of things. You'd think that being in the same world as the USA's Bush Administration would have taught you that.

Re:Gee Thanks

[CarpetShark]

Yes, it's called communication. Shocking technology, isn't it? I blame the guy who invented speech ;)

All I want to know...

Was said script written in Perl?

Cats?

[gnutoo]

17Gb of pictures of other peoples cats

There might be one or two pussies you like. Wait for the filtered version.

Dueling compression algorithms

[Yurka]

ZIPped JPEGs? What's the point?

Re:Dueling compression algorithms

[grub]

ZIPped JPEGs? What's the point?

You're right. It would have been smarter to just upload 567,000 individual torrents to TPB. The originator may not have actually compressed the file, perhaps he did it just to have an archive? Much like using tar without the -z option.

Re:Dueling compression algorithms

[myz24]

Which might actually be smaller than 567,000 small files.

Re:Dueling compression algorithms

[kirel]

ZIPped JPEGs? What's the point? Windows' best method of emulating a tar file. It's not compression you're wanting, just bundling of files.

Re:Dueling compression algorithms

[shiftless]

Uh, maybe to put them all into one file instead of 550,000 individual files?

Re:Dueling compression algorithms

[JesseMcDonald]

The originator may not have actually compressed the file, perhaps he did it just to have an archive?

In case you're new at this: a torrent file can contain more than one file, organized unto subdirectories. There's no need for any encapsulation.

What makes even less sense, though, is where a single large (compressed) file is split into a bunch of .RAR files and then all the .RAR files are repackaged into a single torrent. The resulting torrent is no smaller or resistant to corruption, and requires external tools that most people don't have to reassemble.)

Re:Dueling compression algorithms

[Animaether]

It more-or-less becomes a TARball anyway - not in format, of course, but most zip apps (not sure about Windows' built-in) don't bother with compressing JPG files.. they realize it's a JPG and just store the file 'as is'.

Re:Dueling compression algorithms

[Dragonshed]

Have you ever defragmented a harddrive after copying around 1 million small files?

Re:Dueling compression algorithms

[3-State+Bit]

I know! What's with trying to compress an already compressed JPEG? I mean it's not like you can losslessly compress JPEG's by roughly 30%...

Re:Dueling compression algorithms

having a zip makes it far more transportable.

Re:Dueling compression algorithms

[vux984]

Obviously to stick them into one convenient file that pretty much anyone who gets will be able to open.

Re:Dueling compression algorithms

[blueg3]

I'm not sure how torrent handles this, but having a large number of small files can cause internal fragmentation (wasted space) and substantial additional overhead. It's fairly standard practice, from a convenience standpoint, to package large numbers of files into a single .zip -- especially if you plan on supporting having the data shared via a system that doesn't graciously handle multiple files organized into subdirectories.

The multi-part .rar business is historical -- either it's data designed for distribution by a different medium that's mirrored onto bittorrent, or it's someone who's emulating the other distribution format for some reason. (Data posted to newsgroups used multipart archives, for example.)

Re:Dueling compression algorithms

[_xeno_]

In case you're new at this: a torrent file can contain more than one file, organized unto subdirectories. There's no need for any encapsulation.

Sure there is. Ignoring the way BitTorrent actually encodes the information, and assuming that somehow every file name could be stored as one byte (ignoring the obvious flaw with that), by keeping all of them at the torrent level you'd require "more than 560,000" bytes just devoted to file names. Since the general rule of thumb is to keep the actual .torrent file around 100KB, give or take, that's right out.

Now, throwing in the way the .torrent file actually stores the list of file names, you're looking at at least 21 bytes per file. Assuming 560,000 files, that bloats the .torrent file to over 11.2MB - and that's still not realistic, because it requires every file to be less than 10 bytes in size and all of them to have empty path names. (Which is obviously not valid.)

Throw in realistic constraints, and you're adding another 15 bytes, bringing us to a total of 36 bytes per file - bloating the .torrent to 19.2MB, just for file names.

So, in short, the reason to place them in a ZIP file and not use the multi-file feature is because using the multiple file feature would massively bloat the .torrent file. Now the final .ZIP file has similar requirements per file in the ZIP file, but that becomes payload as part of the BitTorrent download and not something that has to be downloaded via non-BitTorrent means first.

