Hacker News new | past | comments | ask | show | jobs | submit login
The Ashley Madison Database Was Leaked (krebsonsecurity.com)
363 points by panarky on Aug 19, 2015 | hide | past | favorite | 506 comments



The response to this this on Twitter would be beyond fucked- up if it weren't so completely predictable.

People are posting direct links to the dump, screenshots of lists of emails, and statistics for classes of domains. The general reaction to the availability of the dump is reasonably characterized as "glee".

But no matter what you think about Ashley Madison --- and I think A.M. is so comically scummy that I had trouble believing it was a real thing before the breach apparently proved otherwise --- there is nothing ethically acceptable about publicly gawking at and sharing data from the leak.

The people doing this aren't victimizing Avid Life Media; they're re-victimizing the real victims of what is clearly an actual crime. If it's O.K. to hack into someone else's server and mass-out people for having profiles on a dating site because you suspect most of them might be "guilty" of the crime of "marital infidelity" --- and come on, 98% of the people talking about this on Twitter barely recognize that as ethically problematic in the first place --- how do you make a case that it's unethical for dragnet traffic looking for people who want to blow up civilians with homemade bombs?

Pungent hypocrisy isn't even the worst of it. By amplifying the drama and pageantry of the leak, people are altering the incentives attackers have to pull stunts like this. They're helping normalize a crime that most of us think really should be illegal. The people who created this dump are very unlikely to get caught for it. So what's really going to happen is that the next dumb kid who gets captured as the one unlucky DDoS "protester" in a group of 40 on an IRC channel, that kid is going to deal with a prosecutors who is further radicalized by events like this.

It's just a toxic, evil, repulsive scene.

"Avid Life Media" is gross and creepy, and apparently totally incompetent. I'm not saying everyone has to take a vow of silence about their getting completely owned up. I'm just saying you cross a line when you start circulating people's private data.


This is a great comment, Thomas.

I had an argument with my girlfriend about this. No matter what reasoning I used, no matter what I said, she could not agree that it was wrong that Ashley Madison (A.M.) was hacked.

Her position was that marital infidelity is such a pubishable offense that the participants on A.M. deserve to be publicly outed. In her view, it was not even up for debate. She felt so powerfully about infidelity that she didn't care.

My girlfriend is not a luddite, but she's also not an engineer. She isn't a programmer, doesn't work in tech, and is not particularly invested in ethical conversations about privacy. When I told her that hacking and outing people on a website because they do something you disagree with is playing God, she didn't seem to be phased at all. It was worth it. That this line of thinking could be used for things she did not agree with was not something I could convince her of. She simply values, in a somewhat totalitarian way, the justice inflicted on these people beyond her own right to privacy (or theirs).

My point here is that you can't convince someone this is unethical behavior if they are emotionally invested in it. I think it's disgusting that this is making the rounds on Twitter. But I don't think you could ever convince people they are being hypocritical. They simply enjoy having something to dislike, especially if it fits in their ideological conception of the world.

I think this is a strong parallel to the privacy violations with regards to the NSA. You can't convince people that it's wrong if they have elevated their own ethical crusade beyond their right to something such as privacy.

Sorry to hijack this comment with NSA.


The elevation of monogamy and closed relationships as the God-given natural status of a couple is the source of too many problems.

Same for not living our own sexuality in the open. By acting like this (that is: like you are supposed to) you are constantly prone to blackmail.

If you happen to have a wife that is entitled in her social-induced belief that even thinking about other women is good ground for the termination of a marriage, then external forces will have a great power over you.

If you live with a person that accepts external affairs, sex with other people and who is ok with your true sexuality (e.g. If you're bisexual or happen to like transgenders) you will always have someone on your side no matter what, and your relationship to that person can't be menaced by any eventual disclosure.

Social stigma might still have a leverage on you, but if you're open with your intimate circle of friends and business acquaintances it would be virtually impossible to use a sex-related scandal against you.

The Ashley Madison leak is interesting because of this, too. It's a breakthrough because it exposes behaviors that society still considers immoral and punishable. People that left behind this archaic way of thinking and built their life together with someone that shares more open sexual values are totally immune to this scandal.

This is certainly something that would have tickled Sir Bertrand Russell's mind.


> God-given natural status

The "God reasoning" isn't the only reasoning. Just like polygamy is a choice, so is monogamy. It's a sexual choice.

What is wrong is that people can't be open about that choice. People should be able to be open and honest about being polygamous or monogamous with their partner - yes, that might sometimes result in the relationship ending; but there's a good chance where there is a disagreement it would have ended with heartbreak further down the line anyway. This should occur long before marriage is ever on the table, or even, before a relationship is on the table.

In Africa it's important for people to know their AIDS status and be honest about it; I wish we could do the same thing with relationship preferences.

There is nothing wrong with wanting to have only one partner, there is also nothing wrong with wanting to have many partners. Both approaches to relationships have their pros and cons.

Either way, debate about polygamy vs. monogamy in this case-scenario is completely irrelevant. Someone was hacked, privacy was violated (it doesn't matter what privacy) and that is the end of that. There's no reason to attach another argument to the discussion because the hack was an outright violation in the first place.


> "Either way, debate about polygamy vs. monogamy in this case-scenario is completely irrelevant. Someone was hacked, privacy was violated (it doesn't matter what privacy) and that is the end of that. There's no reason to attach another argument to the discussion because the hack was an outright violation in the first place."

Is it that simple? Would the outright violation of a hack be the end of the story if we were talking about something that we all agree is wrong and/or illegal? What if it was a hack on a website that connected child pornographers, or cocaine dealers, or human traffickers, or arms dealers, or planet-destroyers, or abortionists, or super-rich exploitative CEOs?

EDIT: That list started off in my head as stuff that I thought there might be agreement on, but I couldn't think of anything beyond child pornographers, so it turned into stuff that significant groups feel very strongly about but on which there is no general agreement. Hopefully both sets of stuff make my point.


> Is it that simple?

Yes. The legal system is responsible for bringing criminals to justice. The system maybe imperfect but its better than vigilantes with a deeply held, righteous cause who honestly believe their targets to be evil. Fanatics of all stripes see themselves in that light and that kind of thinking is extremely dangerous. In truth, it should only be used in the event a blood revolution is the only option available to the citizenry.


If we say that it is never acceptable for vigilantes to release illegally-obtained information, then shouldn't we also be decrying Ed Snowden and Chelsea Manning? Their dumps certainly contained unpleasant stuff that could be traced back to individuals. There's got to be a line somewhere, even if it's not at Ashley Madison specifically.


the sad thing is, both of you are right, and no matter what I do, I cannot decide who is "more right". strange times indeed :)


You'll notice I left out an exception for revolution / rebelling against the government. If you get to the point you need vigilantes to fight the government, well, yeah.

In the context of a private company, yes, its never acceptable.


Pictures don't hurt anyone (except sometimes in the libel/slander sense).

But don't stolen credit cards get traded online? Or other impersonation / "identity theft" information? Maybe a marketplace for one of those would be a good example.

.

The trick is probably making sure that "something that we all agree is wrong" matches with things that actually harm people who didn't freely agree to it. Things like murder, coercion, kidnapping, breach of contract, ...


Infidelity harms some, unless we aren't counting emotional harm.


Infidelity is certainly harmful to someone (emotional harm is a real thing, not to be discounted) but so is exposing people's private lives and peccadilloes. Infidelity is something that should be resolved in private by the parties involved.

Whatever you do, someone will find it offensive or harmful to them, for some definition of "harmful" -- even the way you dress, or the music you listen to, or the books you read, or who you have sex with. This isn't a good enough reason to humiliate you in public.

I'd say you cannot compare infidelity with things like murder, extortion, or someone in public office engaging in corruption or grossly misleading the public. Those things do need exposing.


Why? Surely their commitment was public, if the person in question was married. If the state sanctions a contract, in this case marriage, and one party does something to offend that contract, then why not make it public?


Infidelity can be just as serious, morally speaking, if the person in question is not married but in a long-term monogamous relationship. Is this simply a question about the law? I thought people were arguing about moral outrage.

In any case, not every breach of contract must be made public for all to see and humiliate you.


Considering infidelity can lead to non-consensualy exposing people to STDs and possibly lead to rape (depending upon how you define consent).


No. Rape is not "I wouldn't have had sex with that person if I was better informed".

Where does that end? "He has an STD"? "He is unfaithful"? "He cheats at poker"? "He is a bad father"? "If I'd known that, I wouldn't have had sex, therefore it wasn't consensual".

(edited for grammar)


>No. Rape is not "I wouldn't have had sex with that person if I was better informed".

I never said it was. I said that under some definitions that people use it is. Especially when it involves disclosing use of birth control (all cases I know of involve men lying, as that increases the biological risk of the woman, while the woman lying doesn't make the man more likely to get pregnant) and when it involves lying about having STDs.

I'm not saying which definition is right, only pointing out that some people (and I believe some legal systems) do use such definitions (and as such this influences other moral decisions they make).


I think that knowingly lying about STDs is morally wrong (and in some cases, for some STDs, it -is- a crime to do so).

"Disclosing use of birth control" All the cases you know of involve "men lying"? I'm having trouble wrapping my head around that. I just don't see 'putting or pretending to put on a condom and then sneaking it off unknowingly before intercourse' as being a common concern in sex/pregnancy. If I understand you correctly?


Either taking it off or lying about having a vasectomy. From my understanding, the legal problem is that in these cases the man exposed the woman to a vastly increased risk of pregnancy that she did not consent to. And such cases do appear to be rare and only in some countries. Far more common (though perhaps still rare) is meeting people who think that consent must be fully informed. I'm not saying I agree with such people, only that they exist and to them some actions are far more immoral because of the way they view things like consent.


I think that lying about having a vasectomy is seriously wrong, and probably (but I'm not a lawyer) you can get sued for this in some countries.

However, in which country is this considered rape? It's consensual sex between people of legal age, only that one of them is a lying, amoral bastard, and the act can lead to serious long-term consequences like an unwanted pregnancy. But rape? Seriously?

Also, while lying about safe sex is certainly a despicable and immoral act, it's still a private matter between two people. I don't see that it's morally right for a group of strangers to arbitrarily decide to publicly expose and shame unfaithful people, particularly since, in the context of this discussion, they cannot even know if anyone is lying about any vasectomies -- it's entirely possible the cheaters practice perfectly safe sex -- or has actually committed any act of infidelity!


>Also, while lying about safe sex is certainly a despicable and immoral act, it's still a private matter between two people.

Why is it automatically a private matter? Perhaps you think it should be a private matter, but someone else may think it shouldn't be, and thus the morality of something like cheating may be to them much worse than it is to you, thus morally justifying more extreme actions to be taken to expose cheating.

Also to note, something does not need to be legally considered a given crime for a person to morally consider it such. You may think them wrong, but their view is still consistent given their underlying values that you disagree with.

That a person may view this hack differently than you may not be the result of a different view on the morals of hacking or the right to privacy, but on something more nuanced like a difference in distinction between what counts as consent.


Sex is a private matter by definition, between two or (ahem) more people. What you or other people think about it is mostly irrelevant, as long as the people engaged in the sex act are not doing something outrageously against social conventions, such as having sex right in front of you in a public space.

> Perhaps you think it should be a private matter, but someone else may think it shouldn't be, and thus the morality of something like cheating may be to them much worse than it is to you, thus morally justifying more extreme actions to be taken to expose cheating.

Sorry, I find this position totally unacceptable. Yes, we were always talking about people's moral opinions, which are subjective by definition, and everyone has one. People who are morally outraged about what other consenting adults do with their private lives are despicable (way more despicable to me than cheaters that keep their opinions to themselves) and they have no right to harm other people because of their own morals. Exactly how some religious fundamentalists have no right to publicly shame gay people, or some other religious people think it's their right to stone adulterous women to death.

This argument that some people care so deeply about what strangers do with their private lives that they are entitled to take "extreme actions" just doesn't fly.

PS: in which country is lying about a vasectomy exactly the same as rape then?


I stand corrected. I don't know why but the vasectomy route never crossed my mind. I can absolutely agree with your perspective there. And appreciate us having a civilized discussion about it.


What the... How can you conflate rape with infidelity? They are completely unrelated things! Rape is definitely a crime and an act of violence worthy of moral outrage. If you are forcing someone to have nonconsensual sex, that's terrible and totally unrelated to cheating. And you can have forced nonconsensual sex within a marriage. Seriously, rape is a completely different issue.

Exposing people to STDs is a problem which can also happen regardless of infidelity. Besides, are you saying if you practice safe sex while cheating then it's morally ok? Is it simply an issue of safe sex?


I'm not defending this position, so please don't pull out pitchforks or anything, just making an argument where this could be expanded into rape charges somewhere:

There are countries where having sex under false pretext is considered rape. For instance: saying that you are going to use a condom then removing it without the knowledge of your partner would be rape. One could argue that being in a marriage with the promise of monogamy, but failing to keep that promise, would mean that all instances of sex with your partner are then rape.

I repeat: I don't agree with this and I think that it belittles people that have actually experienced the horrors of forced rape. Perhaps there should be things protecting the victims of this situation, but calling it rape waters down the word and act. "Sexual Intercourse under False Pretenses" should have it's own set of laws and punishments around it if it should be punished, IMHO.


I hear what you're saying and I'm not pulling out any pitchforks, don't worry.

Having said that,

> For instance: saying that you are going to use a condom then removing it without the knowledge of your partner would be rape.

In which country is that rape? I think pretending to use a condom and secretly removing it is morally deplorable, and the mark of a terrible person, but it's insulting to actual rape victims to consider it rape.

> One could argue that being in a marriage with the promise of monogamy, but failing to keep that promise, would mean that all instances of sex with your partner are then rape

I can't think of any universe where this makes sense. It's an act of dishonesty, and a pretty serious one depending on your upbringing and personal convictions, but rape? Sorry, that sounds seriously fucked up to me. I wouldn't want to live in a place where being unfaithful is equated to being a rapist.


>There are countries where having sex under false pretext is considered rape.

Exactly. And I'm not saying that is right or wrong. That is why I said 'possibly', because it depends upon if you agree with such a definition or not and if the legal jurisdiction you live in operates with such a definition or not.


In exactly which countries is having sex with someone under the false pretense you're being faithful the same as rape? Note: not simply illegal or punishable by law, but actual rape. Otherwise I think this point is moot.

If there are such countries, I wouldn't want to live there.

PS: if we're talking about countries where adulterous women can be stoned to death, I think we can all agree that is horrible and the public shaming of Ashley Madison customers completely pales next to the crime against humanity that is mutilating or murdering people for being unfaithful or gay. I'd consider those countries completely beyond the scope of this discussion.


I thought that was said of Sweden, due to the Wikileaks thing. I'm not expert enough on their laws to claim to understand it, though.


True, I remember reading about it in (extremely confusing) articles online. This is also a potentially politically motivated case, and I cannot find a concrete and convincing description of Swedish rape laws online.


> Pictures don't hurt anyone (except sometimes in the libel/slander sense).

The hell they don't. Talk to someone who was not only abused, but knows that there are unwilling photos of their abuse circulating online for sadists to jerk off over. Psychological trauma is a real thing.


I don't think that's the trick.

I'm talking about greater goods than privacy and order, goods that make privacy and order good.

And I'm not just talking about things that one group or another really thinks should be illegal. I'm also talking about things that we've decided to tolerate as legal, but which we think are wrong -- maybe even grossly wrong -- and therefore (strongly) disapprove of and want to (strongly) discourage. I don't think things are so simple in those cases, either.


> Just like polygamy is a choice

That's not much of a choice though. In several places you can go to jail for it. Or it is choice in the same way that being a criminal is a choice.


Yeah, I should have prefaced that whole argument with "advanced societies." It's very hard to argue these points when you have e.g. the middle east getting in the way of rational and humane thought processes. In places like that you really have no choice or autonomy and arguments such as my original one simply hold no ground.


The middle east was an advanced society up until recently, definitely better off than Europe & co was during the middle ages in terms of scientific and mathematics and whatnot. Can we just call it "different"?


We're veering off-topic here. Suffice to say: I have my reasons, and they aren't just about a difference.


The middle east squatted on the remains of the roman/greek culture they destroyed, claiming civilization because they played with the few shiny things left.


You can't objectively label different cultures as not being advanced just because they're different. There could well be good reasons for enforcing monogamy on people that your society disregards. I'm just guessing here, but maybe no monogamy may end up with a lot of people suffering the natural human emotion of jealousy and perhaps something like most women queuing up to be with the most attractive men, leaving the majority of men without sex their whole lives. Maybe ancient societies experienced problems like that and decided to enforce a more "wealth distribution" kind of system like monogamy as a solution. Modern societies often laugh that off but they also can't explain the reason for it. It's a bit like deleting ugly code when you don't realize it prevents a corner case bug.

If we really had complete sexual freedom and didn't impose legal restrictions on it to protect human emotion then rape would be nothing worse than other kinds of physical force, even for children. Maybe that's how an even more advanced would see it?


Unfortunately, there's so much bigotry in the world that it's difficult to separate different types of criticism of large areas of the world, but it's entirely possible to be positive about Middle Eastern cultures and strongly against the power structures there. For example, they have great food and literature, but you can be whipped to death for publicly criticizing unelected rulers in places like Qatar. It's not necessarily culturally insensitive to say that's backwards policy.


You can't objectively label different cultures as not being advanced just because they're different.

When that culture normalizes things like throwing acid at rape victims and violent mass retribution for violation of religious laws, well, yes, I can and will label that culture as being backwards and primitive.


It's not really a choice. It's "the way things are supposed to be". The argument is not unrelated though, because it's relative the nature of our society. And that nature is what makes this hack so juicy to people that would have otherwise have ignored that as they ignored many other data leaks in the past. Freedom of choice is important, but you're not really free to choose polygamy when education and morals are still mostly driven by archaic religious beliefs.


> It's not really a choice.

Just like homosexuality "was not a choice" a mere few years ago: yet people did choose to be open about their homosexuality and did choose to fight for their rights as homosexuals. Look where we are today: the American courts now lawfully recognize that choice in marriage.

> archaic religious beliefs

So far as advanced societies go, believing in higher power(s) is a choice. It is certainly not archaic to those who choose to do so and in the somewhat broken world today, possibly more relevant to them than ever. I've never understood why those who are discriminated against have discriminated beliefs. It's not right when their force-feed their beliefs down people's throats, but that doesn't make it right to force-feed Atheism/Agnosticism down theirs.


> So far as advanced societies go, believing in higher power(s) is a choice.

