One of the most contested features of the Predator Alert Tools is that the report forms are unmoderated. This means anyone can add any information they want to the databases without oversight. If you’re used to using Internet tools that are tightly controlled by corporations (and you are), Predator Alert Tool’s lack of admin oversight may intuitively make them feel incomplete. But the unmoderated nature of Predator Alert Tool databases is intentional, and definitely a feature, not a bug.

Letting the PAT databases get spammed is a feature? Yes. It’s not hard to understand why. You have to remember that the whole point of Predator Alert Tool is to support survivors of sexual violence. One of the best ways to support survivors and others who might be vulnerable is to identify people who are unsupportive of tools that help users report rape. It doesn’t take a rocket scientist to deduce that if someone is trying to destroy a tool that supports rape survivors, that person probably doesn’t prioritize supporting rape survivors very much.

People who try to break tools designed to support rape survivors are extremely likely not to support those who have had their consent violated. And it just so happens that identifying people who are likely to be unsupportive of those who have had their consent violated is what Predator Alert Tool is designed to do. Letting people attack PAT and then identifying who launched those attacks turns out to be an exceptionally reliable indicator—undeniable, even—that those attackers should be included in the database itself.

If someone violates your consent, you can report it. Likewise, if someone writes hateful reports about you (like “this person is a whiny drama queen”), and you can guess who did it, report that too. If you see spam reports (like “violated my consent by being hot as hell”) in the database and you think you know who’s doing it, report that too. The more someone tries to misuse Predator Alert Tool, the more information about their misuse is available. In other words, Predator Alert Tool is antifragile; damage and chaos don’t break the system, they help it grow.

Since the Internet is fundamentally a record-keeping archive, the “attack spam” itself is conclusive evidence of an attack. When the source can be identified, the people behind the attack have effectively provided us with all the documentation we need to prove that, at a minimum, those people cannot be relied on to support others struggling with a consent violation. Identifying the source of attacks against Predator Alert Tool is relatively easy, as I will demonstrate below. And people who attack Predator Alert Tool effectively self-incriminate by providing extremely compelling evidence that they belong in Predator Alert Tool databases, themselves.

Predator Alert Tool has already been the target of several useful spam attacks. I wrote up a detailed analysis of one instance in a prior post titled “Tracking rape culture’s social license to operate online.” If you haven’t yet read it, I suggest that you do. It provides a step-by-step case study of how Predator Alert Tool can be used to smoke out people who are generally unsupportive of rape survivors’ needs, above and beyond its more straightforward use of warning others in your community about potentially dangerous people.

Predator Alert Tool has a cultural purpose beyond simple communication. It is designed to facilitate conversations between and among rape survivors, exposing rapists and rape apologists in the process. And, empirically speaking, Predator Alert Tool has been extremely good at that.

The remainder of this post provides details on this week’s denial-of-service attack against Predator Alert Tool for FetLife, a profile of the attackers in question, some information about mitigation strategies, and asks for input from you, the survivor support community, about how to best respond to such attacks in the future.

What a denial-of-service attack against Predator Alert Tool for FetLife looks like

Starting on July 16th, at 3:51 PM Pacific time and continuing until the following day at 11:57 PM, Predator Alert Tool for FetLife was subjected to a sustained denial-of-service attack that filled the database with large blobs of spam data. The attack ultimately prevented people from adding new reports of consent violations they experienced at the hands of FetLife users. Since PAT-FetLife regularly receives legitimate non-spam submissions on a daily-to-weekly basis, this means it is likely that multiple people who were brave enough to come forward with their stories of sexual violence were prevented from sharing them by FetLife’s cadre of rape apologists.

Instead, their attempts to post new information resulted in an error that looked like this:

When a Google Form is subjected to a denial-of-service attack that fills it with large blobs of spam data, the form can no longer be successfully submitted, as shown in this "Oops, something went wrong" error screenshot.

When a Google Form is subjected to a denial-of-service attack that fills it with large blobs of spam data, the form can no longer be successfully submitted, as shown in this “Oops, something went wrong” error screenshot.