Finally, for an explanation of where those numbers above come from, the "smallest possible" form for a file would be:

"d6:lengthi0e4:pathlee" (21 bytes)

The "more realistic constraints" brings that to:

"d6:lengthi100000e4:pathl8:0000.JPGee" (36 bytes)

Yes, the .torrent file is essentially "plain text" although the piece hashes are stored as binary strings. It's encoded using "Bencoding" - which isn't the most compact of formats.

Re:Dueling compression algorithms

[syukton]

Those multiple .RAR files most likely originated on Usenet, where corruption-resistance is very important (indeed, the .RAR files are often accompanied by .PAR parity files as well).

The .torrent was probably just created from a usenet download, omitting the .PAR files (which are unnecessary when using Bittorrent).

Re:Dueling compression algorithms

[afidel]

Yeah but there's significant overhead for each additional file in the torrent and there ARE limits in the protocol. I would imagine this volume of small files would break either the protocol or at least many clients badly. The reason for RAR's is that many people distribute through various channels including NNTP where having the autosegment of a commandline rar tool is very useful.

Re:Dueling compression algorithms

ZIPped JPEGs? What's the point? True. And he already started to get shit for that on the torrent page. The most compression savings it could get would be about 5%. He could have at least divided it into ranges and zipped those.

And it's all mostly public images anyway. The site he scraped indexes all images, whether private or not, that you request. So lame.

The sites to just lookup someone (who you know) that you actually wanted to see have existed for many months. Now he attracted all this attention and it's been fixed. Really fucking lame.

Re:Dueling compression algorithms

[PayPaI]

OK, so you make a 20MB torrent file, then you make a torrent for that torrent file.

Re:Dueling compression algorithms

[dbIII]

Because people haven't heard of tar. I suppose the idea is just to collect a lot of files together in one archive so zip atill makes sense. I would bet that a lot of decent implementaions of zip would look at the header of the jpeg and decide to just dump it in the archive with no attempt at furthur compression.

Re:Dueling compression algorithms

[Kayyham]

I didn't realize .zip compresses each file seperately. I would have expected it to be able to optimize the compression across multiple files (which would net a better compression ratio than doing each file seperately).

Re:Dueling compression algorithms

Which misses the point. Every decent torrent client has the ability to download individual files from a torrent. People like torrents of individual files so they can pick and choose which files they want, and they get a good preview in about 1/550,000th of the time this steaming pile of crap requires.

Re:Dueling compression algorithms

[marcansoft]

I'm pretty sure BT does the equivalent of concatenating all files, splitting the result, and then transmitting blocks of that. The file divisions are at a higher level - the torrent itself is just a stream of blocks of bytes. No internal fragmentation.

Re:Dueling compression algorithms

[Matt+Perry]

bloating the .torrent to 19.2MB

Oh no! 20 megabytes! We'd never be able to download that due to the Great Storage Shortage of 2008. Where would we put all those bytes?

Re:Dueling compression algorithms

[willfe]

ZIPped JPEGs? What's the point?

• Preventing causing issues among individual clients that:
  • Run on platforms that can't handle files larger than 2GB or 4GB
  • Run on platforms that set ridiculously low limits on simultaneous open file handles
• Avoiding storing metadata for over 500,000 files inside the actual .torrent file (a client can reasonably handle a few (or even a few hundred) files being tracked individually in a torrent; half a million? That's a lot of pain waiting for just about any client not specifically written to handle gigantic torrents like that)

There are limits, even in the mighty BitTorrent protocol. You can't reasonably sling 500,000+ files around without archiving them somehow.

Re:Dueling compression algorithms

[SuiteSisterMary]

Also, just rename the .zip files to .cbz files and fire them up in your favourite reader.

Re:Dueling compression algorithms

[Kjella]

Oh no! 20 megabytes! We'd never be able to download that due to the Great Storage Shortage of 2008. Where would we put all those bytes? You must be geekily challenged. Those who get the torrent are getting 17GB anyway, the point is the torrent host would have to serve 20MB*5000 = 100GB instead of 100kB*5000 = 500MB.

Re:Dueling compression algorithms

[Matt+Perry]

the point is the torrent host would have to serve 20MB*5000 = 100GB instead of 100kB*5000 = 500MB.

Assuming that the torrent file can only be served from one host.

Re:Dueling compression algorithms

This points to an obvious flaw in the BitTorrent protocol. If we were dealing with a file system, this would be the equivalent of putting all the entries for the entire file system in the root directory, something which quickly becomes unscalable in the real world.

