CelebGate - The Fappening Is Happening
A few days ago, the internet exploded with the news that numerous celebrity iCloud accounts had been hacked, and hundreds of previously unseen celebrity nude pictures started flooding the tubes of the internet, clogging them with semen. Reddit went wild, coining the term "The Fappening" and opening up a subreddit just for the pictures. Celebrities lost their minds, and for the most part either claimed the pictures were fake, or threatened legal action upon those who would distribute them. And somewhere along the way, every single person in the world missed the point.
The reason everyone went crazy for the leaked pictures was that it let us see the intimates of celebrities we've never seen intimites for before. Specifically, Jennifer Lawrence, universally recognized as the most attractive woman on earth due to her personality, sense of humour, looks, and the fact that we've never seen her naked before. Because there's a great power in the lure of the unknown, and she's done a very good job of keeping us in the dark about her naughty bits, as have most of the other women whose pictures have been leaked.
Now, several of those pictures are out there. Turns out - are you ready for this? - naked celebrities look remarkably like naked non-celebrities. Jennifer Lawrence's naked body looks exactly like the naked body of anyone else with her measurements. But those particular naked pictures are her naked pictures, which immediately makes them ...better, for some reason? I mean, I've seen them, and they're nice, but ultimately those pictures aren't anything I haven't been able to see elsewhere on the internet for the last 20 years. There are only so many poses a naked person can be in, and once you've seen them all, well, you've seen them all. Face and boob size not withstanding, you're not going to get anything out of the newly leaked pictures that you haven't been able to get for years already.
Still, the focus of the media has been heavily directed to the fact that the release of these pictures is a huge breach of the female celebrities' privacy. The story is clearly about the fact that women aren't allowed to take pictures without men deciding they should control them. It's just another example of how women are still second-class citizens whose bodies are still the property of men. Women aren't allowed privacy, even in the iCloud, because there will always be men seeking to undermine it.
The response from the people commenting on those news articles is even more sickening: the unwashed masses are talking about how it's the celebrities' own fault for taking the pictures in the first place, because of course there are going to be people looking to acquire them. They ask "what kind of slut whore takes naked pictures of themselves and stores them where they can be hacked in the first place?" They argue that the women wouldn't have taken the pictures unless they wanted them to be seen, so it's their fault for taking them.
First of all, no. It's not their fault for taking the pictures. People take pictures of themselves. Now that everyone's walking around with a video camera in their pocket, cleverly disguised as a cell phone, capturing your own image is easier than it's ever been. But please, no more duck face - that shit is hideous. When your job requires you to shoot on location for 3 months, and your lover is on the other side of the world, you have to work to create intimacy. If you decide that the way to do that is to send pictures of your intimates, that's a perfectly rational thing to do. It's not their fault for wanting to share intimate pictures with their significant others. The fault lies with the hackers who broke into their accounts and stole the pictures from them. Because it is theft, and it is illegal.
As for why it was all pictures of women and none of men, that has nothing to do with "putting women in their place" or anything like that. It's all about supply and demand. Our society is one in which it's expected for women to cover their breasts, so naturally, pictures of uncovered breasts and naked women are sought after. In a world where celebrities get lots of attention, pictures of female celebrities are especially sought after. Men share pictures of themselves topless all the time - there's no mystique there, so there's no great desire. The demand is for female pics not because they're of women, but because they're things we haven't already seen from those people. It's all about the desire to see the unknown.
But here's what everyone has overlooked: the entire leak is irrelevant. It seriously doesn't matter. Pictures of naked celebrities surface online literally every day. The fact that this specific batch happens to belong to these specific celebrities is of absolutely no matter. This should not be a celebrity story, and it's truly unfortunate that all the media outlets everywhere are trying to make it into one. The important part of the story is that all of these pictures were apparently stolen from hacked iCloud accounts. They were stolen from the cloud. This is a tech story.
I have never trusted the cloud. If they're my files, I want to keep them somewhere I have complete control over them. Anything stored online can be accessed from anywhere, which is good for the owner of the data in that they aren't restricted to accessing things from a single device, but it's also bad in that it makes it significantly easier to steal that data. After all, if it's on my external hard drive which is turned off, that's a lot harder to hack into than a cloud account.