Currently, PAT-FetLife uses an “old style” Google Spreadsheet as its datastore. There are limits imposed by Google on the size of such spreadsheets, and by filling the spreadsheet with huge amounts of meaningless data, the attackers were able to forcibly prevent any other users from adding information to it. (These limits have been lifted in the “new” version of Google Spreadsheets, which Google says it will automatically migrate PAT-FetLife to sometime before the start of the year 2015. When this happens, attacks of this nature should be much more difficult to accomplish.)1

Due to the way that the Predator Alert Tool for FetLife browser tool works, most if not all of this spam was never even visible to end users. This is because the client will display an entry in the database only if the person to whom that entry is linked has interacted with the page that the user is currently viewing. Therefore, the attack only prevented people from adding information to the database. It did not disrupt anyone already using the tool, nor did it block any information already provided in the tool from being viewed.

Earlier today, I was assisted in identifying the attackers as a group of FetLife users who were boasting about breaking the tool on their FetLife pages (more on that in just a bit). After doing so, I published an archive of the database’s spammed and inoperative state so that you can take a look at it in its entirety. I then restored the database from a prior revision, which also returned its functionality.

Update (July 20th, 2014, 1 PM Pacific): On July 20th, 2014 at 3:53 AM Pacific time, a renewed attack of the exact same type described above resumed. Once again, CarolyneTiler, whose legal name is Caroline Tyler and who currently works for EMIS, a medical software company, as an “IT Systems Support Consultant” in the United Kingdom according to her LinkedIn profile (public version), admitted to doing this on FetLife:

Screenshot of CarolyneTiler's comments in a FetLife status thread reading: "I have done NOTHING more than use the public access available to all. I consider that this so called reporting tool is mainly used to harass and abuse other members of this site by those too cowardly to publicly state their issues."

Screenshot of CarolyneTiler’s comments in a FetLife status thread reading: “I have done NOTHING more than use the public access available to all. I consider that this so called reporting tool is mainly used to harass and abuse other members of this site by those too cowardly to publicly state their issues.”

As of this writing, I’ve temporarily disabled the Predator Alert Tool for FetLife’s Google form submission (here’s an archive of that state) while I compose complaint letters to Caroline’s employer and Internet Service Provider. I am also looking for pro-bono legal representation from attorneys who have a record supporting sexual assault survivor’s rights. Please contact me directly if you know or can refer me to any such legal professionals.

I’ll re-enable the PAT-FetLife reporting mechanism after I’ve finished getting in touch with Caroline Tyler’s employer, etc., and I’ll post another update once I’ve done that. If I can get in touch with a lawyer, I’ll also do my best to contact England’s law enforcement agencies that oversee Internet crimes, so ideally this lawyer would also be at least familiar with “hacking” cases.

Thank you.

Just a brief update to show Caroline’s admission of guilt:

A screenshot from FetLife showing Caroline Tyler's update: "Seems that MayMay is getting a bit ruffled about me filling his silly database with rubbish. shame!!!"

A screenshot from FetLife showing Caroline Tyler’s update: “Seems that MayMay is getting a bit ruffled about me filling his silly database with rubbish. shame!!!”

I will also note that I use gender neutral pronouns.

I’ve posted another update as a new blog post.

Profile of a FetLife rape apologist and Predator Alert Tool attacker

It’s illustrative to know more about who attacked Predator Alert Tool for FetLife.

As soon as the spam/DOS attack began, I suspected someone who was already listed in the PAT-FetLife database. So the simplest thing to do would have been to look at the recent activity of the users already reported. Sure enough, yet again, that’s all it took to find people bragging about having broken the tool:

A screenshot showing that a FetLife user named CarolynesRose (user ID 2940118) posted a status update about PAT-FetLife (formerly known as FAADE) being broken.

A screenshot showing that a FetLife user named CarolynesRose (user ID 2940118) posted a status update about PAT-FetLife (formerly known as FAADE) being broken.

This user’s FetLife user ID is 2940118. That’s one of the FetLife users reported (numerous times) in the PAT-FetLife database. The first report about this person was filed on December 3rd, 2013, and the most recent one was July 15, 2014, the day before the spam attack happened. This user account is literally the second from the last report before the spam attack began; hatred for PAT-FetLife from kinkshit rape apologists is almost as reliable as clockwork.

