Tweet
In what appears to be the latest salvo in a new, wired form of protest, developer Sam Lavigne posted code that scrapes LinkedIn to find Immigration and Customs Enforcement employee accounts. His code, which basically a Python-based tool that scans LinkedIn for keywords, is gone from Github and Gitlab and Medium took down his original post. The CSV of the data is still available here and here and WikiLeaks has posted a mirror.
āI find it helpful to remember that as much as internet companies use data to spy on and exploit their users, we can at times reverse the story, and leverage those very same online platforms as a means to investigate or even undermine entrenched power structures. Itās a strange side effect of our reliance on private companies and semi-public platforms to mediate nearly all aspects of our lives. We donāt necessarily need to wait for the next Snowden-style revelation to scrutinize the powerful ā so much is already hiding in plain sight,ā said Lavigne.
Doxxing is the process of using publicly available information to target someone online for abuse. Because we can now find out anything on anyone for a few dollars ā a search for ābackground checkā brings up dozens of paid services that can get you names and addresses in a second ā scraping public data on LinkedIn seems far easier and innocuous. That doesnāt make it legal.
āRecent efforts to outlaw doxxing at the national level (like the Online Safety Modernization Act of 2017) have stalled in committee, so itās not strictly illegal,ā said James Slaby, Security Expert at Acronis. āBut LinkedIn and other social networks usually consider it a violation of their terms of service to scrape their data for personal use. The question of fairness is trickier: doxxing is often justified as a rare tool that the powerless can use against the powerful to call attention to perceived injustices.ā
āThe problem is that doxxing is a crude tool. The torrent of online ridicule, abuse and threats that can be heaped on doxxed targets by their political or ideological opponents can also rain down on unintended and undeserving targets: family members, friends, people with similar names or appearances,ā he said.
The tool itself isnāt to blame. No one would fault a job seeker or salesperson who scraped LinkedIn for targeted employees of a specific company. That said, scraping and publicly shaming employees walks a thin line.
āIn my opinion, the professor who developed this scraper tool isnāt breaking the law, as itās perfectly legal to search the web for publicly available information,ā said David Kennedy, CEO of TrustedSec. āThis is known in the security space as āopen source intelligenceā collection, and scrapers are just one way to do it. That said, it is concerning to see ICE agents doxxed in this way. I understand emotions are running high on both sides of this debate, but we donāt want to increase the physical security risks to our law enforcement officers.ā
āThe decision by Twitter, Github and Medium to block the dissemination of this information and tracking tool makes sense ā in fact, law enforcement agentsā personal information is often protected. This isnāt going to go away anytime soon, itās only going to become more aggressive, particularly as more people grow comfortable with using the darknet and the many available hacking tools for sale in these underground forums. Law enforcement agents need to take note of this, and be much more careful about what (and how often) they post online.ā
Ultimately, doxxing is problematic. Because we place our information on public forums there should be nothing to stop anyone from finding and posting it. However, the expectation that people will use our information for good and not evil is swiftly eroding. Today, wrote one security researcher, David Kavanaugh, doxxing is becoming dangerous.
āGoing after the people on the ground is like shooting the messenger . Decisions are made by leadership and those are the people we should be going after. Doxxing is akin to a personal attack. Change policy, donāt ruin more lives,ā he said.
Continue readingā¦
āI find it helpful to remember that as much as internet companies use data to spy on and exploit their users, we can at times reverse the story, and leverage those very same online platforms as a means to investigate or even undermine entrenched power structures. Itās a strange side effect of our reliance on private companies and semi-public platforms to mediate nearly all aspects of our lives. We donāt necessarily need to wait for the next Snowden-style revelation to scrutinize the powerful ā so much is already hiding in plain sight,ā said Lavigne.
Doxxing is the process of using publicly available information to target someone online for abuse. Because we can now find out anything on anyone for a few dollars ā a search for ābackground checkā brings up dozens of paid services that can get you names and addresses in a second ā scraping public data on LinkedIn seems far easier and innocuous. That doesnāt make it legal.
āRecent efforts to outlaw doxxing at the national level (like the Online Safety Modernization Act of 2017) have stalled in committee, so itās not strictly illegal,ā said James Slaby, Security Expert at Acronis. āBut LinkedIn and other social networks usually consider it a violation of their terms of service to scrape their data for personal use. The question of fairness is trickier: doxxing is often justified as a rare tool that the powerless can use against the powerful to call attention to perceived injustices.ā
āThe problem is that doxxing is a crude tool. The torrent of online ridicule, abuse and threats that can be heaped on doxxed targets by their political or ideological opponents can also rain down on unintended and undeserving targets: family members, friends, people with similar names or appearances,ā he said.
The tool itself isnāt to blame. No one would fault a job seeker or salesperson who scraped LinkedIn for targeted employees of a specific company. That said, scraping and publicly shaming employees walks a thin line.
āIn my opinion, the professor who developed this scraper tool isnāt breaking the law, as itās perfectly legal to search the web for publicly available information,ā said David Kennedy, CEO of TrustedSec. āThis is known in the security space as āopen source intelligenceā collection, and scrapers are just one way to do it. That said, it is concerning to see ICE agents doxxed in this way. I understand emotions are running high on both sides of this debate, but we donāt want to increase the physical security risks to our law enforcement officers.ā
āThe decision by Twitter, Github and Medium to block the dissemination of this information and tracking tool makes sense ā in fact, law enforcement agentsā personal information is often protected. This isnāt going to go away anytime soon, itās only going to become more aggressive, particularly as more people grow comfortable with using the darknet and the many available hacking tools for sale in these underground forums. Law enforcement agents need to take note of this, and be much more careful about what (and how often) they post online.ā
Ultimately, doxxing is problematic. Because we place our information on public forums there should be nothing to stop anyone from finding and posting it. However, the expectation that people will use our information for good and not evil is swiftly eroding. Today, wrote one security researcher, David Kavanaugh, doxxing is becoming dangerous.
āGoing after the people on the ground is like shooting the messenger . Decisions are made by leadership and those are the people we should be going after. Doxxing is akin to a personal attack. Change policy, donāt ruin more lives,ā he said.
Continue readingā¦