# [split] Announcement - Security Problem and Admin Resignation



## Arshes Nei (Jul 23, 2007)

*[admin edit]*: See http://www.furaffinityforums.net/showthread.php?tid=10883 for start of thread.

Well the reason I'm not saying how he's (Calorath) doing it has to do with the fact, I'm getting a better perspective of how much of a mess the FA administration is. They even covert each other as admins and no offense to blueroo this post is a prime example of how the team seems to show half faith towards each other, or how involved they are in working as a team even.

So even if I'm not pointing the admins to the right direction of what is going on, the information from "non information" is still giving me better perspective of how things are managed here.


----------



## Dragoneer (Jul 23, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Arshes Nei said:
			
		

> They're obviously looking at people's usergroups and permissions to see if he has access to any of them, I mean the first thing I do is look at the user directly in the control panel. However, it's fairly obvious that none of you understand why I'm laughing at this situation.


Ok, so what do you see in the Control Panel that I'm not?


----------



## Calorath (Jul 23, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Preyfar said:
			
		

> Arshes Nei said:
> 
> 
> 
> ...



Me! >.>

*pokes*


----------



## Arshes Nei (Jul 23, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Preyfar said:
			
		

> Arshes Nei said:
> 
> 
> 
> ...



I'm not in your control panel, makes it a bit difficult XD


----------



## Dragoneer (Jul 23, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Arshes Nei said:
			
		

> I'm not in your control panel, makes it a bit difficult XD


The only group Calorath has is a Registered user. People are only given permission by groups, and he is in no groups. I have gone through every single group and looked at all the forum permissions and they seem more than fine.


----------



## Arshes Nei (Jul 23, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

Right, but as I said you guys don't understand your own software. I was telling net-cat about the usergroups because he was going through every forum # to see if that was the issue.


----------



## Dragoneer (Jul 23, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Arshes Nei said:
			
		

> Right, but as I said you guys don't understand your own software.


What don't I understand about it?


----------



## Arshes Nei (Jul 23, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

There is more than one way to access forum messages.


----------



## Wolfblade (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

Well, if Calorath wants to easily clear himself of the accusation, all he has to do is let us know who gave him quoted texts from the private Admin forums. Then we can focus on how THAT person got them, and apologize for the accusation against him.


----------



## Arshes Nei (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

Who said it was given to him by another admin?


----------



## Wolfblade (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Arshes Nei said:
			
		

> Who said it was given to him by another admin?



Uh... nobody as far as I've seen...

And neither did I.

Since he seemed offended at the accusation that he broke into the forums, I took that as meaning he says he did nothing of the sort.

But we know as a fact that he had full quoted texts from private boards.

If he did not get them himself, someone else must have, and then passed them to him.

I said nothing about that person being an admin, though that is of course a possibility.

But WHOMEVER it was, all Calorath has to do to shut down the accusation that he was on the private boards himself is to let us know where he DID get that info, and we can then address that person, whether they be an admin or not.


----------



## blueroo (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Preyfar said:
			
		

> blueroo said:
> 
> 
> 
> ...



You know as well as I do just how many exploits were in that old forum code. You know this because I posted a report on it. We were running version 1.2 of MyBB. The version I just installed is 1.2.9. There were *seven* critical security updates between the versions. I told the rest of the admin staff about this months ago, and again a few weeks ago. Only last week was anyone finally able to get me the login information for the forum server.

Here's an exploit the forum was vulnerable to since last September of *last year*.

"_vulnerability allows a hacker to upload a false GIF image which contains executable code which can then be used to obtain the authentication details for a logged in user viewing the page._"



> blueroo said:
> 
> 
> 
> ...



If you never saw any evidence, then you were looking the other way. We had an entire thread about the fact that Calorath was posting word for word quotes of admins from the private admin forum on his public journal. Further, I sent you notes between Calorath and Damaratus where Calorath *admitted* his activity.



> blueroo said:
> 
> 
> 
> ...



I am saddened too that you would put your public image before the security of the users of FA. If you had told users what was going on with an honest heart and honest words, they would have understood. 

That said, some folks are calling for evidence. I don't have access to admin threads anymore, and I can't go back and look at the notes I previously did. However I do have the message I sent to you. Remember this?


----------



## blueroo (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

I sent this message to you yesterday Preyfar. I'm surprised that you've forgotten it so quickly. Not only does Calorath admit his deed, he also issues an ugly ultimatum.

[yak]: Notes exchange removed due to privacy reasons.


----------



## blueroo (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

I want to make a small defense for myself as well. While I am truly sorry that I had to draw attention to this issue in such a dramatic way, I'm not sorry that the issue was announced. I don't wish to cause FA any harm, but as administrators we have a responsibility to our users. Sometimes that means being friends, sometimes it means being jerks and enforcing the rules, and unfortunately it does mean having to be the bearer of bad news. This happens to be one of those times when bad news had to be shared.

The admin leadership refused to make an announcement about this security problem. Against my advice as technical staff, our lead admin with only PR experience decided that a security breach was not a serious risk and declared it would not be announced. I hope that the rest of you understand why I have felt the need to be so very blunt. Unfortunately, this issue is a serious risk and a fear of embarrassment is not a good reason to sweep it under the rug and pretend it never happened.



> 11:48AM|<Damaratus> blueroo: We do not need an announcement.  The users nor the data is seriously at risk.
> 11:48AM|<Damaratus> I have talked to Calorath about it, right now.
> 11:48AM|<blueroo> Is that your final decision?
> 11:49AM|<Damaratus> That's what I have determined.  They are not at risk, he is not going to do anything serious


----------



## Rossyfox (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

Gosh! I'm not sure who I want to yiff now. :<


----------



## blueroo (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

If anyone wishes to see a copy of the now deleted notes, interesting because Calorath admits his wrongdoing, feel free to take a gander at:

http://www.seattlefenix.net/fa/page2.htm


----------



## yak (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

This thread sheds so many negative light on people because the only relevant parts being quoted are those that prove the point of the person quoting them.

Things are different from how they look on this thread, but i don't feel myself in the position to quote parts of the private discussion. 
This is the same reason i removed blueroo's post with the note exchange between Calorath and Damaratus.