Is it? That must be the reason why all recent U.S. Presidents were all fervent atheists...

Is it a choice in a society where swearing on a religious tome is still considered a rational way to induce people to tell the truth in court? I know that's just theater (otherwise perjury would not be a felony). Still, I think it's a telling detail of how far you would go without believing in something in contemporary American society.


We've gone from a data breach, to swearing on a Bible in courts. It's an interesting discussion but this is not the place to have it.


Why not? Tout se tient :)


Let me finish off by agreeing with you about eliminating the Bible in court. Not only is it out of place, but a person who doesn't believe in such things could swear on it and proceed to lie simply because they don't believe that they will go to Hell. This means that not only is it completely ineffective, but if an actually Christian person comes along they would be at an unfair disadvantage: being unable to lie like everyone else can.

The "wrong place" isn't HN, rather: it's text. A lot of nuance is lost in text and this is an incredibly nuanced subject. We'd most likely end up having a fierce fight 50 comments deep, where in person we'd probably land up agreeing on most things after 2 minutes.


I've got to strongly disagree with your stance about not discussing this in text form. Nuance is even more subjective than text. I'll go much further and say that if you can't express your view in text, you need to think about your view more because it isn't well formed. I think the problem is that complex ideas can't always be expressed in soundbite form. HN is better than Twitter but it's just not the forum for rational debate.


>if an actually Christian person comes along they would be at an unfair disadvantage: being unable to lie like everyone else can //

You may not be aware that the NT says that people shouldn't take an oath instead let your "yes be yes"; ie just tell it straight, be honourable. It's never come up but I'd be unwilling to swear on the Bible in court as it's against my faith as a Christian.


I like how you applied pure logic to the Bible problem. That was just an example for how even the court system, in the U.S. takes religion as the de facto standard for setting moral ground. :)

I do not agree though that text isn't the right form. We will probably never talk to each other in person, but we had a text-mediated prolific and mature discussion that, in the end, enriched both of us.

Thanks.


You're barking up the wrong tree. I don't think the core demographic of AM is people who are sexually liberated and in consensual open relationships. The site bills itself as an avenue for cheating, and people find that immoral because it implies breach of a relationship expectation/agreement.


Your "partner" may have three other sexual partners that you know about but that doesn't prevent them from having a forth that they keep hidden from you because they know you'll flip out.

You're not immune to this kind of scandal unless you're in a sexual relationship with somebody and you have no expectation to be made aware of their other sexual activities, in which case you're not in a healthy relationship.

I doubt Bertrand Russel would be very fascinated by polyamory - it's just another concept that works great in theory but becomes endlessly complicated in reality.


Why would you doubt it?

"The psychology of adultery has been falsified by conventional morals, which assume, in monogamous countries, that attraction to one person cannot coexist with a serious affection for another. Everybody knows that this is untrue."

"There can be no doubt that to close one's mind on marriage against all the approaches of love from elswhere is to diminish receptivity and sympathy and the opportunities of valuable human contact. It is to do violence to something which, from the most idealistic standpoint, is in itself desirable." [...] "but I do not recognize in easy divorce a solution of the trouble of marriage[...] but where there are children the stability of marriage is to my mind a matter of considerable importance.

[...]

I think that, where a marriage is fruitful and both parties to it are reasonable and decent, the expectation ought to be that it will be lifelong, but not that it will exclude other sex relations.

A marriage that begins with passionate love and leads to children who are desired and loved ought to produce to deep a tie between a man and a woman that they will feel something infinetly precious in their companionship, even after sexual passion has decayed, and even if either or both feels sexual passion for someone else. This mellowing of marriage has been prevented by jealousy, but jealousy, though it is an instinctive emotion, is one that can be controlled if it is recognised as bad."

Bertrand Russel, Marriage and Morals


I suppose I gave him too much credit in assuming he would avoid this topic entirely.


I think you might be confusing cause and effect. Long term serial monogamy is the norm across cultures and religions. It does not mean any other arrangements are objectively "wrong" but this meme of "Everyone would do X if not for cultural oppression!" is wrong. It's the same delusion that goes on with people who claim everyone is bisexual; it's a wish fulfillment fantasy of people who are outside the norm.


Where did you get that from? I'm not saying that, not at all. Do I think that living and open relationship (not necessary polygamy, because the terms implies numerous relationships each with the same affective and contractual status) is the best way to go? Yes. Does that imply that humanity, freed from the religious oppression, would go for that? Not at all. There might even be some biological bases for monogamy, but we are rational beings. We can work around our instinct. We do that all the time. Some of us can successfully do that for monogamy, too. It would be great if that could be more largely accepted.


You seem to be taking contradictory positions, or I'm misunderstanding. You think that open relationships are the best way to go. But then you say that most people wouldn't go for them if religious strictures were lifted. Are you drawing a distinction based on religion specifically versus culture overall? One would presume that worldwide, if there was no "artificial oppression", people would naturally be mostly into open relationships if that's truly the natural state.


The conclusion of your post seems to be that privacy is only necessary or desirable because of our ancient, obsolete religious hangups.

This seems to be a common view of the left on HN. The biggest example being the most common defense of privacy I see: "Gays need privacy because many live in countries where they will be killed if found out". So in other words, once the entire world is accepting of gays, there will no longer be a justification for the existence of privacy.

This is the wrong way to be looking at this issue. Regardless of what the users of this site did, it does not excuse the behavior of other parties. It doesn't excuse Ashley Madison's failure to protect user data. It doesn't excuse the hackers theft of that data. It doesn't excuse the disclosure of that data by the hackers or people on Twitter.

Lamenting people's hangups about infidelity is the wrong response to this situation.


Nope, maybe my formulation was a bit foggy, but that's not my point. I'm not saying that the old adage that you shouldn't be worried about your privacy being breached if you have done no harm or if you have nothing to hide. Quite the contrary.

Mine was a very specific assertion related to the king of leak we're witnessing: what's making this data so relevant and prone to gossip is the way we give for granted the monogamous nature of our relationship and how we deal with a moral set of dogmas that society inculcates on us "because God says so".

Who doesn't live by these archaic impositions and accepts more open forms of relationship has a strong advantage because his pursuit of perfectly natural sexual desires doesn't need to be hidden and is not considered (especially by the partner) as an immoral and punishable thing.


> The elevation of monogamy and closed relationships as the God-given natural status of a couple is the source of too many problems.

Don't pretend that monogamy is purely socially constructed. There is absolutely nothing wrong with consensual open relationships, and we'd all be better off if the taboo against them went away, but there is definitely something wrong with making a promise to someone you love about something that matters to them and then breaking it behind their back.


Or maybe simply don't marry? That's anyway the present and future and humanity is in transition. The west drives it and east follows in a few generations. EDIT: When almost 30% of marriages end in divorce and that number growing, it doesn't make sense to have laws around marriages.


Yes, have a partner, if you want, but don't marry. I agree. In Europe, where I live, is considered normal to legalize a union not as a marriage but as a simple contract between two persons. That's more than enough to take care of the legal stuff that getting married would normally imply (right to visit a sick partner in the hospital, some forms of mutual agreement about the financials of the couple, etc...).


You're using "that" when you should use "who": "a wife who", "a person who"


Thanks for the correction, I'm not a native speaker, and it shows. I'm always looking for constructive criticism to make my written English better.


Try explaining to her about the case of some gay men in the middle east using the website discreetly who run the risk of death after this leak: https://news.ycombinator.com/reply?id=10084651 (citing a reddit post).

And, if you are comfortable putting her in a precarious position, you should ask her if she honestly knows of any of her girlfriends who have cheated before. Or, more simply, if any of her girlfriends are not single and have a Tinder account. I've noticed the "shoe on the other foot" has silenced many of the Twitter camp.


For me there are only two honest responses: A) "I can understand that vigilantism of this kind can hurt innocent people is therefore wrong" B)"if needed, the innocent should suffer so that those who I dislike are ruined".

The latter position can be dressed up in all kinds of fancy words "bad people must be brought to justice no matter what". Stripped down to its core, however, and barring the exceptional circumstances, I would say that the desire for street-justice is pretty much evil. So far as I can tell, the rationale for position B is full throttled emotion: "I [want to] hurt the people I don't like and I [want to] kill the people I hate. Doing that makes me feel good, so it is good."

Needless to say, I stay as far away from those who subscribe to position B, as humanly possible.


It's like, you know who has a stronger opinion about wrongdoing than people who dislike infidelity? The people who picket abortion clinics.

Also: there's a neat parallel to the NSA here, in that a substantial portion of the users registered for A.M. probably haven't been unfaithful, and are getting "dragnetted" up with the people who have, because who's going to take the time to sort that out?


Was there ever any requirement that one be in a relationship to join the site? I'm sure more than a few would have joined, while pretending to be in one, and subsequently have started a relationship.


According to this poster: https://www.reddit.com/r/lgbt/comments/3ebzzj/i_may_get_ston... there is not a requirement to be in a relationship to use the site. And now he might die, because of the leak.


>And now he might die, because of the leak.

Isn't this akin to blaming Snowden/Manning for diplomatic fallout instead of blaming those who were engaging in the wrongful practices that led to the fallout.


FYI, for others reading this comment: The wrongful practice implied here is the stoning, not being gay. Took me awhile to figure that out. I almost went on a rant.


tl;dr: In this case, it is the people killing gays who are at fault for gays being killed.

I see three parts. Engaging in gay relationships, the hackers releasing data, and the people who do the stoning.

In the Manning/Snowden case, there are also three parts.

The US doing bad things, Manning/Snowden releasing it, and other governments reacting.

Now, in the Snowden/Manning case, media tries to place blame for 3 on 2 instead of 1, when blame should be placed on 1.

In this case, people seem to be placing blame for 3 on 2, when blame should be placed on 3 (unless you fully believe that gay relationships should end in death, in which case it should be placed on 1, but few people on HN believe that).

So there is a slight difference in that the blame should rest on the initial actor in the Snowden/Manning case while in this case the blame should be on the reacting actor (the ones killing people). But I think it is very similar in trying to blame the data release instead of the responsible party.


Let's say that the star-bellied Sneetches are rounding up the plain-bellied Sneetches and sending them to -- well, you're not exactly sure where they're sending them, but none of them have ever come back.

Needless to say, the plain-bellied Sneetches don't think much of being rounded up, so they hide. A few star-bellied Sneetches sympathize with the plight of the plain-bellied Sneetches, and help them hide.

Your neighbor is such a Sneetch, but is not careful enough, and you find out that there are a half-dozen plain-bellied Sneetches hiding in her basement.

Fortunately, when the trucks come around at midnight, it's not your fault just because you've told everybody you know. It's the fault of those damn star-bellied Sneetches.

I'm not sure where this leaves Snowden and Manning. I would probably argue that they exposed a greater evil than might have been perpetrated as a result of their disclosures.

Impact Team, though -- snitchy Sneetches, all of them.


>It's the fault of those damn star-bellied Sneetches.

Is it any less their fault if they find out via the National Sneetch Agency than if you tell them? I wouldn't think so.

So is it any your fault? Is blame like a pie such that if someone has 100% of it, everyone else must have 0%? Or is it limitless, where two people can be 100% to blame?

As you said, if we do think snitches are to blame, it does leave Snowden and Manning to be blamed. Maybe it is worth it, but they are still to blame.


Oh, the star-bellied Sneetches bear blame, all right. How they found out about the plain-bellies doesn't change that.

What does change is who else might be responsible, and who among them bears blame. Your neighbor is responsible, but not to blame -- she intended to help the plain-bellies hide, but made a mistake. You would bear both responsibility and blame, as your disclosures led to the plain-bellies being whisked away, you can be expected to have know that would be the likely result, and you didn't have a good reason to do it anyway.

Snowden and Manning would also bear responsibility for the consequences of their actions. Blame? I don't know. I tend to doubt it. Even though they should have expected that there would be bad fallout, I do believe they had a good reason to move ahead.

Impact Team? I'm not sure what justifies putting a man in jeopardy of his life, but personally, I (edit: do not) think that outing millions of (by-and-large unsuccessful) adulterers rises to the occasion.


And at the same time, it's also the fault of the people who released the data. Because they released the data.


Well, there's plenty of blame to go around. For me it serves as a reminder that the right to privacy exists for many reasons, and that some of our users are more in need of security and protection than others - for some of them, digital security really is a matter of life and death.

It reminds me that we should be careful with security, and also honest about what we can and can't do. Ashley Madison promised emails would _never_ be exposed - a promise they were either not willing or not able to keep.


No. Not at all.


I always thought it would fun to join when I was single.

Then I could be accused of being a dishonest immoral monster when my hookups discovered I wasn't really married.


> Was there ever any requirement that one be in a relationship to join the site?

No, it's only marketed/targeted towards that demo.


I think there are three questions here.

Is it legal.

Is it moral.

Should it be legal.

The last is quite complex and I won't get to it here because of the vast differences in moral theories as to what should and should not be legal.

As to the first, is it legal? Hacking isn't. The end.

But the middle question is interesting, and I dare say that many people have views such as my own, where morality is not dependent on legality but on morality. And I would also dare to say that most people do not have an issue exposing people who are using websites to commit very immoral actions. So the question becomes one of if the action of cheating is immoral enough to cross this threshold. That question is a really deep moral one and you probably have as much ability to change as most any deeply held moral view.

In short, most everyone agrees the right to privacy has limits based on extremely immoral actions. The difference is only in what counts as immoral enough, which is far less a distinction than 'right to privacy means hacking is wrong'.


I think you have the right approach, but infidelity is not "strongly immoral" in the sense that it entitles you to publicly humiliate people you aren't in any way related to. It's a private matter between two (or actually, more) people. Your spouse has the right to tell you what you did is "strongly immoral", but Joe Public doesn't. I have zero respect for someone from the public who thinks their moral outrage entitles them to shame someone else for who they have sex with.

"Strongly immoral" which belongs in the public sphere is more like human trafficking, murder, corruption in public office, etc.


"It's a private matter between two (or actually, more) people."

Well, given that they're keeping their partner in the dark in the first place I don't see anything wrong with exposing the cheating scum.


That's a private matter between the people directly involved. Maybe their partner would also be humiliated by the exposure of their private affairs (I know I would), in which case it makes things even worse.


If you were only telling the person being cheated on, you might have a point. But since you're now telling the entire world that someone was cheated on, or maybe not even cheated on, you've kinda lost that.


Well the point is that the hackers picked a pretty good target. You're never going to convince me and millions of others that exposing cheaters is a bad thing, even to the entire Internet.


There has to be an extremely strong moral case to override something already being illegal. This doesn't even come close.


Perhaps under your moral framework. But perhaps some other person's framework is different, either requiring a weaker case, seeing this as being a strong enough case, or maybe even having an exception just for a case like this.


It's awful, but I also can't help but be happy that this and other hacks like the Fappening will once again make people realize that privacy does matter, and everyone has "something to hide".

Law enforcement is having it too easy with the "terrorists can't have safe spaces to communicate" and "think of the children" messages - but what about "think of the adults"? At least this way, people will think twice about supporting mass dragnets or having their data stored unencrypted.


I wonder how she would feel if she was addicted to narcotics, went to NarcAnon and then had her name published when someone leaked/hacked their database because "those people shouldn't have done drugs in the first place". Or replace NA with AA.


I can tell you exactly what a person like that's response would be: "I would never do drugs."


"I don't mind if the government can read my emails, I have nothing to hide."


I think there's a small but important difference. The hack would be closer to someone revealing the list of customers of whoever gave her the narcotics. They did not reveal the identity of those trying to fix their issues, like AA/NA would be.

Or, to put it the other way around, they revealed the database of the cheating site, not the patient list of the marriage counselor.


Presumably she would be fine with a case where Man uses his contacts to find his wife (who left him) via a mate in the phone company?

This is an actual case used at British Telecom to emphasize how you should NEVER abuse your access privs.

The sobering end of the story he killed her.


We are never the infidels. Only "they" can be infidels.


Is there a word for things that only other people can be? The one that always comes to mind is "tourist".


It's 'outgroup'.

There's a really amazing post here about outgroups and the distorted way we reason --- or fail to reason --- about them. It's a bit long, but totally worth the read.

http://slatestarcodex.com/2014/09/30/i-can-tolerate-anything...


Thanks! That helped:

https://en.wikipedia.org/wiki/Ingroups_and_outgroups

"In sociology and social psychology, an ingroup is a social group to which a person psychologically identifies as being a member. By contrast, an outgroup is a social group with which an individual does not identify."

https://en.wikipedia.org/wiki/Social_identity_theory

"A social identity is the portion of an individual's self-concept derived from perceived membership in a relevant social group.[1] As originally formulated by Henri Tajfel and John Turner in the 1970s and the 1980s,[2] social identity theory introduced the concept of a social identity as a way in which to explain intergroup behaviour.[3][4][5]"

Still, individuals do change their ingroup membership and can remain as intolerant to then fully new outgroup. It would be good to have a name for this phenomenon: being intolerant to whatever person's current outgroup is. And there is one, which happens to have more uses than only this:

https://en.wikipedia.org/wiki/Prejudice

"The word is often used to refer to preconceived, usually unfavorable, judgments toward people or a person because of gender, political opinion, social class, age, disability, religion, sexuality, race/ethnicity, language, nationality, or other personal characteristics. In this case, it refers to a positive or negative evaluation of another person based on their perceived group membership.[1]"


> really amazing [...] a bit long, but totally worth the read

You have just described at least half of the dozens of posts on that blog.

(There's a best-of list, still intimidatingly long, here: http://lesswrong.com/r/discussion/lw/mmg/yvains_most_importa... and a best-of-best-of subset of that, unfortunately with only the titles and no links, here: http://lesswrong.com/r/discussion/lw/mmg/yvains_most_importa.... I haven't looked through either of those lists and make no claim that they have successfully selected the best. The lists include not only posts on Slate Star Codex, but also others -- mostly earlier -- from the same author elsewhere.)


The point that really came home to me from that post is that --- to use the author's terminology --- an outgroup is a tribe which is in conflict with my tribe. In other words, a tribe whose activities is irrelevant to me is not my outgroup. So tolerance towards it is easy and therefore worthless.

This is something I've never seen stated outright before, and it seems totally true to me.


Yup!

(For the avoidance of doubt, my comment that what you said applies to lots of things on SSC wasn't intended as any sort of criticism -- I wasn't saying "boo, you failed to describe the article in a way that distinguishes it from the others" but "yay, SSC has a lot of really good articles".)


It's okay, I totally got that. I will admit that I haven't read any of the others; I'm still thinking about this one...


