(no subject)

[otter]

I'm not quite sure if this is appropriately formatted for this group, but the subject matter concerns many who are oppressed.

Brought to my attention by Amanda Palmer, an artist that I follow.

"ABORTION WHISTLEBLOWERS? WELL THIS IS AWFUL…but you can do something! and it’s also free.

Texas now has a site to “report” woman who have had an abortion. It has the option of submitting pictures.

It would be a…crying shame if this site got too many submissions to sort through.

https://prolifewhistleblower.com "

I filled in Ted Cruz's name and address in the 'doctor/clinic' section. and made my own comments about bodily autonomy and such.

Comments

[azurelunatic]

On Twitter I found a thread with advice about rendering the data set unusable:
https://twitter.com/aetherlev/status/1429113696710660098

[minoanmiss]

*makes a note*

[otter]

I'm not on Twitter, thus couldn't read far enough to find the useful bits.

[tielan]

Short version: you don't just want to flood the number of reports, you want to make it so that someone looking at the data from those reports is incapable of telling what's real data and what's fake data, so they either have to go through the entire dataset, painfully sifting out the real data to get anything from it, or they toss the entire dataset.

--

If I were running something like this, I'd have at least four levels of screening to filter out 'fake results', probably more as time went on.

Level 1 screening: famous, notable, or obviously fake names.

Level 2 screening: known VPN providers / multiple reports from the same IP address in a short period of time.

Level 3 screening: If they require an address to be put in, don't just put in '1600 Pennsylvania Ave, DC' or use the same address every time.

Level 4 screening: looking for words in the responses/addresses/names that indicate someone is against what this database is set up to do, including excluding records with phrases like 'pro-choice', 'right to choose', 'my body, my choice', any and every variation of a swearword, and a large number of exclamation marks or non-alphanumerics in the text.

[azurelunatic]

a rough copy, with links

https://twitter.com/aetherlev/status/1429113696710660098

Claire Ryan
aetherlev
PSA for this: how to poison a dataset 101

a.k.a. how to make a database admin want to murder you in your sleep, a thread



Claire Ryan
aetherlev
·
Aug 21 https://twitter.com/aetherlev/status/1429113698040258566
Replying to
aetherlev
Okay so this is from my experience as a senior web dev who specializes in data processing and analysis.

I also did some anti-fraud work in online advertising back in the day


Claire Ryan
aetherlev
·
Aug 21 https://twitter.com/aetherlev/status/1429113699155943429
So I've seen some people enter reports for Ted Cruz or whoever and the important thing to know here is that this will not poison the dataset.

The dataset becomes worthless when the owner can't tell the difference between good and bad data.
Claire Ryan
aetherlev
·
Aug 21 https://twitter.com/aetherlev/status/1429113700288397312
If I'm handed a dataset for which I know some amount of data is junk, the first thing I do is look for consistent, identifiable patterns.

I look for something I can pick out that will let me filter out the junk.
Claire Ryan
aetherlev
·
Aug 21 https://twitter.com/aetherlev/status/1429113701513121797
Way back when, I was tasked with nailing down a batch of possibly fraudulent conversions out of one platform which my company was running an online marketing campaign out of.

All I had were the IP logs, more or less
Claire Ryan
aetherlev
·
Aug 21 https://twitter.com/aetherlev/status/1429113702637129728
IP logs with thousands of real conversions mixed in with fake ones, mind you.

These guys thought they were being smart by shuffling their IPs. They were not smart enough about it though.
Claire Ryan
aetherlev
·
Aug 21 https://twitter.com/aetherlev/status/1429113703824191491
They ran the scripts for the fake conversions over a VPN. As soon as I found one of them, I wrote a parser that started to analyse the incoming IPs and identify any blocks that could be attributed to a VPN.
Claire Ryan
aetherlev
·
Aug 21 https://twitter.com/aetherlev/status/1429113705086681088
I could only do this because the VPN didn't shuffle IPs fast enough, and it reused IPs between conversions in a timeframe that would be impossible for a human.

It took a while, but eventually I filtered out about $20k worth of junk.
Claire Ryan
aetherlev
·
Aug 21 https://twitter.com/aetherlev/status/1429113706248478726
That was handed back to the platform along with a demand for a refund, btw, which they promptly gave us and then they groveled to keep our business.

Anyway - that is the level you have to beat, if there is someone competent in the back end.
Claire Ryan
aetherlev
·
Aug 21 https://twitter.com/aetherlev/status/1429113707666108416
Now, the Tulsa rally thing was a perfect example of data being inconsistent and unidentifiable.

Get enough people using random names, from a residential IP, making plausible reports, and you can't ID the real data in the noise.
Claire Ryan
aetherlev
·
Aug 21 https://twitter.com/aetherlev/status/1429113708794368005
Point being: you HAVE to make the junk look exactly like the real data, as far as is possible.

Use the name of Ted Cruz or whoever and they'll just filter out those records.
Claire Ryan
aetherlev
·
Aug 21 https://twitter.com/aetherlev/status/1429113710019112961
TBH they may also have the chops to filter out VPN traffic but I'd say have a go anyway in case they don't.

These idiots probably setup this site because they want to claim the bounty of $10k, holy fucking shit, for reporting women who have abortions.
Claire Ryan
aetherlev
·
Aug 21 https://twitter.com/aetherlev/status/1429113711076155398
But I'd guess there is some significant work involved in following up on these reports. What you need to do is waste enough of their time with junk reports until it's no longer viable to go after the bounties for the real ones.
Claire Ryan
aetherlev
·
Aug 21 https://twitter.com/aetherlev/status/1429113712242151429
And here's the thing: we've got tools to mitigate DDOS, to protect against hacking, all that tech jazz.

We cannot protect against bad data. We can't know the intent of the person at the computer.
Claire Ryan
aetherlev
·
Aug 21 https://twitter.com/aetherlev/status/1429113713437466631
This is the one weapon in the arsenal of the people that they cannot take away from you.

Go forth and use it wisely.

/thread

[otter]

Much appreciated. Thank you

"How to make the database admin want to murder you in your sleep"

[minoanmiss]

*cackles*

thank you for this!

[tielan]

I admit, I was thinking that it probably wasn't wise to put the name of someone well-known.

[lynnenne]

Christ on a crutch.

[bibliofile]

Alas, I haven't been able to get the form to load.

[jazzyjj]

Hmmm, very interesting. I'll definitely take a look when I have more time. I suppose this is just another example of how far some people will go to make their point.