Digital Sidhe

 
Hello and welcome to my journal. If you're new here, you should be aware that nearly everything in this journal is locked so that it can be viewed only by people on my friends list. The stuff that's publicly available is almost entirely "my professional face"; it generally has to do with computer issues ranging from security alerts to writing about web development, coding, and anecdotes from my consulting work. (Those latter are all carefully anonymized.) In addition, you'll see the occasional daily minutiae, but all the interesting stuff is hidden.

If you're not on my friends list and wish to be, please email me and let me know: what your LJ username is (so I know who to add), and where I know you from (face-to-face meeting, that mailing list we were both on back in 1994, whatever). If I don't already know you, the chance that I will add you is very small. No offense is intended, but the private parts of this journal are private for a reason.

You've probably heard about/seen/read this already, but even if you have, let this be yet another reminder: it's time to give Livejournal the heave-ho, and get your data off of servers that aren't subject to 4th Amendment protections or the protections of a group like Dreamwidth, who have reiterated just yesterday that:

Dreamwidth is committed to openness and protecting the privacy of our users and their data. While we must of course follow United States law, we take a very strong position on the protection of your data. We'll do everything we can to be the best we can in this area. In other words, see the Electronic Frontier Foundation's Who Has Your Back? 2015 report. While Dreamwidth is too small to be evaluated by the EFF, [the CTO is] committing us to earning all 5 stars.

In the meantime, there are a few posts talking about what's going on:

• LJ: The servers are in Russia, political purge of accounts alleged
• LJ: Why now
• Metafilter: Livejournal represents social media without borders

Everyone is suggesting that you import your Livejournal to Dreamwidth, using DW's Import Tool. Here are instructions for importing your LJ to Dreamwidth; I've done it a few times, and it really is quite easy and simple. You can also import entire communities; I have no experience with that.

Speaking of having "done it a few times", you may be wondering: "What if I imported my journal a few years ago, but now I've been crossposting for years?" I've just confirmed that:

• If you imported your journal some years ago, and now you run an import again, the entries and comments that were already on Dreamwidth do not get duplicated or re-imported. Whew!
• If you've been cross-posting entries, and now an entry has comments both on DW and on LJ, it pulls LJ comments over to DW and then it seems to add the LJ threads after existing DW threads (it doesn't try to put all threads in proper chronological order).

It might be nice to delete all your entries so nobody can data-mine them, but then keep your account so you can still read and comment on other people's LJs. Sadly, the only way to delete all entries is manually, one-by-one, although a downloadable client could make that a little easier. Edit: Apparently this tool called ljsec works as a mass-delete tool. I haven't tested it yet, but will update again when I do try it out.

So, having just re-imported my LJ, I'll probably be deleting my account in another few days. Most folks seem to have already migrated over; my DW friends page is much more active right now than my LJ one.

If you haven't made the switch yet, now is the time.

I don't mean to keep harping on Livejournal's problems and brokenness, I really don't. But there are two entirely separate screwups happening over in LJ-land right now, and I wouldn't want any of my friends to get bit by either of them. Yes, I know: Two at once? That's a little excessive even for them, but... the evidence is pretty hard to deny.

First off, and honestly more important, is the way they're rewriting outbound links to redirect them through a third-party click-tracker of some sort. A few of the clearer write-ups on this are:

• http://vichan.livejournal.com/392527.html - notes ways in which this can mess with people's livelihoods and monetary transactions
• http://atara.livejournal.com/631445.html - points out that we have no way of knowing what information is being collected by outboundlink.net, but the fact that their web page is completely blank doesn't inspire confidence. Also notes that many links get redirected to the wrong place.
• http://caffeinepuppy.livejournal.com/214632.html - apparently a web developer, notes that the techniques being used here are ones "that would only be used by someone who wanted to hide the fact that they are manipulating outbound links." I haven't read the actual code, but from the little I've seen so far, that seems accurate.
• http://shatterstripes.livejournal.com/1065670.html - has a full list of the domains that are affected by this. The rewriter only tries to rewrite links in which the hostname ends with any of those domains — but that means that, since "ebay.com" is on the list, any links to Gluten-FreeBay.com or crittersbythebay.com get irrevocably mangled. Shatterstripes' journal has some ugly formatting, so you may wish to view it in your own style.