Only they: terrorists

Only you: freedom fighter, liberator

Only they: imperialists

Only you: protector

Only they: baby killers

Only you: collateral damage

I'm sure George Carlin could come up with more expensive shots… Man, I miss him.


From Lord of War:

"Every faction in Africa calls themselves by these noble names - Liberation this, Patriotic that, Democratic Republic of something-or-other... I guess they can't own up to what they usually are: the Federation of Worse Oppressors Than the Last Bunch of Oppressors. Often, the most barbaric atrocities occur when both combatants proclaim themselves Freedom Fighters."


Unbelievers. Only others can be the ones not believing what you believe at the given moment (you can of course believe the opposite later, but you just "changed your mind" or something). Religions use that word to proclaim or even demand that something bad should happen to the others.

Interestingly, some people discussing the leak show emotional and "religiously righteous" response to the people who possibly made or even just considered an act of "infidelity" (not to be confused with the "infidels.")

Infidel: "Late 15th century: from French infidèle or Latin infidelis, from in- 'not' + fidelis 'faithful' (from fides 'faith', related to fidere 'to trust'). The word originally denoted a person of a religion other than one's own, specifically a Muslim (to a Christian), a Christian (to a Muslim), or a Gentile (to a Jew)."

C.f. Barbarian, 2: "2. Hist. a. One not a Greek. b. One living outside the pale of the Roman empire and its civilization, applied especially to the northern nations that overthrew them. c. One outside the pale of Christian civilization. d. With the Italians of the Renascence: One of a nation outside of Italy."


Is there a word for things that only other people can be?

Kinda along similar lines: expats vs. immigrants.

"Oh no, Paul and Iza are expats. Not at all like those job-stealing immigrants who moved in next door..."

(aside: does wrong fit your original question?)


This isn't a valid example. "Expat" is a very specifically defined term in the vernacular of people that live outside of their home countries: it means a person that moved to another country for a specific job (usually because they were recruited into that job). Expat is a sub-class of immigrant; not all immigrants are expats, but all expats are immigrants. Also, despite what people that make this argument try to claim, many self-identifying and generally accepted "Expats" are not white and / or come from non-Western countries.


Wikipedia somewhat agrees with you, saying:

> In common usage, [expatriate] is often used in the context of professionals or skilled workers sent abroad by their companies.

A Guardian writer disagrees, saying "expat" means "white immigrant":

http://www.theguardian.com/global-development-professionals-...

Personally, I think "expat" is used more in the sense of an (usually white) immigrant from a richer country to a poorer country. EG, an Indian recruited to work at Google in San Francisco would be an expat by your definition but I think most people would use the term "immigrant." Conversely, I'd expect the term "expat" to be used for an American white guy who was travelling the world after getting laid off, impulsively decided to stay in Bangkok, and now does freelance web design, lives in a nice neighborhood, and hangs out mostly with Americans and Europeans.

I am not saying I think this is how the term should be used, just describing my experience with it.


While that does ring quite true to me (I'm an 'expat' immigrant myself, although moving both to and from rich countries), I think the piece hit a bit off target: It's a 'rich' thing, not a 'white' thing - the white polish plumber or builder in the UK is unequivocally considered an immigrant, the software engineer is more likely to be an expat.

Also, one deeper, to my ear, 'expat' has a flavour of intending to return, where immigration generally sounds more one-way and permanent - which of course again parallels the 'rich' narrative: it's much easier to intend to return to your rich country of origin than it is to return to a poor one.


I lived in Berlin and knew many Indian and African software professionals who moved to Berlin for a specific job and very much considered themselves (and were considered by others) to be expats. I understand what you're saying, but in practice the usage of these terms doesn't break down in the way that the Guardian article would lead you to believe.


Berliners call everyone not settling down permanently "tourists" and resent them somewhat, if my impression is correct.


I feel the rich vs poor country is irrelevant and the key point is the "hangs out mostly with Americans and Europeans". E.g. if I move to Japan, work for a Japanese company and have mostly Japanese friends, I'm an immigrant. If I work at an English-speaking workplace and have mostly English-speaking non-Japanese friends, I'm an expat.


A lot of UK expats are retirees, eg in Spain. To me the word differs to emigrant in that UK expats still consider themselves to be citizens [well subjects at least] of the UK. They wouldn't seek to be naturalised to their host country and will often spend a prolonged time in the UK (like many UK families with Pakistani heritage seem to spend a long time there). The flavour or how "expat" is used in the UK is for people on an [very] extended holiday.

People who "emigrate" from the UK primarily seem to go to Australia, by that I mean that's how the word is used. A high-school friend went to "work in the States" rather than "emigrating to America", for example.

Migrant (emigrant/immigrant) seems to be used primarily for those under some duress of compulsion, eg threat of violence or need of work that is otherwise unavailable.


I've said "I'm a tourist" before.


One could always coin a new one or borrow an existing word. I like xenonym, but it's current definitions seem inapropos.

https://en.wikipedia.org/wiki/Xenonym

https://en.wiktionary.org/wiki/xenonym



What about those who were on the site with the consent of their partner (swingers, poly, etc)? People who were single and on the site looking for a short-term fling? People just there out of curiosity, or signed up impulsively one night and deleted ("deleted") their account the next day? I would guess the number of married people who signed up, contacted someone, and had an affair through the site are actually in the minority (given the typical funnels for this sort of site, and all the hidden fees involved)

There are going to be a lot of very embarrassed people who committed no adultery.


> When I told her that hacking and outing people on a website because they do something you disagree with is playing God, she didn't seem to be phased at all.

I think she might be fazed by your telling her what is and isn't playing God.

> you can't convince someone this is unethical behavior if they are emotionally invested in it.

It would be unethical for A.M. to give out this data. It is almost certainly illegal for a hacker to do so, and you can argue that it's immoral, but it's not clear how it's unethical. Since the hackers did not make monetary demands (or did they) they seem to be operating according to their own code of conduct.

I'd say the most clearly wrong thing about this is disclosing CC details. The rest of it comes down to public shaming, and your girlfriend is simply taking the position (I believe) most women (I believe) take that cheaters deserve to be shamed.

Now, as to the CC details thing, surely it's the CC vendors who are the most unethical. Their entire system is hopelessly insecure and yet they persist in using it rather than adopting a more secure system (which they could certainly afford to do).


It's a common thought patterns. People have rights, but an arbitrarily selected set of moral principles override those rights.

It's no different from the people who support "Free Speech, except for hate speech". Or privacy, except when the person whose privacy is invaded is a racist piece of shit who doesn't deserve privacy because invading his privacy revealed him to be a racist piece of shit.


One comment you could make - is she pro-life/choice? (You don't have to answer to us). Would she feel the same if she was pro-choice and Planned Parenthood's databases were compromised by religious hackers? (I know that termination is only a small percentage of what they do).


Speaking of NSA, do you think Snowden's revelations were unethical or misguided?


If it had resulted in even a single death, then yes, it would have been negligent of him to release it.

But from what I understand, after watching his talks, was that was THE REASON he gave the docs to journalists, so they could evaluate the downsides of releasing each doc.

Unethical, absolutely. He breached his employment contract, and exceeded access to systems under the pretense that he was given access to them.

Since you asked...


No.


That was supposed to be rhetorical.


You don't appear to be varjag. :)



I think your explanation about why the twitter crusade feels so despicable is right on, dsacco and Thomas. Yet I'm struggling with why I (and much of the tech community) was OK and frankly downright gleeful at publicizing the Hacking Team hack - their data was exposed illegally and were engaged in immoral behavior re: working with various abusive governments (and had previously denied these facts). If I'm OK with people losing their right to privacy when they violate my moral sense, then am I much better...?


Umm. Shit.

If you come up with a resolution to the cognitive dissonance you just exposed then please let me know.


I'm think disagreement is not about privacy per se, but rather the absolute moral correctness of our legal principals. E.g. other people in this article have commented that people who have affairs deserve to be punched in the face (which is also illegal).

I think engineers tend to place higher values in legal principals, because (a) we tend to prefer rule based solutions and (b) the tendency to allow exceptions to the law also results in school bullying, which nerds have a greater experience with.


People who have affairs arguably deserve to be punched in the face by their spouses (figuratively speaking; I don't advocate actual violence), not by Joe Public.


What is her opinion about stoning people to death for adultery? Because for some involved, I imagine, it would be more desireable outcome than the one they will be facing now.


Well, one way to explain this to your girlfriend is that it is a crime to steal information, even if you are stealing it from people you don't like


Lots of people don't care about that crime. Look at this thread!


understood. They should care because people who go around stealing information will eventually steal their information as well.


Putting aside her feelings of infidelity, and talk about it from the perspective of the spouse that is being cheated on.

Perhaps the people who is having the affair should be outed, but what about their spouse? Shouldn't the pain of the extra marital affair be more than enough? Now you have to add in public shame as well?


Some people simply lack the capability to challenge their own opinions and beliefs. I find it very unattractive. On the other hand other people like myself are too objective and open minded, and as a result never form a strong opinion on anything, which is probably equally unattractive.


I'm glad you did. Both your comment and the parent you were responding to were lucid and well worth the read.


Tell her that two wrongs never make a right.


For whatsoever a man soweth, that shall he also reap.


> Her position was that marital infidelity is such a pubishable offense that the participants on A.M. deserve to be publicly outed. In her view, it was not even up for debate. She felt so powerfully about infidelity that she didn't care.

Congrats! Your girlfriend is a human-being.

And if she's not an IT person, she won't see this case same way you do. To her this case is like a bulk caught of (mostly) vast number of men caught cheating - and heavily exposed!

I don't see nothing wrong with your gf approach. After all, millions of "law abiding" citizens are in jail because law was on their side, but disgusted jury found them guilty anyways.

And I say as long as we live in a society and we want to keep living in rather morally healthy society, it's a good thing.


>The people doing this aren't victimizing Avid Life Media; they're re-victimizing the real victims of what is clearly an actual crime. If it's O.K. to hack into someone else's server and mass-out people for having profiles on a dating site because you suspect most of them might be "guilty" of the crime of "marital infidelity" --- and come on, 98% of the people talking about this on Twitter barely recognize that as ethically problematic in the first place --- how do you make a case that it's unethical for dragnet traffic looking for people who want to blow up civilians with homemade bombs?

That wasn't the intent.

The true intent: "In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee."

Impact Team's manifest is that AshleyMadison is fraudulent at business practices (e.g. charging people extra for profiles that were never deleted) and that's why the Impact Team is embarrassing the company.

I understand this is emotionally charging but don't twist the intent around to, "The Impact Team believes the members on Ashley Madison are guilty of the crime: marital infidelity and thats why they're leaking the 10GB Database."

Stick to the facts when opining, Thomas :).


The true intent: "In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee."

So to show the people who use ALM's services that ALM lies about their policies, the users need to be exposed?

Well it's an effective strategy, I'll give them that. But I can't shake the feeling there's a hidden fuck-you in there somewhere to the people they're outing. Just be honest, this is a complex issue with so many permutations it's hard to take any moral position. A lot of cheaters will be outed, a lot of innocent people may have their lives destroyed. What has been achieved?


>But I can't shake the feeling there's a hidden fuck-you in there somewhere to the people they're outing.

That's not what Thomas is saying. He's literally saying that the main intent of why Impact Team released the 10GB database is because they felt users are guilty of the crime of marriage infidelity.

His statement is counter to what Impact Team specifically said, "publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee."


Impact Team are being disingenuous - if you want to punish a liar you don't attack those who were fooled by the lie. More importantly, we don't know why a particular user was registered with the site - there are legitimate reasons why they may have used it including checking whether their partner was active on the site or using it at a time they were single for hook-ups. This leak will potentially destroy or taint innocent peoples relationships.


I have to disagree here strongly. The statements published by Impact Team are heavily laced with vitriol towards the users of the service. I feel their statement about exposing ALM is just a loose attempt at claiming virtue around their act. I am quite sure it was not in any way the prime motivator.


> If it's O.K. to hack into someone else's server and mass-out people for having profiles on a dating site because you suspect most of them might be "guilty" of the crime of "marital infidelity"

I think you've misunderstood. "you" are the people judging that the hacking was OK and outing the victims, not the people who did the hacking. I'm pretty sure Thomas is making no claim about the intent of the hackers themselves.


Its possible I misunderstood. Pointing out the word "you" does bring out a different context for me.

Thank you for showing me that.


    Stick to the facts when opining, Thomas :).
Where in his comment did you see him speak to the intent of the leakers. He's just pointing out the consequences and the hypocrisy of spreading the leak all over the internet when you complain about widespread spying. Hurting someone in order to get back at someone else is a very poor justification.


>If it's O.K. to hack into someone else's server and mass-out people for having profiles on a dating site because you suspect most of them might be "guilty" of the crime of "marital infidelity" --- and come on,

To me, Thomas's opinion doesn't appear to be based on facts simply because Impact Team specifically said, "it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee."

Maybe if he edits his original opinion to not suggest Impact Team released the Database because of marital infidelity?


I think there's enough moralizing dripping from Impact Team's preamble to the release to support Thomas' suggestion.

"We have explained the fraud, deceit, and stupidity of ALM and their members."

"Chances are your man signed up on the world's biggest affair site, but never had one. He just tried to. If that distinction matters."

"Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you'll get over it."


These are the quotes you're using to suggest that Impact Team's intent was targeted against the guilty marriage infidels? I don't know if I agree that those are reasonable enough quotes to ascertain that was their true intent.

This sounds like the real intent, "The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee."


It sounds like the Impact Team can't get their story straight on what their real intent actually is.


Honestly, I'm more concerned about how easy it would be for the hackers to inject virtually anybody they wanted into the middle of this data to publicly smear them. With the public in a general froth over the whole episode, dropping in a celebrity, politician, preacher, etc would be child's play.

I don't like anything about that site and I have a really hard time feeling sorry for people getting "outed" by it, but you're absolutely right. Allowing the illegal when it's convenient for you is not okay, even though much of the public is totally fine with violating people's privacy as long as it fits their world view.

We already saw the response when a newspaper in NY published a map of registered gun owners a few years back.

With medical records digitized, what the public response be to publicly disclosing abortion data? We've already seen the general response to planned parenthood videos.

Your data privacy is either important or it's not. There can't be this "I think these people deserve it so it's okay now" convenience case.

But as somebody else said, when they're emotionally invested they don't care.


> Honestly, I'm more concerned about how easy it would be for the hackers to inject virtually anybody they wanted into the middle of this data to publicly smear them. With the public in a general froth over the whole episode, dropping in a celebrity, politician, preacher, etc would be child's play.

This is the new scary. I'm not even sure how you would defend yourself. Its not like the normal lies are easy to defend, now people are taking this database dump as holy writ without consideration of the source or skepticism of its contents.


>Honestly, I'm more concerned about how easy it would be for the hackers to inject virtually anybody they wanted into the middle of this data to publicly smear them. With the public in a general froth over the whole episode, dropping in a celebrity, politician, preacher, etc would be child's play.

This is similar to my view on the death penalty. While most people debate over the morality (Is it right to murder a murderer? Is it right to out a cheater?), I am more concerned about the "facts" (Was a person wrongfully convicted? Is the data correct?).

In the case of the Ashley Madison data dump, there are at least a few points where it could be manipulated. It could have been done to the original data dump, copies of said dump floating around (since the average person wouldn't know which one is the original), and sites that have popped up allowing searching of email addresses (since really, the average person wouldn't know how to download and search the data dump).

Even if all those weren't manipulated, someone's email address could appear because someone else used it. I randomly searched for case@aol.com and obama@whitehouse.gov on one of the email search sites and both showed as hits.

I can easily see someone inserting fake data just for the lulz or for ideological reasons.


Most people in here (I assume) think Snowden's leaks were ethic, though illegal.

The reaction to The Fappening was likewise equal parts glee and disgust.

Almost nobody would blink an eye at revealing a doxxing dump from a terrorist sympathizer or CP forum.

Ethics are a subjective thing, and lines are hard to place.


If Snowden had just taken the documents and posted them online without any filtering, it would have been extremely unethical. It would have gotten people killed. But that's not what he did -- he enlisted reputable journalists to process the documents and make decisions about what was safe to release and what wasn't.

Let's say the hackers in this situation wanted to prove that Avid Life Media was acting unethically -- that they had lied about wiping old customer data. They could have worked with journalists to demonstrate that without actually leaking personal information to the world at large.

Snowden's critics have claimed that he's put people in danger, but they've never been able to back that claim up with actual examples. And honestly, since they've lied about every aspect of that situation over and over again, while Snowden has always told the truth, it's hard to believe them.

In this case, it seems very likely that people are going to get divorced, and that kids are going to go through the shredder over this.

Maybe you have to be middle aged to know this, but you hit a stage in life when people start having these incredibly hostile divorces, with really intense hatred on both sides. And that is terrible for kids. This is going to create that situation in lots of families. It's not cool. It's punching down, it's hurting people who had nothing to do with anything in order to get at some people who seem to be genuinely slimy (Avid Life).


The spouses who believed they were in a monogamous marriage deserve a divorce and the chance to be with someone honest who cares about them.

I'm not sure how you see staying together blissfully unawares as the better option but then again I don't like children.


> The spouses who believed they were in a monogamous marriage deserve a divorce and the chance to be with someone honest who cares about them.

I agree, but that's not for us to act upon.


>he enlisted reputable journalists to process the documents and make decisions about what was safe to release and what wasn't.

That's really only the bare minimum. He also exposed a bunch of obviously legal programs that just made the US look bad to allies or outted intelligence programs designed to attack future potential enemies. He did this because he believed those actions were morally wrong.

I don't see how that is different from outting cheaters on a website. Both are punishing people for violations of your moral code.


> Both are punishing people for violations of your moral code.

The difference is that exposing someone having extramarital sex doesn't violate the US Constitution and the rights of 300M of its citizens.


Most of what Snowden exposed doesn't violate the constitution or the rights of any US citizen.


most ? even one abrogation is a serious issue!


I think the line is on whether it's a personal/private matter and when it's not.

The NSA is a government agency, so what it does is in the public interest. A guy planning to bomb something is also by definition affecting the public so exposing that is also in the public interest.

This hack, the fappening and similar are completely personal and private so they are of no concern to anyone but the people involved in it.


Infidelity is not a private matter however: the person being cheated on has the right to know. For a million cheaters, there's a million their SOs, often living miserable lives but denied an informed choice about their future and kept at non-negligible health risk.

It stops being a private matter when it trespasses into other people's life.


