Cary Wrote:
-------------------------------------------------------
> Please note that I have edited the top post in
> this thread to explain the circumstances of this
> thread's continued existence, reproduced below:
>
> This thread has received an enormous amount of
> attention, generating 130,711 unique inbound links
> from Facebook alone in the past 5 days. Since
> that time I've received a myriad of demands,
> pleas, and threats, both legal and personal.
> Please allow me to walk you through my moderation
> decisions regarding this thread.
>
> Generally, dumping private information about
> ANYONE on Fairfax Underground is forbidden as it
> qualifies as a personal attack, which is against
> Fairfax Underground's rules. Indeed had I caught
> this thread early on before it generated large
> numbers of legitimate comments it likely would
> have been outright removed. However, this thread
> was not intended to be a personal attack against
> any one person but rather is a list of those
> affected by a security breach; a list which had
> been available to the more technically able for
> days before this post appeared.
>
> Fairfax Underground has a long history of making
> local information more accessible to the less
> technically apt. Fairfax Underground's own
href="http://www.fairfaxunderground.com/arrests/">
> Arrest/Ticket Search has been doing this for
> years, making freely available information
> previously only searchable by law firms or those
> with paid LexisNexis feeds. Still, this aim does
> not justify the leaking of personal information of
> thousands of local residents.
>
> Whether intentional or not, the author of this
> post "Mrs. Snowden" managed to omit just enough
> information to call the use of moderation into
> question. Had this author published an outright
> dump of the credit card details (including the
> card type and last 4 digits of the card used),
> this thread would have qualified for immediate
> moderation. Similarly if the author had published
> the much more damning information supposedly
> available, including Ashley Madison profile text,
> private message correspondence, or the user's
> "selected fetishes" this thread would have been
> moderated immediately. The author, however,
> published only the necessary information to
> determine who was affected by this hack, none of
> the more private details. Because this list was
> supposedly generated from credit card transactions
> it actually made the information far more accurate
> and trustworthy than if the author had published a
> list of given names from Ashley Madison profiles,
> some of which would undoubtedly be fake profiles
> intended to impersonate or defame (and would then
> qualify for moderation). As the author somehow
> exercised journalistic discretion in choosing only
> to reveal the minimal amount of informaiton to
> correlate a real-world identity, and the public
> had a (observably) overwhelming interest in
> determining who was (or who was not) on this list,
> Fairfax Underground employed the default action
> when moderation decisions are unclear: to take no
> action.
>
> Had I deleted this post upon first report, at the
> height of its' popularity, no doubt thousands of
> reposts would have immediately appeared, including
> on websites outside of my control, making
> moderation nearly impossible. Each of those
> reposts could have been altered, falsely including
> the name of an enemy or other unsuspecting victim.
> At the very least this list dumped by "Mrs.
> Snowden" appears to be accurate, a non-embelished
> snippet of Ashley Madison's customer database. My
> biggest fear was (and remains) that in the absence
> of authoritative information misinformation would
> flourish.
>
>
***IF YOU APPEAR ON THIS LIST***
> Your private information was hacked and far more
> damaging information is likely available to anyone
> who can query a SQL database. The hacked
> databases have been widely distributed and will
> likely be made easily searchable in the coming
> days on websites beyond my control. There's
> unfortunately no putting this genie back in the
> bottle, your information is out there. Rest
> assured that if any more lurid details of this
> hack are revealed on Fairfax Underground beyond
> your simple inclusion as a customer they will be
> immediately moderated, but take this as little
> solace in the grand scheme.
>
> In addition to hacked profile information I
> understand that full password hashes were also
> leaked, which are no doubt being brute forced by
> nefarious actors as we speak. If you use the same
> (or a similar) password at Ashley Madison as you
> do with other online services such as email you
> must CHANGE YOUR PASSWORDS IMMEDIATELY. You must
> consider your Ashley Madison password compromised
> as it surely will be in a few weeks time. I also
> highly recommend abandoning the email address you
> used in conjunction with your Ashley Madison
> account altogether as this address is already in
> the hands of spammers and extortionists. Media
> reports reveal that some victims of this hack have
> already received threatening extortion emails.
> Again, these spammers and extortionists no doubt
> have the full widely available hacked database and
> do not need to pull any information from Fairfax
> Underground.
>
>
***IF YOU WISH TO HAVE YOUR NAME REMOVED FROM
> THIS LIST***
> Please email me at
href="mailto:cary@fairfaxunderground.com">cary@fai
> rfaxunderground.com with a copy/paste of your
> name as it appears in this thread. While
> legitimate information is generally not removable
> from Fairfax Underground these are special exigent
> circumstances and I will honor all personal
> removal requests. However, just because you have
> been removed from this website certainly does
> nothing to the thousands of copies of the full
> database currently in existence.
>
> In summary this thread likely warranted immediate
> moderation, but given the author's careful
> publication of just enough data to positively
> identify a particular individual, coupled with the
> enormous public interest to learn who does or does
> not appear on this customer list, information
> already available for days to the more technically
> minded, caused me to take no action on this
> thread. Had anything more than a name (ie. John
> Smith) and an address to correlate to that name
> (which John Smith?) been made available this
> thread would have been removed immediately.
> Additionally had this author made ANY other claims
> (using hacked profile information) or revealed
> anything more than necessary to identify someone
> as a customer it would have been moderated
> immediately.
>
> It's a careful balance to run a community resource
> which seeks to make legitimate information freely
> available to all, and a balance that never pleases
> everyone simultaneously. This is NOT an open
> invitation to post any further leaked details, nor
> to EVER post information gained from any future
> hacks. This particular thread and the public's
> immense legitimate interest are unique and I
> cannot imagine a situation ever arising where this
> sort of list would be permissible ever again.
>
> Please note that Fairfax Underground is not a
> commercial entity and generates no revenue
> whatsoever. There is nothing for Fairfax
> Underground to gain from the publication of this
> information, and in fact the increased traffic may
> wind up costing considerable overage fees.
> Fairfax Underground only aims to fill a void of
> traditional media by quenching the public's
> sincere interest. I sincerely apologize to all of
> those who feel wronged by the publication of this
> information, but please note that this information
> was available for days on less accessible
> resources. If anything the publication of this
> list now should spare those included from years of
> worry and blackmail by untold hoards of malicious
> actors. This thread may eventually be removed in
> its' entirety, but as it's still generating
> hundreds of links from Facebook every hour the
> potential for reposts with unverified information
> is too high.
Beautiful, Cary, well said.
I too second whether the overages need to be covered and is there someway to forward you something to help cover it?