Missouri Governor Doubles Down On 'View Source' Hacking Claim; PAC Now Fundraising Over This Bizarrely Stupid Claim

from the wtf-missouri dept

Hey Missouri: stop electing technically illiterate dipshits. First you had Claire McCaskill, one of the key sponsors of FOSTA (who is still defending it years later). You got rid of her, but replaced her with Josh Hawley, who seems to think his main job in the Senate (besides whipping up support for insurrectionists and planning his run for the Presidency) is to destroy the internet and reshape it according to his own personal vision.

And then there's your governor. We wrote about him a few years ago when he claimed (ridiculously) that the 1st Amendment meant he could withhold public records (which is not how any of this works). But, of course, last week, his tech ignorance broke into prime time after the St. Louis Post-Dispatch ethically disclosed that the state's Department of Elementary and Secondary Education (DESE) website was including teacher & administrator social security numbers in the HTML. DESE pulled down the pages, but not before calling the journalists "hackers." Parson then doubled down and called for the journalists to be prosecuted. And then kept insisting that viewing HTML source code was hacking.

For the past week people on Twitter have been repeatedly mocking Parson for this, but he just won't give up, and neither will the United Missouri PAC that is a huge Parson supporter and was even fined last year by the Missouri Ethics Commission over improper contributions and failure to report the contributions to Parson.

Earlier this week, United Missouri seemed to think that Parson's blatant technical illiteracy was worth doubling down on and turning into a culture war against "the fake news." It produced a video that is so embarrassing and cringeworthy it feels like a parody.

I mean, the transcript is so stupid that it makes me wonder about the quality of education in Missouri that someone could be this clueless.

The latest from the Missouri "fake news factory" is from the St. Louis Post-Dispatch, where a reporter has been digging around HTML code on a state website. The state technology division said the hacker took the records of at least 3 educators, decoded the HTML source code and viewed the social security numbers from the state website.

I mean, holy shit. HTML code is public. That's what "view source" is there for. There's no "digging around." And, incredibly, here United Missouri/Parson are admitting that the social security numbers were in HTML! THAT IS THE PROBLEM! No one should ever be putting SSNs in HTML. The fact that DESE put SSNs in HTML is the very problem that the reporters were highlighting. And if it wasn't actually a problem, why did DESE pull down the website in the first place? It's not hacking. It's showing that Parson's administration is incompetent.

And then, the video takes Parson's own failure to protect teachers and administrators in the state... and blames it on the reporters who (ethically) disclosed this negligent coding?

Governor Parson believes everyone is entitled to their privacy. Especially our teachers.

THEN WHY DID YOUR ADMINISTRATION REVEAL THEIR SOCIAL SECURITY NUMBERS IN HTML, YOU TECHNICALLY IGNORANT FOOLS? No one should ever be putting SSNs in HTML. The fact that they were there is the problem. Not the fact that these reporters alerted the state to their own coding (and data handling) error. The privacy breach is the state's fault, not the reporters. The reporters disclosed all of this in the most ethical manner possible: alerting the state and not publishing anything until after the leaked data was removed from the web.

Governor Parson is standing up to the fake news media and is committed to bringing to justice anyone who obtained private information. The St. Louis Post-Dispatch is purely playing politics. Exploiting private information is a squalid excuse for journalism. And hiding behind the noble principle of free speech to do it is shameful.

Note that they keep calling the St. Louis Post-Dispatch "fake news" but don't dispute a single thing they reported. So it's fake news, but also a crime? Furthermore, the only one who should be "brought to justice" is the state for putting social security numbers in HTML in the first place. And the only one "purely playing politics" appears to be Governor Mike Parson and his corrupt PAC.

And, of course, everyone with even the most basic understanding of HTML know that it's Parson who's full of shit here, as is clear from all the comments on the video:

I get that, these days, the Trumpian populists politicians think they can just make shit up and lie constantly and their ignorant base will lap it up, but this takes all that to new levels of stupid. You don't have to be a genius computer science grad to understand that you never ever put SSNs in HTML and that whoever did that is at fault here.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data breach, ethical disclosure, hacking, html, journalism, mike parson, missouri, view source
Companies: united missouri


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    dysmey (profile), 22 Oct 2021 @ 10:40am

    Criminal, right?

    Can it be proven beyond doubt that social security numbers were written into the tags of the Web site, which most certainly are public (readable by any Web browser with View Page Source? If so, then we have a criminal offense here, and the FBI should pay the governor a visit.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Oct 2021 @ 4:28pm

      Re: Criminal, right?

      Can it be proven beyond doubt that social security numbers were written into the tags of the Web site,

      It probably was some script generating HTML on the fly that dumped the database ID numbers for the viewable entries.

      Unfortunately many db admins look at things like SSNs as the perfect primary key for a user / person in a db, and fail to realize what will happen when some poor web developer uses the "personID" field in the database as a reference in their HTML widget code....

      In short, it probably wasn't an intentional act by the site maintainers, let alone the state administration. But you've got to love the anal retentiveness of the state governor and the carelessness of the db admins mixing to create a dangerous "never report anything" mentality among the general public. The law of unintended consequences gets them every time.

      At least that's what I hope is going on here. Otherwise this governor is practically inviting a massive hack against his state in a few years by effectively telling people to never report a cybersecurity issue to anyone under threat of lawsuits and jail time as official state policy.

      link to this | view in chronology ]

  • identicon
    Chris Brand, 22 Oct 2021 @ 10:57am

    "decode"

    Is the ability to read so rare in Missouri that it gets called "decoding"?

    link to this | view in chronology ]

  • icon
    Greg Glockner (profile), 22 Oct 2021 @ 11:07am

    Stop the insanity

    Suppose someone posted confidential info like SSNs on a wall of a public building, which anyone could view from the alley. Guess what, geniuses - that's what they did on the Internet. No hacking involved. I normally believe in Hanlon's razor - "never attribute to malice that which is adequately explained by stupidity". However, I wouldn't put it past Republicans to use this to score points in the culture war.

    link to this | view in chronology ]

    • icon
      Scary Devil Monastery (profile), 25 Oct 2021 @ 7:55am

      Re: Stop the insanity

      "I normally believe in Hanlon's razor - "never attribute to malice that which is adequately explained by stupidity". However, I wouldn't put it past Republicans to use this to score points in the culture war."

      I'm normally a firm believer in that razor as well. Yet every time I try to use it on US republicans, it breaks.

      These days every time these benighted morons make an obviously deranged claim I just assume they know damn well they're talking bullshit and are just bringing it up as a talking point to energize a base of voters so brain-damaged by an upbringing where the crazy uncle and fox news was the primary source of education they'll believe anything as long as it ends with "It's all the libs fault!".

      link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 22 Oct 2021 @ 11:11am

    Question...

    Was it St. Louis Post-Dispatch that broke the news about the PAC breaking the law?

    link to this | view in chronology ]

  • icon
    Doug Wheeler (profile), 22 Oct 2021 @ 11:14am

    Viewing file sent to him

    He was viewing a file on his own computer that was sent to him by the web site. I don't think that's "hacking."

