Eh? WTF?

[charmian]

http://news.livejournal.com/125326.html?thread=83019150#t83019150

It's not clear exactly what happened here, but why would a staffer choose to make a random comment on an entry using their staff account? How did they even find their journal? As far as I can tell what happened is that the staff person does admit to leaving a comment on an entry which was in 'bad taste' and then deleting it, but then it's unclear whether the entry was locked (as the person alleges) or not (as the staff member alleges).

More disturbing are the allegations made by this person, although they admit to 'trolling' in the past, so they might not be a reliable source. However... do volunteers really have the ability to see locked posts? Or is it only closed support requests?

Comments

[sophie]

You know... I was about to respond to this post saying that I believed what dnewhall said because staff don't lie about things like that. If he said that it was a public entry, either it was or he made an honest mistake.

Then I saw the comments you linked to, where he not only says things really not befitting of an LJ staff member, but lies in the sense of saying "hey, look, I have a free account if you hadn't noticed"... even though it was a *test* account, and of course, being staff his normal one is a permanent account.

Even then, I would have believe it was someone trying to troll as David and not David himself, if dwell hadn't confirmed it.

...I miss the days when LJ staff were honest. :(

[charmian]

Huh, so is it possible that he did make an honest mistake? Having no idea about what allows staff to read private entries, I have no idea how possible that might be.

Yeah, just what was with that earlier incident? I that was rather bizarre, although it's possible in that case it wasn't even much of a lie, because I think a real attempt at deception would involve a less.... obvious username.

[sophie]

Well, no, it's not really that easy for staff to read private entries accidentally - even if they have the privs, they still have to specifically change the URL to add a parameter before the code will show any private entries. And as soon as that's done, it'll be logged, and that log is (or was, at least) regularly reviewed.

Hence, why I *thought* it was more likely to have been public. But with those comments and what people are saying about how her entries are default friends-only anyway (implying that minsecurity is set)... I'm not so sure.

[charmian]

Hmm, so if it is logged then, there should be clear evidence one way or the other. All someone needs to do is review the log, and then they'll know.

[synecdochic]

On LJ, it's actually a lot easier to read private entries accidentally than you might think. The only way to enter into the "read locked entries" mode is to add ?viewall=1 to the end of the URL, like you say, but since (on LJ) one is also in the habit of regularly adding ?style=mine to the end of links manually (because LJ's 'stylealwaysmine' implementation sucks), it is very easy to confuse the two if you're tired, stressed, or having a bad day.

(I'd say about half of my uses of viewall were on entries I already had the access to read, either public entries or locked entries by my friends, when I meant to hit ?style=mien and wound up typing the reverse, and of course I'd often try for viewall and hit ?style=mine instead and sit there staring at the screen for a good five minutes before I figured out what was wrong.)

This is going to be much less of a problem on DW, since the ?style=mine in the navbar means that one is rarely adding it manually to URLs, though. (That's one of the major reasons why I wanted the one-click ?style=mine implementation.) We also have a bug open to change viewall to a system that's more like impersonate (which is the tool that lets you log in as a user, for troubleshooting purposes) -- to impersonate someone you have to leave a reason that goes in the log, while viewall just has the use logged.

[mark]

FWIW, Janine and I just did a test. She posted a protected entry that I could not see, then I went in and tried to comment to it.

DW (and I assume LJ, as this behavior was not changed by us and has existed since time immemorial) does not allow you to comment on a post you do not actually have access to. Even if you are using viewall.

So, the claim that some member of LJ staff commented to a protected post is almost certainly false. Unless he has the knowledge and ability to manually insert his comment into the database (which is a lot of work, trust me), it just isn't plausible.

[synecdochic]

Huh. That's good to know; I seem to remember being able to leave a comment on a viewall'd entry as long as it wasn't set to friends-only commenting in the past, but that was a long, long time ago and there very well could have been LJ changes in between then and when we forked. (Or I could be misremembering, of course.)

But yeah, I know we haven't changed anything there, so if it doesn't work on DW it wouldn't work on LJ either. So, if the comment was on an entry the OP thought was locked, she must've unlocked it at some point (or, I saw someone else mentioning that she might've gotten bitten by that flash embed that made entries public and just didn't realize, since I think I've also seen her saying that one/some of her FO entries were turned public.)