It is by definition a private matter - we have no idea what the context behind these peoples actions are. They could have an agreement with their spouse to let them discreetly cheat. Cheating could be a part of their particular marital or relationship kinks. They could be in emotionally abusive relationships and looking for comfort.

Or they could be cheaters who are lying to their SOs.

Regardless, we the general public have no horse in this race. We haven't been asked by the person's SO to find this out, the people in question are not public figures, and we have no knowledge of the specifics of their situation.


Well that's the thing, the SOs now can find out. Yeah as a cheater one would get the uncomfortable feeling from everyone else possibly knowing that too, alas. Comes with the territory.


Or an SO who has an agreement with their spouse to let them quietly cheat has to now deal with strangers and friends alike "knowing" that the spouse sleeps around.

Or person A is in a sexless but loving marriage with person B. They have kids, and don't want to get divorced because they love each other, but person B is just done with sex. Is it worse for person A to cheat on person B than it is for the two to get divorced, upending the family structure and ruining them financially?

We could debate that endlessly, but the fact remains is its none of our business what's going on with the Ashley Madison people, nor is it our place to decide what's best for the partners of Ashley Madison customers.

Would you say it "comes with the territory" when someone's drug habit is leaked on the Internet? Or their private emails?


Look, I can make a bunch of similar sad puppy stories for the other side of coin as well. People holding it "for the kids" but who wouldn't really stay in case of infidelity. Unhappy people with orthodox religious beliefs who would alas divorce in case of adultery. People desperately trying to fix the relationship and improve themselves not realizing their partner is invested elsewhere and all their effort is wasted.

I sympathize with couples who have a consensual kink however and are now caught in the middle of it. Though I doubt it's anywhere near a major portion of the userbase, they are very unfortunate collateral here. Kind of U.S. govt informers who were revealed by Assange's cablegate (which majority here is positive about), but sans grave threat to their life.

I don't have sympathy for people who make their SOs an unconsenting part of three-way sexual relationship, and yes they are never an excuse short. All people are positive about their self image, and rationalizations of abhorrent actions are a natural consequence.


> I don't have sympathy for people who make their SOs an unconsenting part of three-way sexual relationship

Do you have sympathy for people whose three-way sexual relationships are unconsentingly made public?


Yes, and you'd see my statement to that effect if you haven't skipped most of my response.


Oh yes, it was there. Fairly handwavingly dismissed as "and they're just unfortunate collateral damage in the virtuous goal of helping people find out about their spouses".

It's amazingly easy to label people 'collateral damage' when those people are not you.


The point is this leak exposes the "good" cheaters, the "bad" cheaters, and the... gray? cheaters alike. It also probably exposes a ton of people who never cheated, but in some dark moment went on the site to gawk or fantasize. Given there are only 9 million credit card transactions to 35 million emails, it makes me think they are probably the majority.

In any case, this leak makes no distinction between people who are doing wrong and people who aren't, and it hurts all of them. Since when was it ok to smear a million people who weren't doing anything wrong, just to blow up the lives of other people who were?


I can see the person cheated on having a right to know. Everybody and his dog? If I know that my neighbor Joe is running around on his wife Jane, I might be justified in telling Jane; stapling fliers announcing to the telephone poles up and down the street seems a different matter.

There is also, as the top-level parent comment suggests, the point that adultery is more or less celebrated in much of popular culture. The mixture of hypocrisy and schadenfreude is obnoxious.


> If I know that my neighbor Joe is running around on his wife Jane, I might be justified in telling Jane

The case that isn't being made is that you should be able to tell Jane about Joe in a private way. That's called discretion. And besides being the better part of valor, it is part of being a wise person.

The people who are OK with this leak should ask themselves if someone should be able to tell a wife about her cheating husband without worrying about hacking and leaks. Or even government dragnets (maybe it's a drug problem, which could be illegal).

If we make people think twice about talking to each other, there are many cases where we make them think twice about helping each other.


They don't have a right to know. Not in the sense that you and I have a right to privacy, free expression, choice of religion, and so on. Yes, they deserve to know, and it would be a nice thing indeed for them to find out. But they don't have a right.


Perhaps they have a right to know, but that doesn't mean that you, I, or any other random bystander has a right to know.


Agree, though one could argue that what AM is doing is an explicit attempt to damage the basic building block of society, i.e. family. So this becomes somewhat a matter of public interest then.


one could argue that what AM is doing is an explicit attempt to damage the basic building block of society

Sure, but one could also argue the same about per-marital sex, divorce and homosexuals.


Which conservative Christians do.


mm so the FBI just have to look at the ex employees backgrounds up bringing - should be easy to do some profiling "not just for brown skinned people any more"


Marriages are not just moral issues, they're also contracts between people themselves and between the couples and the government. They come with privileges and tax breaks and social status, and all of it is built upon assumption that marriages are mostly permanent. AM is explicitly attempting to attack that.


Who are you to judge how people live and should their lifes? How dull. There are so many different family structures — incl. open relationships.

A family's structure and agreements is not public, nor should they be. Unless said family choose to disclose that fact by their own volition.


>Who are you to judge how people live and should their lifes?

S/he is just like all the other people who engage in electing law makers that create laws that control how we live. Part of being in a democracy like government is that everyone gets a little say in how we all live our lives with a majority rule. Things like constitutions might mean a super majority is needed for some things instead of a simple majority, but the right to have a say is still there.


I'm not judging. People may live however they want. Institution of marriage is one of the choices, that is established in the society and carries with it some particular set of features. In particular, joining in marriage is somewhat public, even if it's much less public than it used to be. Also marriage comes with explicit (even if not legally binding) expectation you don't cheat. If you don't like those aspects, don't marry; no one is telling you have to, open relationships are fine too.


Maybe you have that expectation about marriage, but that doesn't mean your expectations are shared by every married couple.

You're forcing your point-of-view upon others.


I'm not forcing my POV on anyone, I'm just stating what is the generally accepted POV in the western society. You may share it or not, but you ignore it at your own peril.


Consider it ignored.


> Who are you to judge how people live and should their lifes?

Churches have no ability to enforce promises with violence or confiscation. And they shouldn't. So it's important for governments to establish some sort of lowest common denominator and hold people legally accountable.

I understand the impulse to be non-judgmental, but when both laws and the rest of society get out of the business of enforcing marriage contracts, you actually take choices away from people that want a stronger marriage contract. They can no longer enter an enforceable contract that requires monogamy.

We're not adding more choice for everyone that way. We're just choosing (as a society) a different lifestyle.


you actually take choices away from people that want a stronger marriage contract.

Isn't that what prenups are for? (modulo the fact that it is sometimes difficult to enforce prenups).


The difficulty in enforcing prenups is partly the problem here, yes.

Let's say you like the marriage rules pre-1970 (no no-fault divorce). You can't write up a prenup that resembles that and have it be enforced by the government (reject applications for divorce and applications to marry someone else).

More options and freedom weren't added when each state adopted no-fault divorce. One option was taken away (pre-1970 marriage contracts) and another was picked (no-fault divorce).

Someone might not like with pre-1970 marriage contracts, but who are they to judge someone else's culture and preferences?


I think this is not such a big issue, if it was divorce would be illegal.

If anything I would argue the problem lies then on how the estate sees marriage, not the other way around. The agreement I have with my wife is between us, no one needs to judge what we do with our private lives.


I think this is a thing that is actually changing in the recent decades. It used to be that marriages were more about connecting families, securing deals and even state issues (and so it still is in some parts of the world). Nowadays in Western society, marriages tend to be more about two people and their decision. But we're not 100% in the latter model yet, there's lot of social and legal baggage around the older ways. Divorces are not illegal, but they're still socially stigmatized.

The point is, we have to deal with how things are actually now, and not only with how they may/should be.


Haha, well that's stretching the argument a bit, but for the sake of conversation I would then ask for proof that family is indeed the "basic building block of society" and that what MA is doing is actually damaging it to an extent that it can be considered a public safety issue.


Not proof, but "the family" is recognised as really important in international law.

They don't define a family as one male adult, one female adult, and some children by birth. So, personally, I use a broad definition of family that includes homosexuals and fostering and polyamory, while rejecting stuff like forced marriage or child marriage.


> I would then ask for proof that family is indeed the "basic building block of society"

I think the burden of proof goes the other way, considering marriage laws (including those that punish infidelity) have been part of common law for hundreds of years.


The burden of proof is upon the one who makes the claim, so no it isn't the other way around.


Have you seen a society of random people who don't have long-term relationships? A country which laws don't treat family as a basic concept, and third of which is not built around it?

That family is a fundamental unit in human societies is a pretty much self-evident thing at this point. The burden of proof lies squarely on those who disagree with observable reality.


Malinowski [0] describes a highly functional such society. Instead of paternity and monogamy, they had a similarly complex but different set of taboos. Reading it will help you realize what a cultural bubble we all live in, and that there are completely different configurations of society that also work.

[0] http://www.amazon.com/Sexual-Savages-Argonauts-Western-Pacif...


Never heard of it before, thanks!


Families exist regardless of marriage, marriage != family, so to claim that attacking marriage tears at the foundations of society and then to move the goal post and say they're attacking families, your must first demonstrate what you're saying is true. Marriages don't make families, loved ones do.


> Agree, though one could argue that what AM is doing is an explicit attempt to damage the basic building block of society, i.e. family

Eh. So you think the people exposing husbands and wives cheating on each other are the ones breaking families, not the ones actually cheating?

Don't shoot the messenger, comes to mind (okay, maybe imprison the messenger if he obtained the data in an illegal way, but I don't think he should be imprisoned or worse for "breaking families", when he wasn't the one committing the act that ends up breaking the family apart).

Isn't that kind of how private eyes work, too? Should they be punished for "breaking families"?


I'm not saying that people exposing cheating spouses are breaking families. I'm saying that AM was by explicitly encouraging that. It's not just a random dating website, it's the website targeting married people and running campaigns saying cheating is OK.

I am definitely not arguing for shooting the messenger (I apologize if my comment was not clear enough about that) - what I want to say is that I may agree the boundary between "ok hack" and "not ok hack" may lie on the public concerns/private concerns line, but IMO one could argue that Ashley Madison lies on the "public interest" side.


Actually, it's my fault, I thought you were referring to the people who dumped the data.


Consistency is shooting yourself in an even number of feet. How is it ethical to dox people that are being made into villains?


I'd be interested to know how people feel here regarding the messy Gawker/Hulk Hogan situation also.


> terrorist sympathizer or CP forum

The difference is that these two promote physical harm while cheating doesn't


it helps if you think about it


> and I think A.M. is so comically scummy that I had trouble believing it was a real thing

Reddit AMA - https://www.reddit.com/r/IAmA/comments/3dy732/i_worked_at_as...

"We had one guy I'll always remember. His wife was in an accident and stuck in a wheelchair, unable to do anything. She forced him to join the site and encouraged him to find a woman he could have sex with. He ended up finding partners that would last a couple years at a time and it worked very well for them. "

It's great that you're calling people out. But I'd just stick with people deserve to have private lives, whether you agree or disagree on how they spend it.


since she gave consent I don't believe this is cheating. In fact he could go on any dating site and check off "married" or "open marriage" status wherever available.


If you actually go to that AMA and read through, multiple people call out the multiple ways in which it looks like a PR stunt.


That whole AMA is absurd, and conveniently appeared right after the hack was first announced, and is surprisingly apologetic for a former employee.

"My co-workers were a bunch of mad geniuses"

"one of the best companies I've ever worked for"

"my gut reaction was "Great, the bitter wives brigade has done it again.""

Also, they had to retain your information for law enforcement, unless you paid $19 when they would do a super duper all layers deep wipe (apparently law enforcement no longer matters if you have $19?).

They claim be be a senior employee in management, but apparently also talked with every wife calling to find out about their husband.

It's an absurd AMA, and honestly could only possibly fool the gullible.

And FWIW, it makes no sense for someone in the situation described to use a service like Ashley-Madison. Not only is it overwhlemingly males, the few females are generally pursuing the sites dogma of having an affair -- is the healthiest way to fulfill that relationship to engage in someone else's domestic issues? It's like joining an "Al Queda Bombmakers" site because you want to make some cherry poppers for the cub scout glee -- the story isn't rational.

That seems like an absurd story to cast a sympathetic shadow on the site in the wake of a hack.


I would like to see actual Ashley Madison employees verify if the AMA was real and at least know who the woman posting is.


Yet this doesn't apply when people are doing illegal things in their private lives. Given the distinction between immoral and illegal is often an unfairly weighted popularity contest, it is not a justifying distinction.


Somewhat related:

In the university I work the students must fill an anonymous poll about the teachers at the end of the course. It has a part where they can choose a number from 1 to 9 in each question and an open comment anonymous part. A month later the results of the polls are published in a web page.

The day they are published is very expected. Most of the teachers (T.A., professors, ...) just ignore the number part. They go straight to anonymous comments part. The worse comments are filtered, some comments are interesting but many of them are just a good source for gossip.

The takeaway is that people like to gossip.


People seem to miss the fact that the people who have signed up for this "dating" website aren't in a good place. They are missing something in their relationships, to the point where they are willing to look online for some level of fulfillment. I'm not justifying it, but I'm saying that there is a perspective that is being ignored.

And then there is the fact that most people don't seem to know that AM has the same business model as OK Cupid. You don't pay until you want to message someone. So, someone on a lonely night signs up for AM, forgets, and now their name is in a database when all they did was sign up, maybe search, but never took action. Now that person could lose their relationship.

Again, not defending these individuals, but offering an unpopular perspective.


You, sir, are moralizing just as much as anyone else. This situation is not ethically clean-cut, despite how badly you want it to be. The website's existence itself is -- at the very best -- ethically and morally questionable. The hack, while technically illegal, is arguably a morally righteous act. You can't say that there is nothing ethically acceptable about sharing this data, when its very existence is ethically a gray area. Whether their actions are legal or not, some people seriously deserve to get punched in the face. That's what is happening right now in digital form to ALM.


"The website's existence itself is -- at the very best -- ethically and morally questionable". I vehemently disagree with this statement. Why is it morally and ethically questionable to facilitate private individuals finding sexual partners? Perhaps it's questionable according to your moral code, but society is not run on your personal moral code, thankfully


Luckily, most of the entire human race agrees with me.

Maybe you don't think it's inherently unethical to cheat on your partner. But it is certainly an act of questionable morality. In fact, it is literally illegal in many states: "Adultery isn't just a crime in the eyes of your spouse. In 21 states, cheating in a marriage is against the law, punishable by a fine or even jail time."

You, and all of the other moral relativists can tell me I'm an extremist, or a purist, but basically I just believe in justice. You cheat, you deserve to get caught. You run a site for cheaters, you deserve to get hacked.


That's entirely disingenuous. There have been less than a dozen prosecutions for adultery in the last forty years in the US, all of which were classified as misdemeanors.

"It is generally accepted that one of the reasons adultery laws remain in effect is that getting rid of them would require politicians to vocally oppose them, something few are willing to do. Additionally, "many like the idea of the criminal code serving as a kind of moral guide even if certain laws are almost never applied".

But that's a lot less powerful a missive than your screed about laws dating back to the 18th Century (hey, pop quiz, did you know that in six of those states, that crime of cheating in a marriage only applies to women?).


So the hack was wrong in the remaining 29 states? Sounds like moral relativism right there.

In the US, justice must be pursued by legal means, else there's no case. These hackers just removed any chance of prosecution in the 21 states, because of tainted discovery.


I never argued that it was any less wrong in those states. My point in including that line was to demonstrate that I am not the only one who believes that cheating is a moral offense against your partner, worthy of at least some repercussion. In the eyes of 21 states, it is literally a crime. So my moralisms remain absolute, regardless of the other states. The fact remains that if these hackers had not lifted these docs, not one of these incidents would have ever faced their day of reckoning from the spouses they betrayed. That to me, is justice served.


That part sounds true. But the cost of this justice was high. Privacy is under attack at every turn. Its a dirty victory.


how do you know they betrayed anyone? Have you ever considered that people may have marriages that look differently from what you think marriage should be ?

to the downvoters, have you ever heard of open marriages ?


If there are open marriages then the spouse that was not using this service would not have a problem.

Yes, the public knowing (if this bothered the open couple) is an injury.


human race used to agree on a lot of things we find incorrect today, so that's a pretty weak argument.

But that aside, does it ? Do most people agree that the website shouldn't exist ?

Anal sex was illegal in some states up until recently, that doesn't mean it's a good idea for it to be illegal

The website doesn't force you to cheat on your partner, you could for example, let your partner know you are on it. Some people on it are in sexless marriages, for example


For me, at least, there is something that repulses me about the idea of a service that encourages violation of deep partner trust. It seems the opposite of "open" to me.

On the other hand, I can also understand the argument for choice and privacy. But, without going deeper here, this type and method of choice and privacy stinks to my nose (if you understand my sense).

I mean, seems like this site exists in a way where one partner gets hurt. Even if the partner in-the-dark doesn't know about an affair, the effects of the affair will still have an impact. The cheater may also act out more often with a false sense of security and access provided by the app.

This thing is bound to be controversial, and bound to get hacked/exposed. Morals and business mix potently here.


yes, it may very well be bound to get hacked, that doesn't make the ones doing the hacking moral or ethical or anything of the sort.


I disagree, since the ethics and morality of this service itself is gray, then the ethics of exposing those using the service is at least somewhat gray, whether it breaks a law or not.


that seems like fallacious reasoning to me. Ethics of cigarette industry are possibly grey, that doesn't mean it's ethical for you to break into their offices and steal their coffee maker.


But exposing their ethics and who tried to hide the fact that smoking has been linked to cancer, that is gray.


It's honestly pretty bizarre to have a giant moralizing post about how people should not moralize. I'm glad at least some people pick up on the hypocritical irony.


tptacek is like some sort of HN version of famous (note that his post was so important that his friend dang moved it from a completely different thread from many hours earlier), and I swear that the vast majority of his posts would wallow in light grays if his name wasn't attached.


"and come on, 98% of the people talking about this on Twitter barely recognize that [marital infidelity] as ethically problematic in the first place"

What makes you say that? In my experience it is extremely rare to find anybody who thinks cheating on a partner is ethical, and I see no reason to think this particular group is any different. This is one of those things that most people feel very strongly about, and almost always in the same direction.

And that's exactly why the reaction is so gleeful. The people who use this site are perceived as scumbags, precisely because cheating is considered to be a grave moral (if not legal) crime. Outing them is considered justice. The idea that some of them might use the service with the consent of their partner isn't enough to break through that, nor is the idea that two wrongs don't make a right.