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Oct 2021 @ 12:04pm

      Re: Viewing file sent to him

      Hacking is when you do anything with technology that tech unsavvy people don't understand.

      link to this | view in chronology ]

  • icon
    DeComposer (profile), 22 Oct 2021 @ 11:23am

    No "decoding" required

    HTML is mostly plain text.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Oct 2021 @ 1:50pm

      Re: No "decoding" required

      The "decoding" bit is translating it from text to something these people can understand - video.

      link to this | view in chronology ]

  • icon
    Stephen T. Stone (profile), 22 Oct 2021 @ 11:26am

    You don't have to be a genius computer science grad to understand that you never ever put SSNs in HTML and that whoever did that is at fault here.

    The government of the state of Missouri disagrees, apparently.

    link to this | view in chronology ]

  • icon
    Rico R. (profile), 22 Oct 2021 @ 11:27am

    HTML for Dummies?

    Maybe the state officials wouldn't have made such a careless mistake if they had just learned to "nerd harder"!

    link to this | view in chronology ]

  • icon
    Beefcake (profile), 22 Oct 2021 @ 11:33am

    Note to Missouri

    A state motto is not a privacy policy.

    link to this | view in chronology ]

  • icon
    Ceyarrecks (profile), 22 Oct 2021 @ 11:45am

    GQP: The Professional Victim.

    Decoder Ring output: those who A-typically screw-up, and refuse to take accountability for their OWN actions. Rather like how they were raised,.. ya think?

    link to this | view in chronology ]

  • icon
    freelunch (profile), 22 Oct 2021 @ 12:13pm

    I am sad to report that this doesn't push the boundary ...

    ... of the nonsense politicians pull when they yell "fake news." Thugs assaulting the US capitol? Patriots! Tourists! Other thugs roughing up school boards? Concerned parents! Idiots who deny the existence of communicable disease? Guardians of religious freedom! Those were comparatively heavy lifts of nonsense.

    At least understanding that, having stumbled upon a security leak immediately telling the leaky site and then only later publishing news about is a good thing and is pro-security is very difficult. Wait, sorry, it is not very difficult.

    link to this | view in chronology ]

  • icon
    PaulT (profile), 22 Oct 2021 @ 12:17pm

    "You don't have to be a genius computer science grad to understand that you never ever put SSNs in HTML and that whoever did that is at fault here."

    However, you do have to have a passing knowledge of both technology and verifiable reality to know this - and that is not the target audience. This is a play to keep angry morons angry enough to vote in 2022, then 2024 and to pretend that the reason they're failing is not due to their own actions but because of the "deep state" and "liberals".

    There's no way anyone with any knowledge will fall for this - but the targets are not people with knowledge.

    link to this | view in chronology ]

    • icon
      GHB (profile), 22 Oct 2021 @ 3:43pm

      Re: This person should be fired for saying this is hacking

      1. This is an AUTHORIZED access to a computer.
      2. There are no encryption or prevention measures

      Yeah, so much for “protection”

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Oct 2021 @ 12:21pm

    The latest from the Missouri "fake news factory" is from the St. Louis Post-Dispatch, where a reporter has been digging around HTML code on a state website. The state technology division said the hacker took the records of at least 3 educators, decoded the HTML source code and viewed the social security numbers from the state website.

    Isn't this an example of public indecency? Or is mooning people like that allowed in public in Missouri? (Maybe it's protected by 1A?)

    link to this | view in chronology ]

  • icon
    xaxxon (profile), 22 Oct 2021 @ 12:22pm

    No one should ever be putting SSNs in HTML

    That statement (subject) is nonsense.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Oct 2021 @ 12:43pm

    if you put ssn nos in html text on a website you should be fired , if hacking is looking at html code then anyone who has a pc with a browser
    could be a hacker, they should be grateful the problem was pointed out to them.but republican politicans seem to in a competition to pass bills that break the internet, take away users right to privacy and free speech by eroding section 230 , hacking is doing something that takes some knowledge and skill in technology that the average user would not be able to do .

    link to this | view in chronology ]

  • icon
    That One Guy (profile), 22 Oct 2021 @ 1:12pm

    Denial and deflection it is

    Admitting that it's the government's fault for exposing the SSN's would require admitting fault and since that's clearly off the table it seems they've decided to triple-down on their blunder and exploit it by pandering to the gullible fools who still support them.

    link to this | view in chronology ]

  • icon
    ECA (profile), 22 Oct 2021 @ 1:15pm

    On TV.

    Ever watch a series Called SOAP? How About BENSON?
    Why do we keep hiring Idiots?

    link to this | view in chronology ]

    • icon
      sumgai (profile), 22 Oct 2021 @ 3:33pm

      Re: On TV.

      Ah, yes, Benson DuBois (Robert Guillaume). He was a very quick-witted actor with a great sense of timing in delivering the sting. Thanks for the memories.

      link to this | view in chronology ]

  • identicon
    Glenn, 22 Oct 2021 @ 1:50pm

    Missouri gov. shows us its #1 security technique: "hide in plain text." It was derived from the well-known "hide in plain sight" technique, which works 100% of the time in Missouri (The Show Me State) but none of the time everywhere else... till now.

    link to this | view in chronology ]

  • icon
    GHB (profile), 22 Oct 2021 @ 2:37pm

    Imagine if site owner that disables right click tries to 1201...

    full title (due to character limit): Imagine if site owner that disables right click tries to 1201 claim the web inspector.

    So much for “effective technical protection measures”

    link to this | view in chronology ]

  • icon
    Upstream (profile), 22 Oct 2021 @ 3:02pm

    Repeat after Mike:

    You don't have to be a genius computer science grad to understand that you never ever put SSNs in HTML and that whoever did that is at fault here.

    You apparently do have to not be Missouri Governor Mike Parson.

    link to this | view in chronology ]

  • identicon
    Bobvious, 22 Oct 2021 @ 5:14pm

    Diary of a Missouri Governor

    With respects to some A-OL.

