Bellingcat: The Osint Gatekeepers Who Can't Secure Their Own Site (opens in new tab)

(ringmast4r.substack.com)

6 pointsmostcallmeyt12d ago3 comments

3 comments

What the author says they did:

    What I found: 173 Gravatar email hashes sitting in Bellingcat’s public
    WordPress sitemap, completely unprotected.

    I cracked 89 of those hashes back into the original email addresses.
    I pulled 32 full Gravatar profiles containing real names, locations,
    social media accounts, and bios. 

    I scraped all 1,318 published articles for author intelligence
    and cross-referenced everything against Gravatar’s public API. 
    Over half of Bellingcat’s staff and contributors were de-anonymized
    from a single sitemap.

Why the author says they did it:

    I was kicked from their Discord for posting a gif in an inactive
    channel. [Non mod users] lectured me about rules I hadn’t broken,
    and within minutes I was banned. The reason logged by their system?
    "Discord ToS/Threats."

    Bellingcat operates a crossban system that propagates bans across
    affiliated OSINT communities. I was automatically banned from
    Project Owl: A OSINT Community server I had never interacted with.

Due to our increasingly dead internet, I've become a bit more sympathetic to heavy handed moderation (in general). Especially if the moderation team is reachable and reasonable. In this article, I see no indication the author reached out anyone at Bellingcat about his ban.

Further, Bellingcat exists in a space where they push back against some of the most powerful entities in Earth. I assume that brings security nuances I am not aware of.

mostcallmeytOP11d ago

Generally, "heavy handed moderation" in social media platforms isn't really sustainable either as some pushbacks had lead to the EU passing a law requiring them those platforms have adequate redress mechanisms.

Wikipedia is a paragon of virtue for that but from personal observations, they will become a fine case against "heavy handed moderation" one day if the Jennsaurus Files ends up in the media.

What we need is "due diligent moderation" instead of going into either extremes.

There could be a system which can address dead internet theory while avoiding "heavy handed moderation", by letting some users to verify themselves as humans by using Needemand's hand gesture verification solution. Presumably as others had put it, all accounts on any given platforms will then be divided into the categories of human-verified, unverified/ambiguous and bots.

bigyabai11d ago

> "heavy handed moderation" in social media platforms isn't really sustainable either

Sure it is. Websites are private property, I can kick you out amenable to any terms of service that I set and you agree with.

> by letting some users to verify themselves as humans

Humanity isn't even the issue, past a certain point. OP behaved like an asshat and did not apologize once. They fought the moderators, and most online communities would ban them until they wipe off the persecution/revenge complex and grow up. I'd have done the same thing in the moderator's position, and I'd wager most of the community would too.

j / k navigate · click thread line to collapse