I don't agree with the gleeful reaction, but I see no hypocrisy here.


I don't think that's the parent comment's main argument for hypocrisy.

> how do you make a case that it's unethical for dragnet traffic looking for people who want to blow up civilians with homemade bombs?

Many of these proponents of the hack will unabashedly praise this hack for making these 'cheaters' identities public, but would surely argue against the use of hacking for releasing their own private account information for any site they have an account on.

The hypocrisy comes from the fact that hacking is a double-edged sword, and people are failing to see the other edge.


I don't understand this argument that people "would surely argue against the use of hacking" in other places.

Context matters a lot. For example, most people would agree that killing is bad. On the other hand, most people would agree that killing in self defense, or to save the life of an innocent, is acceptable.

In the context of a hack, I imagine we'd all agree that hacking fluffy-bunnies-and-flowers.com and releasing all the subscriber information would be bad. On the other hand, I'd argue (and I think a lot of people agree) that hacking lets-help-each-other-plan-mass-murder-of-innocent-children.com and exposing its subscribers would be perfectly fine, even a good thing. There's nothing hypocritical about criticizing the former but praising the latter. The nature of the target counts.

All it really comes down to here is what category you think ashleymadison.com.com is in. Some people think it's in the former, because consenting adults and whatnot. Lots of people think it's in the latter, because they think cheating is extremely wrong. If you hold that opinion, then there's nothing hypocritical about praising a hack against a site like that. We might disagree with the opinion that ashleymadison.com is a bad site, but that's a different thing.


> In my experience it is extremely rare to find anybody who thinks cheating on a partner is ethical

I'm half and half - I won't cheat on a partner (for various reasons) but if someone wants to cheat with me when I'm available and they're fully aware of the risks etc., I'm ok with that.


> how do you make a case that it's unethical for dragnet traffic looking for people who want to blow up civilians with homemade bombs?

Talk about a flawed analogy!

I would argue that it's totally ethical to hack/steal/gawk at the data from a "Terrorists R Us" website that publicly advertised itself as a social network for terrorists, and took money from terrorists and terrorist wannabes to help them connect with other terrorists and swap bomb-making tips.

In fact, that kind of targeted attack would be the exact opposite of "dragnet" surveillance. If we could steal and dump all the data from ISIS's central database, we should absolutely do that!

Edit: And before anyone jumps in here with "terrorism isn't the same as cheating on your spouse"--of course it's not--which makes parent's analogy even more ludicrous.


I see a real, damaging increase of the "Callout Culture" in general.

Even here on hacker news, I've seen a handful of callouts in a way that used to be much rarer on discussion sites. I'm talking about the things where someone makes a comment, someone else then researches them or their history and the replies with a comment challenging them on whatever - perhaps tangentially related, but just "out of bounds" enough to be embarrassing and silencing.

More generally, it seems to be culturally acceptable these days to asymmetrically name-and-shame someone for offensive yet private and legal conduct. The thing is, it is usually difficult to defend each offender on a case-by-case basis, but it still doesn't mean it's the right thing to do to call in the anonymous hordes to attempt to ruin someone's life.

This is a clear example - chalking it up to "if they didn't want to risk exposure, they shouldn't have signed up" is right up there with "if you're not doing anything illegal, then you shouldn't have a problem with being monitored/drug-tested/whatever". Maybe there's a split in our society where one demo is completely comfortable with having all their private data out there and occasionally exposed, or to feel more communally "owned", but that doesn't mean it's right to expose someone else.


"Avid Life Media" is gross and creepy, and apparently totally incompetent.

People (and organizations) have competence in different areas. I was genuinely impressed (in a dark patterns way) by the deftness with which they handle new signups: http://www.useronboard.com/how-ashleymadison-onboards-new-us...


87 part slide show? You must love the dark patterns to bother with that.


I presume this is an attempt at humor rather than just a snide comment, but as a humorless engineer I'll ignore that and respond sincerely. It's a well put together presentation based on adding graphics and text blurbs on top of screen shots. You can read through the whole thing using the right arrow key in well under 5 minutes, likely under 2.

I much preferred it to a video presentation, which even if viewed at 2x speed would have been much longer. And since it's based on showing screen shots, plain text isn't a good option. I have no particularly strong interest in dark patterns (and in fact have extreme distaste for them) but I found their mastery of the craft to be extraordinary, and the presentation to be well worth my time.


Great comment.

I have also noticed the really strange response from what feels like (anecdotally, I admit) EVERYONE being ecstatic that not only did this leak happen, but that Ashley Madison's users are "getting what's coming to them".

The comparison to fighting against a terrorism-inspired surveillance state was great.


One source of your frustration is that you're viewing all the individuals on Twitter as if they're a single entity that's also adamantly against profiling. "how do you make a case that it's unethical for dragnet traffic..." You're assuming they also hold other popular views you've seen on Twitter, then calling them hypocrites.


Some want to define terms with clear broad strokes and become frustrated when their observations don't lie clearly along those partitions. A good experimentalist would then simply change how they define things in order to have partitions that match their observations more closely, but that is not the case for most, especially if ones living depends on it (observations tend to be highly skewed).

Something about infosec/def contractors arguing ethics I find quite comical, especially since governments and their contractors don't sit down with AT&T and the like and discuss the nuances surrounding the ethics of what they wanted done with customers of such over crips and tea (at best it was probably limited to lawyer speak with the providers in some secret court with secret rules),and then discuss how most of the work would be outsourced to private companies/individuals to "protect information" (information collected from providers who collected it from customers) from the "outsiders" (customers of such providers).


In any event, the ethics of the data publication itself is orthogonal to the behavior of people on Twitter...unless we want to blame Twitter for facilitating problematic behaviors by its users.

To me the publication of the data is not quite so black and white because ultimately the Ashley-Madison data was going to escape into the rest of the internet. This assumes it hadn't already been published prior to the recent event and that's an assumption because Ashley-Madison is and has been in position to monetize the data in standard ways [and perhaps rather non-standard ways] from day one.

Which is a roundabout way of pointing out that Ashley-Madison is and always has been in a position to publish this data via changing its terms of service or by selling itself to a successor company and transfer the data as just another asset. The key here is that individual users don't hold license to the data, and so a successor company can do with it as they please restricted only by actual law-enforcement Uber/AirBnB style [as opposed to hiring lawyers and restricting their actions based on what's on the books].

Web-scale infidelity [even if much of it is of the weaker Jimmy Carter sort: "I've looked on a lot of women with lust. I've committed adultery in my heart many times."] will inevitably be followed by web-scale exposure. Sharing a secret means giving up access-control to the information...someone else can read my diary or talk to my best friend or read it off a web-server, and the likelihood of someone doing so correlates directly to their interest in doing so.

Which brings me back to the ethics. There's no clear deontological case for a universal law against publishing data, and the long-term Utilitarian optimum solution is intractable. So we're left with the normal social context of those aspiring to extra-marital affairs are worse than gossips or vice-versa.


From watching friends deal with divorce, adultery isn't even illegal/prosecuted/considered in distribution of assets, at least in practice. At best this is a mass-outing of people who suck at monogamy.


I'd argue they suck at *-gamy to be tongue-and-cheek, considering 90%-95% of the users were all male to begin with.


Interesting that your moral absolutism is correct whereas theirs is false


I really, really hope that our society's not so far gone that 98% of folks on Twitter think that marital infidelity is unproblematic.

You're probably correct in your implication that folks are not posting and tweeting with glee because they care about infidelity, but because they want to humiliate and vilify.


So does that mean those of us in favor of "dragnet traffic looking for people who want to blow up civilians with homemade bombs" are allowed to be gleeful here?

There is no such thing as private data. There is secret data, but that descriptor no longer applies here.


Yes. I've heard this compared to the recent "Fappening" where celebrities' private photos were stolen. I'd have a hard time justifying the AM leaks without justifying the leaks of the stolen photos.


> how do you make a case that it's unethical for dragnet traffic looking for people who want to blow up civilians with homemade bombs?

If you think leaking info about one organisation "doing bad stuff" (AM) is unethical, how can you then make the case that leaking info about NSA can be ethical? (I don't know if you do, but I certainly do.)

Btw, I don't think hacking should be the crime it is today. At least not as long as the state agencies can do it. We should put more emphasis on computer security, not on persecution of Aaron Swartzes and such people.


One could consider leaking info about the NSA to be ethical, however leaking leaking the NSA's database of our private email addresses to be unethical.

More generally, when you leak something ethically, you should take care to redect the portions of the leak that will cause undue harm relative to their value (or, as many leaker due, give the full leak to a trustworthy third party (ie. a journalist), and trust them to redect responsibly). In this case, the hackers could have leaked AM's unethical behaviour without leaking their user's informaion.


They are way different. Leaking stuff from A.M. is a personal matter. The NSA (and equivalents in other countries) is a public entity.


How about Stratfor and Hacking Team?


While I have generally approached this in an analytical fashion (e.g. this has happened, the data can no longer be stopped, and here are the inevitable outcomes), your outrage is a bit over the top, and I would say over-reaching for a moral high ground. Further you seem to engage in the same sort of extrapolation that has someone declaring being shushed in a movie theater to a slippery slope violation of their first amendment rights.

Comparing the hacking of a infidelity hook up site with government mass monitoring is dubious.

Ashley Madison is not a dating site. It was always, from day one, a site specifically and only for infidelity (earning it millions worth of free advertising via notoriety). The entire rise of that web property came on the backs of the notion that the site wasn't for open marriages or more casual/relaxed notions about sex -- activities that many people engage in with little risk or concern -- but for people who wanted higher risk engagements, whether outside of their own relationship promises, or with parties acting outside of their own relationship promises.

because you suspect most of them might be "guilty" of the crime of "marital infidelity"

Scare quotes aside, moral compasses are personal and vary between us. And the reality is that there are millions of relationships where there is infidelity, often with both parties knowing about it, but more often with one or more party in the dark. It's a risky venture and any of countless things can out one's activities, which in this case is a data dump, making people a victim, truly, of their own actions. It's not hard to imagine why many people may have "glee" about this, as it's somewhat more difficult to find the innocent parties in the churn.

Though I will note that you are being very consistent (I would say to an overly rigorous extent). To address some of the other comments, the parent poster is one of the few people on here who actually very strongly disapproves of what Snowden did (if I recall correctly), so there is no inconsistency. The NSA was a victim, the argument went, of Mr. Snowden's crime.


I'm obviously a dick because I already sent automated messages to relatives of people in the hack indicating to them that they were potentially cheated on.

Personally I would want to know so I share that information.


Good thing you did it anonymously. We wouldn't want you to have to face any consequences for your actions. Let's hope you're not responsible for something like this http://www.nydailynews.com/news/national/utah-dad-kills-fami...


That is going a bit too far - the same thing could happen if somebody told him because they saw the wife having sex in a cheap motel, or found out for any other reason, would you still think they were guilty then?


> Let's hope you're not responsible

Is the judge responsible if the delinquent hangs himself in prison?


Well, funny you should say that, because in the Aaron Schwartz case, many, many comments here on HN claimed exactly that, that the judge, prosecutor, DA were all directly responsible for his suicide.


[flagged]


You took it upon yourself to interfere with other people's relationships and families. Whatever moral reasons you feel justify your anonymous intervention, when you start fucking with other people's relationships and families you have no idea of what's going to happen. A struggling young couple with a small child - the type of "hint" you provided might tip one or both parents over the edge... You have no idea.

In short; IMO dick move


Does this not apply to anything you send? Say you send a message that one spouse is involved in some illegal behavior. What if reporting child abuse results in the same outcome? The whole 'you could push them over the edge' can be applied to quite a lot of warnings to give a parent.


How was harryf in any way saying that the incident in Utah was your fault?

Please take the time to read comments more closely before replying. If you find yourself angry at something, draft a comment, wait a few minutes, and re-read both the draft and the comment to which you are replying before posting. :)


If "some wacko" killed his family and himself as a result of your disclosure, would you feel any culpability at all? Of course, you didn't force them to join the site, but you did make the decision to disclose the information.

What if someone joined the site before they were married, but never contacted anyone? Their spouse receives your email, and confronts them. They are unable to convince their spouse that they never cheated, and the marriage comes to an end. Do you feel culpability in this case?


If you spouse divorces you for irrational and unfounded reasons then anything else could trigger them too. You can't blame the messenger.


Agreed - at the end of the day, the decision to divorce comes from within the marriage. I'm not casting blame here - just curious about whether any scenario would lead him to feel culpable about spreading leaked information. IMHO it's a philosophically interesting topic with lots of gray areas.


Personally I wouldn't want to know.

We have an actual agreement on this, me and my wife: try not to cheat, but if it happens, do everything to keep the other from knowing.

What you don't know can't hurt you -- or at least that's the basis for our arrangement for monogamy between fallible humans. I've heard many arguments for and against it -- the point is that it's OUR arrangement, and YOU have nothing to do with it.


>What you don't know can't hurt you

Let's say your partner cheated on you and they didn't tell you. Let's also say the person they cheated with lied about having an STD.

In this case, I claim that not knowing can not only damage your marriage but also damage your health.


Shit stirring and gossip mongering disguised as a moral crusade. Nothing more nothing less.

Be careful. We all have secrets.


How would you even get relatives contact information automatically...


The database contains full addresses, names. You can easily find who is cohabiting with them fairly reliably (near 100% if they live in a house) through a variety of services which list that information.

All I can say is there's going to be a hell of a lot of blackmail. I'm sure there's already a group on IRC organizing blackmail. There's a lot of targets and it's very information rich.


Well Mr. Ashcroft you're right, it really isn't that hard to figure out who people are.


This is pretty close to the same as Donald Sterling's opinion on black people, and outed gay Republicans who voted against gay equality. Even if the outing was unethical, you can't un-pull the trigger on this being public knowledge, and people become responsible for their own shitty behavior that previously was concealed. Sucks to be them.

And marital infidelity is unethical even if it isn't illegal. It's pretty FUCKING SHITTY to lie to your SO, sometimes for YEARS, exposing them to disease and finally ridicule and humiliation, and their own right to make informed choices about their precious time and trust they invest in a person. It is selfish and rotten and deprives the other person of agency.

edit: on this account I have complained about Internet mob culture multiple times. I was hoping that people would recognize that I was pointing out the hypocrisy of people on this who don't care when it happens to people who do things they personally hate, but I was way too subtle. Resharing this data is a shitty thing to do, but it will happen again and who decides at that point that it's still shitty entirely depends on who is being exposed.


> And marital infidelity is unethical even if it isn't illegal

So, even ignoring that high horse you're on: in your not so humble opinion, are all registrants on ALM guilty of marital infidelity? That's assuming guilt by association, and flies directly in the face of your own constitution.


I think they exclusively cater to that audience. People that are married and are seeking a relationship.

The point still somewhat stands that if you and your partner had open-marriage or something, your friends and family might find out.

In which case, just pretend you were cheating on her and carry on (if price of outing you as a non-monogamous couple is too high).


>marital infidelity is unethical even if it isn't illegal

Marital infidelity is illegal in 21 states in the US, and many other countries as well. For many individuals this is not just an ethical concern, but a legal one as well.


Furthermore, mentioning homosexuality made me think. In 2003, Lawrence vs Texas, the Supreme Court ruled that "sexual activity between consenting adults is legal", and that attempts to make it not so were unconstitutional. That's been held up in the case of homosexuality, but (perhaps because in most states it is already not prosecuted much and a misdemeanor) it's never been tested.

So yes. It's illegal. In some states. Has largely been determined to be unconstitutional, your handwaving of "these people broke the law, they get no sympathy" notwithstanding.


Yes, because no politician wants to be the one who says "I propose a bill to make adultery legal. It's not an issue for the courts."

There have been less that a dozen misdemeanor prosecutions in the last half century in those 21 states combined.

So yes, in those states, it's illegal. Just as in many cases, so was homosexuality, and anal sex.


It is only the same if each and every AM user has taken a vocal stand against having an affair. Otherwise it is nothing like Sterling or every gay Republican legislator or preacher who has ever been forcibly dragged out of the closet.

I'm disappointed HN has a blanket ban against Gawker links, as the Geithner story there from a few weeks ago has some very important lessons for this story.


> It is only the same if each and every AM user has taken a vocal stand against having an affair.

In most marriage ceremonies, the couple stands in public (at least in front of the people who care) and makes a series of vows. If that's not a vocal stand, I don't know what is.


Are "---" the new "(" ?


For some time now, em dashes have been used for paranthetical asides. https://en.m.wikipedia.org/wiki/Dash


I'm a lot more worried about the identity theft implications of the leak than the "this will destroy the relationships of cheaters" implications.

The cheaters deserve to be outed. Fuck 'em, let the world know their word is worthless. And as to the question as to whether they're actually cheating or not, let's be honest here - precisely nobody signed up for a site who's advertising and stated reason for existing is explicitly about sneaking around behind your spouse's back, without the intent to be sneaking around behind your spouse's back.

And comparing outing cheaters to terrorists, seriously?

That said, it doesn't mean that they deserve to have their identities stolen. More acceptable would have been names and emails without all the credit card and other personally identifying info.

It's just a toxic, evil, repulsive scene.

You know what's toxic, evil, and repulsive? Entering into a committed relationship with one person, and rather than being an adult and breaking it off if it's not working, sneaking around behind their backs while leading them around as if you're remaining faithful. As far as I'm concerned, cheating is near the top of the list of horrible things you can do to another human being.

I fully expect this sentiment to be a barely-visible shade of "disagreed with the rest of the site light grey" by the end of the day.


Honest question: why do cheaters "deserve to be outed?".

I realize you'd be enraged if someone cheated on you. So would I. But what does it matter to you what other people do with their private lives? Do you think people struggling with alcoholism also deserve to be outed and publicly humiliated?


No one is wronged in the case of alcoholism. People are wronged in the case of cheating.

I don't see why cheaters should not be outed.


Oh, you're serious?

Go to the spouse, or children, of any alcoholic, drug addict.

Tell them how they've not been wronged or harmed by the actions of the addict.


We're getting think into the weeds, but I'll just share a different perspective. As a father of 3, I would much rather my spouse be a cheater than an alcoholic.


Other people can be wronged in the case of alcoholism as well. I'm sure you are aware it's not solely a problem of the person with the drinking problem, even though of course they are the ones primarily affected.

In any case, just because you wrong someone this doesn't automatically imply you should be publicly exposed for all to see. Maybe it does, maybe it doesn't; it depends on the nature of what you did. I don't think infidelity is an act that warrants public exposure and shaming. I think if the wronged partner finds out and then outs you, they are probably justified... I mean, it's about them as well as you, and I can understand their rage. But what does a perfect stranger have to do with anything in this matter?