----------



## STrRedWolf (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

I'm going to pull rank and speak as administrator of Comic Genesis, to express my thoughts about this controversy:

*This resignation is highly disturbing and the posting of a conversation between Calorath and Damaratus does not install faith in ether of them.*

Thus, it is *demanded* that FurAffinity staff change their system-level root and user account passwords immediately on both the forum server and the artwork/main site server, and implement further security measures within a tight timeframe.

And Calorath:  If there is a picture that violates the DMCA in your mind, take it to a lawyer first.


----------



## Bokracroc (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

Bets on the next Admin/Mod to crack the shits and leave are *open.*
There's more drama in the FA Admin crew than a day-time soapie.


----------



## Arshes Nei (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

This is really ridiculous.


----------



## Calorath (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				STrRedWolf said:
			
		

> -snip-
> 
> And Calorath:  If there is a picture that violates the DMCA in your mind, take it to a lawyer first.



You apparently need to learn to read better, as you have no effing clue what you're talking about.


----------



## yak (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				STrRedWolf said:
			
		

> I'm going to pull rank and speak as administrator of Comic Genesis, to express my thoughts about this controversy:
> 
> *This resignation is highly disturbing and the posting of a conversation between Calorath and Damaratus does not install faith in ether of them.*
> 
> ...



I cannot confirm your identity, nor do i wish to at this time.
But know that *demanding* something is not the best way to expect us to do it, even if you were in the position to do demand in the first place.


----------



## net-cat (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

-- Consider this post deleted. --


----------



## straydog (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				STrRedWolf said:
			
		

> I'm going to pull rank and speak as administrator of Comic Genesis, to express my thoughts about this controversy:
> 
> *This resignation is highly disturbing and the posting of a conversation between Calorath and Damaratus does not install faith in ether of them.*
> 
> ...



What does you being the admin of some B-rate webcomic hosting service have to do with anything? More to the point, why would you even begin to think that it somehow makes your thoughts about this matter more relevant/important/worthy of attention than any other users'? It doesn't.


----------



## Shira (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

Whether the allegations are true or not, the lack of communication by the FA administration regarding security issues on the site makes me question how seriously security is taken. I've seen multiple accounts compromised without the administration responding at all. I've seen other users bring up potential serious problems and, instead of dealing with those problems, the complaints were ignored. I'm not saying that the admins don't do anything - minor issues seem to be resolved quickly - but the major security flaws built into the site and forums seem to get ignored.

This issue just brings that to light: there was a debate over whether or not a potential concern should be announced, and the decision was made _not_ to announce the risk. I find that lack of communication to be unacceptable. I'd rather see security announcements come out of FA as soon as a potential problem occurs, alerting users as to what the risk is. I'd rather the admins err on the side of making an announcement that proved unnecessary than failing to make an announcement at all. If it was even suspected that a user had access to private parts of the site, why wasn't an announcement made? Something just doesn't seem right to me about that.


----------



## Damaratus (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

Well I suppose after all of that I will have to put my hand in on this one, since obviously it is turning into something greater than it even needs to.  I'd like to thank Yak for at least attempting to give me a small level of privacy in this particular instance, since everything that has happened on this particular thread seems to be quite similar to another administrator who decided to resign and then post lots of private stuff that happened.

Do keep in mind that the notes that passed between me and Calorath were read by Blueroo, and that had he considered any of you commenting on this thread as someone who might pose some kind of threat to him or the site, he would have dug through your conversations just as readily.  As far as the adminstrative rules are concerned that is a big no-no, because we would like you all to maintain a level of privacy on this site, you all should feel comfortable in passing notes between each other without the worry that someone is reading through your private messages and painting you in a bad light in the process.  Obviously my conversation with Calorath did occur, in fact we talked a couple of times.  So here is my reasoning in this process, and perhaps you all will give the benefit of the doubt:

When the first "security issue" popped up, the evidence surrounding it was actually not empirical, but it was a known situation which included the coders (who are the people who could truly fix things if there was really such a problem).  There was no way to tell whether there was any particular security breach, rather it looked more like a leak, and the information was not critical.  The matter was looked into, I contacted Calorath, in part because I have been on this site long enough to know comprehend motive behind action.  We had our conversation over notes, and it became clear to me, that this wasn't so much a matter of security, just more of a necessity to move on from this nonsense.  He got rid of the picture, and I continued to inquire about security issues with Dragoneer.  It's better to quell the surface issue and continue one's investigation unimpeded by the drama.

The second time that things were brought up, it was Blueroo who did so.  At this point he had become entirely worried about multiple things, and was not only concerned about Calorath, who one again presented inconclusive evidence to being able to "see something" and in turn spurred on Blueroo to panic, but also about other people.  *At any point during this, had I seen any form of hard, empirical evidence to suggest that there was a serious and harmful breach in the security of the forums or the main site, I would have taken the measures to make sure that it was taken care of*.  There was never anything to suggest that, and I was constantly talking to Dragoneer and the other coders about the situation and what was going on.

It was then that I found out that Blueroo had been going through user notes, looking at private conversations.  Trying to get information, not only was he looking at the stuff from Calorath, but other users who he considered to be troublesome.  That's right, without asking, without inquiring with the rest of the staff, he went through private user notes, and came out with more conspiracies.  He then pushed an ultimatum on me that he would resign and post this particular thread if I did not post the information myself.  I am not the type to be bullied, especially when I have a grasp of the situation.

I once again contacted Calorath, I talked with him again.  I found out the way that he was doing things, and that's when I informed Blueroo that I was not going to post a forum/journal post telling people to panic because their information is in danger, because it wasn't.  *If Calorath had accessed sensitive information and had wanted to cause serious harm the site or its users he would have done so already.*  I have not seen evidence that he has done so, nor do I have any evidence that he will.  I don't approve of the methods that he was doing things, and he is quite aware of this, but I did not see a reason to incite panic in the thousands of users on this site, for the sake of inconclusive, paranoid conspiracies that were generated from a poor overall concept of the situation.

It is much easier to approach someone about something on common ground, without major accusations,  rather than than utilize fear-mongering and painting someone in the darkest light simply because you do not have the full story.

So to you Blueroo, I wish you well enough.  For the help that you did give the site, thank you, you had some good ideas about projects for the site, some that may still be incorporated.  