I know that I often don't have the free space to keep essentially two copies of a multi-gigabyte torrent around: a RAR'd copy from the torrent, and the decompressed data. What I end up doing in these cases is just deleting the torrent after I've decompressed it, rather than continuing to seed it in place. It's a real problem.

It seems to me the obvious solution is the classic one of using another level of indirection. The torrent file could contain pointers to additional blocks of file system data, which would be shared using the BitTorrent protocol. This would keep the torrent files small, while still allowing for potentially megabytes of file system information to be encoded. And, as you pointed out, this is overhead a container format like ZIP, RAR, or TAR need to keep around anyway.

I suppose what would be really ideal, though, would be some sort of standardized container that file systems could transparently descend into. I doubt there's enough homogeneity among file systems to usefully achieve anything, though.

Re:Dueling compression algorithms

[blueg3]

The torrent itself isn't a stream of anything and never exists as a standalone entity (as it just references the real files, rather than repackaging them). What you mention is a possible solution, though most people avoid dividing blocks across files arbitrarily.

Re:Dueling compression algorithms

[marcansoft]

The torrent itself - as in the peer to peer data transmission - is done at a piece level and the stream is logically equivalent to concatenating all files and transmitting them as a whole. Obviously, this never happens at a filesystem level. However, even though the actual filesystem data is split into files, the logical stream that is what gets shared is effectively the result of the concatenation of all files (this happens in real time: when someone requests a piece, it is done by position in the "whole of the torrent" and then the client determines which file(s) it has to read to find the data). The point is that there is no internal fragmentation on the transmitted data: (essentially) the exact same number of actual data bytes will be transmitted whether you split the torrent into files or tar it up into one big file (assuming no compression for the tar and ignoring overhead for it). It's not like downloading files over HTTP where there is an overhead per file. The bittorrent wire protocol doesn't even know about the existence of multiple files.

This is why if you download a single file out of a torrent, you will often get a certain percentage of the previous and following files completed even though you never checked them for download: the edges of the pieces weren't aligned with the file boundaries. If you uncheck, say, a "downloaded from foo" txt file, more often than not you'll get it anyway (the client stores the file anyway because it needs to store that portion of the block to be able to upload it to peers, since blocks are sent as full units).

The .torrent file is a separate issue, and it can get large with large amounts of files. However, it's not like you're saving bandwidth: the file names and info will just happen to be inside the rar files (as part of the rar format), instead of the torrent file, but you'll still have to download them. Having them in the rar files is arguably a better solution in this case, since it keeps the .torrent file small and transmits the relatively bulky file list over BT, but that's a different issue.

I'll wait

[Apreche]

No reason to download 17 gigs. Just wait for someone to filter out the non-pr0n and make a "greatest hits" torrent.

Re:I'll wait

Every single MySpace pic is a winner!

huh

[mooreti1]

Wow, 17 gbs of pubescent girls doing the "Blue Steel" face. What a mind numbingly waste of bandwidth and time.

Re:huh

[s!lat]

You know something like this is going to be eBaums/*chan fodder for years...

Re:huh

[Chrutil]

>>Wow, 17 gbs of pubescent girls doing the "Blue Steel" face.

Well, some of them totally nailed the "Magnum".

so, any hot p0rn?

anyone? Bueller? Bueller?

A 17Gb zip???

[gstoddart]

I didn't even think you could make a 17Gb zip file. Granted, I've never tried.

That's one fscking big file!

Cheers

Re:A 17Gb zip???

[wisconjon]

Did they get Bill Clinton's private photos? Wouldn't that be a collection!

Re:A 17Gb zip???

[pleappleappleap]

It's actually 17 separate 1GB zipfiles.

Re:A 17Gb zip???

[jonnythan]

It's 15 files, each slightly over 1GB.

Re:A 17Gb zip???

[jandrese]

As other people have pointed out, it's a bunch of 1GB zip files. A lot of zip programs will actually crap themselves if you give them a zip file over 2GB.

Re:A 17Gb zip???

[urcreepyneighbor]

The torrent (myspacepicstorrent) is ~17.5GB. The torrent contains 17 zips:

0.zip, 1.zip, 2.zip, 3.zip, 4.zip, 5.zip, 6.zip, 7.zip, 8.zip, 9.zip, a.zip, b.zip, c.zip, d.zip, e.zip, f.zip - The pictures, or so it seems. Haven't downloaded the pictures, yet. Each zip is ~1GB.

html.zip contains html files that link, supposedly, to the original pictures. It's ~30MB.