    July 18 --; I just tried to connect to Missouri Online. I've heard it is the best online service I can get. They even included a free disk! I'd better hold onto it in case they don't ever send me anther one! I can't connect. I don't know what is wrong.
    July 19 --; Some guy at the tech support center says my computer needs a modem. I don't see why. He's just trying to cheat me. How dumb does he think I am?
    July 22 --; I bought the modem. I couldn't figure out where it goes. It wouldn't fit in the monitor or the printer. I'm confused.
    July 23 --; I finally got the modem in and hooked up. That nine year old next door did it for me. But it still don't work. I cant get online.
    July 25 --; That nine year old kid next door hooked me up to Missouri Online for me. He's so smart. I told the kid he was a prodigy. But he says that's just another service. What a modest kid. He's so smart and he does these services for people. Anyway he's smarter than the jerks who sold me the modem. They didn't even tell me about communications software. Bet they didn't know. And why do they put two telephone jack holes in the back of a modem when you only need one? And why do they have one labeled phone when you are not suppose to hook it to the phone jack on the wall? I thought the dial tone sounded funny! Boy, are modem makers dumb! But the kid figured it out by the sound.
    July 26 --; What's the internet? I thought I was on Missouri Online. Not this internet thing. I'm confused.
    July 27 --; The nine year old kid next door showed me how to use this Missouri Online stuff. I told him he must be a genius. He says that he is compared to me. Maybe he's not so modest after all.
    July 28 --; I tried to use chat today. I tried to talk into my computer but nothing happened. Maybe I need to buy a microphone.
    July 29 --; I found this thing called usenet. I got out of it because I'm connected to Missouri Online not usenet.
    July 30 --; These people in this usenet thing keep using capital letters. How do they do that? I never figured out how to type capital letters. Maybe they have a different type of keyboard.
    JULY 31 --; I CALLED THE COMPUTER MAKER I BOUGHT IT FROM TO COMPLAIN ABOUT NOT HAVING A CAPITAL LETTER KEY. THE TECH SUPPORT GUY SAID IT WAS THIS CAPS LOCK KEY. WHY DIDN'T THEY SPELL IT OUT? I TOLD HIM I GOT A CHEAP KEYBOARD AND WANTED A BETTER ONE. AND ONE OF MY SHIFT KEYS ISN'T THE SAME SIZE AS THE OTHER. HE SAID THAT'S A STANDARD. I TOLD HIM I DIDN'T WANT A STANDARD KEYBOARD BUT ANOTHER BRAND. I MUST HAVE HAD AN IMPORTANT COMPLAINT BECAUSE I HEARD HIM TELL THE OTHER SUPPORT GUYS TO LISTEN IN ON OUR CONVERSATION.
    AUGUST 1 --; I FOUND THIS THING CALLED THE USENET ORACLE. IT SAYS THAT IT CAN ANSWER ANY QUESTIONS I ASK IT. I SENT IT 44 SEPARATE QUESTIONS ABOUT THE INTERNET. I HOPE IT RESPONDS SOON.
    AUGUST 2 --; I FOUND A GROUP CALLED REC.HUMOR. I DECIDED TO POST THIS JOKE ABOUT THE CHICKEN THAT CROSSED THE ROAD. TO GET TO THE OTHER SIDE! HA! HA! I WASNT SURE I POSTED IT RIGHT SO I POSTED IT 56 MORE TIMES.
    AUGUST 3 --; I KEEP HEARING ABOUT THE WORLD WIDE WEB. I DON'T NOW SPIDERS GREW THAT LARGE.
    AUGUST 4 --; THE ORACLE RESPONDED TO MY QUESTIONS TODAY. GEEZ IT WAS RUDE. I WAS SO ANGRY THAT I POSTED AN ANGRY MESSAGE ABOUT IT TO REC.HUMOR.ORACLE. I WASNT SURE IF I POSTED RIGHT SO I POSTED IT 22 MORE TIMES.
    AUGUST 5 --; SOMEONE TOLD ME TO READ THE FAQ. GEEZ THEY DIDN'T HAVE TO USE PROFANITY.
    AUGUST 6 --; SOMEONE ELSE TOLD ME TO STOP SHOUTING IN ALL MY MESSAGES. WHAT A STUPID JERK. I'M NOT SHOUTING! I'M NOT EVEN TALKING! JUST TYPING! HOW CAN THEY LET THESE RUDE JERKS GO ON THE INTERNET?
    August 7 --; Why have a Caps Lock key if you're not suppose to use it? It's probably an extra feature that costs more money.
    August 8 --; I just read this post called make money fast. I'm so excited. I'm going to make lots of money. I followed his instructions and posted it to every newsgroup I could find.
    August 9 --; I just made my signature file. Its only 6 pages long. I will have to work on it some more.
    August 10 --; I just looked at a group called alt.umpac.sucks. I read a few posts and I really believe that umpac should be wiped off the face of the earth. I wonder what an umpac is.
    August 11 --; I was asking where to find some information about something. Some guy told me to check out ftp.netcom.com. I've looked and looked but I can't find that group.
    August 12 --; I sent a post to every usenet group on the Internet asking where the ftp.netcom.com is. Hopefully someone will help. I cant ask the kid next door. His parents said that when he comes back from my house he's laughing so hard he can't eat or sleep or do his homework. So they wont let him come over anymore. I do have a great sense of humor. I don't know why the rec.humor group didn't like my chicken joke. Maybe they only like dirty stuff. Some people sent me posts about my 56 posts of the joke and they used bad words.
    August 13 --; I sent another post to every usenet group on the Internet asking where the ftp.netcom.com is. I had forgot yesterday to include my new signature file which is only 8 pages long. I know everyone will want to read my favorite poem so I included it. I'm also going to add that short story I like.
    August 14 --; Some guy suspended my account because of what I was doing. I told him I don't have an account at his bank. He's so dumb.

    link to this | view in chronology ]

    • icon
      Scary Devil Monastery (profile), 25 Oct 2021 @ 8:02am

      Re: Diary of a Missouri Governor

      Oh, man, it's been a long time since I saw that classic. 😁

      Damn...now I feel old...😟

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Oct 2021 @ 3:18am

    What a Moron

    He’s dumb enough his own computer has enough holes in it anyone could get in it no doubt.

    link to this | view in chronology ]

  • icon
    Lord Lidl of Cheem (profile), 23 Oct 2021 @ 7:58pm

    This weeks sesame street has been brought to you by the keys 'Ctrl' and 'U'...

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2021 @ 12:28pm

    Hey, if the site is delivered over HTTPS, decryption is definitely involved...

    link to this | view in chronology ]

    • icon
      PaulT (profile), 25 Oct 2021 @ 2:06am

      Re:

      Not on the copy stored on the client PC. If you're using the "view source" option in your browser, you're looking at the same decrypted copy that has already been authorised to store to view in the browser in the first place.

      link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    icon
    tp (profile), 24 Oct 2021 @ 2:16pm

    This article was seriously misunderstood by trolls on internet

    There's two important facts missing from the internet discussion: 1) govt had actually hidden the SSN's by encoding them with something similar than what rot13 is, i.e. not encryption, but encoding anyway. 2) It's illegal to access protected information recardless of how you got access to it, even if it was publicly available in the html source code, accessing it is illegal.

    These two pieces of information will change the whole story upsidedown. The step (1) means that the "security researchers" had to use hacking techniques to get access to the SSN's, since the information simply wasn't available to ordinary public. The step (2) means that once they found SSN's with their hacking techniques, any further actions with the data is all illegal, including reporting the blunder to its originating organisation. Given that they weren't real security researchers, but some kind of newspaper reporters, they weren't aware of the strict laws that govern security research, and thus they're doing more damage than what their "reporting" is worth.

    link to this | view in chronology ]

    • identicon
      Rocky, 25 Oct 2021 @ 1:46am

      Re: This article was seriously misunderstood by trolls on intern

      It's fascinating to see someone fail so spectacularly at understanding how things work and what the law say.

      1. Encoding isn't encryption. UTF-8 is an encoding, base64 is an encoding, EBDIC is an encoding and even ASCII is an encoding. If the government by mistake publishes sensitive information, albeit in an encoding that's not easily human readable by default, converting that encoding to a human readable format is not decryption in any way. Taken to it's logical conclusion, if the SSN's where published in pure ASCII you would still have to convert it to something a human could easily read, like taking the ASCII, looking up fonts and display them in a GUI.

