@Molly White
Not everyone has the technical ability or resources to determine if their data is present in the leak.
There's a difference between telling people what data is in the leak, versus actually putting it into a spreadsheet and publicizing it. If you want to help people, don't pour more gasoline on the fire.
It reminds me of when paparazzi found out that a celebrity was holidaying at a secluded retreat area. So they used telescopic camera lenses to take photos from a mile away, and then published the photos. Yeah, okay, it was technically "in public", but the courts rightly decided that it was still an invasion of privacy.
Likewise, it's one thing for data to be difficult to access, even if it's out there. But it's another to format it and publicize it.
As I said, vigilante computer programmers aren't suited to make these decisions. They should work with social scientists like Ronald Deibert to decide on those issues.
https://en.wikipedia.org/wiki/Ronald_Deibert
I suspect many people who were exposed in this hack appreciate the work being done by those like whoever made that spreadsheet.
How does that spreadsheet help!? It doesn't. We already know that Epik got hacked. Epik emailed everyone (and I'm sure many people Googled for more info) and forced password changes.
And the "haveibeenpwned" guy apparently emailed everyone too. And this has been reported in mainstream media. Escrow.com even looked at the data and emailed any customers too.
And no, I don't think people appreciate that your fellow "researchers" are wrongly telling people that most Epik customers are far-right, and then publicizing a list of all Epik customers.
But blaming researchers for reformatting or sharing their findings from widely-available data is frankly ridiculous.
No, the "researchers" do deserve a lot of blame, for spreading the wrong impression! They are talking about this like most Epik customers are basically neo-nazis.
That simply is not true. I already told you that in detail.
And it's not fully about journalists, the "researchers" are the ones who are giving the wrong impression, and most journalists have multiple deadlines per day and don't know much about these issues, so they end up parroting what the main tweeters are saying, and what Wikipedia says.
And if there are journalists who have written that, numerically, most Epik customers are far-right, then that should be criticized (and corrections submitted). But it seems bizarre to me to fault journalists who have described Epik as a popular choice among far-right groups and individuals, or as a company known to service the same when they have been deplatformed by others.
What they need to do is clarify that most Epik customers are just regular people, and the far-right ones are a tiny minority.
Writing that "Epik as a popular choice among far-right groups" is technically true, but like with the article I cited, it gives people the impression that most Epik customers are of that nature.
If criminals start using Louisville Slugger baseball bats as their top choice for crimes when using a bat, that's still a tiny fraction compared to people who use them for baseball.
In this case, the CEO foolishly tried to attract them, but it doesn't change the fact that most customers are just regular people, and signed-up when Epik was just another registrar.
As recently as two months ago they were
rubbing elbows with James O'Keefe, it seems. You're quite right that there are probably customers whose information is in the leak due to domains bought before 2018, and who may not have realized their previously fairly low-profile registrar might suddenly take a public turn to the right, but it seems to me that it is
Epik who is responsible for earning this reputation.
I had to Google who James O'Keefe even is, and I read the news more than most people. That exemplifies my point even more, because most Epik customers wouldn't know what Epik and some staff were doing. They simply renew their domains.
And regarding this:
"You're quite right that there are probably customers whose information is in the leak due to domains bought before 2018"
...that's showing part of the issue right there. Statements like "probably", or "yeah, some Epik customer aren't far-right" (by a main epikfail tweeter) are what's causing the problem.
Why are you weakening the statement by saying "probably". It's an inevitable fact, and I know it's true, because I checked a few past domain sales, and some of those customers are still at Epik. And they're just regular people who signed-up with Epik because I said it would be easy to do the domain sale there.
Also, checking dates, I see that Epik didn't become controversial until November 2018, so even customers in mid-2018 many signed-up thinking Epik was just another registrar (and most very likely don't even know who Rob is, or what Epik got involved with).
Nov 2018 wasn't that long ago, especially considering how long Epik has been around. A lot of people even renew domains for a few years at a time, and possibly haven't even logged in to Epik in the past 3+ years.
iirc, you control the Wikipedia page for Epik. It would help (especially since journalists probably look at Wikipedia for basic info) if you mention that Epik didn't become controversial until Nov 2018, and many customers signed-up before then. That's simply a fact, and deserves to be mentioned.
Here are the bottom lines:
1) "Researchers", journalists, and others need to realize that the vast majority of Epik's customers are just regular people.
2) There's no need to doxx thousands of innocent people by publicizing the customer list. Just because you have the technical ability to do something doesn't mean you should.
3) "Researchers" should partner with actual social scientists like Ronald Deibert (or others like him, who have actual training in this area) to properly assess what information should be publicized.
4) I just took at look at your Twitter page, and I see new tweets where you're citing a couple of crackpot posts, as if they're reflective of NamePros. That's intellectually dishonest of you. I argued my points in a civil and logical way, and instead you're focusing on low quality posts, and also knowingly giving the wrong impression to people on Twitter regarding the rationale for why they need to be more careful about information disclosure. Please do better.
