Slashdot Mirror

← Back to Stories (view on slashdot.org)

Disqus Bug Deanonymizes Commenters

Posted by Unknown on from the anonymous-cowards-unmasked dept.

alphatel writes "The Swedish company Resarchgruppen has discovered a flaw in the Disqus commenting system, enabling them to identify Disqus users by their e-mail addresses. The crack was done in cooperation with the Bonnier Group tabloid Expressen, in order to reveal politicians commenting on Swedish hate speech-sites."

6 of 151 comments (clear)

  1. Disqus is evil by johnsie · · Score: 5, Insightful

    One company being able to build up a collection your comments and opinions across multiple websites.... Thank goodness I only comment on Slahsdot

  2. Re:Damn! by TWX · · Score: 5, Insightful

    Bear in mind, most of the people the world haven't structured their lives to understanding technology. They may like technology, they may be technology groupies, but they probably haven't really contemplated the ramifications of technology or how it can be used differently than their preconceived notions. They probably don't necessarily get that databases can be cross-referenced so easily or that unless they're willing to go through a specific amount of work each and every time they want to obfuscate their identities, it's likely that someone can figure out who they are.

    Another thing to remember, it's never really been possible to be truly anonymous when saying something in text. In the days when the printing press was the preferred way, one still had to have trusted people to help print and distribute the words. In early electronic days when dialup was king, there were always phone records and one had to have accounts on bulletin boards, and systems like fidonet kept origination records. In the days of Usenet, messages could at least be tracked back to a newsserver of origin, and assuming that records were kept, the ISP information could be found and then the subscriber account could be identified.

    Nowadays, unless the person wants to take the special laptop that's only used for this purpose, with a special add-on wifi adapter, go park next to a public wifi hotspot and use that public connection, being sure to store the equipment far enough away from themselves when not using it for plausible deniability, there's really isn't true anonymity. If one wants to truly remain anonymous, one generally has to not say anything. That's the tradeoff, true anonymity comes at the price of nonparticipation.

    --
    Do not look into laser with remaining eye.
  3. Re:I do. by Anonymous Coward · · Score: 5, Insightful

    You're not the one who gets to decide what is unacceptable; prospective employers do. If employers see something that is, to you, completely innocuous or just a tad embarrassing, and they find it offensive or unacceptable, it's not really going to matter how minor you believe it is. Using your real name is just stupid.

  4. Re:The methos is not uncalled for. by jellomizer · · Score: 4, Insightful

    Part of the problem is the fact that Europe has been trying to block free speech on it.
    I am not supporting racist or care for their ideals. But blocking out hate speech is more dangerous then trying to stop it.
    Why?
    Because the hate speech goes underground, where there is no sense of the scope of the problem. So the government doesn't understand how big the problem is and unable to do an appropriate protection of the hated groups.
    Secondly there isn't a counter dialog going on to discredit the hate logic. So people get this feed of hate in private and told that it is taboo, so they keep it quite, however there isn't anyone pointing out the flaw in their reasoning. So they can create more people who hate.

    Free speech is necessary, however it isn't safe or easy.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  5. Blocked at firewall ... by gstoddart · · Score: 4, Insightful

    Disqus has been blocked at my firewall for some time.

    Not because of this, but because I was seeing it on so damned many sites it's not funny. Which means I didn't trust it to be anything good for me.

    There's so much shit on the internet these days that if you're not using cookie/script/beacon blockers you're just handing over your information to a company for profit.

    I believe every hacker on the planet should be working to release the private details of every company executive (and their families) involved in this stuff. If our personal information is a commodity, then don't act like yours is any different. Assholes.

    Much like Zuckerfuck fiercely protects his privacy while undermining ours, you don't get to choose that your privacy is more important than mine.

    --
    Lost at C:>. Found at C.
  6. Re:I do. by Jiro · · Score: 4, Insightful

    I wouldn't want to work for an employer that would consider anything I've said "unacceptable".

    If work was something we wanted to do, it wouldn't be work, it would be hobbies. The whole idea of work is that you do something you otherwise wouldn't because people are willing to pay you for it.

    Nobody wants to work for a bad employer, but most people want to be without money even less. People work for assholes because they need the money, not because they want to work for assholes.