The fact of the matter is that some online services, Apple especially, are just plain bad at keeping things secure. Two years ago, Mat Honan had his entire life hacked because of poor online security from Amazon and Apple. That article I just linked is long, but if you care about your data and/or using the cloud, you should definitely take the time to read it. These aren't just email accounts and places to store cat pictures; the cloud is a tool some businesses use to store critical documents. Highly personal information - and in this case, naked pictures - require better security than what is currently being provided.
Getting into a cloud account requires a username and a password - that's it. Your cloud, where you might be putting your most sensitive files, is no more secure than your Digg account. And because you could conceivably forget your password, cloud access has the same "security question" setup as most other accounts do. Mother's maiden name, first pet, street you grew up on... you know, all those things that happen to be public knowledge if you're a celebrity. Best thing you can do there? Lie. Put the same ridiculous answer for everything. First pet name? Neil Armstrong's massive penis. Street you grew up on? Neil Armstrong's massive penis. Favourite movie? Neil Armstrong's massive penis. You'll remember it because it's ridiculous.
Still though, all anyone has to do is know that you like space wang and they can break in. But suppose they don't know that, and they have to attack your password directly. Until Monday - meaning two days ago - Apple's "Find My iPhone" tool allowed brute force password attacks. That's a tool that can be used to gain access to your cloud storage, by the way. The last four digits of your credit card, which lots of websites display indiscriminately? According to the Mat Honan article from 2 years ago, Apple accepts that as verification that you're the account holder - I don't know whether that's changed, but somehow I doubt it. This is the company you're trusting with your personal files.
Apple's official stance on the leak? The cloud wasn't hacked, and it's the users who are to blame for using insufficient security measures. Fuck you. Maybe, if you're in charge of millions of people's private files and documents, you should be forcing better security protocols, because most people simply aren't savvy enough to do it on their own. Don't make it an option, make it mandatory, because most of your users either don't know better, or can't be bothered to set it up.
Quick test for you reading along at home: when you turn on your computer, do you have to enter a password to use it, or are you automatically logged in? Guess which option is more secure. If you do have to enter a password, how difficult would it really be for someone to guess it correctly? Given the option between security and convenience, most people - the vast majority - will choose convenience, every single time. That's why people tend to use Facebook to log into everything they own if possible. Guess what: if you do that, then someone hacking into your Facebook profile has access to everything you own.
Your personal internet experience is only as secure as you make it. If you choose to take convenience over security, that's a risk you're taking. The problem is, most people don't realize it's a risk at all. They don't even think about it; they just want the easiest way to get to what they want. Anyone running a system like iCloud needs to take the initiative and enforce a minimum amount of security that still actually means things are fucking secure.
Thank you iCloud????— Kirsten Dunst (@kirstendunst) September 1, 2014
One of the websites I built for a client has a secret cookie that is only granted by visiting a single specific page that is only available by direct link. If you don't have that cookie, and you don't know the url of the page where you get it, then even if you hack into the site's admin account, you still won't be able to do anything with it. It took me ten minutes, and it might make that site the most secure one on the internet. You want a secure cloud experience? Implement something like that. Even with the right username/password combination, only verified devices are allowed to make use of it. That means a hacker would have to be in possession of your physical device in order to get into your cloud - and really, what other devices are you going to use for that anyway? The only person accessing your cloud should be you, so even if you're accessing it from a friend's computer, you're still present in order to validate the device. That's how you run cloud security. That's how you stop your users from being hacked.
That's something I haven't addressed yet: the hackers themselves. And according to a post on 4chan, there are several of them, which would support Apple's claim that it was individual accounts that were attacked, rather than the cloud infrastructure as a whole. Basically, those people are criminals. They hacked into people's phones and/or cloud accounts, stole material that doesn't belong to them, and eventually disseminated them online. Every part of that sentence is illegal. And in the case of McKayla Maroney, it's distribution of child pornography, because she was underage when the pictures of her were taken. So if you happened to download an archive of celebrity nudes that included her pictures, you may want to erase that directory and empty your recycle bin. The Feds take possession of child porn kind of seriously.
I want everyone reading this to understand one thing very clearly: I put 100% of the blame for the leak on the hackers. Yes, security on the cloud is laughably bad. Yes, it was a bad idea for the celebrities involved to put their nude selfies there. But like the leak itself, that's all completely irelevant in the grand scheme of things. Those pictures were still safely hidden away until the hackers broke the law in order to acquire them. It is the hackers who are at fault for those pictures being released, and nobody else. If you're going to lay blame at someone's feet, make sure you have the right people for it.