Out of sheer curiosity, I viewed the source of a couple of the html files - wanted to see if they contained any friendID's or anything else that could link the pics to the user.

The links do not contain a friendID or anything else that would tie the picture back to the user. Unless, of course, there is a rainbow table floating around that contains the hashes of the pics and the associated friendID's?

The html files, however, do contain FriendFinder spam. (iFrame, of course. pid=g872417-pmem, if anyone cares.)

Sorta stoopid, if you think about it. All the authorities would have to do, if they are interested, is contact FriendFinder (or the parent company[1]), and get the contact details for the affiliate.

Anywho. I hope this answers the size comment. I'm sure every prevert from here to China is part of the torrent's swarm. :)

[1] I don't know if FriendFinder is an indy company or owned by someone else. I don't even care enough to visit the site. Sorry. I'm tired and I've got a toothache. :P

Re:A 17Gb zip???

Apparently Phil Katz was on the ball, living in a post-32-bit world back when the rest of us were overcoming the 640k barrier by bank-switching with EMS. Impressive.

Been there, done that

[joggle]

I can't find the exact story I'm looking for, but here's an example of the slashdot effect on BitTorrent back in early 2003. There once was a story that wanted the slashdot community to try to use the slashdot effect by downloading a full Linux distro using BitTorrent. I think that story came out a few months before the story I linked to.

Link at Pirate Bay

This seems to be the torrent that is being discussed:
http://thepiratebay.org/tor/3985864/%5Btribalwar.com%5D_567_000_private_myspace_pictures

Useless

This thread is useless without pictures.

ZIP is a container

[Sycraft-fu]

You don't need to have compression to have a ZIP file, it is just a convenient way of storing a bunch of files together. PK3 files from Quake 3 engine games are just ZIP files with no compression, for example. It's kinda like a TAR file in UNIX, but TAR isn't popular in the Windows world. Windows has native ZIP support, though.

Archiving != compression

[upside]

1) There's a subtle difference between archiving and compression
2) You can use zip with no compression for plain archiving
3) Since tar isn't that popular on Winblows it's pretty natural to use zip instead

There are plenty of benefits to using an archive
1) integrity checks
2) directory structures
3) single file vs thousands
etc

Ready For Your Close-up?

[blueZhift]

This is just one more reason to never put any image on the internet that you would have a problem with the whole world seeing. That 17GB of images is going to be circulating for the next 100 years. D*mn! The corollary is, never let anyone take a picture of you that you wouldn't want everyone to see either. I sense the birth of a lot of new internet celebs...whether they like it or not...

My god, it's full of...

[pragma_x]

CATS: All ur cheezbergr r belong to us

/got nuthin'
//slashies!

I've looked. Yaaaaawn.

[jridley]

I downloaded the first zip, which is the first GB of images. I unzipped it, and I looked at the first 4500 images before falling asleep. 999 out of 1000 are crappy cellphone pics of ugly people drinking a beer and flipping off the camera, or vacation pics, or pics of someone's crappy car, or just simply snapshots of people (the vast majority).
So far out of 4500 images, I found exactly zero images that I think anyone would give a crap about. I'm not even sure why the vast majority of them are even bothered marking private; nobody would care about them at all.

Static Content Server

[TheNinjaroach]

Myspace appears to use a static content server that does no validation of who you are before returning JPGs.

When not working or browsing Slashdot, a friend and I will exchange URLs to profile pics of "interesting" looking women. If the profile is private, the URL to the private JPG is not protected and we would exchange those instead. I haven't spent any time trying to find a pattern in the seemingly-random JPG names, so it appears difficult to pull the private images of any one person, but in general everyone's pics are available if you know the URL.

Re:Static Content Server

[Buelldozer]

As I read your post the /. tag line is "The door is the key.". Amusing.

Re:Static Content Server

[Bri3D]

Yes. This is how MySpace, Facebook, Photobucket, etc. are designed. It'd be very database-intensive and difficult to handle sessions/permissions every single time someone requested a static image.
It's not a big deal in the case of MySpace and Facebook; the images are randomly-enough named that I don't think anyone's figured out the scheme (if there is one). Basically all it does is let you and your friend trade images of people one of you already knows, which isn't too bad considering that anyone who posts images anywhere on the internet with any expectation of privacy is pretty silly to start with.
However, in Photobucket (which is insecure in general; they still store plaintext passwords amongst other issues), which doesn't rename uploaded images, it results in an amusing hobby called "fuskering" where common image sequences (i.e DCIMxxxx.JPG, etc.) can be sequentially requested from a user's account until one matches.

