Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?
This is your opportunity to ask questions. No question too simple or too silly.
Culture war topics are accepted, and proposals for a better intro post are appreciated.
Jump in the discussion.
No email address required.
Notes -
I've been meaning to write an article on this, but personally, I think the campaign to take it down has been a huge ethical disaster, besides just being a disaster in the practical sense of, you know, actually getting the site taken down. (I know it might be ironic to say that considering they're down at this very moment due to being dropped by Zayo, but I'm sure they'll come back up soon, like they always do, in no small part thanks to one insane stubborn person named Joshua Moon.)
For the sake of argument, we will ignore things like the questionable ethical character of many of the figures who lead (or led) the movement, documentation of which is on the very website they want to take down so much (which covers things like their child grooming or distributing HRT to minors behind their parents' backs); the dangerous precedent that it sets to have critical infrastructure companies simply turn off service if a harassment mob complains to them loudly enough; we'll even ignore the fact that many of the things people claim about the website are simply flat-out untrue and complete lies (such as the claim that it drove 3 transgender women to suicide--they don't even get right that one of them didn't identify as a woman and one of them wasn't transgender in the slightest!).
That is, even if Kiwi Farms is so reprehensible and beyond redemption that it deserves to be deplatformed immediately without any sort of due process, almost all action taken against it has been deeply unethical. I've already explained in my AAQC how the DDoSes against it has almost certainly inflicted harm on untold numbers of innocent bystanders. (After I posted that I also looked into ethical DDoSing such as the Low Orbit Ion Cannon and, well, I find it hard to believe that the DDoSes against KF were of the sort that didn't come with externalities.) But since then something else has came to light, namely that the hack that brought it down for a week most likely used a zero-day.
In mid-September, the forum was compromised by an unknown attacker, with user data attempting to be breached before the forum was deleted and brought offline. While it's unclear if user data was ever exfiltrated (and to this day no credible claims made by anyone to have user data have ever been confirmed), what has been made clear is that the attack used a vulnerability in XenForo relating to being able to inject arbitrary scripts into the page. I'm not too sure on the details but according to Null, the attacker uploaded an Opus file which was then loaded as an inline web document able to execute its own scripts.
So what's the issue, isn't this all still ethical? Well, on October 11th, Null announced in the Telegram that XenForo released a security patch that was already applied to the site. He's most likely referring to this security release, which fixes an issue that relates content injection. This heavily implies that the exploit used to hack the site was a zero-day, i.e. an exploit that the vendor (in this case, XenForo) didn't know about before it was used in the wild. As you can imagine, zero-days are quite powerful, to the point that knowledge of zero-days is actively bought and sold by either perfectly legal private companies (malware brokers such as Zerodium) or plain and simple black market criminal organizations. This YouTube video covers the subject pretty well.
Either way, hiding away knowledge of vulnerabilities is keeping them from being patched, which is not good for the security of the public at large, to say the least. The implication that the KF hacker funded a malware broker to exploit a XenForo zero-day hence carries negative ethical implications on their part.
In this light, the only good actions done were when private companies turned off their service, but again, even that is only okay if you're willing to accept the dangerous precedent it sets that companies will deny service if harassment mobs complain loudly enough.
More options
Context Copy link