      2. It's not illegal to read sensitive information if the government publishes it. It's not illegal to point out to the government that they have published sensitive information. It's not illegal to report on the governments failures to safeguard sensitive information. If it where, there would be no incentive to actually point out leaks of sensitive information. That you can't even logically see how broken your reasoning is, is quite telling.

      And "hacking techniques"? Reading HTML and base64-encoded text isn't "hacking techniques" - it's basic knowledge for anyone who is somewhat conversant in making web-pages. That you think it's "hacking techniques" explains a lot, because only uneducated fools would say that or those with an agenda that's contrary to the public good. Well, and the dishonest assholes arguing in bad faith of course.

      link to this | view in chronology ]

      • This comment has been flagged by the community. Click here to show it
        icon
        tp (profile), 25 Oct 2021 @ 3:03am

        Re: Re: This article was seriously misunderstood by trolls on in

        It's not illegal to read sensitive information if the government publishes it

        The law clearly says otherwise.

        link to this | view in chronology ]

        • This comment has been flagged by the community. Click here to show it
          icon
          tp (profile), 25 Oct 2021 @ 3:10am

          Re: Re: Re: This article was seriously misunderstood by trolls o

          The law clearly says otherwise.

          The witch hunt that they did to Julian Assange kinda proves you wrong. If accessing sensitive information wasn't illegal, why would USA government harrass Julian Assange at all?

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 25 Oct 2021 @ 4:04am

            Re: Re: Re: Re: This article was seriously misunderstood by trol

            Governments can be vindictive, and besides they are not accusing Julian Assange for looking at data on WikiLeaks, but rather that he was active getting the data onto WikiLeaks. That is looking at the data once it has been made public is not illegal, but making it public may be. There is a not very subtle distinction between those two cases which you are ignoring.

            link to this | view in chronology ]

            • This comment has been flagged by the community. Click here to show it
              icon
              tp (profile), 25 Oct 2021 @ 4:39am

              Re: Re: Re: Re: Re: This article was seriously misunderstood by

              sure, but they're accusing him of all the following:
              1) accessing protected computer without permission (==hacking)
              2) accessing protected documents without permission (==confidentiality breakage)
              3) publishing protected documents without permission
              4) fleeing the country twice (sweden->england, england->ecuador)
              5) breaking his bail conditions
              6) sex offenses
              7) annoying powerful people
              8) getting refugee status in equador
              9) forgetting to pay taxes while locked inside embassy
              10) 1 million bucks that police used to survellance of the ecuador embassy
              11) messing with equador embassy operations
              12) getting kicked away from embassy
              13) etc..

              Lots of small issues... But the key takeaway is that the main problem is the access to protected documents.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 25 Oct 2021 @ 5:45am

                Re: Re: Re: Re: Re: Re: This article was seriously misunderstood

                No, the main problem was exposing governments for the clucks they are.

                link to this | view in chronology ]

              • identicon
                Anonymous Coward, 25 Oct 2021 @ 6:41am

                Re: Re: Re: Re: Re: Re: This article was seriously misunderstood

                In other words, all the sort of monkey shit that the US justice department flings in the direction of people that they have decided to target.

                link to this | view in chronology ]

              • identicon
                Anonymous Coward, 27 Oct 2021 @ 7:15pm

                Re: Re: Re: Re: Re: Re: This article was seriously misunderstood

                The sex offenses were eventually dropped, but you only wish that you were powerful enough that governments would move mountains to arrest people who annoy you.

                link to this | view in chronology ]

        • identicon
          Rocky, 25 Oct 2021 @ 9:34am

          Re: Re: Re: This article was seriously misunderstood by trolls o

          The law clearly says otherwise.

          What law would that be? Please be specific.

          link to this | view in chronology ]

          • This comment has been flagged by the community. Click here to show it
            icon
            tp (profile), 25 Oct 2021 @ 3:12pm

            Re: Re: Re: Re: This article was seriously misunderstood by trol

            What law would that be? Please be specific.

            https://www.law.cornell.edu/uscode/text/18/1905

            link to this | view in chronology ]

            • identicon
              Rocky, 26 Oct 2021 @ 4:51am

              Re: Re: Re: Re: Re: This article was seriously misunderstood by

              Did you actually read that the law said before posting a random link? 18 USC 93 is about public officers and government employees and §1905 is specifically about them disclosing confidential information.

              I don't understand what that has to do with your claim that it's illegal to read sensitive information the government published by mistake.

              Perhaps read and understand the information you link to, it does lessen the "I'm an idiot" factor a bit.

              link to this | view in chronology ]

              • This comment has been flagged by the community. Click here to show it
                icon
                tp (profile), 27 Oct 2021 @ 3:23am

                Re: Re: Re: Re: Re: Re: This article was seriously misunderstood

                I don't understand what that has to do with your claim that it's illegal to read sensitive information the government published by mistake.

                It has the following keywords: "to be seen or examined by any person except as provided by law"... This basically forbids external entities from seeing or examining the confidential material once govt makes a mistake.

                otoh, I don't know where that thread continues in the law. The piece I pasted was really bradley manning is doing evil stuff -kind of piece, but it doesn't talk about julian assange. But it indicates the activity is illegal, but I don't know where assange's full ruleset is described in the law. But maybe you can follow the law dependencies and find the "seeing or examining" keywords and watch where they lead to?

                link to this | view in chronology ]

                • identicon
                  Rocky, 27 Oct 2021 @ 3:57am

                  Re: Re: Re: Re: Re: Re: Re: This article was seriously misunders

                  It has the following keywords: "to be seen or examined by any person except as provided by law"... This basically forbids external entities from seeing or examining the confidential material once govt makes a mistake.

                  No, it doesn't. The first sentence of the law specifically states which persons are bound by it and what you quoted is one of the conditions that determines if the law has been broken by those people. You have yet again demonstrated that you don't know what you are talking about.

                  link to this | view in chronology ]

      • icon
        Toom1275 (profile), 27 Oct 2021 @ 11:39am

        Re: Re: This article was seriously misunderstood by trolls on in

        If you're looking for facts and law, you'll never find them in one of tp's posts.

        link to this | view in chronology ]

    • icon
      Tanner Andrews (profile), 26 Oct 2021 @ 12:47am

      Re: This article was seriously misunderstood by trolls on intern

      It's illegal to access protected information recardless of how you got access to it

      The U.S. Supreme Court says otherwise. Florida Star v. B.J.F., 491 U.S. 524 (1989).

      link to this | view in chronology ]

      • This comment has been flagged by the community. Click here to show it
        icon
        tp (profile), 26 Oct 2021 @ 2:52am

        Re: Re: This article was seriously misunderstood by trolls on in

        Florida Star v. B.J.F., 491 U.S. 524 (1989).