Think of it this way

[mstahl]

Well what if you had, say, photos from a party that were okay for your friends to see but might have unintended consequences if your boss saw them, or a prospective employer did? Do you want your drinking photos to be visible to people who've never even met you before? Yet to you and your friends they're significant and acceptable for online posting.

Re:Think of it this way

You use the phrase "acceptable for online posting" like that makes some distinction between your friends and your boss. Once the information is out there, anything can happen. For example, one of your "friends" may copy the picture and post it onto another forum out of your control. Then what?

Great!!

[jokersmild]

I can't wait for the high light reel.

Re:I've looked. Yaaaaawn.

[bigmaddog]

Hey, wasn't there a story out there a while back about a teacher who got canned because the overlords found a pic of her with a drink on the interweb? I'm too lazy to look for it... Anyway, ignoring the fact that you shouldn't expect any sort of protection of your ePrivacy from the likes of MySpace, it seems like a not entirely bad idea to try to limit the extent of exposure of some of the pics even as you share them with friends and even if most people would consider them benign. Of course the safest approach would be to not participate at all, but then one of your friends will post someting on your behalf and you won't even know about it... or something.

Submitter should RTFA, bug was known for months

[infestedsenses]

From the summary:

We all heard about the MySpace vulnerability that allowed everyone to access pictures that have been set to private at MySpace. That vulnerability got closed down pretty fast.

No it didn't. MySpace let this thing go on for months. From TFA:

The MySpace hole surfaced last fall, and it was quickly seized upon by the self-described pedophiles and ordinary voyeurs who used it, among other things, to target 14- and 15-year-old users who'd caught their eye online. A YouTube video showed how to use the bug to retrieve private profile photos. The bug also spawned a number of ad-supported sites that made it easy to retrieve photos. One such site reported more than 77,000 queries before MySpace closed the hole last Friday following Wired News' report.

The irony (and scandal) is that they not only failed to uphold their privacy policy despite being in the public spotlight over the last 2 years precisely for privacy issues, but that they didn't bother to acknowledge or fix this bug until a high traffic site reported on it.

Mod Parent +1, Absolutely Correct

ZIPped JPEGs? What's the point?

You're right. Once something has been compressed with one algorithm, another algorithm can never further compress it. Also, they clearly should have made a separate torrent for each of the jpegs. Frankly I'm not sure why they didn't consult Yurka from Slashdot before they did all this work.

Doug Stanhope

[milsoRgen]

Doug Stanhope - MySpace Pedophiles http://youtube.com/watch?v=8APlx9btTn8

Once again - two faces.

[DerekLyons]

The two faced attitude of Slashdot rears it's ugly head again.
 
Slashdotters are all about privacy uber alles when it comes to causes they care about - but when it comes to a demographic they don't care about, and a website whose users they openly disdain... The collective opinion shifts to "well, they shouldn't have uploaded it to the interwebz in the f1rst plac3".

Re:Once again - two faces.

[Cid+Highwind]

The two faced attitude of Slashdot rears it's ugly head again.

It's almost like there's more than one of us here, isn't it...

Re:Once again - two faces.

[neminem]

And both are true. We do care about security, but at the same time, the most secure way to keep your data secure is, of course, not to put it on an internet-connected computer.
Barring that, just not putting it on a web server whose programming has been demonstrated frequently to be mediocre at best.

Re:Once again - two faces.

[DerekLyons]

Your response merely proves my point. The normal response is to blame to owners of the server for not maintaining security, not the users for using the internet or for using a particular server. But, since it's Myspace - that reverses.

Re:I've looked. Yaaaaawn.

[justinlee37]

I'm not even sure why the vast majority of them are even bothered marking private

That's because, on myspace, either your entire profile is private, or none of it is.

Re:Can someone run porn detection on this and rese

[Jugalator]

http://www.yangsky.com/products/porndetect/img/pd4.jpg

Let's just hope it's not a case of a huge belly button archive!

PMITA

[yada21]

Then send them to prison - and I don't mean some cushy, white-collar joint...

Re:I've looked. Yaaaaawn. Look again

[Chapter80]

I found exactly zero images that I think anyone would give a crap about.