For the damage that you caused to members of the site, and the attempt to drag others through the mud in the process of you leaving the administration, that's as unprofessional as the ultimatum you gave me when you resigned, I do not think that what you did was a positive thing for you or your reputation, even if you feel that what you did was right.

*Edit: To make it perfectly clear, there is no particular forum security exploit that Calorath was using to get what little information that he decided to mention.*

Edit 2: Please do note that the IRC log that Blueroo posted was a mere snippet of the conversation and that it is out of context of the whole of the situation as well as has been edited in portions to exclude some comments.


----------



## Shira (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Damaratus said:
			
		

> I have not seen evidence that he has done so, nor do I have any evidence that he will.  I don't approve of the methods that he was doing things, and he is quite aware of this, but I did not see a reason to incite panic in the thousands of users on this site, for the sake of inconclusive, paranoid conspiracies that were generated from a poor overall concept of the situation.



A user that is not an admin of any sort has full access to the site. Even if Calorath had no malicious intent, that's a critical security flaw that needs to be addressed as quickly as possible, because a malicious user could easily exploit the same security hole in the future if it is not fixed. An announcement to the site that such a hole exists and a rough idea of when it will be fixed (if it's possible to provide an estimate) would instill at least a bit more faith in the site as being capable of resolving its problems.


----------



## STrRedWolf (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

It never does, even if it's to a hosting service that's similar to what FurAffinity is (although with very drastic differences -- the basics only being we both serve images).

However, in the posts exposed by Blueroo, I got the express feeling there's a technical hook that can be abused.  I don't like that, especially when it makes my artwork at risk to be stolen (and I don't mean through just regular download-to-HD).

I do acknowledge a ton of caveats, including: 

I do not know if the forums and the art host are on the same server.  A DNS check may only go so far with how equiment can be configured in hardware and software (including virutalization).
I do not know if the admins are able to SSH into the art server from the forum server -- I've done that before on my setup.
I do not know the underlining processes and policies of FurAffinity's admins, and thus they are being treated like any ISP -- very suspicously.
I do know that I'm sounding like a hyper-paranoid, completely idiotic dork. 

To be clear:  I'm for re-securing the servers involved, investigating, and taking action based on the investigation.  Blueroo may have some good points, and they'll need to be looked at.  But we need to have a safe environment to do so, and given FA's known history of downtime... I'd love to have some reassurance from all FA staff that things are locked down.


----------



## Damaratus (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Shira said:
			
		

> A user that is not an admin of any sort has full access to the site. Even if Calorath had no malicious intent, that's a critical security flaw that needs to be addressed as quickly as possible, because a malicious user could easily exploit the same security hole in the future if it is not fixed. An announcement to the site that such a hole exists and a rough idea of when it will be fixed (if it's possible to provide an estimate) would instill at least a bit more faith in the site as being capable of resolving its problems.



That's the thing, when I spoke to Calorath it became entirely clear to me that there wasn't such a security hole that gave him full access.  The "evidence" that he presented made it quite clear that he did not have administrative access and could not get to the user data on the site, and it was not a security exploit that he was using.  So there was no flaw to fix.


----------



## Janglur (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

Just for the record, if the Admin choose to do a coverup, and you can ask Yahoo and AOL to verify this..


FA AND IT'S ADMIN BECOME COMPLETELY RESPONSIBLE FOR ANY MONETARY OR CRIMINAL DAMAGE WHICH OCCURS AS A RESULT OF THOSE INFILTRATING THE SYSTEM.
BECAUSE THE ADMIN ARE AWARE OF THE INFILTRATION AND IT'S POTENTIAL DAMAGE AND CHOOSE NOT TO TAKE ADEQUATE MEASURES AND WARN THE USERBASE, THEY ARE CONSIDERED ACCOMPLICES IN THE CRIME.

I think that not just civil, but POTENTIAL CRIMINAL IMPLICATIONS would be the best darn reason to ever pop up in this site to take action.
Coverups are NOT good, and do NOT benefit ANYONE.


----------



## net-cat (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Damaratus said:
			
		

> That's the thing, when I spoke to Calorath it became entirely clear to me that there wasn't such a security hole that gave him full access.  The "evidence" that he presented made it quite clear that he did not have administrative access and could not get to the user data on the site, and it was not a security exploit that he was using.  So there was no flaw to fix.



Er. That doesn't make sense. Unless I'm missing something, he had access to stuff he shouldn't have had access to. I mean, whether someone made a mistake in configuration or there's an actually, bona fide exploit involved, it's still a security problem that should be fixed, whether that means tweaking permissions or patching code...


----------



## Damaratus (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Janglur said:
			
		

> Coverups are NOT good, and do NOT benefit ANYONE.



Once again, there was nothing to cover up here, the users were not in danger, and the issue was not one that needed to cause panic.  Unless you like to have someone bring up every possible conspiracy and inconclusive theory that can be come up with.


----------



## STrRedWolf (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Shira said:
			
		

> A user that is not an admin of any sort has full access to the site. Even if Calorath had no malicious intent, that's a critical security flaw that needs to be addressed as quickly as possible, because a malicious user could easily exploit the same security hole in the future if it is not fixed. An announcement to the site that such a hole exists and a rough idea of when it will be fixed (if it's possible to provide an estimate) would instill at least a bit more faith in the site as being capable of resolving its problems.



Shira has hit it on the head.  When I changed something on CG, but did not say anything about it, I had 10,000+ people crying fowl about why they were not informed about things.  Doing such _never_ goes well and you will get burned.  Keeping the community informed is always a good thing.

It's one of the reasons why the server migration over at CG went so smoothly:  I and my co-admin posted notices (and I actually addressed in person 50 of them) that we were getting a new server and we're moving whole-hog to it.  This has met with much fanfare plus the understanding of alot of the community that some problems will be related to the (now completed) move.


----------



## Calorath (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

No exploits, no security compromises, or any hax0ring.

Guys, some of you gossip, fear-monger and speculate worse than old ladies.

I am quite amused.


----------



## Damaratus (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				net-cat said:
			
		

> Er. That doesn't make sense. Unless I'm missing something, he had access to stuff he shouldn't have had access to. I mean, whether someone made a mistake in configuration or there's an actually, bona fide exploit involved, it's still a security problem that should be fixed, whether that means tweaking permissions or patching code...