This particular user is actually someone who’s interacted with me before, on Facebook. On April 16th, 2014, a Facebook user using the name Anna Dawn Brecht, born June 11, 1980 (and who listed her phone number as +44 7983 971104) messaged me:

Hello

I believe you are behind the FADDE application. I am nicely asking that you go to it and either remove the entry under MarmiteGirl…or at the very least remove my REAL name from it. A person in our area has beein using your data base not to report genuine threats..but to vent at people they have an issue with. Either way I am sure you do not want peoples real names being used on your database.

Anna

As you can imagine, I’ve gotten requests like these on occasion, and if I respond at all the answer is always the same. My response to Anna Brecht was similar to all others:

I have no problem with people’s legal names being used. I’m sorry that you have to deal with a person in your area abusing the system. If you do not already know who that person is, you may want to read the following articles that describe why I do not moderate nor will I ever edit, modify, or delete information that is posted to it: http://maybemaimed.com/2012/12/21/tracking-rape-cultures-social-license-to-operate-online/ and http://days.maybemaimed.com/post/62691251191/many-people-with-concerns-about-the-predator-alert Please do not contact me with this request again. If you do, I will block you. Take care.

After that, Anna Brecht blocked me on Facebook and I thought no more of it until I saw the following entry posted to PAT-FetLife on May 22nd, 2014:

This is the person behind the FADDE application.This claims to be there to protect people against abuse and non consensual activity..and name and shame people. The fact is this individual created this as hates the BDSM community and all we stand for. When nicely asked to remove names and leave comments his reply was

“I have no problem with people’s legal names being used. I’m sorry that you have to deal with a person in your area abusing the system. If you do not already know who that person is, you may want to read the following articles that describe why I do not moderate nor will I ever edit, modify, or delete information that is posted to it:Please do not contact me with this request again. If you do, I will block you. Take care.

Lets see how he feels having his personal name and details on his FADDE database. As he is the Abuser and the BDSM community is becoming the victim.People are using this site to vent grudges and make malicious statements with no accountability.Yes some arseholes may get mentioned but on the whole good people are having their real names and business posted on here and labelled abusers over personality clashes etc. Lets see if he sticks by his rule of not censoring posts when he is names a long with his facebook link.

https://www.facebook.com/profile.php?id=633290004

I think I might have literally laughed out loud but, again, thought no more of it. I am not exactly embarrassed about my position: I prioritize the ability of rape survivors to communicate over protecting people from having their reputations harmed by that communication. Period.

Anyway, it was a simple matter of following links from CarolyneRose’s (aka “MarmiteGirl”) profile to find the following gem posted by CarolyneTiler, CarolyneRose’s “Dominant,” according to their FetLife profiles:

A screenshot showing a FetLife user called CarolynesTiler boasting about being the person who "broke" the Predator Alert Tool for FetLife (formerly known as FAADE) consent violation reporting system.

A screenshot showing a FetLife user called CarolynesTiler boasting about being the person who “broke” the Predator Alert Tool for FetLife (formerly known as FAADE) consent violation reporting system.

As you can see, a user with FetLife ID number 13350 going by CarolyneTiler, boasts, Oh dear, I appear to have broken fadde a bit and then later, Well, it’s not dead but at least you can’t add any more :)

Chalk another one up for “Dear rape apologists, please try harder, it is far too easy for me to find you.”

What I find so telling about this example is that what appears at first to be a somewhat understandable request to be removed from the PAT database has obviously turned into a desire to shut the system down for everyone, regardless of its benefits for others. Anna Brecht and her cohort prioritize their reputations and, as the Streisand effect shows yet again, their attempts to remove information they don’t want publicized results in the publicizing of that very same information.

Only in this case, because of the cultural nature of Predator Alert Tool, it also tells a compelling story about how much (or little) they prioritize supporting people who experience sexual violence.

There’s plenty more dirt on these kinkshit rape apologists in FetLife, all easily exportable and then searchable. Here’s a thread on FetLife called “lowest form of scum” in which CarolyneRose and several others complain about being included in the Predator Alert Tool for FetLife database. There’s your usual flailing about “outing” kinksters (which is not even a thing) and the classic dose of grandiose language that you’d expect from BDSM’ers. It’s amusing to read, if you’re into that sort of thing.

A few simple reverse image searches also turned up a trove of identifying details outside of FetLife. For instance, on Twitter, CarolyneTiler goes by @CarolineT1961. Could the “1961″ be a birthyear? According to CarolyneTiler’s FetLife profile she is 52 years old, so it does indeed appear to be so:

A screenshot of CarolyneTyler's Fetlife profile showing the ease  of correlating information provided, in this case an age, to other social media accounts.