        The current case isn't about newspaper reporters photographing police department's bulletin board. Instead sophisticated hackers are using view-source mechanism to uncover decoded data that contains SSN's after hackers decoded the information. The knowledge that the data contains SSN's is dangerous, given that only illegal hacking techniques can uncover that information. And as such, that information needs to be considered confidential, and thus not to be distributed outside of explicitly permissible area of the world. Any actions taken with the knowledge that data contains SSN's is illegal, including distributing the encoded or decoded data in dark web, passing any of the decoded SSN's to other parts of government services, or publishing the fact that the web site contains SSN's, linking the web site and the information that it contains SSN's, uploading/downloading the encoded or decoded data or simply any other ways of helping black hat hackers to obtain the SSN's. Basically even the techdirt discussion about the subject is illegal.

        Confidential subject matter is special kind of stuff in the world, because information flow needs to be restricted when handling that material. While the damage already happened when newspapers published the info, any subsequent publications need to be carefully evaluated whether such information flow is necessary. Good plan is to place the information inside large wall of text, so that new readers of the material cannot find the relevant information and black hat hackers have trouble indentifying which part of the text wall contains the confidential material.

        link to this | view in chronology ]

        • identicon
          THOMAS AUSTIN, 26 Oct 2021 @ 4:20am

          Re: Re: Re: This article was seriously misunderstood by trolls o

          Oh give me a break. Social security numbers are issued by the federal government and according to the issuing agency are not to be used as a means of identification, the act of using a social security number as a piece of Personal Identifying Information or PPI is itself a crime. The unfortunate thing here is that the many States have decided to use this for that very purpose. It's a damn account number to your Federal Pension. If it's not paired with many other pieces of information on specific individuals it's really useless. The US supreme court has ruled on this 100s of times. Do your damn research.

          link to this | view in chronology ]

        • identicon
          Rocky, 26 Oct 2021 @ 4:58am

          Re: Re: Re: This article was seriously misunderstood by trolls o

          If you think viewing HTML for a web-page is "sophisticated hacking", that explains a lot about why you are such a failure.

          link to this | view in chronology ]

          • This comment has been flagged by the community. Click here to show it
            icon
            tp (profile), 26 Oct 2021 @ 5:32am

            Re: Re: Re: Re: This article was seriously misunderstood by trol

            If you think viewing HTML for a web-page is "sophisticated hacking"

            With view-source, you can only uncover encoded information. At that point, you don't even have information that the web site is handling SSN's.

            The sophisticated hacking techniques are needed for 1) installing compiler 2) writing base64 or rot13 decoding routines or finding them from a library 3) compiling the software, 4) recognizing the encoded information format and then copy-pasting the encoded information to the software as input 5) examining the result and finding SSN's hidden within the feed.

            Basically it's not so simple as clicking view-source.

            link to this | view in chronology ]

            • identicon
              Rocky, 26 Oct 2021 @ 9:37am

              Re: Re: Re: Re: Re: This article was seriously misunderstood by

              What you call "sophisticated" is what I call basic understanding of web-based content. Also, there is no need to write any code at all, since most the tools for viewing HTML-content and base64 encoded is available in most OS's by default, and if that's not the case there are online tools or editors that allows you to do it.

              Anyone who seriously think you need to write and compile code to view the source for web-based content is so far out of touch with reality it's ridiculous.

              Regardless, it doesn't matter one bit. If the government publicly publishes sensitive information in whatever format, it's they that are breaking the law, not the ones reporting the governments mistake.

              The correct action when citizens point out a problem is to act on the problem, not try to punish the citizens, and it shouldn't matter one bit what profession those citizens have. Or perhaps you think it's okay for the government to publish sensitive information as long as nobody points it out in fear of retribution?

              Your every argument falls flat because they are so blindingly stupid it's mindboggling.

              link to this | view in chronology ]

              • This comment has been flagged by the community. Click here to show it
                icon
                tp (profile), 26 Oct 2021 @ 2:36pm

                Re: Re: Re: Re: Re: Re: This article was seriously misunderstood

                Regardless, it doesn't matter one bit. If the government publicly publishes sensitive information in whatever format, it's they that are breaking the law, not the ones reporting the governments mistake.

                This is where you're wrong. Since government had done their web page correctly by encoding the information, it's the hackers who get access to the information that are outside of the law. It's perfectly fine approach for government to use legal means (as opposed to technical barriers) to protect their content. And probably web page performance reasons are preventing using encryption, so the base64 stuff is enough for the content they're handling. The legal barrier still exist and anyone who can access the information inside those encoded boxes can be legally procecuted. This is exactly what they're doing, once people decode the information inside these confidential areas, they can be procecuted for hacking related laws.

                But good luck decoding web pages without hacking techniques. You can try to do that in my https://meshpage.org/view.php the drag&drop data is base64 encoded, so good luck decoding it without hacking techniques.

                link to this | view in chronology ]

                • identicon
                  Rocky, 26 Oct 2021 @ 6:02pm

                  Re: Re: Re: Re: Re: Re: Re: This article was seriously misunders

                  This is where you're wrong.

                  Name the law that makes my statement wrong. I want to see you fail spectacularly again, it's a common theme when it comes to you.

                  It's perfectly fine approach for government to use legal means (as opposed to technical barriers) to protect their content.

                  Not in this context, and funnily enough you actually posted a link to one of the laws governing this but you totally failed to understand it.

                  But good luck decoding web pages without hacking techniques. You can try to do that in my meshpage the drag&drop data is base64 encoded, so good luck decoding it without hacking techniques.

                  echo WW91IGFyZSBzdWNoIGEgbG9zZXIK | base64 -d -

                  "Sophisticated hacking techniques"... pfft..

                  link to this | view in chronology ]

                  • This comment has been flagged by the community. Click here to show it
                    icon
                    tp (profile), 26 Oct 2021 @ 6:45pm

                    Re: Re: Re: Re: Re: Re: Re: Re: This article was seriously misun

                    echo WW91IGFyZSBzdWNoIGEgbG9zZXIK | base64 -d -

                    If you had actually tried to decode the data from my web site, you'd have noticed that it's not actually base64 encoded. So you're a failure.

                    link to this | view in chronology ]

                    • identicon
                      Rocky, 27 Oct 2021 @ 4:07am

                      Re: Re: Re: Re: Re: Re: Re: Re: Re: This article was seriously m

                      Why would I waste time digging through your website, it's enough that you think using base64 is "sophisticated hacking techniques" which is a clear indication that your level of computer literacy is sub-par.

                      link to this | view in chronology ]

                      • This comment has been flagged by the community. Click here to show it
                        icon
                        tp (profile), 27 Oct 2021 @ 5:47am

                        Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This article was serious

                        a clear indication that your level of computer literacy is sub-par.

                        But your computer literacy isn't any better when you cannot keep browser's view-source dialog and the commandline tricks doing base64 decoding as separate operations. If you truly think that base64 decoding is part of view-source operation, your computer literacy is worse than sub-par.

                        link to this | view in chronology ]

                        • icon
                          PaulT (profile), 27 Oct 2021 @ 6:59am

                          Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This article was ser

                          "If you truly think that base64 decoding is part of view-source operation, your computer literacy is worse than sub-par."

                          Says the guy who doesn't know what encoding he uses, or given some comments here what the difference is between that and encryption.