It wasn't an exploit, he never had any greater access to things on the forums, his permissions were the same as every other user.  This was a human element, the one involving people with access talking about things to people without.  A leak is quite different than an exploit, and that is something that is being fixed.


----------



## Arshes Nei (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

Like I said I know what essentially happened because of the combination of forum experience, as well as Calorath's statement to me, I know he told Damaratus, because well he asked nicely what happened. So you can all take your pitchforks and go home now, Calorath is no scapegoat for security. It's not even a real security issue, it's something that can get easily overlooked depending on your knowledge of the capabilities MyBB has to offer.


----------



## Janglur (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

Security aside, i'm still extremely upset.

This much drama from staff?

Drama is, inherently, a security flaw.  As we've seen today by calorath and damaratus' raped privacy.

Hopefully this problem has now resigned.  But i'm skeptical, and the recent event-after-event occurances have degraded my feelings about FA to where I no longer feel safe, or welcome, on FA.


----------



## net-cat (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Damaratus said:
			
		

> It wasn't an exploit, he never had any greater access to things on the forums, his permissions were the same as every other user.  This was a human element, the one involving people with access talking about things to people without.  A leak is quite different than an exploit, and that is something that is being fixed.


Well, there you go. I'm satisfied with that explanation. (Technically, that's still a security problem.)

Although the explanation being that mundane raises some very interesting questions.


----------



## Damaratus (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				net-cat said:
			
		

> Although the explanation being that mundane raises some very interesting questions.



Indeed it does, and I have some of the same.


----------



## Almafeta (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

So why hasn't this compromise been announced on the main site?


----------



## Arshes Nei (Jul 24, 2007)

*Announcement - Security Problem and Admin Resignation*



			
				Almafeta said:
			
		

> So why hasn't this compromise been announced on the main site?



1. It's not a real compromise, unless you want to talk about Blueroo going through people's notes - because Calorath didn't do the compromise

2. It's much ado about nothing quite honestly. It was such a small situation that blew up.

By the way, it's not a security problem, leaks happen, we're all human. FA is not making rocket and nanite tech, they're running a website. It's one thing to leak an entire block of code that can be easily exploitable, it's another for a conversation to get out between members. The latter is just considered unprofessional, not so much a security issue.

However, I'll state again that it would be good to fully understand your software. Apparently people are making assumptions that there aren't other ways to access the information if an admin doesn't understand all of the ways that can be a security risk. Removing someone from the admin group doesn't always guarantee that a former admin didn't set up permissions to see the forums other ways on another account. I had created invisible admins this way, though I'm not sure if MyBB's newer version set up things a bit different. That is the tip end of ways they can view admin stuff by the way. Viewing however, is a bit different than replying and adminning.


I thought people weren't supposed to read other people's private messages btw? Ouch. Not good.


----------



## uncia (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Arshes Nei said:
			
		

> I thought people weren't supposed to read other people's private messages btw? Ouch. Not good.



http://www.furaffinity.net/lm/tos/
_"Fur Affinity Administration and Staff reserve the rights of the following:
....
To monitor Userâ€™s private data, submissions, comments and/or notes to investigate issues which could constitute illegal activity by state, Federal or International Law or to further protect the interests of the site, the Terms of Service, Submission Agreement and Acceptable Upload Policy or to monitor transmissions which could be considered threatening, "spam" or "flaming"."_
Of course, it's also easy enough to twist "looking for evidence of a conspiracy against oneself" into "trying to protect the interests of the site" if you wish to justify that in your mind and justify doing so on that basis.

In general, however, any browsing through other community member's private notes/PMs was meant to be done in an open manner (from an admin p.o.v.) relating to a specific issue per that ToS clause above, declared visibly on the admin fora, and not be carried out on a personal vendetta basis. I can't recall if that was formalised into a specific admin rule, but those were the broadbrush guidelines, I believe. _(*waves over for clarification, if required*)_


----------



## Arshes Nei (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				uncia said:
			
		

> Arshes Nei said:
> 
> 
> 
> ...



Oh no,  please understand my statement. First off, ANYONE with access to the Database can read user notes. I don't care of any assurances that it won't happen otherwise. I just remember this becoming a big issue because Oz Kangaroo was reading user notes during the last time this ordeal came up and Dragoneer didn't want this happening anymore. 

I particularly don't care if the admins can read my notes, as stated if there is a legitimate case of harassment or something criminal you do want to access those notes just in case. We're using their website, you have to understand that they can access it, you can't just assume privacy otherwise. You just have to have faith that the admins aren't abusive or snooping just for shits and giggles.

However, when there wasn't a real cause to read the notes, this became something personal as you said.


----------



## uncia (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Arshes Nei said:
			
		

> Oh no,  please understand my statement. First off, ANYONE with access to the Database can read user notes. I don't care of any assurances that it won't happen otherwise. I just remember this becoming a big issue because Oz Kangaroo was reading user notes during the last time this ordeal came up and Dragoneer didn't want this happening anymore.


Yep, that's probably when those guidelines (even if not a firm admin rule) came into play. I can't answer that definitively for obvious reasons: no problems being corrected on that, if not. 



			
				Arshes Nei said:
			
		

> You just have to have faith that the admins aren't abusive or snooping just for shits and giggles.


*nods*



			
				Arshes Nei said:
			
		

> However, when there wasn't a real cause to read the notes, this became something personal as you said.


There were at least two concurrent threads here, the second being off the back of Swampwulf's thread (which definitely /was/ being taken as a personal conspiracy matter), and I can see easily how that could have been twisted into the first on the basis of "trying to protect the interests of the site" per the ToS.
Even if that were so, I presume that the scope of any general investigations would have been displayed clearly on the admin fora and at least tacit permission obtained to carry that out in a neutral manner.

JM02c from my understanding, anyhow,
d.


----------



## yak (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Arshes Nei said:
			
		

> However, when there wasn't a real cause to read the notes, this became something personal as you said.


I have realized my mistake by making the note reading an available admin tool.
As of now i have left this privilege only to myself. All requests for user notes will pass through me or my successor, if and when the time comes.


----------



## ArrowTibbs (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

I just find that he was reading notes to be creepy, to be honest. ._. After all his warnings about Calorath reading PMs and warning against people doing business via them...Eesh.


----------



## Arshes Nei (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				yak said:
			
		

> Arshes Nei said:
> 
> 
> 
> ...