Anyway, this is never going to be anything provable in any direction, since nobody's got screencaps (and even caps aren't probative). It does sadden me that LJ's lost enough trust that the story seems highly plausible to most of the people who've seen it, though. *sigh*

[charmian]

Great to hear that this is probably a misunderstanding as far as the locked entry commenting thing goes. The whole situation seems very weird and full of odd coincidences.

[daedala]

Out of curiosity -- what access do admins have to change privacy levels? So could someone change the privacy level, then comment?

(I've been linked to this thread from all over. As a security wonk, I Am Intrigued.)

[rydra_wong]

If he unlocked it, commented, then re-locked it, that strikes me as even more appalling somehow (more work so more premeditation?).

[charmian]

BTW, vulva has commented on the situation, giving more details. According to her, a week before the incident, the entry in question was not publicly visible (custom-locked to a group), but when she received the comment notification, the entry had become public.

Once she saw he had commented on it, she relocked the entry herself.

http://charmian.dreamwidth.org/56929.html?thread=437089#cmt437089

[mark]

The only way an admin could change the security level would be to "impersonate" you and then, as you, change the privacy. There are no admin tools for changing the security level of content.

Of course, a systems administrator could change the security level using the servers directly. It isn't as simple as it might sound and does require knowledge of the code, but it's doable.

[vulva]

So, the claim that some member of LJ staff commented to a protected post is almost certainly false.


Yeah, going to have to disagree with you there. You know, since it actually happened.

[mark]

I'm just exploring the technical side of the discussion. I don't know you or the other person, so I'm going to leave alone the rest of the issue.

[jonquil]

It's not just vulva vs. dnewhall, by the way; she has two witnesses who say that nothing in her journal, other than the "This journal is flocked" message, is or has ever been public when she posted it.

[reddragdiva]

Your post is already being forwarded around as "Mark says Vulva's a liar", so you might need to make a more prominent clarification.

[yvi]

Unless he has the knowledge and ability to manually insert his comment into the database (which is a lot of work, trust me),

Not trying to start anything here, but as soon as someone has database access, it is not necessary to insert the comment (which would be a bit of work) to do that. Changing the entry security would be so much easier.

[mark]

Which is also not just that simple. Calling editevent takes more than a passing knowledge of the code, and doing it manually wouldn't be as easy as you might think due to having to tangle with memcache.

Now, it's possible that he impersonated the user, changed the security, logged back in as himself, commented, re-impersonated the user, changed the security back, then went back as himself and deleted the comment...

But really, Occam's Razor has a thing or two to say about that idea.

[jonquil]

I have a different mode of entry.

If we buy the story, for the purpose of argument, that a single entry mysteriously became public:

How easy is it for LJ admins to simply scroll through the database of pictures itself? Not the database of entries, but the daily database of pictures? If that itself isn't particularly locked, then the chain of events that makes sense would be:

1. Find "'interesting" picture
2. Unlock corresponding entry following back-reference (if such exists and I don't know that it does)
3. Profit.

[pne]

I don't think I've ever heard of any "daily database of pictures" on LiveJournal.

I also wonder how one would build one, since pictures are essentially just HTML <img> tags -- they're not hosted on LiveJournal, for starters (unless they're ScrapBook images). You'd have to analyse every new entry posted for image tags and extract them to create such a stream.

[mark]

The admin tools for FotoBilder (which is the code that runs LJ ScrapBook) are pitiful and incomplete in the extreme. As of the last time I went through that code (which was a year or two ago), there was no way for admins to scroll through recently uploaded photos.

It's possible that's changed, or maybe someone over there wrote a tool to do this and it's being misused, I don't know.

The entire issue is further complicated by the separation between FB/LJ code. They don't use the same database, the same IDs, anything. Going from one to the other requires some pretty in-depth knowledge of how the systems work.

[yvi]

As I understand it, the post in question was several weeks old.

[janinedog]

There is the latest images feed. However, it only shows images from public entries, and if the entry was indeed posted in 2009, it wouldn't be visible there now.

[dharma_slut]

What's so interesting about cleavage, considering the kinds of images I've seen in other ljs?

[foxfirefey]

Well, I don't even know if his staff account is his normal account--it's not very integrated into much other than stuff/work duties. And I wouldn't be surprised if he ends up having to do his normal LJ site browsing in the course of a work day with a free account, just to make sure everything is working okay.