One could say the same thing about the photos taken by Google's street view. But some people somewhere found time to find that one picture of the girl with the thong getting into her car.

Just watch. Queue the countdown.

Re:I've looked. Yaaaaawn.

[brianjlowry]

"999 out of 1000 are crappy"

What's that 1 out of 1000 you are holding back on?

Re:I've looked. Yaaaaawn.

[inviolet]

So far out of 4500 images, I found exactly zero images that I think anyone would give a crap about. I'm not even sure why the vast majority of them are even bothered marking private; nobody would care about them at all.

It is done for the same reason women, including me, enjoy fretting about rape: they're flattering themselves.

One thing the internet's sheer size teaches you: you are just another nobody, who'd have to dig deep to find some trait that is simultaneously unique and valuable. On the one hand this is a Good Thing, because it blasts from Earth forever the notion that one might be a freak in some way. On the other hand, now we have to struggle to differentiate ourselves, even in our own minds.

private?

[12357bd]

Well, that's what happens when you put your private data on someone else's server. Nothing new here.

Re:I've looked. Yaaaaawn.

[4D6963]

you are just another nobody

You're just another nobody because your pictures on MySpace are not very different from someone else's pictures? I love it when people who realise they have something in common with lots of other people start to question their own uniqueness.

statistically

[reiisi]

I would say that, statistically, when you have more than 300 underage users free to post pictures of whatever on your site, you have to assume that at least one has posted something that would run afoul of the statutes.

Re:I've looked. Yaaaaawn. Look again

No, but seriously. It's so bad I almost feel like puking. When did Myspace become inner-city inbred central? I didn't realize until now that such an incongruent combination was possible. We seriously have one insanely ugly country, and all of them are on Myspace apparently. I didn't even get past the first 200 of the first zip. My eyes burn. I think searching Google images for porn is about 100x less pathetic.

Email from Tom

[LtCmdrJoel]

Myspace: We're workin on it! Don't email me about it, just wait it out. -Tom

Oh, really?

[Grendel+Drago]

It's little known that parents are explicitly allowed to have nude photos of their kids as long as they are obviously not being abused and the pictures are not distributed.

"Explicitly"? Could you point out where the naked-kids-in-the-bathtub exception under U.S. law? I have a faint memory of parents actually being prosecuted in precisely the situation you mention, but hey, I could be wrong.

Re:Oh, really?

[TheLink]

Hey like was said - "it's little known", so the Cops and Courts probably don't know about it either ;).

Re:Oh, really?

[mdwh2]

I don't know about the US, but there was a famous case in the UK where newsreader Julia Somerville was arrested (although not prosecuted AFAIK) for images of her child in the bath: http://findarticles.com/p/articles/mi_qn4158/is_19951105/ai_n14016171 . Thank heavens for digital cameras.

I see that article refers to the possibility of her being fined. It's interesting how the law has changed - first possession was only illegal if you intended to distribute it (1978), then possession alone was illegal with a fine (1989), then illegal with a 6 month sentence (1994), then extended to five years in 2000. Then in 2003 the age of a "child" was raised from 16 to 18, so people who can legally have consenting sex can be pedophiles too.

No, they don't.

[Grendel+Drago]

By the way, the US Fed gives a three time accidential discovery of illegal cp, provided it is reported to a appropriate ageny.

No, they don't. You just made that up.

Yeah, about that TOS.

[Grendel+Drago]

There is NO guarantee of ANYTHING (read the 20 page TOS/disclaimer).

That TOS/disclaimer is there for precisely one reason, and it's not to prevent MySpace from hosting a ton of illegal content, nor to prevent kids from making stupid decisions (first, making stupid decisions is what kids do best, and second, if you think the subliterate nitwits on MySpace can read that TOS/disclaimer in the first place, you're even dumber than they are); the purpose of that TOS/disclaimer is to cover Rupert Murdoch's well-fed ass. Don't pretend it does anything else.

Re:Yeah, about that TOS.

[torkus]

Oh, they CAN read it. I'd bet you can count on one hand the number of teens who actualy do. Yes it's to cover their corporate asses. But hey, if I was giving services away for free i'd want something to cover my butt from the insanity of the court system and predatory lawyers.

Tell me honestly, do you trust the good of mankind enough to put your reptuation, money, and freedom on the line with no protection?

No, not really.

[Grendel+Drago]

teenagers ESPECIALLY [...] should know better

You're expecting the vast majority of teenagers to make a good decision when faced with peer pressure, vague and unlikely-seeming negative consequences, and raging adolescent hormones. Mere words cannot describe your unfounded optimism.