Honestly, yak you really shouldn't even have to do that. You just need to have staff that understand ethics of doing such things. Like I said I don't particularly care that admins can read my notes, they're upset by what I say, that's their problem. I do expect them however to realize that there are more important matter than, "ZOMG what is so and so saying about me" and taking the time to read them to begin with.

The fact that you guys have to make "A sole successor" that's utterly ridiculous. Other sites have this ability, they just have staff that are responsible.

The more you play lockdown because you guys chose horrid staff, the more you hurt yourselves in the long run.


----------



## Screaming Organism (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

Regardless of what is said here I'd rather be safe than sorry. It's a simple two-minute process that could ensure the integrity of your account.

I don't know who to believe, nor do I care at this moment in time, but I'm not about to find out the hard way just what Cal's intentions are.

I've heard mixed messages about him so far. He might actually be a good individual. But I'm not going to take my chances. Passwords are changed.


----------



## verix (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

Yeah, those pesky Reds are everywhere.


----------



## wut (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

Let's judge everything off completely second/third/fourth/etc. hand information.

That worked oh so well in the past.


----------



## blueroo (Jul 24, 2007)

*Announcement - Security Problem and Admin Resignation*

Wow. The amount of spin here is going into overdrive. Arshes, you have no idea what's going on here and I'm going to have to respectfully ask that you stop insisting you do.

Folks, it is *standard practice* for admins to read your notes when they are investigating an issue. See this url? Yesterday, it had a third radio box called "Notes". Yak and I have been digging notes out of the database at the request of the entire admin staff for a long time. It's part of our job when things go bad and we have to investigate.

http://www.furaffinity.net/yak/projects/furaffinity/comment_report/fa_comments.asp

Damaratus, I can't tell you how highly disappointed I am that you have decided to spin this as some freak occurance of an admin leaving. That you are now accusing me of improper conduct, paranoia, and lying is a disservice to this community and to the rest of your staff.

I left the staff because this was the very last straw, indicative of a serious problem in the senior staff. I still remember the Tumble Bunny (http://www.furaffinity.net/user/stefanescu) incident, and how I had to threaten to take the issue to the FBI myself to get Preyfar to do anything about it. The best I got was "I'll report it to my contacts in the military". I probably shouldn't have accepted that as an answer, but I wanted to believe he would do the right thing. Much like this situation, the senior staff were afraid of getting their hands dirty and attracting unwanted attention. Perhaps I should have realized that senior staff who are unwilling to report a pedo predator actively engaged with an underage child online would also be unwilling to deal with security issues. Maybe in that respect I am naive.

Well guys, you can't hide from the dirt forever. Sometimes the stink is so bad, you have to clean with fire and in that context I truly believe that sharing this info is the best way to help FA. I'm done posting now, because I've said everything I can say and posted all the evidence I can post about this issue. Everyone can always feel free to contact me on IM to talk about whatever. As always, keep up the good lulz and behave yourselves.


----------



## Damaratus (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Screaming Organism said:
			
		

> Regardless of what is said here I'd rather be safe than sorry. It's a simple two-minute process that could ensure the integrity of your account.
> 
> I don't know who to believe, nor do I care at this moment in time, but I'm not about to find out the hard way just what Cal's intentions are.
> 
> I've heard mixed messages about him so far. He might actually be a good individual. But I'm not going to take my chances. Passwords are changed.



It's already a suggested practice to occasionally change one's password.  It just makes sure that things stay safe.

That being said.  This particular thread is closed.  General discussion that comes from it can be started in other threads.  Or resumed in the response to this particular thread.


----------



## yak (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

The location of my files on the server i entrusted to a selected few admins have nothing to do with the current drama and i feel there was no need to post it to the public like that.

Somehow through your actions you made me paranoid wanting to see if there are any stray files on some importance you could give away links to in your another post. 

You didin't like the idea of Calorath reading other people's notes yet you freely posted a whole conversation out of the similar sources. 
How do you feel it's more justified then what Calorath possibly did? Just because you happened to be the admin and he's the supposed hacker?

Out of all things i dislike about this whole case, your attitude is the biggest.


----------



## Arshes Nei (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*

Is there a reason this thread got edited beyond recognition?


----------



## Damaratus (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Arshes Nei said:
			
		

> Is there a reason this thread got edited beyond recognition?



I believe something happened during a split followed by a merge.  I'm not sure exactly what happened because it looks fine on my computer.


----------



## SammyFox (Jul 24, 2007)

blueroo said:
			
		

> Wow. The amount of spin here is going into overdrive. Arshes, you have no idea what's going on here and I'm going to have to respectfully ask that you stop insisting you do.



Why would she do that? I mean, you're not even an admin anymore and you screwed so hard we kind of lost respect for you dude.


----------



## Arshes Nei (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Damaratus said:
			
		

> Arshes Nei said:
> 
> 
> 
> ...



Darn I was gonna declare the split magical vagina void, because you know how furries like that


----------



## uncia (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Damaratus said:
			
		

> I believe something happened during a split followed by a merge.  I'm not sure exactly what happened because it looks fine on my computer.



Spotted you try to post (cap?) on the other thread where the start of this discussion is now, Damaratus. Still not showing up there...
The forum software/database can be flaky at times: at least you didn't manage to do my trick of accidentally deleting an entire thread whilst fixing that...

d.


----------



## Arshes Nei (Jul 24, 2007)

To blueroo: I know what was going, on otherwise some of you admins wouldn't have PM'd me asking how did Calorath know XD and that includes yourself.


----------



## Muse (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Rossyfox said:
			
		

> Gosh! I'm not sure who I want to yiff now. :<



Best reply in the whole thread.


----------



## Swampwulf (Jul 24, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				blueroo said:
			
		

> Damaratus, I can't tell you how highly disappointed I am that you have decided to spin this as some freak occurance of an admin leaving. That you are now accusing me of improper conduct, paranoia, and lying is a disservice to this community and to the rest of your staff.



Welcome to the wonderful world of Group:Registered where your _opinion_ is just that.
_Your_ opinion.

It's tough to be dismissed despite trying to do your best to share information and find solutions to problems you perceive and no one else does, isn't it?


----------



## Arshes Nei (Jul 25, 2007)

LOL The drama never ends:
http://www.furaffinity.net/journal/170213/

I think this was amusing though.