                          Just in case there's anyone reading who is less ignorant than you (like, say, my cat), it's worth pointing out that "plain text" can include information that's encoded. Decoding base64 plain text is no different to opening up a dictionary to translate an unfamiliar word. I wouldn't be surprised if your litany of insane demands now extends to making the understanding of what you're reading illegal, but as usual the rest of us can be glad that your insane fantasy world still only has one resident.

                          link to this | view in chronology ]

                          • This comment has been flagged by the community. Click here to show it
                            icon
                            tp (profile), 27 Oct 2021 @ 1:00pm

                            Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This article was

                            Says the guy who doesn't know what encoding he uses, or given some comments here what the difference is between that and encryption.

                            The legal statues that make the hacking activity illegal, already activates when the info is being decoded from its encoded form. I.e. the protections that control the usage of the confidential material does not need to be bulletproof. Even if persistent hackers manage to crack the protections, the legal framework gives encoded information possibility to sue the violators of hacking laws. This is why distributing DeCss for cracking dvd disks is illegal activity, even though entertainment industry failed to protect their intellectual property from persistent hackers. You've yourself mentioned that all and any copy-protection mechanism is fundamentally crackable, so you cannot now reverse and demand usage of encryption. A mere encoding is enough to protect government's valuable intellectual property, and legal framework can handle the violations.

                            link to this | view in chronology ]

                            • icon
                              PaulT (profile), 28 Oct 2021 @ 1:57am

                              Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This article

                              "The legal statues that make the hacking activity illegal, already activates when the info is being decoded from its encoded form"

                              No, it really doesn't. That might apply to encryption, but not encoding, and your should be embarrassed not to know the difference.

                              "DeCss"

                              CSS is encryption, you raving dumbass.

                              link to this | view in chronology ]

                              • This comment has been flagged by the community. Click here to show it
                                icon
                                tp (profile), 29 Oct 2021 @ 12:53am

                                Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This art

                                CSS is encryption, you raving dumbass.

                                The fact that some people cracked their encryption is no reason to avoid liability under the law. Circumvention of technological protection measures is activating when they keep cracking copy-protections and avoiding the practices that entertainment industry put in place to protect against unauthorised copying of the material. The current case is no different, it still deals with unauthorised access of the protected content. You cannot claim that the access wasn't unauthorised.

                                link to this | view in chronology ]

                                • icon
                                  PaulT (profile), 29 Oct 2021 @ 3:04am

                                  Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This

                                  "The fact that some people cracked their encryption is no reason to avoid liability under the law"

                                  Yes, and there's no such law that applies to encoded data.

                                  "The current case is no different, it still deals with unauthorised access of the protected content"

                                  Again, the data was sent as a response to a request on a public website with no protection. It was authorised. It should not have been authorised, but the person viewing the authorised data is not liable for their screw up.

                                  link to this | view in chronology ]

                                  • This comment has been flagged by the community. Click here to show it
                                    icon
                                    tp (profile), 29 Oct 2021 @ 5:36am

                                    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                    Again, the data was sent as a response to a request on a public website with no protection. It was authorised.

                                    This doesn't mean that its authorised. Some web protocol cannot mess with the legal paperwork. You actually need to sign contract or something before you are properly authorised. If some 3rd party web module decides to send the data to anyone in the world does not mean that your authorisation paperwork is in order.

                                    link to this | view in chronology ]

                                    • icon
                                      PaulT (profile), 29 Oct 2021 @ 6:00am

                                      Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                      "This doesn't mean that its authorised."

                                      Yes it does. If something is on a public website that does not require any direct authorisation to view, it's authorised for the public to view. That someone behind the website screwed up and authorised something that should not have been authorised does not change the implicit authorisation that comes with every publicly available website.

                                      "You actually need to sign contract or something before you are properly authorised"

                                      Which authorisation did you sign to read the comments here? Which authorisation is required before people click on your links and laugh at your shoddy website?

                                      "If some 3rd party web module decides to send the data to anyone in the world does not mean that your authorisation paperwork is in order."

                                      Then, your problem is with the 3rd party, not the people who viewed the data that you mistakenly authorised through them. The person viewing the site had implicit authorisation to download it as part of the HTML code provided when they requested the public page.

                                      link to this | view in chronology ]

                                      • This comment has been flagged by the community. Click here to show it
                                        icon
                                        tp (profile), 29 Oct 2021 @ 6:17am

                                        Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                        Which authorisation is required before people click on your links and laugh at your shoddy website?

                                        my website with 3d models is slightly different than government's web site handling SSN's... I do not require any special kind of authorisation to access the data I created. But you cannot assume authorisation simply because some protocol uses 200 OK rest message.

                                        link to this | view in chronology ]

                                        • icon
                                          PaulT (profile), 29 Oct 2021 @ 6:39am

                                          Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                          "my website with 3d models is slightly different than government's web site handling SSN's"

                                          No, it's not. You type the URL into your browser or click a link and the site is loaded.

                                          "But you cannot assume authorisation simply because some protocol uses 200 OK rest message."

                                          No, but you can assume that when that page is not behind any kind of login screen and the served to you on a publicly available URL that you're authorised to see it.

                                          Again, you're deliberately confusing the issue here. Public authorisation was given when the data was served to the public. The fact that someone on the back end fucked up and the site served something they shouldn't have served is a totally different issue, and nothing to do with the people visiting the site.

                                          link to this | view in chronology ]

                                          • This comment has been flagged by the community. Click here to show it
                                            icon
                                            tp (profile), 29 Oct 2021 @ 6:41am

                                            Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                            No, but you can assume that when that page is not behind any kind of login screen and the served to you on a publicly available URL that you're authorised to see it.

                                            This kind of assumption leads to very illegal place.

                                            link to this | view in chronology ]

                                            • icon
                                              PaulT (profile), 1 Nov 2021 @ 3:21pm

                                              Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                              "This kind of assumption leads to very illegal place."

                                              According to you. The fun fact is that if your insane distortion of the facts was true, you could be held legally liable for viewing my comment here. Before you even reply to me, according to your idiotic interpretation of facts, you could be prosecuted before you typed a letter in response.

                                              link to this | view in chronology ]

                                              • This comment has been flagged by the community. Click here to show it
                                                icon
                                                tp (profile), 2 Nov 2021 @ 12:51am

                                                Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                                The fun fact is that if your insane distortion of the facts was true, you could be held legally liable for viewing my comment here.

                                                Yes. If you keep posting confidential information, or copyright infringements, then obviously anyone viewing your comments will be liable too. The law has concepts for direct infringer and secondary infringer and those need to be somehow linked to make a proper copyright case. And the whole bunch will be procecuted.

                                                I always knew that exploring techdirt was dangerous activity given that the people there had stupid copyright position. Guess we've got the message to you too now. Now we're just waiting what you do to fix the situation.

                                                link to this | view in chronology ]

                        • identicon
                          Rocky, 28 Oct 2021 @ 8:23am

                          Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This article was ser

                          But your computer literacy isn't any better when you cannot keep browser's view-source dialog and the commandline tricks doing base64 decoding as separate operations. If you truly think that base64 decoding is part of view-source operation, your computer literacy is worse than sub-par.