A screenshot of CarolyneTyler’s Fetlife profile showing the ease of correlating information provided, in this case an age, to other social media accounts.

Caroline Tiler’s Google Plus avatar is also a picture she shared on FetLife. From that profile, we also learn that Anna Brecht has a Google Plus account, and that Caroline Tyler attended Elmhurst Primary School in Newham, followed by the Stratford School (also in Newham), and finally the Redbridge Technical College in Essex.

If she wished her employment history to remain more private, then she should probably not also have made the same mistake of sharing her LinkedIn profile photo on FetLife, too. (Here’s the photo link directly, so you can view it without logging in to FetLife.) I wrote up a bunch of privacy tips for FetLife users some time ago, consider reading them if you’re concerned about the ease with which information about you on the Internet can be correlated by someone with access to a search engine (like, y’know, everyone on the Internet).

CarolyneTiler, or, more accurately, Caroline Tiler, was also active on message boards, including GingerBeer.co.uk as well as contributing a post to TransgenderZone.com:

A screeshot from TransgenderZone.com showing Caroline Tyler's post. Her profile avatar is the same as a picture she shared on FetLife, the BDSM dating website.

While it may not always be obvious by listening to what they say, these people—like most BDSM’ers—don’t really care about consent. And by watching what they do, which we can now all do in an unprecedented way thanks to the Internet, it becomes very obvious that the BDSM community, dramatically more than other communities, hosts the absolute worst of the worst when it comes to people who will actually prioritize consent—that is, they don’t.

Even the attacker herself, CarolyneRose says on FetLife:

In my view it was a good idea ruined by poor implementation and no moderation. It is used as a tool of abuse now sadly.

Caroline Tyler chose to use her information technology education to launch a denial-of-service attack against a tool that gives voice to rape survivors on a website that actively censors and silences them. She didn’t choose to contribute to it, or to copy it and make her own better version or “forking” in the lingo of open source programmers—the Predator Alert Tool for FetLife is an open source project, as are all the other implementations. I rest my case.

This is not a surprise to anyone who understands that, despite all their bluster, the kink/BDSM community isn’t trying to end rape culture. They’re trying to eroticize it.

What to do about attackers

The obvious thing to do in a case like this is to document what happened and then write reports about the people responsible linking to said documentation in the very tools they attacked. I’ve already done that for CarolyneTiler and everyone who metaphorically high-fived her effort. You can view the reports in PAT-FetLife just as you would any other report. And I’ve taken the additional step of writing a statement in Predator Alert Tool for Facebook about Anna Brecht, as well, linking to this post, since she was kind enough to give me her Facebook account, too.

Of course, feel free to follow any of the links in this post to the attackers’ conversations and chime in, yourself. In fact, I’d strongly encourage that. Remind these attackers that trying to take down what is still the only warning tool for rape survivors on FetLife is a shitty way for supposed advocates of a “Safe, Sane, and Consensual” so-called “lifestyle” to behave.

Beyond this individual case, it seems obvious that, in the future, it should be possible for people who use Predator Alert Tool for Facebook to view reports filed in Predator Alert Tool for FetLife and vice versa. Predator Alert Tools already span the majority of mainstream social networks; it should be feasible to link them all up across social networks. This might sound scary, but it’s something that your government (the NSA, GCHQ, and the rest of the spooks) already do. Only they’re not using that capability for exposing rape culture and its apologists, because the military-intelligence-industrial complex’s entire operational motive is rooted in rape culture, obviously.

But there are other, not so obvious enhancements that could be made to the Predator Alert Tool suite. I have been very vocal in soliciting ideas and support for these tools ever since their inception. Since then, some folks have contributed publicly, and a slew more in private.

What the tools need more than anything else right now is more people who are willing to speak up publicly—pseudonymously or not—in support of them, and against people like Anna Brecht who would attack them. Predator Alert Tool is a code hacking project, yes, but it’s also a culture hacking project. Even if you don’t code, using Predator Alert Tool to change the conversation about rape in our culture is something everyone—namely you—can do.

  1. Not impossible, just harder. There are other methods of mitigation that the new Google Spreadsheets backend supports that will raise the bar, too. []
Donate Bitcoin

flattr this!