And of course, many people have noted that this is being applied, without warning or permission, even to paid users. That is, people who have paid LJ/SUP money to not have ads and similar things on their journals are nonetheless having their links surreptitiously redirected (and sometimes broken).

In the meantime, it looks like they also have a nasty-scary authentication bug that allows people to comment as you if you forward them an HTML-formatted comment notification. It's not super-obvious from the writeup at that linked page, but it looks like the steps to reproduce this are:

1. Go to your account's display settings page and set "Email Format" to HTML — this is the part that many people have not done, which has left them safe from this particular bug
2. When you receive an HTML-formatted comment notification email, forward it to someone with a different LJ account. (Of course, this person could be you, if you have more than one LJ account. That'd be the safe way to explore this bug...)
3. Have that person type into the "Reply to comment" window in the email.

Presto, the person will then reply as you, rather than as themselves! Yes, even if they're logged in under their own account, their reply will come from your account.

This implies that Livejournal's handling of user authentication is fundamentally flawed. And LJ has known about this for over a year. (And a short comment thread in the above-linked entry notes that Dreamwidth fixed this bug a while back. Yay, Dreamwidth!)

Just a few days ago, I let my Livejournal account lapse, because I could no longer support them after their poor handling of things like the Great Strikeout. And the Strikeout itself was caused by — hell, was the manifestation of — their poor handling of the demands of Warriors For Innocence.

And then Dreamwidth posted a news item of their own, saying that they had "come under attack by a group of trolls with ties to several hate speech organizations." The Dreamwidth update went on to state: "The chief methods being used at the moment are false accusations to our merchant processor and our upstream provider that we host child pornography."

Yesterday, they posted a further update, including this absolutely beautiful second paragraph:

First, PayPal, our merchant processor, has requested that we remove entries on our service that contain nothing but constitutionally and legally protected speech that is not against our Terms of Service. We will not be complying with PayPal's demand that we remove these legal entries posted by our users: our Guiding Principles say that we won't, and we're sticking by them.

As a result of this, they're ditching their association with PayPal and finding a new merchant processor. (They clarify that they "are in a good enough position that a week or two of payment system downtime while we switch merchant processors is just inconvenient, nothing more", and request that people who want to show their love with extra financial support send it to Haitian earthquake relief efforts instead.)

And this is the kind of thing that I want to see! Eight years from now, Dreamwidth may have changed to the point that I want to leave. But right now, I'm feeling very happy about my decision to adopt Dreamwidth as my journaling provider.

First of all, I'd like to apologize for the great length of this post. However, I think it's significant enough material that I don't feel like LJ-cutting it. I hope you'll read it all, and consider it deeply.

We're Leaving Livejournal. Soon.

It seems Livejournal and Six Apart are slowly self-destructing under the weight of their own incompetence and inconsistency. feyandstrange and I have decided that we will no longer be supporting Livejournal; we cannot, in good conscience, give them our money any longer. Nor will we support them by creating any new accounts (such as the ninja coder account I'd been planning on starting up, once I get the flaws worked out of the metaphor that it rests on).

My account is currently paid up until January 12th; Fey's is only paid until October 2nd. Once our current paid accounts revert to free accounts, we'll probably be using other services instead. To the extent possible, we'll try to make sure that either people can find our new blogs, or the posts from the new blogs are automatically sent back to LJ, or both. Fey is looking strongly at GreatestJournal; I'm likely to set up three different blogs: a "professional" (i.e., technical) one on my professional site; a separate blog on its own domain for the ninja coder; and maybe a third, personal, blog on GJ or some similar place.

Our Reasons for Leaving:

Over the past year or so, Livejournal has committed a number of basic blunders in relating to its own user base, and the frequency of these blunders is increasing. At the same time, they've now started doing things that make it very difficult to see them as "well-meaning but incompetent"; instead, they now appear to be actually duplicitous. Specifically:

The Strikeout

Presumably, you already know about the Great LJ Strikeout of 2007. 'Nuff said there, right? If you don't know about that issue, none of the rest of this will make much sense.