                          I never said it was, but that you think using base64-decoding is "sophisticated hacking techniques" is a clear indication of your sub-par computer literacy.

                          I should note that I have applied some of those "sophisticated hacking techniques" and my web-browser actually opens up my editor of choice when I do view-source, which happens to have built in base64 handling among other things.

                          And if I hadn't changed the settings in my web-browser, I could have used another "sophisticated hacking technique", copy & paste. Imagine that, showing off my leet skillz in such a brazen way!

                          And if I was particularly bored I could have used curl, grep & sed to feed base64 encoded text into a base64-decoder. Leet skillz indeed...

                          link to this | view in chronology ]

                    • icon
                      PaulT (profile), 27 Oct 2021 @ 4:23am

                      Re: Re: Re: Re: Re: Re: Re: Re: Re: This article was seriously m

                      "the drag&drop data is base64 encoded"

                      "it's not actually base64 encoded"

                      Well, I mean nobody can really disprove your stupid claim if you can't decide what the claim is in the first place...

                      link to this | view in chronology ]

                      • This comment has been flagged by the community. Click here to show it
                        icon
                        tp (profile), 27 Oct 2021 @ 5:44am

                        Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This article was serious

                        Well, I mean nobody can really disprove your stupid claim if you can't decide what the claim is in the first place...

                        They also cannot do it if you fail to use those awesome hacking skills you as a blackhat hacker own....

                        link to this | view in chronology ]

                        • icon
                          PaulT (profile), 27 Oct 2021 @ 6:54am

                          Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This article was ser

                          We're talking about the ability to parse text and your inability to understand the technology you supposedly work with. If this is awesome to you, then you're even more incompetent and ignorant than we thought - which, honestly is a hell of a trick given the low bar you usually set for yourself...

                          link to this | view in chronology ]

                          • This comment has been flagged by the community. Click here to show it
                            icon
                            tp (profile), 28 Oct 2021 @ 12:35am

                            Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This article was

                            If this is awesome to you, then you're even more incompetent and ignorant than we thought

                            There's very low bar in the law for considering your hacking skills criminally awesome. It's enough that you explore to areas of technology which in unavailable to other people due to legal problems. Basically, there's 3 main ways how it could happen: 1) bypassing login systems 2) circumvention of technological protection measures, 3) copyright infringement

                            All of them has the aspect where the hacker needs to explore illegal areas simply to do their hacking operations.

                            link to this | view in chronology ]

                            • icon
                              PaulT (profile), 28 Oct 2021 @ 2:00am

                              Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This article

                              "Basically, there's 3 main ways how it could happen: 1) bypassing login systems 2) circumvention of technological protection measures, 3) copyright infringement"

                              None of which happened in the story you're failing to understand. There was no login to bypass, the files were authorised to be received in plain text, there was no copyright applicable.

                              Once again, you're confusing yourself by trying to apply random things that only exist in your mind instead of the facts of the real world that everyone else is addressing.

                              link to this | view in chronology ]

                              • This comment has been flagged by the community. Click here to show it
                                icon
                                tp (profile), 28 Oct 2021 @ 5:03pm

                                Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This art

                                There was no login to bypass,

                                This isn't true. The SSN numbers were probably behind logins when the data was generated/stored in the servers.

                                the files were authorised to be received in plain text,

                                This definitely isn't true. Government simply doesn't authorize general public from accessing SSN numbers in bulk.

                                there was no copyright applicable.

                                This might be true.

                                link to this | view in chronology ]

                                • icon
                                  PaulT (profile), 29 Oct 2021 @ 3:02am

                                  Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This

                                  "The SSN numbers were probably behind logins when the data was generated/stored in the servers."

                                  No, they weren't. The whole point of the issue is that they were sent as part of the HTML accessed via the public website. The entire story is that they were publicly available.

                                  As ever, you're unable to deal with the facts at hand, so you invent a fictional scenario in which you're correct.

                                  "Government simply doesn't authorize general public from accessing SSN numbers in bulk."

                                  They do when they include them in the HTML sent as part of a request on a public site. They shouldn't be doing that of course, but they did.

                                  "This might be true."

                                  Of course it's true. So why did you pretend that it did?

                                  link to this | view in chronology ]

                                  • This comment has been flagged by the community. Click here to show it
                                    icon
                                    tp (profile), 29 Oct 2021 @ 6:40am

                                    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                    They do when they include them in the HTML sent as part of a request on a public site. They shouldn't be doing that of course, but they did.

                                    Well, you as a web page reader need to filter out confidential information. Any documents where there's clear signs of "confidential" or "company confidential" or something like that, and you need to stop reading the material immediately, even if it was publicly posted to the dark web website.

                                    Basically the whole idea that web servers are offering authorisation to all users is completely bogus stuff and whoever tries that are completely outside legal boundaries. I would call it fake authorisation attempt and belongs to the same category as spam emails or nigerian scams.

                                    link to this | view in chronology ]

                                    • identicon
                                      Rocky, 29 Oct 2021 @ 4:11pm

                                      1. A government-site isn't the dark web.
                                      2. You are free to cite any law that says that a web-site freely offering up an HTML-page is outside legal boundaries.

                                      Now I await your disingenuous attempt to move the goal post once again.

                                      link to this | view in chronology ]

                                      • This comment has been flagged by the community. Click here to show it
                                        icon
                                        tp (profile), 30 Oct 2021 @ 10:15am

                                        Re:

                                        You are free to cite any law that says that a web-site freely offering up an HTML-page is outside legal boundaries.

                                        check piratebay, i'm sure there exist legal paperwork that declares piratebay illegal even though its just offering html pages...

                                        link to this | view in chronology ]

                                        • identicon
                                          Rocky, 30 Oct 2021 @ 12:39pm

                                          Re: Re:

                                          check piratebay, i'm sure there exist legal paperwork that declares piratebay illegal even though its just offering html pages...

                                          And here we have it, you moving the goal-post once again as I predicted. It's like you can't stop yourself from proving that you are a disingenuous loser.

                                          link to this | view in chronology ]

                                          • This comment has been flagged by the community. Click here to show it
                                            icon
                                            tp (profile), 30 Oct 2021 @ 4:05pm

                                            Re: Re: Re:

                                            you moving the goal-post once again as I predicted

                                            Yes, when you write something stupid, I need to move goal posts to adjust to the changed reality. I simply cannot know beforehand how you want to go forward. So the goalposts are moving to the direction that YOU take it.

                                            link to this | view in chronology ]

                                            • identicon
                                              Rocky, 30 Oct 2021 @ 6:14pm

                                              I do wonder who the idiot was who conflated a government web-site with the pirate bay... It's nothing a reasonable person would do...

                                              link to this | view in chronology ]

                                              • This comment has been flagged by the community. Click here to show it
                                                icon
                                                tp (profile), 30 Oct 2021 @ 9:09pm

                                                Re:

                                                I do wonder who the idiot was who conflated a government web-site with the pirate bay..

                                                You're the one who claimed that html pages cannot be outside of the law's boundaries... just found example which proves your statement was invalid.