You are aware the hackers could just inject a few innocent names into the list to smear targets [e.g. politicians, people they don't like] right?

You are assuming guilt when, frankly, there is no real evidence the list isn't peppered with targets selected by the hackers in addition to the people who actually used the site. It also the only way to make money off such a list if Ashley Madison didn't pay up [e.g. Give us $X and we'll add your political enemies to the list]

Tptacek is correct. This list is, literally, a weapon and could be employed by an actor to attack someone [although no violence would be required].

Honestly, I'm seriously concerned anyone be naive enough to take the list at face value when its clear the hackers had a financial motive to be dishonest. [e.g. Attempting to blackmail AshleyMadison for money.]


And the people on the site who are not cheaters, and not willing to help someone else cheat?


Why would someone sign up and pay for a site that advertises like this[1] if not to utilize their services?

[1]: https://www.google.com/search?q=ashley+madison+advertising&b...


You can't think of any reasons, or you simply don't want to?


Regardless of my potential issues with tptacek, I stopped reading at

>The cheaters deserve to be outed.


I'm not sure if people realize how significant this hack is.

We just might have seen the first public hack that will cause people to die or be physically hurt. Homosexuality is illegal in certain countries (like Saudi Arabia) and this hack might expose people to harm in these countries. Some reactions of spouses might also be violent.

It looks like the reaction of most commenters is very different compared to when Gawker exposed the Conde Naste executive. This hack might have done this very same thing to many people.

On one chat website (I'm not sure if it's a good idea to post links) people are already requesting emails/domain and others are providing them. This can be used for blackmail, revenge, or to contact spouses. There will certainly be divorces resulting from this. August 19 will be the day when many people's lives were overturned. I don't know of any other hack that had such an impact in the past.

Apparently, the emails listed in the leak did not require user's confirmation, so people are posting a mix of fake and real emails. I don't know if the email confirmation flag was included in the hack or not. This could easily result in people who were not involved in any way with the website to become falsely implicated.

I don't see how Ashley Madison can survive this. They will surely be sued by multiple parties. This hack also supposedly shows that fake female profiles were used. Hacker's message calls it a scam with 90%-95% of users being male. This is a company that just a few months ago was thinking of an IPO and of raising $200 million (http://www.bloomberg.com/news/articles/2015-04-15/adultery-w...).


> We just might have seen the first public hack that will cause people to die or be physically hurt. Homosexuality is illegal in certain countries (like Saudi Arabia) and this hack might expose people to harm in these countries.

This is exactly what is playing out:

> I was single, but used it because I am gay; gay sex is punishable by death in my home country so I wanted to keep my hookups extremely discreet. I only used AM to hook up with single guys. . .

https://www.reddit.com/r/lgbt/comments/3ebzzj/i_may_get_ston...


> We just might have seen the first public hack that will cause people to die or be physically hurt.

Whether you like them or not, I'd be more surprised of a murder from this info than one from the Bradley and Manning leaks.


Then you're really unfamiliar with the dynamics of domestic abuse. I'd be more surprised if violence was not the result of this.


I don't know of any other hack that had such an impact in the past.

The US OPM hack is probably of a similar impact due to its larger scale.


True, this OPM hack might have a huge national security impact.


Does anybody need to restate the obvious: Go through the OPM leak and cross-check everybody with TS-SCI clearance with the AM database. Bingo-presto, big list of folks you can blackmail to do government favors. Take about 2 minutes.


Cool thing about public dump: you can't be blackmailed via something everybody knows already. If you're a victin of the AM disclosure and have TS clearance, it's in your best interest to come clean and not try to bury that information.


"Public" doesn't mean "everybody knows." And while coming clean to your spouse may be the best move, it's also a really difficult one to make. There will be plenty of people with a clearance who won't preempt it like this.


If you're blackmailable, or financially in dire straits, you should not hold a TS clearance. Seriously. End of story.

If someone with a TS clearance ever has someone attempt to blackmail them, they're obligated to tell their boss and security officer(s).


True, but giving the gov your blackmail file and giving your kid's nosy 3rd grade school teacher your blackmail file are different things. It is not difficult to imagine a person with a TS using AM, telling their boss about 'that one time' or not even worrying to tell them, having their OPM data flung to outer Bongolia, and then having this AM data bounced about. Though people should be better about updating their blackmail files at HQ.gov, they are not. These hacks in conjunction are really going to make a mess of things going forward. If you were thinking of giving the gov your blackmail file, you may be rethinking that info, as it seems to uninformed people (which are most of us on HN) that you may be better at keeping your personal secrets than the gov is. A chilling effect indeed.


> True, but giving the gov your blackmail file ...

You misunderstand me.

If you're blackmailable, you shouldn't be holding a TS clearance. If you're granted a TS, and later become blackmailable, you really should have your clearance revoked.


But, if the gov has your blackmail file, then you are by definition not able to be blackmailed. What am I missing?


That's not quite it.

Blackmail is possible when one has a secret that one really does not revealed to some set of parties. If you reveal that secret to your employer, but still fear its disclosure to other parties, then you are still blackmailable.

If you don't fear the disclosure of the personal secrets you've revealed to your government employer, then you also don't particularly care about your government employer's systems getting breached and revealing those secrets to the world. Might you be mad as hell at the incompetence? Sure! But your risk of blackmail is not increased because of the disclosure because you weren't blackmailable to begin with.

Make sense?


It's a good thing the process for deciding who gets a clearance is completely foolproof....


Part of what makes the system work as well as it does is honesty. Honesty and integrity are two of the things that the clearance interviews look for.


Don't you think trying to blackmail say a SAD operator might end up badly in a Mozambique drill type of way.

"why yes officer Dibble the perp made a suspicious cross body movement :-) "


> Homosexuality is illegal in certain countries (like Saudi Arabia) and this hack might expose people to harm in these countries.

Heck, there's still gay bashing going on in Western countries, regardless of the legality of homosexuality.


>Homosexuality is illegal in certain countries (like Saudi Arabia) and this hack might expose people to harm in these countries.

To me this is the same logic as saying that Manning/Snowden brought people to harm. Now if you already agree with that, no problem, but I wonder about people who follow this line of reasoning for this release but not for the Manning/Snowden releases.


> [...] but I wonder about people who follow this line of reasoning for this release but not for the Manning/Snowden releases.

I think it would be easy to argue that the leaks of Manning and Snowden are justified because they exposed illegal and reprehensible activity from the government; an entity that should be held to the highest moral standard.

Users of this site generally did nothing illegal and they wronged at most one other person each.


If leaks can be justified, then it becomes a moral question of what justifies it. For some, adultery is enough to justify a leak, for others it is not (some of which do think the government wronging many people is justified). The core question is one of how bad does a leaked behavior need to be for a leak to be morally justified.

As far as it not being illegal, any moral system that determines morality based on legality is a system I find fault in.


> We just might have seen the first public hack that will cause people to die or be physically hurt.

When Wikileaks put out the US state dept cables, there were plenty of names of intelligence sources within Afghanistan, Pakistan, etc that weren't redacted. Many of these people were discovered and killed immediately.

Alluded to here: http://pjmedia.com/richardfernandez/2010/07/28/murphy-rides-...

... and here: http://pjmedia.com/richardfernandez/2010/08/03/just-us/


> This is a company that just a few months ago was thinking of an IPO and of raising $200 million

"Life is short. Have a boom!"


> I May Get Stoned to Death for Gay Sex (Gay Man from Saudi Arabia Who Used Ashley Madison for Hookups)

> A bunch of people are accusing me of lying because 'AM is only for married people.' AM is actually about "discreet hookups," and hence its main appeal is to married people, since premarital sex isn't stigmatized in the West. But it also appeals to gays from regressive cultures, and their website has an option specifically for gays, as you can figure out if you do 5 minutes of research.

https://www.reddit.com/r/lgbt/comments/3ebzzj/i_may_get_ston...


Why don't gays using AM just say they used it for infidelity and not homosexual hookups? Take the less of the two evils


Question: what are the legalities for downloading and performing analysis on the dataset?

The Washington Post has downloaded the dataset for journalism (https://twitter.com/pbump/status/633844944105512964), but I would be interested in looking at the statistics in the data for visualization purposes; however, that likely doesn't fall under journalistic shield.


I'd like to know this too. I remember seeing a talk by Facebook on Youtube by their security team that they will download these datasets to see if Facebook users have used the same passwords so that they can protect accounts. It would be unfortunate if this was less than legal.


How is Facebook able to do this if the passwords are hashed in a different manner? Are they storing passwords in plain text?


The other datasets could be storing passwords in plaintext, which could be hashed using Facebook's algorithm and then compared to what Facebook stores.


They could check when you log in, I suppose.


You don't need to cross-reference the passwords. Matching email addresses are sufficient to warn the user. The user should be able to verify whether or not the two accounts use the same password.


This was mostly about weakly hashed, or not hashed passwords. I realize that it may not apply to this particular dataset.


Barrett Brown is a journalist and got prosecuted for downloading a database containing credit card numbers. But then, he pissed off the government.


Barrett Brown did way more than that: https://news.ycombinator.com/item?id=9024835


(1) Lawyer. Clients. Blackmail. Panic. Strategy.

(2) Passwords+usernames repeated across websites (see adobe leak)


That's the only way this can go. The company has three options:

- Confirm that this (or any of the dumps) is the data. This almost definitely opens them up to lawsuits coming from a bunch of people who have little to lose. I say "little to lose" because a non-trivial number will be on the verge of divorce about to lose half of everything.

- Keep their mouths shut and confirm/deny nothing. The press will continue on the story until they're bored and move along but that could be a long time because of the names and information involved.

- Deny that this (or any of the dumps) is the data. All they have to do is keep planting the seed of doubt and some portion of the press will hesitate publishing names because they don't want to look like idiots and/or open themselves up to lawsuits. Because of course anyone with an axe to grind will make sure their opponent (or boss or whatever) is listed in one of the dumps to target them. Further, this shields some of their customers and gives those customers' divorce attorney's a "plausible" scenario to fight against.

All of that said, I wonder if there's some way to validate some of the accounts with the site. If you can do that with some of the leaked data, you may be able to prove that some portion of the data set is real..


Actually there is an easy way to confirm if this dump is at least part of the AM dump: Public court records from divorce proceedings. When my cousin got divorced one of the two of them had put a key logger on the computer and one of the two of them was using the computer explicitly. It is quite possible that there are lots of records that include the term "Ashley Madison".


Given that the dump is straight mySQL dumps, nicely including geolocation data, emails, IP addresses, birth dates, and so on, I fully expect that at this very moment there are people loading servers and building search apps that will allow you to map a location or search corporate IP spaces, etc. It is inevitable, however gray the legalities are. These services are going to start appearing tomorrow with certainty, and they're going to get attention.

And we know already that there is a lot of confirmed data in there. At least some of the data is unequivocally true, and the data in this latest release feels very organic.


I don't understand why you're being downvoted here. Sites like you describe will undoubtedly pop up around this dataset.


Denial is a powerful thing, and at this point there are people who still think the genie can be put back in the bottle. I'm just being rational about how these things always go. Quite aside from the inevitable, very quickly built search apps, we'll have infographics galore about the population set of users.


There's a difference between largely anonymous groupings of data and disclosing PII.

I think dumping the member information with email addresses, profile information could happen. Just verifying emails is already happening.

But the CC info with last four digits, addresses, names, etc. might be hard to keep visible for any length of time.

The Adult Friend hack wasn't as high profile as this one, but has largely been benign.


It could make a great data set for machine learning.


Since this is a big story it seems reasonable to have a thread about it—people are going to keep posting these anyhow. Since we have no idea which URL is the most substantive one, we'll leave this one as is. If anybody finds a link that's significantly better, we can change it.

Since the consensus is now that the leak is real, we'll change the title to reflect that.


I remember back in the day (2010) when I asked pandora in email to "NEVER PLAY ME AN ADD FROM THAT SCUZZY COMPANY AGAIN"... they replied that "we only play PG ads and we vet all adds so they are appropriate to all audiences. no apologies, just "you're wrong dude". I cancelled my account and I wasn't asked to cheat on my wife on a 30 minute basis after that.


You still together just wondering?


yep


Heh. If I were Ashley Madison, and I wanted to create plausible deniability for people in the real dataset, you know what I'd do? I'd create and "leak" a bunch of other datasets with generated data, and data pilfered from other hacks, to muddy the waters. "Oh, my name's in there? That must be faked up data from the Playstation Network hack years ago. Of course I'd never sign up to Ashley Madison, Mr Journalist."


Except there's already a verified dump out there:

40AE8A90DE40CA3AFA763C8EDB43FC1FC47D75F1

Sorry to burst your bubble, but it just won't work.


Gotta love computer science and how it helps solve so many problems :)


I haven't seen the dataset. Is there material there that confirms its legitimacy? Are we entirely sure that this isn't just opm, target, home depot, tjx, etc? (Edit: sounds like full dataset dump: https://news.ycombinator.com/item?id=10083656)

"sources who all have reported finding their information and last four digits of their credit card numbers in the leaked database."

That's ambiguous, and the article indicates that there is considerable doubt as to the authenticity of this purported leak, along with a history of known fakes.

Even beyond that, the article mentioned that the emails were never verified, so it sounds like any could use any name and email to establish an account.

I'm sure this means trouble for some people, but there seems to be highly plausible deniability.


Agreed; it would be insane of them not to.


They signed the real data set with a key, so if you want to release.

Whoever wants to release more, needs to get hands first on that private kye.


What is worrying about this is that some people are in real physical danger because of this leak. It probably seemed like fun and "social justice" for the hackers but it's not.

There are people who live in countries where adultery is punishable by death. Likewise for being gay. There's already one person from Saudi Arabia who expressed his concerns on Reddit but there's likely to be a lot of other people affected.

And that's not counting unbalanced individuals that might act on the perceived knowledge that their SO cheated on them.

The people who released that leak are criminals and will have destroyed relationships, destroyed lives just for the sake of their ego.


What is more worrying for me is that people in real physical danger would hand over that kind of information in the first place. There's very little stopping an employee at a company from selling this information to governments in these countries, or employees originating from these countries being forced to divulge the information.

The real issue is that this information was freely given up in the first place. Hacks like this might make people think twice about privacy, so maybe it's a good thing in the long run?


Why is that worrying? If you're a gay Saudi Arabian (for example) then the only way to be safe is to be celibate. That's not an option for many people. If they weren't hooking up on AM, they'd be using some other service, or making discreet passes at acquaintances, or visiting places where gay people are known to frequent and hoping very strongly that it doesn't get raided while you're there. AM was probably one of the safest options available.


Well it would be nicer if being a gay Saudi Arabian wouldn't get you killed.

As for why it's worrying: giving this information to a private company like AM means it's probably going to be leaked. It's worrying that they have to give this kind of information and will end up getting physically hurt for it. The hack is irrelevant as they would end up like this anyway. Is it not worrying for you?

Will each hack or private disclosure be worrying? Because obviously this will happen again. So for me, it's worrying that they're in a position where this will happen.


The hack itself is worrying. The fact that people will give information out to third parties, in a manner that is potentially life threatening, in order to satisfy their sex drive isn't worrying to me, because it's an inherent part of human nature.


Ah interesting! The hack itself does not worry me at all - I fully expect it and many subsequent hacks on most or all privately held data. A data breach requires a single slipup by any one of thousands of people - it's inevitable in my opinion and does not really worry me.

That people will give information that will cause them harm does worry me though. So we're worried by the opposite things here! Also a good lesson in how the values we have change everything.

Your approach would be to try and prevent hacks to private companies in the future (futile?). My approach would be to try stop people from giving over this kind of data (futile?). I think both of our approaches are probably futile.. even more worrying!


Here's my thinking.

The fact that people can get killed for their sexuality is the worst bit, and also the one most amenable to change. There are many societies where being outed like this wouldn't be a life-threatening situation, so it can be done. Of course, turning a place like Saudi Arabia into one of those societies is somewhat difficult, but it's a worthy goal.

Hacking a company's computers and exposing people's private data is also bad, but much harder to change. I'm not sure we'll ever achieve decent computer security. Stopping attacks on the other side, by convincing people not to try, is probably also not feasible. So stuff like this will probably keep happening.

Then we come to the other end of the private info, where people give it away. I'm skeptical about ever changing this too, but I think the particular case of homosexuals in places like Saudi Arabia isn't very instructive. That a person will risk their life by giving their potentially life-threatening private info to a company in order to gratify their sexuality is predictable, and doesn't really say anything about the possibility of convincing people to be more careful with their info in general.


People living their lives as they want, in spite of the threat of violence, has long been the vanguard of social change.

Forcing them further underground is never a good thing in the long run


yeah, but this argument quickly becomes a slippery slope. If you start questioning whether or not they should have released their private information in the first place, then you can just as easily start questioning whether the countries should be physically punishing these people for that same information. So, what's the real issue? It depends where you draw the line.


>What is worrying about this is that some people are in real physical danger because of this leak.

Everytime Tor is compromised, not matter how bad the people being hunted down, do we not risk the same thing happening to innocent people caught up (say government dissidents in certain countries)? Every time someone finds a way to break encryption and uses it to hunt down someone instead of immediately patching it, don't we run the risk of people who, by our own morals, are innocent being hurt if not killed?


Cry me a river. If you are that concerned about the actions of Saudi Arabia stop paying taxes; it is your tax-payer money and your government that props up that hideous regime.

You do not have the right to argue on behalf of the people of whom you sponsor oppression.


Krebs has since updated his post with confirmation from three independent Ashley Madison users confirming their data was in the leak. It looks like this was the real deal.


Interestingly, the three people say the last digits of their credit card numbers were included in the dump, while the Ashley Madison CTO says they don't keep credit card numbers, full stop.


Whereupon we find out that a developer had indeed added CC to the database, and the CTO didn't know...? :-\


Yeah, I noticed they said that too. I look forward to hearing more about the hack. AM says it wouldn't be through them. Makes me wonder about where the hackers got in at.


Storing the final digits complies with the CC requirements, to my knowledge. I mean, every online store happily shows me my final four digits. So it could just be confusion about what they mean.

Having said that, Ashley Madison has approximately zero credibility, so whatever their agents say is open to intense skepticism.


This, you don't even need to be PCI compliant to store the last 4 digits and the expiration date. This way you can show this info to the user and email the user before the card expires (in case of recurring payments).