[21:19] <Britt> Alkora attempted to sell it to Dragoneer and dragoneer stabbed her in the back
[21:19] <Britt> talking to alkora on aim right now
[21:19] <ArshesNei> Jheryn got a sex change?
[21:19] <Britt> I do not know Jheryn's sex lol


Whatever the hell is going on now I don't know but it sure made it amusing, I'll give FA that, entertainment never ceases.


----------



## kamunt (Jul 25, 2007)

And we go full-f**king-circle. 





			
				FA Front Page said:
			
		

> We apologize for this inconvenience, but it appears the staff of Fur Affinity
> have illegally taken control of a website I own.
> 
> I will not restore this website until my adminship is restored.
> ...



...This is frickin' EPIC guyz. Srsly lulz. I am horridly disappointed right now, I'm not gonna lie. I find this whole situation disgusting and massively pathetique. I could go further into this and mock individual parties now, but there's really no need for me to alienate myself like that. All that I know is that, within 4 hours, FA has been blowed up--_twice_. And that is just....*face-in-hand* Something's wrong here when someone who's not even allowed to drink yet can see the stupidity of this all. I don't wanna plug my ears and go "BLAH BLAH BLAH", but really no one can convince me otherwise. There have just been too many overreactions and utter disregards for rational thought that I can hardly even see straight. Must need to change my contacts again...*mumble grumble* Stupid...7.0 left 7.5 right....grumble grumble...

Much love, everyone~! :mrgreen: <3 <3
--Kamunt the Baka


----------



## Arshes Nei (Jul 25, 2007)

You can still browse the site: http://8.7.49.250/


----------



## Shira (Jul 25, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Damaratus said:
			
		

> Once again, there was nothing to cover up here, the users were not in danger, and the issue was not one that needed to cause panic.  Unless you like to have someone bring up every possible conspiracy and inconclusive theory that can be come up with.



Now you're just starting to act rude, as you're dismissing the requests for information. Even if it was not a security flaw, there was a leak of private information to a non-admin user, which is still just as unacceptable as an open security hole. An investigation should have been done to determine who was responsible for the leak and appropriate action should have been taken. In this case, as it happened on more than one instance, I'd suggest a full and permanent revocation of the offending user's admin rights.



			
				Arshes Nei said:
			
		

> Like I said I don't particularly care that admins can read my notes



I do care. Not because I have anything to hide - I don't even use notes to discuss anything of more than trivial importance - but because of the impression that notes are private. If notes are not private, can be read at admins at any time, and there are admins that will take advantage of that privilege, then I believe users should be informed of this directly. While the ability should be there in case a complaint is filed, it should lie only in the hands of those responsible enough to use it only when there is a specific complaint being addressed and specific notes that need to be read.



			
				Arshes Nei said:
			
		

> Darn I was gonna declare the split magical vagina void, because you know how furries like that



Actually, you did. I got two e-mail notifications for it as well. Reading "This thread is now a murry magical vagina void!" at 7AM was enough to make me wonder if the world gone insane or (more likely) I needed another hour of sleep. At least I can understand this part _now_, though I do have to wonder: why the split? I just don't understand what prompted it.


----------



## Arshes Nei (Jul 25, 2007)

Shira, I'd greatly appreciate it if you stopped taking one sentence out of context, especially with the note situation, to use it to make your point. I said a lot of  what you're actually agreeing with me to make your point. It just looks tacky to do so and can come off rude.


----------



## Shira (Jul 25, 2007)

Arshes Nei said:
			
		

> Shira, I'd greatly appreciate it if you stopped taking one sentence out of context, especially with the note situation, to use it to make your point. I said a lot of  what you're actually agreeing with me to make your point. It just looks tacky to do so and can come off rude.



I apologize if I can across as rude; I was only trying to quote that small portion on which I disagreed. But let me rephrase what I have said, just to make it clearer what I was disagreeing with, now that I'm a bit more awake. Like I said, reading "murry magical vagina void" at 7AM kinda hurt my brain. 

I don't want any admins reading any of my notes unless it is in response to a specific complaint another user has against my account, and even in that circumstance the admins should only read the notes I have exchanged with the user who has lodged the complaint. I don't want the admins to even have the _ability_ to look at my notes under any other circumstances, since it's inevitable that someone, at some point, will get curious and start reading things they have no business reading. I'm not going to blindly accuse anyone of doing so, as I have no evidence and will not pretend to have any, but people do have a tendency to want to look at things they're not supposed to look at and abuse power when it's given to them.

And, well, if that's what you meant when you posted, then I apologize for misunderstanding it. It just seemed to me that you were relying more on ethics and good faith instead of suggesting admins have their ability to read notes and PMs reduced, which is the part I objected to.


----------



## Calorath (Jul 25, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Shira said:
			
		

> Damaratus said:
> 
> 
> 
> ...



Shira, he doesn't know who leaked the information, only how it transpired. I'm the only one who knows the name of the individual that passed the information my way.  And I'm unable to betray a confidence I'm afraid.


----------



## Damaratus (Jul 25, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Shira said:
			
		

> Now you're just starting to act rude, as you're dismissing the requests for information. Even if it was not a security flaw, there was a leak of private information to a non-admin user, which is still just as unacceptable as an open security hole. An investigation should have been done to determine who was responsible for the leak and appropriate action should have been taken. In this case, as it happened on more than one instance, I'd suggest a full and permanent revocation of the offending user's admin rights.



Requests?  I don't recall anyone requesting the information, I do recall people seeking out information regardless of whether or not it was an agreed upon action.  We did investigate, it's how we found out what we did in the first place.

The methods behind the investigation were different between me and Blueroo and that's what's lead to this disparity.  He considered the issue to be one of extreme importance, I did not consider it so extreme.  In truth, it fell somewhere between, and as I have said before, I am fallible, I do make mistakes.  I do not believe that my actions in this case were entirely wrong as they gave me far more information than the speculations that Blueroo had.


----------



## Shira (Jul 25, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Damaratus said:
			
		

> Requests?  I don't recall anyone requesting the information, I do recall people seeking out information regardless of whether or not it was an agreed upon action.  We did investigate, it's how we found out what we did in the first place.



