Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Wayback Machine is Deleting Evidence of Malware Sold To Stalkers (vice.com)

Posted by msmash on from the stranger-things dept.

The Internet Archive's Wayback Machine is a service that preserves web pages. But the site has been deleting evidence of companies selling malware to illegally spy on spouses, Motherboard reported Tuesday. From the report: The company in question is FlexiSpy, a Thailand-based firm which offers desktop and mobile malware. The spyware can intercept phone calls, remotely turn on a device's microphone and camera, steal emails and social media messages, as well as track a target's GPS location. Previously, pages from FlexiSpy's website saved to the Wayback Machine showed a customer survey, with over 50 percent of respondents saying they were interested in a spy phone product because they believe their partner may be cheating. That particular graphic was mentioned in a recent New York Times piece on the consumer spyware market.

In another example, a Wayback Machine archive of FlexiSpy's homepage showed one of the company's catchphrases: "Many spouses cheat. They all use cell phones. Their cell phone will tell you what they won't." Now, those pages are no longer on the Wayback Machine. Instead, when trying to view seemingly any page from FlexiSpy's domain on the archiving service, the page reads "This URL has been excluded from the Wayback Machine."

18 of 92 comments (clear)

  1. robots.txt by Thad+Boyd · · Score: 5, Interesting

    The Wayback Machine obeys robots.txt, even retroactively. If a site puts up a robots.txt file, archive.org will remove old versions of the site.

    1. Re:robots.txt by gnick · · Score: 3, Insightful

      The thing about preserving data is that you need to do it before the court order to be of any use.

      --
      He's getting rather old, but he's a good mouse.
    2. Re:robots.txt by jythie · · Score: 3, Interesting

      It is not all that mysterious that such a policy or mechanism exists, but it still highlight's the piece's argument that we need more archives since a single point of failure is, well, a single point of failure. I remember growing up people talking about how 'the internet is forever' and 'once it is out there it is always there', but over the decades one slowly finds more and more things that seem to be gone for good if they fail to be popular enough to keep spreading.

    3. Re:robots.txt by rahvin112 · · Score: 4, Interesting

      The internet archive (Wayback Machine) does not delete the data for sites with robots.txt that restrict data access. It simply marks the pages as unavailable if it already has them. Now I don't know if they will download new copies once the robots.txt is changed but they don't delete data they already have.

    4. Re:robots.txt by Anonymous Coward · · Score: 2, Informative

      the wayback machine does not delete stuff. It will remove it from the public site at the request of robots.txt, but it doesn't actually delete its archive. If robots.txt changes again, it comes back

    5. Re:robots.txt by brewthatistrue · · Score: 2

      Yes it does, which is unfortunate. In the past I've noticed this when domain squatters acquire an expired domain and the Web Archive begins denying access to archived pages from the original site.

      This appears to be a misread of the robots.txt intent.

      Apparently, the "Robot Exclusion Protocol" was intended to prevent unattended crawlers.
      However, the Internet Archive also prevents human initiated crawls, and retroactively removes access to previous crawls.

      Here is a quote from the FAQ of Archive.is, an internet archival service similar to the Internet Archive's Wayback Machine:

      > Why does archive.is not obey robots.txt?

      > Because it is not a free-walking crawler, it saves only one page acting as a direct agent of the human user. Such services don't obey robots.txt (e.g. Google Feedfetcher, screenshot- or pdf-making services, isup.me, )

      which links to Google Feedfetcher's FAQ:

      > Why isn't Feedfetcher obeying my robots.txt file?

      > Feedfetcher retrieves feeds only after users have explicitly started a service or app that requests data from the feed. Feedfetcher behaves as a direct agent of the human user, not as a robot, so it ignores robots.txt entries. Feedfetcher does have one special advantage, though: because it's acting as the agent of multiple users, it conserves bandwidth by making requests for common feeds only once for all users.

  2. They will delete yours too, if you ask by Anonymous Coward · · Score: 5, Informative

    See https://archive.org/about/faqs...
    If you want to delete your site from the wayback machine, all you have to do is ask them. They are not obligated to keep any page in the archive, whether it contains "evidence" or not. You can also exclude ia_archiver user agent in your robots.txt, which will prevent your site from being indexed in the first place. This way you will not even have to ask them.

    1. Re:They will delete yours too, if you ask by jarkus4 · · Score: 3, Informative

      Robots.txt will not work as they started ignoring it (https://blog.archive.org/2017/04/17/robots-txt-meant-for-search-engines-dont-work-well-for-web-archives/), but the email method still works.