                                                link to this | view in chronology ]

                                                • identicon
                                                  Rocky, 2 Nov 2021 @ 6:58am

                                                  Re: Re:

                                                  You are one stupid and dishonest fucker, a first grade liar with a poor grasp on reality. Let's go back to exactly what you said:

                                                  Basically the whole idea that web servers are offering authorisation to all users is completely bogus stuff and whoever tries that are completely outside legal boundaries.

                                                  Which has fuck all to do with a website of dubious legality, but that's what you do, isn't it? Always moving the goal post, because you know you are wrong. And if you lack the self awareness to realize that you are wrong, you should seek professional help with your mental problems.

                                                  link to this | view in chronology ]

                                            • icon
                                              Toom1275 (profile), 30 Oct 2021 @ 9:58pm

                                              Re: Re: Re: Re:

                                              when you write something stupid

                                              [Projects facts not in evidence]

                                              link to this | view in chronology ]

                                    • icon
                                      PaulT (profile), 1 Nov 2021 @ 3:23pm

                                      Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                      "Well, you as a web page reader need to filter out confidential information"

                                      Which is of course not possible, since you don't know what will be displayed before you type in a URL or follow a link.

                                      "Basically the whole idea that web servers are offering authorisation to all users is completely bogus stuff"

                                      It's weird, I knew you didn't know how collaboration and creativity worked, but since you managed to get a working website online I didn't realise you didn't know how web servers worked...

                                      link to this | view in chronology ]

                                      • This comment has been flagged by the community. Click here to show it
                                        icon
                                        tp (profile), 2 Nov 2021 @ 12:59am

                                        Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                        Which is of course not possible, since you don't know what will be displayed before you type in a URL or follow a link.

                                        You can always immediately stop reading the page whenever you encounter confidential information. It doesn't matter if you typed in the url or followed a link, but google analytics will be your proof that you stopped reading the page immediately after detecting wrongdoing.

                                        since you managed to get a working website online I didn't realise you didn't know how web servers worked...

                                        Legal position of other technology vendors is always difficult to guess. Some of their positions are downright stupid, i.e. even pirate sites have a legal position, even though it isn't very good one. But even if you aren't a pirate site, you can still filter out complete nonsense from your evaluation, like that web server authors would be able to change authorisation settings of the government entity.

                                        link to this | view in chronology ]

                                        • identicon
                                          Rocky, 2 Nov 2021 @ 7:02am

                                          Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                          You can always immediately stop reading the page whenever you encounter confidential information.

                                          Define how to detect confidential information that works in all contexts. I don't expect you to be able to, since you aren't smart enough to understand context. What we'll see though is you moving the goal post or offer up some idiocy.

                                          Also, your legal theories aren't.

                                          link to this | view in chronology ]

                                          • This comment has been flagged by the community. Click here to show it
                                            icon
                                            tp (profile), 3 Nov 2021 @ 2:09am

                                            Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                            Define how to detect confidential information that works in all contexts.

                                            You just check for keywords like "confidential" or "company confidential"...

                                            Then you can look for signs of social security numbers for example. Or if it contains unpublished company secrets?

                                            Humans have no problems detecting such things.

                                            link to this | view in chronology ]

                                        • icon
                                          PaulT (profile), 3 Nov 2021 @ 2:53am

                                          Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                          "You can always immediately stop reading the page whenever you encounter confidential information."

                                          By the time I have the option to read it, the information is already downloaded, so you fail. Again.

                                          "like that web server authors would be able to change authorisation settings of the government entity."

                                          So, since nobody did that, you agree that the blame is with your fellow incompetents who offered the information publicly and not the person reading what they were given in response to a legal request?

                                          link to this | view in chronology ]

                                          • This comment has been flagged by the community. Click here to show it
                                            icon
                                            tp (profile), 4 Nov 2021 @ 7:35am

                                            Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                            The information is already downloaded

                                            This assumes that the only concern is if some network-side tracking entity notices you're reading the material. But this isn't the main concern in the legal sphere. In fact, this indicates that you just want to get away with your illegal acts by hiding your network traffic from trackers.

                                            But the real concern is your access to information which you're unable to handle. For example wikileaks have revealed tons of war memos which contain information that ordinary humans are not supposed to know about, and it could even be dangerous if read by children who do not appreciate the seriousness of the actions contained within the material. Some poor children learn that such activities are allowed within our system, and they use that information instincticly 50 years later when they have gained good position as a wingman of some army general. This all could be dangerous and the confidential information limitations are actually protecting consumers from the harms contained in the material.

                                            It isn't just embarrasements of governments or hiding wrongdoing that confidential flags in documents are closing. It's also information that is too sensitive or flamboyant that it needs to be closed from the world.

                                            link to this | view in chronology ]

                                            • icon
                                              PaulT (profile), 4 Nov 2021 @ 8:48am

                                              Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                                              "In fact, this indicates that you just want to get away with your illegal acts by hiding your network traffic from trackers."

                                              No, it indicates that you started with a story about people viewing what they'd been authorised to download, and now you're making up insane bullshit to avoid the fact that the problem is with the person who sent the data, not the person who requested the publicly available webpage.

                                              You'd get along a lot better in life if instead of spending days spinning fictional alternate versions of what's in front of you, you just dealt with reality.

                                              This is simple - person goes to a public webpage, sees that they have access to data they shouldn't have been given, notifies the page that they shouldn't have given it to him, the page is fixed. It's only you and incompetent politicians pretending this has anything to so with the person who visited the page, but at least we know the politician has a profit motive for his incompetence.

                                              link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Oct 2021 @ 9:25am

    Gov noise box.

    Bottom line, under no circumstances EVER do you publish sensitive data thru a publicly accessible system, there should be isolation. Encrypted, encoded - does not matter, you don't do it. That is the real crime, the Gov is making noise to cover this huge, big bad, no no. Hey look over here...those are the bad guys, don't look at your trusted state Government for the bad guys and stupid people. These people that told you about it, they are the bad guys, after all "he who smelt it, delt it", right? After all that's the states proud motto!

    link to this | view in chronology ]

    • identicon
      Rocky, 25 Oct 2021 @ 9:36am

      Re: Gov noise box.

      It's the old story of shooting the messenger because you didn't like what he said, and if you can't shoot the messenger, just make baseless accusation.

      link to this | view in chronology ]

  • identicon
    THOMAS AUSTIN, 26 Oct 2021 @ 4:11am

    Governor, I am a US Army Vet and conservative. You sir are a complete and uter moron. Ask any 12 year old and they can tell you that the source code is public. The developer dropped the ball and you want to punish a guy who pointed that out? Let me give you a comparative analysis. A guy walks into a pharmacy to pick his prescription up. He consults the pharmacist for the detailed prescribing information and it is provided to him. He reads it. Now Governor Dumb Ass wants him convicted for manufacturing a drug without a license because he read the chemical makeup of the drug available to the public. That's the equivalent scenerio playing out. Or here is another... A guy walks into a library and picks up one of the many volumes of the Missouri Revised Statutes. He opens the book. Governor Dumb Ass wants him prosecuted for practicing law without a license.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.