Several users in this thread have specifically asked for details of what happened, when it happened, and (most importantly) what will be done to ensure this doesn't happen again. So far, we already know what happened: either Calorath hacked into admin access and it's being concealed (BlueRoo's story) or that someone leaked the information and that there is no security hole (rest of the administration). As outside users, we're never going to know which is true; it would be completely impossible to prove either case beyond a reasonable doubt, and I'm willing to accept that what we already know is probably as much as we're going to know. When it happened is somewhat fuzzy, but this seems to be a fairly recent occurrence, likely within the last week. We also don't know the extent of the problem, which is slightly troublesome: how do we know that this was contained merely to the admin discussions on the forums and private user conversations weren't compromised as well? So far, nothing has been said that gives me confidence that they weren't.

So far, however, no details have been provided about any potential fix to the problem, whatever the nature of that problem is. If it's a security problem, I would hope that it would be fixed promptly. If it's merely a leak, I would like to see efforts focused on making sure that such a leak does not happen again in the future. If neither of these things can be done, then it will be another severe blow to the credibility of the site and its administration. Why should we simply accept that this somehow "isn't a problem" when it's clear that private information was obtained by a user should not have had access to it, regardless of the means by which they obtained it?


----------



## Calorath (Jul 25, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Shira said:
			
		

> Damaratus said:
> 
> 
> 
> ...



Your fear mongering, speculation and gossiping isn't really appreciated. Nothing more /can/ be explained. Information was presented to me, and I made mention of it to the admins. Blueroo chose to take the conspiracy theory route, Damaratus chose to investigate. 

THERE IS NOTHING ELSE TO THIS. Other than the name of the person who told me the information. Which I will not share, because i do not break my promises.

If you are finding this hard to comprehend, I would suggest that you re-read this thread as many times as it takes for you to gain an understanding.


----------



## Shira (Jul 25, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Calorath said:
			
		

> Your fear mongering, speculation and gossiping isn't really appreciated. Nothing more /can/ be explained. Information was presented to me, and I made mention of it to the admins. Blueroo chose to take the conspiracy theory route, Damaratus chose to investigate.
> 
> THERE IS NOTHING ELSE TO THIS. Other than the name of the person who told me the information. Which I will not share, because i do not break my promises.
> 
> If you are finding this hard to comprehend, I would suggest that you re-read this thread as many times as it takes for you to gain an understanding.



Calorath, you're attacking me and not my argument. That does absolutely nothing for your credibility. If you find nothing in my argument that you can rationally debate with me, then I really have nothing to discuss with you at all.

Edit: Hey, I found the ignore list! That's awfully handy. ... it would be more handy if it worked though.


----------



## Calorath (Jul 25, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				Shira said:
			
		

> Calorath, you're attacking me and not my argument. That does absolutely nothing for your credibility. If you find nothing in my argument that you can rationally debate with me, then I really have nothing to discuss with you at all.



I don't debate stupidity and ignorance. I can't help it if you chose not to understand or accept the truth.


----------



## Arshes Nei (Jul 25, 2007)

Shira said:
			
		

> I apologize if I can across as rude; I was only trying to quote that small portion on which I disagreed. But let me rephrase what I have said, just to make it clearer what I was disagreeing with, now that I'm a bit more awake. Like I said, reading "murry magical vagina void" at 7AM kinda hurt my brain.
> 
> I don't want any admins reading any of my notes unless it is in response to a specific complaint another user has against my account, and even in that circumstance the admins should only read the notes I have exchanged with the user who has lodged the complaint.



I'm sorry, but if there is data being stored, SOMEONE has the ability to read it, be it yahoo, google, your mom. You have to have faith that a company, organization or whatnot has the good faith NOT to read your notes, email or other private information you decided to store on the internet.

That is why I stated you need staff that have good ethics not to read such information for shits and giggles, but rather when there is legitimate reason. In blueroo's case there was not - he was reading notes engaged with Calorath and *another admin*. Unless blueroo is telling me Damaratus is going to take over the murry server, I don't see why it was necessary to not only read them, but publish the notes for people to see.

If you're afraid of administration of reading your notes, or email, don't put them online. You are in fact committing a blind faith to whatever private organization by having your stuff on there. There isn't an amendment to privacy issue here, since you're subscribing to their servers. This is a good faith issue that involves ethics, not constitutional rights. Which makes me laugh that people get worried about our government but don't understand that there are probably more breaches via private sector...

Since companies know people do have faith that the company is not going to invade their privacy, it is left alone, however, I honestly wouldn't be surprised if some co worker nudges his buddy in the next cubicle because you decided to send an erotic email message to a buddy about having sex in Second Life and you can wait to rub the knot. However, because most people who do data management have to manage a lot of servers and information, the chances of him/her targeting your email specifically may be nil. They're usually too busy WORKING on other things.

If you want to nitpick what I said it's only going to make you look more foolish, especially since other points being driven by you show clear expectations on Much Ado About Nothing.


----------



## rianith (Jul 25, 2007)

..Okay.. Time for my two cents.

Admins.. CLOSE THIS THREAD. Take this discussion between you and Cal'. It's becomeing a Flame War, rather quickly. 

I've read over about half the posts and am already sick to hear such horrible things said about my friend {Calorath}. This isn't the public's business, never was. Not until you have FIRM EVIDENCE that he did something wrong. Even THEN it's questionable whether or not you should have posted it publicly.

This is something that needs to be handled with as FEW amount of people As Possible. 

So I say this Simply. Grow Up. Lock this Thread. And communicate like adults. Don't throw Accusations. Discuss it like Grown People.

That goes for the rest of you who got involved in this too. The lot of you aught to have better things to do, then to get involved in something like this. I wouldn't of, if I hadn't of seen how people were putting my friend down.

So I repeat.

So I say this Simply. Grow Up. Lock this Thread. And communicate like adults. Don't throw Accusations. Discuss it like Grown People.

And remember people. We just Portray Anthros. We're really HUMAN.. So stop acting like a bunch of wild animals and act civil amongst each other.

~Rianith


----------



## SkieFire (Jul 25, 2007)

*RE: Announcement - Security Problem and Admin Resignation*



			
				yak said:
			
		

> I have realized my mistake by making the note reading an available admin tool.
> As of now i have left this privilege only to myself. All requests for user notes will pass through me or my successor, if and when the time comes.