If you work with external payment gateways sometimes you are provided with this information even if the card processing is done directly on the processor page (you only have access to limited information about the card and the transaction)


Snowden has risked his life and will be forced to remain paranoid for the entire rest of his life. His cause is noble and 100% justified. He did it for society, for us. What did we do to thank him? We labelled him a traitor and showed no support. And most of all: Almost nobody listened, almost nobody changed habits accordingly. So what does it take to make people listen and understand that our privacy is about to be completely abolished by technology?

It takes exactly leaks like this one. Brutal, emotional, visible and highly controversial events.


IIRC, Snowden has yet to be formally charged for treason; "we" didn't label or charge him for that, that's a gross generalization. I know what you mean, but you might want to tweak that wording a bit.


He was charged under the Espionage Act of 1917, so it's spying, not treason as defined by the US Constitution (he hasn't levied war or adhered to an enemy, but it is possible to argue that he's provided aid to an enemy through the leaks).


Most people on HN, including myself, side with Edward Snowden


I have signed up with a throwaway email and user name and yet I feel really uncomfortable that I receive updates from them as though nothing has happened.

No "please change your password" or anything.


Surprisingly, the passwords are probably the only thing safe. Looks like they were hashed with bcrypt.


Well some of the passwords are safe. Bcrypt doesn't offer much protection if your password is on a list of the 10,000 most-common passwords [1].

Ashley Madison's highest priority should be to tell users to change their password on the Ashley Madison website, and any other website where they have used the same password.

[1] http://www.passwordrandom.com/most-popular-passwords


Were the passwords salted as well? If so, the "commonness" of the password wont matter.


How so? Run bcrypt on 10000 most common password for each salt. Much easier than trying every password possible for each individual salt.


Bcrypt includes a (large) random salt so is not subject to rainbow table attacks. I believe therefore that will protect against identifying passwords contained in a known list.

If I'm wrong about this I'd love someone to explain why to me.


I haven't heard of rainbow table attacks being used much at all anymore. It's completely practical to individually brute force every person's password using their specific salt in parallel.

Let's say they cranked up bcrypt to take 10ms to run (so their system can login 100 people per second). That means it take me 10 seconds to try all 10,000 weakest passwords against an individual hash. If I can do, say, 1000 hashes in parallel, then I can try the top 10,000 passwords against 100 users' hashes a second. If their DB is 100,000,000 passwords then that's only 11 days to try the top 10,000 passwords on everyone, which is super reasonable and will get you tons of low-hanging-fruit.

In practice you can probably try a password faster than this, and massively more parallel. So that's just gravy. Also keep in mind I don't need to try all 10,000 on everyone -- if you have the most common password I can stop right away. Further, if you identify a user who's password you really want to crack, you can redirect all those resources at just that user with the full might of John the Ripper or Hashcat and try 1,000,000,000,000 common passwords and mutations against that user in the same amount of time (using my pessimistic numbers for how fast you can run).

For reference, password cracking rigs are usually talked about in terms of gigahashes/second (billions of hashes per second).


this is not about rainbow tables, just about brute forcing. The only theoretical protection would be a site salt, but that has to be stored somewhere as accessible as the database, so it's fruitless to assume somebody who can get their hands on your db can't get the site salt.

"It’s important to note that salts are useless for preventing dictionary attacks or brute force attacks. You can use huge salts or many salts or hand-harvested, shade-grown, organic Himalayan pink salt. It doesn’t affect how fast an attacker can try a candidate password, given the hash and the salt from your database."

- http://codahale.com/how-to-safely-store-a-password/#

tptacek 1708 days ago

That salt is a public value. The security of salted password schemes is meant not to depend on the secrecy of the salt.

Every time this topic comes up, 15 people chime in with various schemes in which some of the "salt" is derived from the hostname and some of it is stored in an encrypted vault and some of it is inferred from the color of the user's eyes. This is why Coda is making fun of "Himalayan pink salt".

- https://news.ycombinator.com/item?id=2004833


Adding the salt increases (albeit linearly) complexity of hashing w/ regard to brute forcing. So using a very long salt reduces hash speeds.


There are much better ways of reducing hash speed. Like hashing N times.


I am not discussing it, however:

>>It doesn’t affect how fast an attacker can try a candidate password, given the hash and the salt from your database<<

simply, it's a false statement. Multiple hashes while adding the same (huge) salt each time decreases the speed even further. Just adding 8MB (larger than L2 cache or any reasonable amount of SRAM to mount) of salt might be better than multiple hashings as well, plus it increases difficulty of mass-parallel processing. Multiple hashes are very L1 cache friendly when the input is tiny.


It does prevent simple rainbow attacks, but it does not prevent a simple bruteforce of the common passwords. It can increase the cost a bit, but still in the realm of feasible.

I am mainly trying to warn against the false sense of security. Salting does not magically make weak passwords secure. It makes certain types of attacks harder, but a bad password is still bad.


That being said the problem is less that we are not asking users to provide strong enough passwords. It is that the industry seems to be completely incapable of protecting their users data. This race to the least crackable hashing algorithm is only adding more lipstick on the pig.

Having seen a major leak pretty much every week if not every day the past 3 years, I am now of the opinion that I should provide zero personal information to anyone. Disposable email addresses, fake names and address will now be my norm.


If they hashed PASSWORD + USER_SPECIFIC_SALT + SITE_SALT, storing USER_SPECIFIC_SALT in the user table and SITE_SALT in the application config, both data and site config would have to be leaked.


The front page still says "Over 38,855,000 anonymous members!"


"Over 490 anonymous members!" would be pretty funny


I think what is often getting lost in the bustle is that not everyone who had an account on Ashley Madison was a married person committing infidelity. These people too have had their information exposed. I am one of them. I signed up for Ashley Madison many years ago on a whim, without much thought put into it. I'm single, have never been married, have never even been into a committed relationship. I also never used any site services or paid any subscriptions fees. The sum total of my experience has been getting spam emails for a number of years. Yet, I too am one of the people who is being "outed" by this hack.

We all need to pause for a moment, put down the torches and pitchforks, and understand that there are broader more nuanced realities than the simplistic and self-righteous one we'd choose to believe when looking at the net result of this hack.


First online checker that I found:

https://ashley.cynic.al/


this is legit checker. Some emails confirmed, others not. Probably indicator of time window of stolen data. Created mine approx 4 months ago and is not in list. e-mails I communicated with are on the list indicating their accounts were older?


OK, so maybe one doesn't want to end up in a database of IPs and email addresses searched for?


I can confirm it tested negative for negatives, and positive for a positive.


barack.obama@whitehouse.gov is in there (and verified, whatever that means), as is tblair@labour.gov.uk (unverified), pointed out by zerohedge.


I assume "verified" means that Ashley Madison's server sent a verification email to that address, and the user at that address clicked on the verification link included in that email.

Certainly, someone might enter in barack.obama@whitehouse.gov for fun. Presumably, emails to that address (and the official public email address, president@whitehouse.gov) get routed somewhere. But who is checking the emails sent to the president's public address? That likely requires a team of people, one of whom might have clicked on the link.


Verification links gets clicked by mail scanning software (for malware, I suppose) all the time - if the GET isn't followed by a POST - the account is flagged valid.


As another data point, one of my gmail addresses is in the dump (Cf. https://xkcd.com/1279/ ) and listed as verified, despite me never clicking any verification link. Then again, I did contact support asking for them to remove my email address from the account (their response was to ask for money) and perhaps that did something.


Thanks!

The best I could do was test superman@ or batman@ but the results were meaningless.


My wife just show meone more: http://hehadanaffair.com :(


I've thought some about this, as it looks like this kind of travesty is going to continue to happen online. Where are my personal boundaries over what is acceptable or unacceptable?

It's an uncomfortable exploration. I've decided that if I am driving by a car accident -- perhaps a drunk driver careened into a bus -- I will slow down and take a good gawk. There's something in human nature that drives that impulse. I wish the people involved no harm, and I do not take any pleasure in their suffering.

I will not, however, stop the car and rifle through their belongings. People who have been victims of a crime -- even bad people -- do not deserve for me to abuse them further, or take pleasure in their suffering. They certainly don't deserve to be re-victimized.

But I'm 50, not 15. And I've already learned not to let strong emotions about how good or bad something is get in the the way of the larger moral debate.

How to say this best? The internet is a cesspool. It's very difficult to visit without either getting dirty or smelling bad.


> ...I will slow down and take a good gawk.

I understand the impulse, but please don't do this when there's any traffic on the road. Slowing to gawk in the presence of traffic creates an area of slow that persists for a surprisingly long time. :)



magnet:?xt=urn:btih:40AE8A90DE40CA3AFA763C8EDB43FC1FC47D75F1

so you don't have to download it off tor


One of the unfortunate outcomes I expect from this is immediate retribution against the "owners" of faked accounts. Not only can convincing web site accounts be created easily but E-mails that "prove" ownership can also be faked.

There is a side of modern society that does not have either the patience or sense of fairness to verify something before acting on it.

Put another way, what do you think would happen to you if an "account" was leaked that, indeed, had your picture, name, E-mail address and home city? Do you really think that the first 10 messages you receive from people will be to confirm that the account is yours? No: my money is on you losing 40 Facebook friends immediately, receiving several vitriolic messages, a pink slip from your boss and some screaming phone calls before maybe — maybe — one friend with sense then asks if you actually created the account.


The leak contains credit card transactions associated with the cardholder's name. Could those be faked? I suppose. You have a 1/9999 chance of guessing the right 4 digits of someone's credit card.


Or, assuming you are acquainted with the person you dislike, you could go out to lunch with them, and offer to split the bill...


Who know unless you had a profile there.

One thing I found interesting was the suggestion from one of the comments that AM might be the ones dumping all the fake databases. If so this is a pretty clever strategy to try and hide a needle in a pile of needles.


Just as likely all the scammers and malware distributors in the world are also getting in on the act.


It certainly would be a good place to hide it - unlike most of these data dumps, you would be getting lots of unsophisticated people looking at them trying to workout if their name was in the dump.


This is unfortunate, but was easily avoidable. If you sign up for a site like this, take reasonable precautions.

This means an alternate email account (and obviously a fake name.) If you actually subscribe, use a prepaid debit card ("gift card") not directly linked to your actual name or bank account.


As someone who's done this (not for ashleymadison), it's not necessarily 'easy'. Also, many sites that take recurring payments won't allow you to use a prepaid card.


I've done it for some other sites, though not recurring though. My guess is if there's enough balance on the prepaid card (for a pre-auth?), it will work.


I never used AM, but I assume they authorized payments on a subscription (recurring) basis, like every other dating site. If that's the case, the kind of pre-auth is different, and one which prepaid cards would reject.


Regarding the "we don't have the CC data" aspect of this: I think it is possible that the management, senior engineering staff etc believed that they were not storing any part of the credit card number, but in fact they were. I say this because in my career I have seen several cases where we had : contracts signed, policy documents written, things said in meetings over and over; all making it clear that information of some type was not to be retained. However, when I inspected production database tables and examined log files, it turned out that said data was in fact present. Bottom line: someone has to follow up and verify that nothing is being stored that shouldn't, and that exercise has to be repeated periodically in case something changes over time.


Is there any information on how they were hacked? I'm more interested in how they were compromised than anything else.


IIRC it was taken by someone who worked there as a consultant. There were more details back at the time it was first disclosed.


On the bright side, the one thing this unfortunate incident will do is create an opening for many couples to reconcile, now that the truth is out.

"We cannot be facile and say bygones will be bygones, because they will not be bygones and will return to haunt us. True reconciliation is never cheap, for it is based on forgiveness, which is costly. Forgiveness in turn depends on repentance, which has to be based on an acknowledgment of what was done wrong, and therefore on disclosure of the truth. You cannot forgive what you do not know. - Desmond Tutu


Once a cheater always a cheater. There's some kind of gaussian curve in this regard (like in so many other human attributes). Some people will never cheat, while others will cheat very frequently and most people are somewhere in between. I've done a lot of research on this, there are a lot of facts that affect someone's propensity to cheat including their number of sexual partners, level of education, marital status of their parents, children born out of wedlock, cohabitation with original partner, etc. etc. It's not that hard to find someone unlikely to cheat when you start analyzing the data.


source please?


Update indicates it's legit.


I think we can all agree that privacy violations are wrong. Therefore, only by preventing a greater harm can something like this be considered justified.

It's too bad a cost benefit analysis is so tricky here. Exposing cheaters could prevent further cheating, but it could also cause serious identify theft. In the end, I think the line is too blurry to seriously justify the breach.


The amount of dickheads (aka the people that actually harmed others or did really badwrong stuff) that will truly end up getting "what they deserve" (in the eyes those who see it that way), is probably going to be a rather small subset of the total amount of exposed dicks on that site, regardless of how broad a brush of wrongdoing you want to paint with.

Even if there is a part of the leaked users that, if I were to know exactly about their situations, I might agree totally deserve to be outed because of their really shitty and reprehensible actions it just doesn't weigh up against everything else:

- This isn't the Jerry Springer show. No matter the level of dickhead move, the outing doesn't need to be this public for the world. If only for the sake of the wronged parties.

- That gay Saudi guy who now risks being put to death because of this leak, and others like him, they chose AM because it advertised secrecy and discretion, which obviously turned out to be a mistake, but whatever the hackers claim their motive is, leaking the data was a much bigger mistake.

- The incredible amount of domestic abuse fallout that this outing is going to cause.

- The children.

- People that got an account for whatever reason but caught themselves as they realized wtf they were about to throw away.

- Relationships that actually worked hard to get through and over a difficult time, now being confronted again, except this time the mess they wanted to put behind them lies out on the streets for everyone to see.

- People that got an account for shits and giggles. Fake names, fake accounts, fake email adresses and anyone getting caught in the shitstorm surrounding this.

I can think of so many more examples of situations getting caught in the crossfire.

And really, you know that a large part of the slimiest dickheads are still going to get away with this, no matter what.


I just read this article!! Hot news changes quickly. Originally they were debating the data since many dumps were fake but...now it's been updated less than an hour ago. Verified from Krebs three separate sources.

Wow. Bummer. Illegal. Shameful. And could get painful.


What's amazing is the extent people go to downplay the harm and immority of infidelity. Hacking should be a crime but lying and willful harm using false pretense (cheating) is not...? Really shows how bankrupt our moral culture is.


Morality and ethics are relative though.

There are many couples that have open relationships and might have used this site. They would be fine with finding their spouse in the data.

However, the same person's boss might not agree, and now they have access to this information. Someone might find themselves on a performance plan for no obvious reason.

This is a treasure trove for people who want to force their version of ethics and morality on other people.


Cue the automated blackmail emails requesting bitcoin to be delivered... etc..


Turn out to still be dangerous to have important, personal information about you stored by a corporation. Turns out that computers are no safer than filing cabinets. Why would we think they were?


Well the "sanctity" of marriage argument is something I don't really value, so of course there is an opportunity to make money if you get information like that. I just pity their clients, that's all I can really think about this story.

I really wonder what most people would side with, the hackers, who want to unmask infidelity, or Ashley Madison and their clients, who might not deserve to be blackmailed. In a trial of Ashley Madison versus the hackers, I wonder who would prevail, because honestly I don't like neither, and I wonder if a court of justice would really protect people who engaged in infidelity.

Again, the information age is really challenging our morals.


If the hackers actually wanted to "unmask infidelity" (in some sort of twisted sense of service to society) they couldn't have done a lazier, lower effort, shittier job at it than blindly dumping the whole AM database onto the torrents.

This is like publishing the local biker bar's bar-tab, claiming you've "unmasked organised crime".


> This is like publishing the local biker bar's bar-tab, claiming you've "unmasked organised crime".

I was talking about public opinion on the subject. I'm sure there are people siding with the hackers because they're against AM. The moral of the story is always the same, be careful with your data. I don't really care about the scandal, it doesn't bother me. It's the most important problem of the centralized web architecture.


Perhaps this - at last - leads to people only submit personal data to websites who have their data encrypted in their database and a certified to have done that.


The database may well have been encrypted, it's impossible to know. Obviously if you hack the database and content servers, you have access to the encryption key as well. So no, if the data was encrypted or not would not have made any difference in this case as the hackers had access to everything.

Security is all-in. A checkbox like 'encrypted the database' is not any additional security by itself and is not a gauge to use in who to give data to.


I think it's much more likely that people will take additional precautions for themselves. Things like multiple email addresses, one-time-use credit card numbers, and VPNs will (very) slowly grow because of this.


> "We’re not denying this happened," Biderman said. "Like us or not, this is still a criminal act."

That's all dandy and stuff, but I imagine majority of judges are seniors with nice families, most likely no nasty habits and probably faithful to their wives who gave them wonderful children.

I'm having a hard time imagining a judge who wouldn't be biased in any court proceeding against those who trespass AM servers... that is, if they ever caught.


And now all the websites to check if your data is leaked or not. And that's when stealing infos comes on it place.


[deleted]


I grabbed the data and found an old peer in there, and he listed both our office and his home address in profiles, which he would never have done for anything else. He also used an email address on a domain he controls that he created just for that, and accessed it (there are IP addresses) from a remote corporate location while on a trip there (I actually was on the same trip with him).

This is just one record, but that data is absolutely real. And I looked up this particular person because they struck me as exactly the userbase of the site.


God. That's some seriously incriminating evidence. How much detail is in ther re locations? Are the up addresses logged for every visit?

I'd be interested in seeing a schema to better understand the bredth of the data. Is that something others would feel comfortable about posting or is even that considered unethical on here. It's all a very murky area.


Where is the download link please?


I've seen it posted once here already. The comment was nuked. Check on Reddit's Hacking section.


It's available on torrent now.


magnet:?xt=urn:btih:40AE8A90DE40CA3AFA763C8EDB43FC1FC47D75F1


I have little to no sympathy for the people who are embarrassed by this release.

They willingly signed up on a site that's intended use is for people to cheat on their spouses.

Society doesn't take marriage as seriously as it used to but I happen to think that it means something.


Ashley Madison Database (not parsed): http://pastebin.com/9t6DLKm3


What are the repeated "111111Iwillneverdoitagain" strings?


I have not seen the dumps but if I had to make a guess maybe they set that to the PW when the user deletes the account? You won't be able to ever login again because I doubt there is a string that when hashed and salted comes out to that exact string.


The list of .gov and State govt email accounts is public transparency. Someone should extract those and turn them over to Muckrock.


A thread above alleges that barack.obama@whitehouse.gov and tblair@labour.gov.uk were found in the data base. Do you really think those two leaders used or even signed up for AM?


You'd have to be really thoughtless to use your work or official government email account on a dating site, let alone one with a shady premise such as this.