Now here's a torrent stress test if you need one..

[Kjella]

...you got close to 5000 people connected now, and if they're each going to get 17GB (ok, unlikely) you're looking at 85TB of data. You wouldn't want to try to do that with a traditional server, at leat I I wouldn't want to be one responsible for it...

Re:I've looked. Yaaaaawn.

[jridley]

Yup, there were some that probably you wouldn't want to send to your boss or mom. But nothing horrible. Just people acting goofy with a beer in their hand. There was hardly anything (maybe 2 or 3 shots out of the 4500 I looked at) that were something where I said "Yeah, I'd mark that private too" and probably about 50 that if you had an uptight boss, you should probably keep it to yourself. Almost all were just your average, everyday photos. Most of them were pretty miserable to look at, due to horrible photography technique or horrible equipment (almost all cell phone cameras, which barely qualify as cameras, for the most part).

Nausea

U all pls stops teh silly lolcats talk on slashdots,
is makin' me wanna hurl,

mm K?
bai.

Mind you...

[British]

This is the same website where users put ALL their pics to be "private", then put up a myspace slide show where you can not only view the pics, you can click on them & see the album in question.

* smacks forehead *

carefull.. HTMLs loaded with ads..

there is thousands of HTML files filled with iframes of ads.. I wouldn't download them... but I think somebody is going to make a lot of money out of this...

Final Solution: Outlaw Children

Somebody ought to outlaw all these CP producing children...
Just outlaw them and shut them in until they're 18 or older.
Criminalize the production of more young people. We must protect our children!

Re:I've looked. Yaaaaawn.

How did you download only one of the Zip files when there are 17 ? Thanks.

Re:I've looked. Yaaaaawn.

any good BT client has the option of specifying the priority or order of download for the files that make up the torrent. Once the individual file you want is finished, you can open it, while the other files are still downloading.

anyone got an NZB?

I r on teh comcast.

17GB of crap... with the occasional diamond...

[advocate_one]

one of the comments on piratebay sums it up...

I think it's funny. People think their images will be safe online if they make it private on Myspace.

This is the internets, all your picture are belong to everyone.

Not getting old, just stupid

[SmallFurryCreature]

There is no /. crowd. Get this stupid idea out of your head, you got Bill Gates lovers and Steve Jobs fanboys. You got MSCE's and real engineers. You got Window monkeys, linux users and BSD weido's.

There is everything here from rocket scientists to people who clean toilets for a living. Age varies from almost dead to just old enough to sit upright.

We even have rumors of women visiting this place.

So how can you have a /. crowd?

Answer you don't. Sure there are some trends, there are probably a few more MS haters here and a few more Jobs lovers then in society as a whole, but read any article on Apple/MS and you will find people who go against the flow.

The reason I point this out is that it is VERY dangerous to think that all people from a certain part of society are the same.

And it is very relevant in this discussion. SOME kids using myspace are stupid enough to send private information on a public network, therefore YOU seem to conclude ALL kids using myspace are stupid enough to send private information on a public network.

This leads to nanny state rules, where because 1% of the populatin is unfit to live 99% has their freedoms restricted.

Myspace is a tool some people will get it wrong, though shit. This has nothing to do with generations or whatever, there have ALWAYS been stupid people who do stupid things, society survives.

Re:Not getting old, just stupid

[sm62704]

There is no /. crowd

Yes there is. The slashdot crowd consists of nerds and nerd wannabes. This crowd is comprised of a large number of individuals with disparate tastes and opinions. There are Mac fans, MS fans (even if most of them work for MS;), Linux fans, Be fans, other OS fans. There are Liberals and Conservatives and Democrats and Tories and Greens and Libertarians.

But they are all part of the same crowd. The one thing that distinguishes a member of the slashdot crowd from normal people is the fact that they read and sometimes comment on slashdot.

Ironically all judges are pedos...

[cheekyboy]

Because they are so old, when they were 18/19yo, I bet all those judges boned a 16/17yo at the time. Ofcourse that activity was 100% legal in the old days.
Hell, I saw a doco of 38yo getting married to a 16yo in the 50s. 100% legit and legal, not today , its evil now.

Re:Ironically all judges are pedos...

[Eivind]

Only in the US. Or well, some other sexually repressed countries too, but in MOST of the world the age of consent is 15 or 16. I guess 16 is about the average.