  3. It wasnt malware by Anonymous Coward · · Score: 5, Funny

    It wasnt malware, in the American language it would be called something like a "analytics's and management platform, with realtime reporting and active asset monitoring and protection"

  4. Yep, that's how it works by Anonymous Coward · · Score: 5, Insightful

    It is very annoying, but that's how it works. The worst is when a site that is owned by an entity who goes out of business is preserved by the wayback machine, but then another entity gets the domain, puts up a robots.txt and there goes all the history.
    For all the good it is doing, it would be so much better if it did not apply robots.txt retroactively. It doesn't even make sense, robots.txt says "bots stay out", which is not nearly the same as "bots, forget whatever you had visited in the past"...

    1. Re:Yep, that's how it works by bill_mcgonigle · · Score: 3, Insightful

      Almost certainly this is how archive.org manages to not get sued out of existence by malicious litigants who want to hide their misdeeds.

      If you can figure out how to make the legal system non-abusive, let's do that and then I'm sure archive.org will keep all their old crawls available.

      In the meantime let's support them for staying around.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  5. Re:Illegally spying on spouses? Stalking? by jythie · · Score: 2

    Having a pre-existing relationship doesn't make anything more or less stalkery.

  6. Re:Illegally spying on spouses? Stalking? by Bryansix · · Score: 2

    I'll just go out on a limb here and say that I'm sure this law varies state to state.

  7. Re:Illegally spying on spouses? Stalking? by nuckfuts · · Score: 2

    ... how do you "stalk" someone you are already married to?

    Gee, I dunno, maybe you could "intercept phone calls, remotely turn on a device's microphone and camera, steal emails and social media messages, as well as track a target's GPS location".

  8. Re:Respectful attitude by CustomSolvers2 · · Score: 2

    If the owner of a particular domain wishes that the HTML documents available through that domain be made available indefinitely, even after the domain owner's insolvency, what should the domain owner do to prevent the domain from being snapped up by a third party that sets robots.txt?

    I don't like that scenario and, probably, most of people doesn't do either. But it seems an unavoidable drawback of this whole approach. This is a private company with private interests and obligations (not precisely providing a public service for any random internet user) which, as such, can do whatever they want with their data. There seems to only be one limitation to that absolute power: what the person/company referred by that data wants to do with it. Bear in mind that we aren't talking about the typical user-opens-account->generates-data->user-tells-how-to-use-data, but about systematic collections of data which, in most of the cases, happen without the given user knowledge. How to know who is the owner now and yesterday? How to deal with eventual ownership conflicts?, etc. Everything would become too complicated, too invasive (all this additional personal information would have to be stored), etc. They might have chosen a more conservative alternative like deleting only the current files, but preferred to make sure that no information without a clear permission will be kept.

    --
    Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
  9. Re: Respectful attitude by AvitarX · · Score: 2

    They're erring on the side of caution, because they don't want lawsuits.

    --
    Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
  10. cheating partners by h4ck7h3p14n37 · · Score: 2

    If you think your partner is cheating isn't that enough to end the relationship? Why go to the effort of obtaining proof?

    If you find out your partner isn't cheating, how does that resolve the feelings that made you suspect infidelity in the first place?

  11. Re:Illegally spying on spouses? Stalking? by shaitand · · Score: 2

    So you have two modes, absolute blind trust and bail at the first sign of anything that manages to wiggle through it? Your spouse is human, humans lie, humans do selfish things, humans make mistakes.

    Your spouse doesn't need to know your every thought or action but if there is something you are making available for literally any other third party (network provider, government, friend, etc) and you don't think marrying a person implicitly and automatically amounts to granting consent to that plus more you'd never share with another party it's you who should probably just get a divorce.

    There are very important and obvious reasons for that, not the least of which is if you are unconscious your partner has the right to give access to all that information to someone else and also make choices like whether or not a doctor should do something that will kill you if you've eaten X or been exposed to Y in the past 24hrs.

    There are paranoid partners out there but having a doubt or suspicion in an innately fallible thing isn't the issue. Not seeing your partner as someone you ultimately trust is a marriage killer. I might write something in a message I'd rather my wife not see and I'd be annoyed if she were looking in my messages with out some sort of reason but of course she has the right to look at them without legal consequences. Your spouse can give consent to a law enforcement officer to search your possessions and information waiving your right to privacy but you think they shouldn't be legally entitled to waive that the same right when they have need?

    In my house the bar for looking at one another's text messages is at the "oh yeah, I remember (s)he sent that address I'm trying to find to Joe last week."