Just do what most IRCd's do and message each admin with the details of a use of this feature (with details of who/what/when/ip etc.)

Keeps the feature readily accessible, but stops anyone abusing it because everyone can see you using it.


----------



## Shira (Jul 25, 2007)

Arshes Nei said:
			
		

> I'm sorry, but if there is data being stored, SOMEONE has the ability to read it, be it yahoo, google, your mom. You have to have faith that a company, organization or whatnot has the good faith NOT to read your notes, email or other private information you decided to store on the internet.
> 
> (snip)
> 
> If you want to nitpick what I said it's only going to make you look more foolish, especially since other points being driven by you show clear expectations on Much Ado About Nothing.



I have clear expectations of some minimal sense of professionalism from people who are going to run a website toward the users of said site. There's a problem and it's not being addressed by anything. Instead, there's an ongoing series of personal attacks against me, declaring me foolish, stupid, and ignorant for expecting there to be accountability for the actions of admins on this website.

The responses I have received indicate to me exactly one thing: That there is no accountability for anything here and that the admins, collectively, seem to think that they can do what they want, when they want it, and have no obligation to ensure that the site is operated responsibly. As you put it: you have to trust that the company/organization/whatever has the good faith intent not to read anything stored on the site that is meant to be private. I no longer have that faith in FurAffinity.


----------



## Arshes Nei (Jul 25, 2007)

How is it not being addressed? The person who did the breach of reading personal notes is no longer an admin. You were given and answer about the other "Breach" which in another post Damaratus addressed this already, but you're not responding there are you? What do you want? You just don't like the answer given, because while I understand it doesn't come off specific, it was really overall harmless information.

Do you want the cliff notes version, because I'm not sure what you want that's not already been said?


----------



## themocaw (Jul 25, 2007)

Shira said:
			
		

> I have clear expectations of some minimal sense of professionalism from people who are going to run a website toward the users of said site. There's a problem and it's not being addressed by anything. Instead, there's an ongoing series of personal attacks against me, declaring me foolish, stupid, and ignorant for expecting there to be accountability for the actions of admins on this website.
> 
> The responses I have received indicate to me exactly one thing: That there is no accountability for anything here and that the admins, collectively, seem to think that they can do what they want, when they want it, and have no obligation to ensure that the site is operated responsibly. As you put it: you have to trust that the company/organization/whatever has the good faith intent not to read anything stored on the site that is meant to be private. I no longer have that faith in FurAffinity.



Then go become An FurAffinity Hero already.  Delete your damn account, post a whiny journal about corrupt admins, leave teh intarnets forever so you quit clogging up the darn forums with your yipping.  Honestly, the admins handled it pretty well, I thought: a problem came up, it was fixed, fault was admitted and steps were taken to keep it from happening again.  What more do you want from them, a steak sandwich?


----------



## Summercat (Jul 25, 2007)

Shira -

As a cashier at Petsmart, I had access to THOUSANDS of credit card numbers. For most of my tenure there, we did not account for the slips until we were cashing out our drawer - and that only about two years after I started. I could have easily stolen the slips that had the credit card numbers on them, and used them. I thought about the entire process, even went through how I could pull it off and not get caught. I was never  actually intending to ever perform such an action, but by the gods I was bored as hell half the time at the register.

Simply speaking, information that you want safe from others viewing it? Don't ever give it out. When I buy something online, I'm giving my personal credit information, that can be used inappropriately, to someone I don't even see. Almost the same situation in the physical world.

What happens here on FA is nowhere as serious as that - of course the admins have access to everything! Do they use their ability to pry into our 'private' things on a regular basis? Of course not - they're busy dealing with drama. And in the course f dealing with drama, they sometimes have to look at the notes of other users. That's normal and acceptable. On a site that is not your own, you have to accept that.

In this situation, Calorath had been showing knowledge of stuff being said in the Admin-Only areas of the forum. Blueroo took this to mean that he was hacking the system. Damarattus decided to get some more information, and asked Calorath.

It turned out that Calorath was being passed the information from someone with admin privledges, and due to being asked not to share that information, will not say who it is. I believe him (Despite I dislike his Nazi fetish. Belgh. I'm certain that if I could ever get over that I'd enjoy hanging out with him, but...)

Now, there are guidelines on how the admins are supposed to use their powers to read private notes between users, and Blueroo broke them when he read the notes between Damarattus and Calorath.

The only person who violated any sense of privacy was Blueroo.


----------



## kamunt (Jul 25, 2007)

rianith said:
			
		

> ...remember people. We just Portray Anthros. We're really HUMAN.. So stop acting like a bunch of wild animals and act civil amongst each other.



*snickers* That's funny because it's silly.  Humans are animals, too, and at times we act far more like 'animals' than any other sub-sentient species does.

Arshes: Hah, wow I totally forgot about that. What is that called again, is that the number of the DNS server, or the IP address or something...? I forget. Too much technosex for me to keep ingrained up here. What is that exactly, anyways, a cache of the site, or an actual address on the World Wide Web? I wanna say that later, but again I completely forget ATM. I still have to wonder, though, if it really was a "MySQL blowup" like Dragoneer said in reply to my first comment on the first journal entry, especially if "FA HAS BEEN HIJACKED BY DRAGONEER" like stated in a subsequent journal... :roll: The Ridunkulous Train don't stop for no one, do it?
*watches Dhrama & Greg*
EDIT: EDIT 2: That was fast.


----------



## Arshes Nei (Jul 25, 2007)

IP address, it resolves to a DNS, Domain Name Service.

http://www.webopedia.com/TERM/D/DNS.html


----------



## kamunt (Jul 25, 2007)

RIGHT! right right, OK, I remember now. Or, at least now I'm refreshed. ...Or now I just know because maybe I didn't before. *shrugs* Regardless, I love learning information about things, especially computer things and how they work, etc. I hope that's a good trait for a coder to have, since that's what I plan on being eventually, a computer scientist... :3 But off-topic this is.


----------



## SammyFox (Sep 6, 2007)

sorry to dig this out of the thread grave, but... who's this Tumble Bunny guy Blueroo was talking about in his last post?


----------



## Damaratus (Sep 6, 2007)

Sammyfox, the next time that you're curious about something ask an administrator about it rather than thread necromancy.  Thanks.


----------