18 is silly. That means that something like 70-80% of the girls and 50-60% of the boys start their first sexual relationship before they're "legal". So it's essentially down to random chance who is discovered and who isn't. (sligthly more of the girls because it's more common for a girl to have an older boyfriend than the other way around)

the thing to really be worried about is...

[drolli]

that he managed to access in a bot-way 44000 profiles in 94 hours, roughly 500/hour or 8 per minute - around the clock. Does the myspace website not have any heuristic real-time scanning of their logfiles for such automated accesses? At least a tar pit would be really good idea. If he can do that, so can anybody else and make wuite arbitrary automated queries. I am lucky not to have a myspace account

wait, only 44k?

[megabeck42]

There's only 44,000 myspace profiles, only 44,000 with private pictures, or he only could grab from 44,000 profiles before he got shut off or bored?

Re:I've looked. Yaaaaawn.

[Kuvter]

I assume if you post underage drinking photos you'd want that private. But if you're an underage drinker you're probably not smart enough to.

And you though facebook was more secure...

[delta419]

Think again. I've accessed "secured images", without being logged in. Tip - h0tlink.

Politicians and MySpace

[Zolodoco]

I may have to download that and find out if it picked up anything compromising from our various public figures who use MySpace.

now = not (n/t)

[LiquidFire_HK]

now = not (n/t)

Don't need to download it all.

[miknix]

If you are only curious (as me) about the level of scandal this could be, you could only download about 2% of the archive
and then use the zip "Fix" heuristics to reconstruct the entire archive. On UNIXes simply type:

$ zip -FF 0.zip

Now what?.. Who will build the Britney Spears face/pu**y recognition algorithm?

This Type of Exploit Isn't Really New...

Come on people, I'm sure this does not come as a surprise to those of us with some Internet history. Exploits like this date way back to my early days of waiting on the 5 second updates that webcams once needed (late 90's).

To stir some brain memory cells around I'm going to have to post a couple of links here.

Seems the WayBackMachine is missing a whole lot of data on this site and without checking every link to see if I could get a peek at the oldest version of the site I found one version and stopped looking.

http://web.archive.org/web/20031124201643/spotlife.com/home.jhtml;?_requestid=140484

Doesn't anyone remember the exploit with Spotlife? Where you did pretty much the same thing - protected pictures were not really protected - you could thwart their security by breaking out of the frames and calling on the frame that had the cam picture directly and you'd get instant gratifica... access to any private show.

Needless to say... Many young girls found their "private shows" quickly shared on the still existing http://www.hush-hush.com./ Hush Hush hasn't even changed very much since then either and all the old Spotlife pictures can be found in the First-Flirt archives.

Ahhhh.... The Memories

Myspace = Blackguys hitting on white women.

[zymano]

Alot of Myspace is just people just fishing for friends to sell crap.

Another negative is people are ONLY allowed to post POSITIVE comments which is stupid and artificial.

What is cool is that there are some celebs you can badmouth in a private message until they ban you.

You got to love all the Blacks who hit on white women. It's annoying and gross! Love your own women. They're all single.

Gross stuff.

What you say?

All your pictures are belong to us.

Review of Part 1 (1GB out of 17)

After waiting an eternity to get this thing downloaded (one of the slowest torrents I've grabbed... and over a thousand seeders! not sure whats up there) I have a review from zipfile 1 (of 17 files included)

approximately 5000 photos
70% - make you wish Kodak didn't bring photography to the masses
45% - angsty emo poses
25% - alcohol-related potentially embarassing photos (if you knew who these people actually were)
0.5% - nudity (one topless woman, several artistic nudes, a few pregnant women)
2% - people showing off bruises or injuries
30% - pets
1 - fetal ultrasound
4% - people sleeping
7% - anime, cartoons, photoshopped artwork
10% - cars

(Sum exceeds 100% because of pics like the shirtless drunken emo guy with his puppy)

Lesson: If you want scandalous amateurs, go to xtube.

(That won't stop me from getting the rest of the torrent and seeding till you get your fill, though!)

Reason #2945

...not to put anything online that you wouldn't want the whole world to see.

amazing.

[pontifier]

In looking through these pictures I am struck by some thoughts. What an amazing collection of averageness.
This data is invaluable.
I hope I'm in there somewhere.
What would aliens think if they saw this?
I should invest in storage technology.
Is that my friend there?
This will make a great screensaver!