No announcement yet.

When do you stop correcting people? AKA "Someone is wrong on the Internet"

  • Filter
  • Time
  • Show
Clear All
new posts

  • When do you stop correcting people? AKA "Someone is wrong on the Internet"

    I'll be using vulgar language in this post. Skip it if you don't like it.

    Jennifer Grannick wrote on twitter:

    Originally posted by URL1
    When someone is wrong on the Internet, when do you let them know, and when do you just let it be?
    When I was younger, I enjoyed educating people (aka, "tell people they were incorrect/wrong") and often made the mistake of trying to impose my opinion on others.
    Later, I saw it was better to spend more time in discussing what is correct instead of what was "right" so I spent less time on pushing opinions, and more time on logical arguments, and things that could be defended. I reserved the opinion-based discussion to those where I saw a friend looking to do something with risky consequences, but mostly to inform them of the risks, not force them to do what I wanted.

    Now, unsolicited information about potential risks are seen as many things such as, "imposed will of the patriarchy and privileged white American," so I become even less interested in informing people of risks or consequences. (Let them fail. Reserve advice to those open enough to consider it without judgement.)

    Why does this happen? Is it because I (like others) are getting old and less tolerant of assumptions of ulterior motive? Have these attacks on advice always been present, but I never noticed? If I care about fewer things now than when I was younger, will I ever stop caring about everything, or is it a diminishing return on caring with respect to time, or something else?

    Occam's razor would suggest that it is me that has changed, not the rest of the world.

    What is your experience? How do you decide when to warn, or correct people when you see mistakes or problems in their future? Do you provide advice to strangers as much as people you care about? Has this changed with time? In what way? How does this impact your work with security and disclosure?

    When you were younger, were you more idealistic with a desire to give free advice when you saw security issues? Did you later decide it was not worth the effort unless you earned a bug bounty? Have you felt pushed more and more to the point where you consider, "If these companies don't give a fuck about their users, why should I? If I can sell an exploit, the company and users derserve what they get. Fuck if I care. Screw 'em all!"?

    When is it worth your time to offer advice or correct mistakes you find on the Internet in any realm, including computer/network security? How has that changed with time? What do you predict will happen in the future when you consider what requirements exist before you decide to try to help others?
    Last edited by TheCotMan; April 16, 2015, 22:06.

  • #2
    Correct kids, students, the eager-to-learn, and those who represent you in any form.

    Don't correct the 42-year old Taco Bell employee. It's too late for him.


    • #3
      There was a bug with a website hosting company Enjin that I found when typing long replies to forum posts. I found out that they did not have a character limit and Enjin stored a cookie of what you've typed as a draft regardless if you submitted the "reply" or not. The result was that if you used more than 2048 characters you overflowed the server's buffer for the acceptable cookie value byte limit which was 4096 Bytes. Once you overflowed that cookie value any request you sent to any of the Enjin server's would be instantly rejected and you no longer had site access. The fix was to clear you temporary internet files, cookies, and restart your web browser.

      I know this is not a huge amazingly awesome bug that makes me want praise but this was my first bug that I came across by accident and I'm sharing this for the sake of the discussion. I submitted the bug report on Enjin's official forum in the correct section but never did I receive a reply or recognition that they even noticed me. Two weeks later I noticed that thread replies were automatically truncated after around 2500 characters and Enjin no longer saved your current post automatically as a draft. There still are issues with their fix that they implemented, for example if you type a long response you do not have a character counter for reference, there is no warning for the end-user if you reach the character limit before submitting the reply, and there was no mention from the official staff at Enjin that there was a fix for this issue that they had for, presumably, year's since I mentioned anything.

      So here we do not have end-user support covering issues regarding small UX issues, we have a company who picks and chooses the users to recognize (as I have not posted a lot of posts so apparently I am not important), and a company who provides recognition based on the former to popularity within their online forum. I still believe that it is right for us to continue to set the example by sharing what we find. This does not mean that we have to share this information with the right people but hopefully at least we would try to reach the right people before exploring other avenue's of resolution, but the key here is that we need to reach a resolution.

      I have reached a couple points in my life, as a young lad, where I have experienced the "FUCK IF I CARE" syndrome. Most of the time these only happen when I am under an extreme amount of pressure but I digress. One such incident was when my parents kicked me out and I took up residency in a hotel. This hotel had free WiFi but, as many free WiFi hot-spots, the bandwidth was extremely limited to a single user because of the simple fact that the having one 1.5Mbs connection for a hotel with ~150-200 people doesn't work. Regardless of the crappy connection that I did have I was pleased to be able to still connect with the outside world on the Dell Latitude D600 laptop that I had picked up at DefCon 21 seven months before. The point of "FUCK IF I CARE" syndrome came when one morning the connection was a lot slower than usual. I really do hate it when some jerk off is using all of the bandwidth for a service that is supposed to be shared among supposedly equals. Unfortunately the area in which I live in does not seem to share this ideal and I was stuck with not being able to chat with my friend's with TeamSpeak. So I just decided to execute a simple man-in-the-middle attack pointing everyone to a 404 page. At this point I was contemplating on purchasing a new laptop so instead of waiting around until I had to work later in the day I walked to Wal-Mart and purchased the laptop while the MITM attack continued. When I returned to my hotel room from work I had noticed that I had zero requests coming to my server, so I shut off the MITM and logged onto TeamSpeak. This was one of the few time's when I lost my shit and did not care about ethics but sadly now that I continue to see where companies stand on user support I am beginning to believe that rather than continually give people a chance we should just give them a handful before we move onto a different approach.

      I do believe that people who want a relationship with either a user-base or just with another friend will try to change their behavior if you inform them on their wrong doing. I agree that dedicating more time and giving those individuals more chances is worth it, but it does take time to build those relationships. So I guess what I am getting at is simply that we should spend more time with the people who spend time wanting to learn rather than people, including companies, who either just expect results to show up or want help without putting in the effort to warrant that help.
      Last edited by xgh0st; August 5, 2015, 10:53. Reason: where to what
      A ghost amoung the wind