Removing Strikeouts

This one hasn't been particularly noticed: In the aftermath of The Strikeout, LJ made a change to the way it displays deactivated user accounts: they no longer appear with strikeout lines through them. Instead, they simply fail to have a little "head and shoulders" icon next to them.

To make this even more confusing, this new style takes effect in posts and comments, but not on userinfo pages. Since the lists of friends on one's userinfo page already lack icons, those names still get strikethroughs.

Huh? This seems like nothing so much as a rapidly-deployed and poorly-tested hack, the sole intent of which is (apparently) to make it harder to tell at a glance whose account has been deleted.

Later Suspensions of Users for Fan-Art

In August, Livejournal had another apparent panic attack, and deleted the journals of a user who had posted a drawing of Severus Snape giving Harry Potter a blow job, and another user who re-posted the same image. This touched off a new round of explanations in lj_biz (and also spawned the "How will you be suspended from LJ?" meme on Memegen). However, it didn't actually clarify things at all; some users took to writing open letters to LJ/SA, just to ask for clarifications about the various vaguenesses and inconsistencies in their policy statements.

Bad Attitude by LJ/SA Employees

Apparently Livejournal employee burr86 managed to really, seriously piss off a lot of people with a poor attempt at a joke in efw at about the same time. The post containing the attempted joke has since been deleted (and I'm not sure by whom). According to other rumors, there were two other LJ employees treating users cavalierly in the same thread — or maybe some other thread.

It's hard to be certain about any of this, partly because the thread's been deleted, and partly because LJ has been pretty bad about keeping anyone informed. (Not that we'd necessarily believe them anyway.) Which just leads into another problem...

Failure to Talk to Users; Inconsistency When They Do

This one works on two different levels: First, users whose accounts are deleted are apparently not contacted or given any warning first. They're given no opportunity to remove the offending material; instead, many of them find out that their account has been deleted when they attempt to login and can't.

Second, Livejournal and Six Apart also fail to communicate in any useful way with the rest of their users. After the first Strikeout, we had to wait five full days before we got any acknowledgement from LJ that anything had happened. In the weeks since then, we've gotten various muddled and incoherent "clarifications", none of which seem to clarify things enough.

"Enough" can even be defined pretty easily: things would be "clear enough" if the average LJ user had a reasonably firm idea of what they could post and what they couldn't. Yes, you could say that the users who got banned most recently were not quite "innocent", because they were testing the boundaries of what was and was not acceptable. But that's just the point: someone had to go and test those boundaries, because we can't figure it out from all the conflicting things LJ keeps saying. Even when they claim to be clarifying, they state that they will not change or update the Terms of Service to reflect the new policy, so now we know that the ToS isn't worth the electrons it's written on.

Indeed, it seems they're now actively claiming that they will be following policies that are in direct contradiction to statements in the Terms of Service.

"Child Pornography" Account Deletions

I've put "child pornography" in scare quotes because the image that started the fan-art suspension dust-up was a drawing of Severus Snape going down on Harry Potter. So, not only was it a drawing, it also depicted a pair of fictional characters. No actual people were harmed in the creation of this work.

Livejournal employees have repeatedly claimed that the work was child pornography, and that the law specifies that even drawings are included. The legalese they've quoted appears to be from the 1996 Child Pornography Prevention Act, which was very definitively struck down by the Supreme Court in Ashcroft v. Free Speech Coalition, 2002.

So LJ's legal reasoning is incredibly suspect, at best.

This doesn't mean that they aren't allowed to remove whatever they want. They're perfectly at liberty to decline to get into a nasty First Amendment lawsuit, and they're also at liberty to decide that, "Well, maybe we might get into such a suit, but not over a picture of Snape blowing Harry. I mean, come on, if we're going to spend that much effort, can't it be for something with literary or artistic merit, like Baz Luhrmann's Romeo + Juliet?"