True, but there are plenty of idiots everywhere, including in government.


The real question is, do they require e-mail verification after signup? If they do, the list is a lot more valuable.


They do, I read somewhere that out of 35 million addresses in the system, only 24 million are verified. Still, I imagine that there would be false positives in the verified emails list (for instance someone clicked on it by accident or without reading it as they were signing up for something else, etc).


People really need to be smarter about using prepaid debit cards and throwaway email addresses. I've found multiple cc transactions from people in the neighborhood and people at my job.


A lot of those were obviously fake emails though (foxmulder@fbi.gov for example)


I'm actually happy this happened.

When the private conversation of Donald Sterling was leaked..it didn't matter..because morally, he did something wrong and needed to have everything taken away from him.

When it was leaked that the Mozilla CEO donated a small amount of money to a cause that angered the left, it didn't matter how we got the information. He was bullied online (and offline) until he resigned.

When Wikileaks leaked the locations of covert soldiers in foreign countries, we had many people here on HN saying it doesn't matter if they even get killed..they shouldn't have been there in the first place. I was down voted and silenced for saying anything contrary to this or even having an opinion on it that didn't fit the narrative.

But somehow, because it probably effects people here on HN (and cheating isn't really a problem), it draws the line.

So, to me, this is justice. If you cheat and don't use a fake name...and your spouse/boss/newspapers/family find out that you are on this list. It's your own fault and you deserve what you get.

Let this be a lesson to you all: You should protect the rights of everyone, even if you don't agree with what they are saying. Otherwise, people like me won't protect your rights when the same thing happens to you.

If want the bullying to stop for being gay...it's a little absurd that a person with a different set of religious beliefs than your own deserves to get bullied in the same way (and it's justified).

In fact, I might just make a website that utilizes all of the data and cross-references Facebook, family, friends, etc...or a bot that automatically contacts them. To make it easier to find out if your spouse is cheating. It's similar to how the GNU uses the existing system to promote freedom.

This should bring about a discussion about privacy and why bullying someone online and destroying personal lives (or firing someone) for a person's lifestyle or opinions is not good for society and is wrong.


> When Wikileaks leaked the locations of covert soldiers in foreign countries, we had many people here on HN saying it doesn't matter if they even get killed..they shouldn't have been there in the first place. I was down voted and silenced for saying anything contrary to this or even having an opinion on it that didn't fit the narrative.

Because that would be misrepresenting the narrative.

Link to the "many people here on HN saying it doesn't matter if they get killed"?

The closest I've seen was people calling out and asking for any evidence that even a single soldier was killed because of these leaks. Because there isn't any. If it were, we wouldn't have heard the end of it in the mainstream media.

Any few comments about people actually arguing (these) people's lives do not matter, I expect to see at the bottom of a thread, flagged and with heavy downvotes.

While I strongly agree with those asking for evidence, I spit on the latter.


This is my first time to learn about Ashley Madison. The business model actually disgusts me. I get the whole open relationship, but people who are actually married or in a committed relationship are using this site is just ridiculous. Either you break off with your current relationship, or stay loyal.

BTW, those "secure" logo are just so useless I see them as sign of weakness rather than confidence. Anyone can place a secure logo or verified logo on their homepage and pretend.


copy writing / psychology technique. it is super effective to have those secure logo to gain more users. just google copy writing hacks for landing pages. some of them give you their numbers and just imagine how big 1% of a conversion rate is for a big site. it is really fascinating stuff.


I'm curious why so many are downvoting. Do you disagree that the business model is disgusting, or just think it's inappropriate to say so about a peer's startup?

I'm very curious to know what HNers think about this.


I happen to agree that the business model is awful, but it's also sort of off-topic. The way in which I am displeased with someone who chooses to cheat on their spouse is very different from the way I am displeased with a company who makes money off of getting large numbers of people to cheat on their spouses, and this hack victimizes individuals more than the company. It's also very different from the way I am displeased (or really, not displeased) with someone who chose once, in a moment of weakness, to attempt to cheat on their spouse, and thought better of it shortly thereafter, or even someone who did cheat on their spouse, regretted it, apologized, and sought forgiveness. We have no idea from the data how many of those people still have email addresses and credit card numbers on file.

I do wish there was a way to distinguish between "Your facts are wrong," "I disagree with your opinion," "You're off-topic," or "You might be right and on-topic but you're not constructive" when downvoting, especially since HN norms are that the first two are appropriate uses of the downvote button. (I don't think it's very likely to be the last one, in this case.)


Thank you for that answer, which helped me see some larger issues at play.

Edit: although I also disagree that discussions of ethics and morality are off-topic for HN.


To be clear, I think discussions of ethics and morality in company purposes are (or at least, ought to be) very much on topic for the site as a whole. I just think that discussing the morality of this particular business on this particular comment thread is likely to risk being off-topic, because it's too easy to read it as "Yeah, but they deserved it," and maybe the company did but the story is primarily about the users, not the company itself.

Here's a proposition that I think is on-topic that we can discuss: It is, IMO, clearly irresponsible and reprehensible to go around encouraging people to break their marriage vows and then not take world-class care of the database listing the people you so encouraged. If you can't find qualified people to take world-class security measures, maybe you shouldn't be running the site at all.


Possibly the worst bit is the "you need to pay us money to be removed from our database" aspect of the business model, which gives the whole thing a decidedly protection-racket-ish air. And then, apparently, they didn't remove you from the database even if you paid the protection money!


"It is, IMO, clearly irresponsible and reprehensible to go around encouraging people to break their marriage vows and then not take world-class care of the database"

It's reprehensible for any third party to go around encouraging people to break any sort of vows between any two people, and it's irresponsible for any online site with a large userbase to not take world-class care of their database. Why should the two propositions be connected?

To me, it's not more irresponsible because of the nature of the site, and it's not suddenly more reprehensible because they got hacked. In addition, I would say that leaking the database is more reprehensible than the site itself ever was.


The two propositions should be connected because how bad it is when your name shows up in some hacked company's database depends on what the hacked company is, and being outed as someone who tried to have an extramarital affair is more damaging than being outed as someone who (say) bought some shoes.

(Some people will feel that this is balanced out by the fact that these are Bad People, who deserve to have their badness exposed. If so, failing to protect the database might have been less irresponsible and reprehensible in AM's case. But it would be quite a coincidence for these things to balance perfectly. One way or the other, the service you're providing to your customers makes some difference to just how awful it is when you fail to keep their data private.)


> this hack victimizes individuals more than the company

Hm; do you really think there's a chance the company will survive this? It seems unlikely.


Do you think the impact on the individuals (not just the site users, but their partners and children too) carries less weight than the impact on a few sleazy execs, who will most likely have no trouble setting up another revenue stream?


Not under the same name, but they might just survive if they go for a (more subtle) rebrand.


Let's be real about what the business model actually is, though: scamming men who wish they were having more sex into paying a recurring fee, and then try to string them along to keep them paying, by having fake profiles of beautiful women 'wink at' or 'poke' them, chat, or whatever.

By now it has been documented that Ashley Madison customers are overwhelmingly male (duh...) and that they have fake women doing fake interactions (such as 'collect' messages the male users have to pay to read).

I don't find that business model disgusting, exactly, but it's pretty sad and sleazy and lame. (The facilitating affairs aspect of the business, if it were actually real, wouldn't offend me personally.)


HN seems to be tolerant of people's personal beliefs, until those begin to be used to judge other people.

Also, there's a bunch of assumptions being made about AM and its customers and the emails released by hackers.


From a business point of view, and like any company, they're matching a need with a service at a profit.

But everyone has their own preferences and boundaries. Society generally frowns upon affairs, but if your own morals allow you to create that sort of business, it's your choice.


> Society generally frowns upon affairs

Than why is everyone doing it?


Ok, I think people are misunderstanding what I've said. I'm not taking any sides here. What I'm saying is that everyone has their own moral codes which can differ from what's dictated by society (morals aren't the same as ethics). There are going to be people who cheat but that doesn't mean everyone does. Look at laws. People break them. But not everyone.

As for AM as a business, I mentioned that everyone has their own preferences and boundaries. Some people won't create anything involving gambling, adult, etc. but others are okay with it. The same can be said for what the AM founder created. We don't have to like what he's made. We don't have to agree with the business model.


That line of thinking is nice when you are teen. But then the real world comes and people usually find that real life is more nuanced and complicated.

Lets start with - sex acts your SO just won't do, but you like them. A lot.


You like them more than your marriage vow?


The HN change from the original title ("Was the Ashley Madison Database Leaked?") seems odd. Questions in titles are usually clickbait, but in this case it is legitimately uncertain, and the article doesn't claim an definite answer.



It's been confirmed now by multiple sources.


The original article was specifically about the lack of concrete evidence, and didn't claim a definite answer until the update a couple of hours ago. The HN submission title had been changed before I posted, but Dang's explanation of the change posted about the same time as I did. I get it now, so by all means feel free to disagree with my original point about HN title etiquette, but please don't downvote me for failing to account for a post that arrived as I was typing mine.


I agree. Don't take it personally; a lot of civil, even insightful comments seem to be getting downvoted in this thread. No matter the forum, there will always be a grey area between "downvote for quality" and "downvote because I disagree."


FWIW, I upvoted you as I thought it was a bit harsh.


Appreciate it. :)


There's something poetic about people who use an Internet based service to commit adultery being exposed by crackers. With luck the fallout will break Ashley Madison too.


You're making unwarranted assumptions about who uses the site. It is marketed at cheating spouses but there are plenty of people on there who are single, in open marriages etc.


Don't forget cuckolds. There is actually a whole group of people who enjoy the thought of their S/O's cheating on them.


I signed up years ago out of curiosity. I was single, and had no intention of getting involved with a married woman. I just wanted to see if people were actually dumb enough to post their own pictures on a cheating website.


I signed up on AM to cheat on my wife.


Repost from a different, and now I think abandoned, thread:

I'm curious - I keep getting downvoted whenever I criticise Ashley Madison on the grounds of morality. Why is this?

This isn't a whinge about downvoting (if I didn't want to get downvoted I wouldn't keep posting about A-M), but a genuine inquiry into the reasons.

Is it that people see discussions of morality as off-topic for HN? Do people disagree with my moral judgement of A-M? Or disagree with moral judgement in general?


IMO, you're getting downvoted because your judgment of people on AM assumes facts not in evidence (i.e., that users of AM are there to cheat on their unknowing spouses), and then judges those people based on those facts that only exist in your head. It's self-aggrandizing, and the tone doesn't come off as participation in a discourse about morality as much as a narcissistic statement about the identity you'd like people to assign you ("wow, duncan_bayne is hardcore judgey about those AM users. He must really be against adultery.") See also [0]. Finally, it's also a derail from the reasons people are discussing the story that is more HN-relevant (technical and security aspects, user data practices, etc.).

So to answer your closing questions - 1) "no", people discuss morality all the time on HN, especially in relation to economic relations, 2) Probably "yes", because your judgment says more about what you want to say about adultery than about the actual behavior of AM users (who could have all sorts of non-adulterous reasons to be on the site), 3) clearly "no" (see (1)), but jumping to that overarching assumption that people are downvoting your comments because they just don't like morality is part of that self-aggrandizing impression I'm talking about.

If this was a dump of Petsmart's customer database, and you posted a bunch of comments judging the Petsmart customers as deserving to be exposed because they bought their pet from a puppy mill and some PETA links, people would downvote you, too--partially for the substance and partially just for derailing the conversation.

[0] http://www.davidbrin.com/addiction.html


you're getting downvoted because your judgment of people on AM assumes facts not in evidence (i.e., that users of AM are there to cheat on their unknowing spouses

This is all text from the homepage of Ashley Madison:

"Ashley Madison is the world's leading married dating service for discreet encounters"

Their tagline, a registered trademark is, "Life is short. Have an affair.®"

"Ashley Madison is the most famous name in infidelity and married dating."

"Thousands of cheating wives and cheating husbands signup everyday looking for an affair. "


I've been known to drink Budweiser. Does that mean that I believe that women will suddenly find me sexy and the Swedish bikini team will appear as I pop off the bottlecap to lavish me with scantily-clad attention?

You are conflating the marketing copy of the company with the intentions and motivations of the users. Just because something confirms your most cynical expectations doesn't make it true.

Ashley Madison has absolutely no idea whether any particular user, if they are married, is on there to do anything with their profile other than browse, or whether their spouse knows they are on there, or for that matter if a couple is browsing the site together as part of their joint fantasy life, or if they are in an open relationship, or a number of other scenarios that have no impact on you and really provide no basis for you to cast judgment about their motivations--especially in an absence of evidence.

See again, my cite to David Brin's article on addiction to outrage.


Uh, what? How is membership in a website that is known, markets itself, and is designed as a cheating website not evidence of the intentions and motivations of its members? Of course membership in Ashley Madison isn't irrefutable proof that a person is looking for an affair. But how is it also not good reason to believe that he/she is?


You can use a gun for killing, and it's marketed for that specific purpose. Does owning a gun make you a killer?


No, because I'm talking about intentions and motivations, not actions. I said it's reason to believe that someone has intentions/motivations to have an affair; I didn't say it's enough to believe that someone has had an affair.

The reputation, marketing, and design of guns is a good bit more varied than Ashley Madison's. But yes, buying and learning to use a gun shows a certain intention or willingness to kill. It may be to kill a deer you're hunting or to kill a person in self defence, but in general it's evidence of a certain willingness to kill.


You're making a lot of false assumptions. You could be the owner of gun, intending to fire it against inanimate objects only. Like a paper target at the gun range.

One could even have bought it out of simple curiosity.


Yes. And you could be a member of Ashley Madison who's just curious, or who's doing a documentary for Al Jazeera, or who's trying to see if your spouse is on it.

I was speaking generally. I said that it's reason/evidence in favour of a conclusion. I said that it isn't proof of it. Those kinds of general rules and presumptions are useful for all kinds of things and in all kinds of ways. Or do you think that our judgements should be entirely composed of perfectly comprehensive and universal rules?


You are confusing marketing with actual use. Cf "to serve and protect".


Not surprised to see the overlap between the anti-cop and pro-adultery crowd.


You sound sincere. Part of it may be the fact that, generally, you are violating "judge not lest thee be judged" and specifically, outing the adulterers also stands to cause real harm to their families, and also many of us know of circumstances where covert extramarital affairs kept families together in a good way.


I downvote a bunch of these style of posts because they're i) really unpleasant judgemental gloating or ii) idiotic assumptions.


> I keep getting downvoted whenever I criticise Ashley Madison on the grounds of morality. Why is this?

Because although most people agree with you, your statements are not considered as interesting. Presumably because they're considered as trivially true. Votes aren't about whether what you wrote is true/false, but whether reading it provides some insights to readers.

If you commented "War in awful!" under a war-related post, you'd be downvoted too, not because people find war awesome, but because reading such a truism give no valuable information to anyone.


To me the relative morality of A-M and the people using it seem somewhat irrelevant to the larger discussion. It's always fun to gloat when bad things happen to 'bad' people, but even people who live a lifestyle you strongly disagree with should have access to the same basic rights as you wish to have, including the right to privacy.


I know one person that I suspect would be in there if I bothered looking. If he did have an affair I'm sure he'd have been thrilled for his wife to find out, since they were very attached before the stroke and vegetative state.

I admin email systems. Not my place to judge.


Perhaps because people don't deserve to be punished by crackers? It's not guaranteed all users on there are harming society. It's not like it's, I dunno, Oracle getting internal documents leaked. Or Sony (and despite how bad Sony may be, some folks were rightfully concerned for the damage to innocent employees). Or BP or the USG.

Overall I find it rather funny, and I gotta wonder who the hell would use such a site with their real name and billing info. Though I'm not under any delusion that it's fair, or that it's justice, except against the company itself.


Dozens of people are going to commit suicide over this...


This is hacker news bitches, y'all should be into this shit. "Ashley Madison" is a company dedicated to profiting from people lying to their spouses. Lighten up on the data privacy aspect and cheer your anonymous bros for bringing some justice.


Hacker != cracker


Strange, I would expect hackers to be the first to reject the silly social construct of monogamy.

I think this is ridiculous and nearly pointless. The only benefit I see is exposing how carelessly ALM handled personal data. However, they could have accomplished this while still blinding the data.

Edit: Not sure why this warrants downvotes..


I'm downvoting you because it's ridiculous to say that monogamy is purely a social construct. It genuinely matters to some people, even if they're okay with polygamy as a general concept. There is nothing wrong with consensual open relationships, and we'd all be better off if the social stigma around them went away, but consensual is the key word. It's not okay to promise someone monogamy and then break your word behind their back.

Do not assume that the way you feel about something is the one true correct way and anyone who disagrees has been brainwashed by The Man.


Those who are moralizing about client info being leaked, would you be as aghast about information about child rapists being leaked?

The principle is the same. In both cases there is an aggrieved party (spouse vs child). Both cases need to be put to a stop.

It worries me that someone's private information was leaked. On principle I am against this. But there's some justice to it, so I also like it a little.


I feel the same way. Cheating on someone is akin to taking a shit on their self-esteem. Morally repulsive that this happens as frequently as it does, so I actually feel great that many of that cheating scum is exposed and I hope their names are exposed for good. IMHO.


I've never felt just because it's legal--it's fine. In fact, some of the worst/slimiest people I know make their money in a legal fashion. Some of the best people I know, have broken societal laws.

When I heard Ashley Madion was hacked, I knew laws were broken, but I really didn't care. I don't like sites/places that make the spread of disease too easy. Kinda like when they closed/modified the rules to the bath houses.

I know we need laws in a civilized society. Did these hackers break the law--yes. Do I care--no! Not in this particular case.

What really bothers me is Ashley Madion didn't stand behind their members. Ashley Madison left their database open. I don't know how, but they were hacked. They were given an opportunity to protect the identity of their members, but they didn't agree to the Hacker's demands. I don't know if the Hackers would have kept their word? But if I owned Ashley Madison, I would have shut down the site immediately-- without discussion. I would have figured, I screwed up; I owe it to the people that trusted me to do the right thing. Companies need to protect customers personal information--even if it means shutting down.

We all know why they didn't shut the site down. They didn't have a lot of high moral reasons to keep it open. The Hackers had this company completely exposed. Ashley Madison lost the war. The only reason they are still open, and their personal customer data was released is because of one reason--Money!

(I don't know how many people this company employed. If it was a large number, that might be valid reason to keep it open? I just doubt they have a lot of employees? They haven't even gone public yet? I heard they were scheduled for a big IPO?)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: