The Standard vigourously defends the use and privacy of pseudonyms, but questions arise over how they are used there from time to time.
There has just been another curious mix-up, starting here:
Colonial Viper quickly spotted and pointed out Daveo replying to himself.
So which Daveo was Te Reo Putake? That’s quite an odd explanation.
Also curious – I wonder how Te Reo Putake knows what Daveo’s email address is? I’ve never seen him named as a Standard moderator or administrator, although it’s been apparent he has been commenting on behalf of Labour leadership.
As explained, Te Reo Putake used to comment under the pseudonym ‘The Voice of Reason’ until a year ago. And occasionally since, these computers and IP addresses can get confused sometimes. Especially so when recently the same person was also commenting under ‘Anon’. See for example:
Anon: Comment:Open mike 24/01/2013
Date published: 1:59 pm, January 24th, 2013
Very confusing, this Voice of Reason/Te Reo Putake/Anon/Daveo character.
I happen to have seen evidence of another Standard regular accidentally posting under an alternate pseudonym due to sharing a computer or IP with someone else, or something.
The Standard has a privacy policy that includes:
Privacy
We do not disclose any information to third parties. This includes what you add to your profile that is not public on the blog. In particular your real name and e-mail. Similarly if you are not logged in and enter a comment, we do not disclose the e-mail you enter on your message.
E-mail addresses are only used by the sysop or moderators if they need to contact you. This will usually be because of your behavior or other peoples behavior to you on the blog. Sometimes it will be used if we’re really interested in something you wrote.
IP’s are only used when looking at moderation and banning. We will often look to see other pseudonyms have been used by the same person on this site. Very useful when dealing with repeat offenders.
Only some repeat offenders.
Some time last year a Standard moderator appeared to ban Te Reo Putake. That may not seem surprising because Te Reo Putaki frequently breaks the rules at The Standard. What was surprising was the flurry of confusion that followed, then it was said that the ban was a mistake. Someone even said that Te Reo Putake could never be banned.
Of course the pseudonym mix-ups may just be computer errors. As lprent keeps saying, The Standard is just a computer.
But some people make mistakes. It could be a mistake to always trust the use of pseudonyms at The Standard.
lprent
/ February 13, 2013It is the classic (and slowly diminishing) cached page in a badly configured web proxy problem.
Because we allow anyone to leave messages without logging in, the details of what pseudonym and email address are stored on a cookie held on the client machine. This is sent to the server when a request for a page is made and is filled in on the page by the server in the appropriate fields. It means that people commenting without logging in don’t have to spend their time plugging in the fields all of the time.
Now this works almost everywhere because we have the settings for all of our *dynamic* pages set to not cache (and all of the static images, css, js, etc to cache). But it has problems when it runs into a web proxy that doesn’t obey the caching instructions in the http and html headers.
What happens then is that if there are two or more people are commenting at the same time, then the dumbarse web proxy is quite likely to serve up the wrong cached page. In practice this has happened only in few workplaces that I know of in the last 5 years. In both places it is a known technical issue. One hasn’t shown up for a couple of years. The other is obviously still an issue.
I have investigated alternatives to using the server side insertion of the cookie info. Javascript proved to be far to problematic for security reasons, a pretty extreme level of variation between browsers, and that a good number of readers have it turned off. The auto-fill on many browsers is just too flaky to rely on.
Of course I could just turn off the insertion of the name and e-mail fields, or force everyone to login or shift everything over to running on https (with all of the problems that has for dialup readers).
But doing this for the slowly diminishing numbers of poorly configured proxies that don’t obey caching instructions, it is simply excessive. Instead whenever it causes problem, I tell the participants that they should whine like you do to their techs.
And incidentally, your site will have exactly the same problem in those same workspaces
Pete George
/ February 13, 2013Ok, so they must be the workplaces that TRP happens to be at. I haven’t noticed it with anyone else or on other blogs.
But on another occasion (@ The Standard) I’m aware it was from somewhere different – unless TRP shares that same workplace. Now that would be very curious.
And this also doesn’t explain how would TRP get to see the email address of another commenter. Your policy says:
“We do not disclose any information to third parties. This includes what you add to your profile that is not public on the blog. In particular your real name and e-mail.”
How many people have acesss to private information at The Standard? The way TRP acts and who he appears to act for at The Standard I would think some would have concerns.
And you criticised Red Alert for their use of private data.
lprent
/ February 13, 2013We haven’t disclosed to a third party. This is just how HTTP works. We sent the information provided by the user back down the same TCP/IP connection that the user connected to us with. The client sent a HTTP GET with the request and the cookies and we returned the response as a HTML page. Neither the request cookies nor the the page returned are held on any of our systems or on any system that we use as a proxy for static data (ie cloudflare).
However the web proxy gateway on the *client* side of the system acted as man-in-the-middle and took a copy of the page we sent. That was despite being told in the HTTP and HTML headers that it should not. That proxy server then provided that page to someone else at that organisation because they requested the same page. However that is something that is totally outside the control of our server. Note that we did not disclose the information. The moronic proxy server that TRP was connected to did.
There are ways of reducing the probability of this from happening to pages served from our server, but the only moderately reliable way would be to force everyone to use SSL (creating mangled URLs etc frequently fail when the proxy servers are badly configured).
But there are situations when even SSL is susceptible to proxy issues. But it will certainly slow down the site for all readers because the images will not be cached between sessions.
This has been an endemic problem for WWW ever since people started putting caches in. Perhaps you should start doing your witless whining about that problem.
Pete George
/ February 13, 2013You appear to be saying that there’s a risk when a user connects to The Standard that the username and email address of another user may come back from the cache and appear to them.
But something still doesn’t make sense. TRP said:
edit: just spotted the Daveo doppleganger comment. That was me. It appears that I’m using the same IP address as Daveo today. Not the first time that’s happened; my work takes me to a variety of workplaces and I log in to whatever broadband server is handiest. For what it’s worth, Daveo’s email address is a generic gmail account, so I don’t know who he or she is.
And then:
I’ll try to remember to check the ‘name and email’ boxes in future so it doesn’t happen again.
So TRP says he didn’t check the ‘name and email’ boxes and didn’t notice another person’s info – but then says he saw the email address. That doesn’t add up.
His ‘Daveo’ comment was at 10.01 am.
His “just spotted the Daveo” comment was after 11.01 am.
He either saw the email address when posting the comment at 10.01, in which case surely he would have known to correct it. Or he found out what the email address was later. Another fluke cache error?
And it has happened to TRP before. Is that when the ‘Anon’ username confusion came up?
And also username (The Voice of Reason) that hasn’t been used for a sometimes comes up. That sounds like a separate problem. TRP seems to cop all the problems.
Pete George
/ February 15, 2013I note that lprent was quick to rush in here with a longwinded technical defence, but has chosen not to address some simple issues that leave questions unanswered.
And Te Reo Putake, in the safety of The Standard where he knows I have no right of response, has been making some odd and unconvincing comments but also has not addressed how he claimed to have known what the email address of Daveo was.
Curious.
lprent
/ February 16, 2013Ah you do so hate these long technical explanations. Perhaps I should make them simpler so your rather lazy intellect can understand them?
My usual scans at TS consist of (your version is in italics. Don’t be lazy, you DO know them!! It is when the letters fall over. Yes just like when you forget how to walk.. moron..)
1. scan for log exceptions (is system screwing up?)
2. scan new posts (are authors screwing up?)
3. scan moderated comments for release (are the banned screwing up?)
4. scan comments for moderating (are the unbanned screwing up?)
5. check and clean out the spam (is the toilet screwing up?)
6. and finally write my own comments and replies (the fun part of blogging)
Since I’m usually doing this whilst working, I frequently don’t get through the whole sequence while a compile runs or I savour a coffee while thinking about how to fulfil the next impossible design problem (I work a lot)
I see your posts from the link backs when I periodically clean out the auto-spam folder in step 5. (self-styled political genius waffles and I see by magic) So that happened this morning and why I read your post (magic is why I am here)
If I leave comments then I will see your replies on the notification button bar. WordPress gives me a summary of all comments on TS and wordpress.com (magically seeing your replies)
Because I’m at the tail end of 32 month development project and in bug fix/final enhancement mode, I don’t have a lot of spare time (I work a lot). You repeated the same questions that I’d already answered in the first couple of paras so I ignored your reply (repeating yourself is boring!!).
Pete George
/ February 16, 2013You screwed something else up too – all that wasn’t necessary. You’ve missed answering one key question so in case you missed it I’ll repeat it here:
TRP says he didn’t check the ‘name and email’ boxes and didn’t notice another person’s info – but then says he saw the email address. That doesn’t add up.
His ‘Daveo’ comment was at 10.01 am.
His “just spotted the Daveo” comment was after 11.01 am.
He either saw the email address when posting the comment at 10.01, in which case surely he would have known to correct the user ID and email address. Or he found out what the email address was later. Another fluke cache error?
lprent
/ February 16, 2013Darn… I screwed up the italics in para 5. The big question is – who will explain that it is a simple error to Pete? By tomorrow he will have built a whole new conspiracy from it…
Pete George
/ February 16, 2013And while you’re at it, you didn’t respond to a previous question. Is the use of multiple pseudonyms by one person acceptable or unacceptable practice at The Standard.