But they aren't saying that. They're saying "this stuff is kiddie porn, we're legally obligated to remove it". They either don't understand the law even as well as I do (i.e., they're painfully ignorant), or they're just plain lying.

Lack of Deletions for Other Causes

While LJ/SA carry on about supposed "kiddie porn", a large number of users say they've made reports about harassing behavior, hate speech, incitement to violence, threats of violence, and other such problems. These reports have apparently gone completely unaddressed. (One commonly-mentioned addition to the list I just gave is "pro-ana communities", which are also allowed to flourish. I'm leaving them out, because it's not at all clear that those would involve any legal problems. Incitements to kill all homosexuals, however, are another story.)

Possible Reports to the Government

This one is open to interpretation, but: according to one thread in LJ's attempt at policy clarifications, "We report child pornography to the NCMEC, as required by law." Since LJ appears unable to tell the difference between fan art and actual child pornography, it seems reasonable to assume that users whose accounts were deleted for Harry Potter fan art may well have been reported to the authorities.

This is completely intolerable. Fey and I will not be a party to such behavior. Indeed, this is one of the reasons why I'm strongly considering removing my LJ account completely after giving people some time to get used to where my new blogs are.

Brad Fitzgerald Is Leaving

Now, it's not like bradfitz is a major reason for anyone to stick around. And it's really just coincidence that his stock options (aka "Golden Handcuffs") vested at just the right time to drop a cherry on top of the sundae that Six Apart has been scooping up lately. But, still... if Brad thought the place was worth staying at, he'd stay. The fact that he's leaving doesn't necessarily "speak volumes", but it does make a statement.

All that was as of a few weeks ago. While I've been writing, editing, and polishing this essay, new developments have suddenly taken place that simply add to the overall "sinking ship" feeling.

Much More Recent Developments:

Had you heard that they've canned Barak Berkowitz? Okay, maybe they'd never actually put it in quite those terms (and certainly not in a press release). But we've come to realize that we have to read between the lines in everything Livejournal and Six Apart say, so here are the most noticeable things:

• They recently posted in lj_biz to mention it. Not directly, of course; just a two-line blurb mentioning "some news about the leadership at Six Apart", and providing a couple of links to Mena Trott's blog and to the press release.
• As you can see if you followed the "posted in lj_biz" link above, the LJ staff turned off comments on that particular lj_biz entry. Or at least, it looks that way... but it turns out, they didn't initially post it with comments disabled: first it garnered a few (very snarky!) comments, and then LJ staff locked the post and deleted the comments. I do not have words to express the lameness involved in that. Thankfully, someone had the presence of mind to grab a screen capture...
• The LJ staff also didn't bother to mention Mr. Berkowitz' departure in news. In fact, they more recently posted another piece of news in lj_biz, namely the fact that they're adjusting their Omniture site-metric system to start observing roughly 5% of pages on the site, including people's (public only) journal entries, friends pages, comments, and so on. As far as I can see (as a somewhat privacy-conscious web geek), what they're doing really isn't heinous at all. But then, why not post openly about it in news?
• In fact, what they have posted in news lately is pretty much fluff, when there are real issues going on. Quite a few commenters on that post have pointed out exactly that.
• Some of them also tried to point out other things, but couldn't, because some of their comments were screened for unclear reasons.

Enough is enough. We were prepared for things to be a little rocky, for a little while, after the acquisition by Six Apart. And we waited, to see if things would get better.

They're not. They're getting worse.

And they've gotten bad enough that, for Fey and I, leaving is not simply a matter of convenience, or of "I suppose we could find better/cheaper service somewhere else". It's a matter of conscience. We cannot, in good conscience, support Six Apart's policies any longer. We certainly can't give them any more money, but even having an active Livejournal account boosts their usage numbers, and so gives them some measure of support. So don't assume that our journals will continue to be here for much longer.

So, Where Will We Be?

My guess is, some combination of GreatestJournal, InsaneJournal, and our own personal domain(s). I'm currently investigating blogging packages that I can host on Finrod.

We will keep you all posted on wherever we decide to go.