💾 Archived View for gemini.ctrl-c.club › ~ssb22 › stolen.gmi captured on 2023-01-29 at 03:22:46. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2022-07-16)
-=-=-=-=-=-=-
我不是新浪微博的silascambridge: 虚拟身份的盗窃
In 2003 I befriended a visiting scholar from Tsinghua University who researches Internet media and social culture, digital preservation and dissemination, and interactive media design. I was writing up my thesis on Conversion of Notations and had only recently started developing language-practice software so we had much to discuss about “E-Learning”; I also helped codify Nu Shu music her team was working to preserve and she introduced me to pen-sized digital voice recorders.
2003年,我跟一个来自清华大学的访问学者做朋友,她的研究方向是网络媒介与社会文化、数字博物馆及传播、互动媒体策划与设计。我那时在写我的《符号的转变》论文,并开发语言练习软件所以我们有不少“线上学习”谈论。我也帮她的研究组编集他们正在保存的女书歌曲,而她介绍我认识录音笔。
In 2007 I befriended another Beijing visiting scholar researching English literature including Thomas Hardy. It was thanks to her encouragement that I went public with my translation of Xu Zhimo’s poem. (Both scholars visited my parents and thereby saw Hardy country.)
2007年,我跟另一个来自访问学者做朋友,她研究英语文学,包括多塞特诗人托马斯·哈代。我的《再别康桥》英文翻译是由于她鼓励我而公开出版的。(这两位访问学者都拜访了我的父母,看见那边的哈代农村。)
In 2010 the Internet media and social culture professor started what could be called a quirky experiment: give *me* a Chinese social media account. The literature professor was highly supportive, persuaded hundreds of people to “follow” me and mentored my attempts to interact with them in Chinese. I’m not a born “blogger” and wasn’t sure what I was *doing* with a Weibo account, but as it was my two friends/mentors, I didn’t mind writing a little to see what happens.
2010年,研究网络媒介与社会文化的那个教授开始实行一个可以被描述为“离奇的试验”,亦即,给*我*一个中国社交网站帐户。文学教授支援很多。她说服几百人“跟随”我,然后小心照顾我试试用汉语与他们互动。我不是生来就要写博客的,也不把握微博的好处,但由于我的两位良师益友,我不介意试试写一点,看看结果。
The professor had associated my Weibo account with an email address hosted at Chinese provider 163.com. My Chinese level wasn’t good enough to tackle Sina Weibo’s “Terms and Conditions” pages, so I guessed they probably required a Chinese-provider email address for signups. Furthermore, the (19-byte) email address she specified started with the letters “liren”, a Chinese homonym of “beautiful woman” or “altruist”, so I imagined it was one of her *own* email accounts—silly me didn’t think to check if she meant to give me the email account as well as the Weibo account.
教授打开我的微博帐户时,她也给我一个163.com的电子邮件。由于我的汉语水平不太好,我不敢试试了解使用新浪微博的条款及条件,所以我猜了他们可能要求中国的电子邮件地址才能让人进去。而且,她所提供的19字母电邮地址的头几句字母是liren,我想象是‘丽人’或‘利人’所以应该是她的种种电邮帐户之一。愚蠢的我没想到问问她,除了把微博帐户转给我之外,是不是也打算转给我那个电邮帐户。
So I had the Weibo password (which I promptly changed to an unguessable string of random characters worthy of a *computer scientist*), but I didn’t have the password for the “liren” email account, which was effectively a “back door” into the Weibo account because anyone with access to “my” email could ask Weibo for a password reset. That was OK while the “liren” email was controlled by the professor, but in 2015 she couldn’t get in anymore.
所以我那时有了微博密码(我快快改变为一个很难猜测、配得上电脑科学家的随机密码)但我没有那个liren电邮的密码。电邮帐户好像微博的‘后门’,因为控制“我”电邮帐户的人能求微博修改密码。要是那个电邮真的被教授控制,那没问题。但她2015年无法进去那个电邮。
I don’t know exactly how control of that 163.com email was lost. Perhaps it had a weak password, or perhaps it expired through lack of use and somebody else chose the same address. When my Weibo password stopped working and the professor couldn’t reset it, she told me not to worry because Sina Weibo is now losing relevance (Weixin/WeChat seemed to replace it for many).
我不知道那个163.com电邮是怎样被失去的。可能密码太软弱,或者由于帐户没被使用而到期和其他人选择同样的地址。我微博密码停止运转时,教授无法改变,但劝我放心因为新浪微博失去了流行。
But somebody got in to my Weibo account and proceeded to write advertising copy *in my name*. Not only that, but Weibo posts are now visible in Google search results (unlike in 2010), so the whole *world* could find the picture that another Chinese friend took in the British Museum in 2003—me with the Cyrus Cylinder and other artefacts—and my Chinese self-introduction—all apparently lending an air of credibility to products I know *nothing* about and which might be unsafe.
不过,某人进的去我的微博帐户,开始使用我的名字和头像写广告语。不但这样,这几天谷歌搜索能找到微博的条目(2010年谷歌没有进去),所以现在全世界都能找到我另一个中国朋友所2003年拍照的我站在大英博物馆的《居鲁士圆柱》和其他物件的旁边,而我的介绍自己句子,看起来都推荐我并不认识的产品,也许这些产品不安全!
Facebook has reportedly used people’s names and pictures in advertising, which is one reason why I refused to sign up to Facebook. Sina Weibo didn’t do it officially, but it’s easy to lose your virtual identity to rogue advertisers if it’s backed by a flimsy 163.com email.
报告说《脸书》把人的名字与照片放在广告里。这是我拒绝签名参加脸书的一个理由。新浪微博不官方的这样做,但如果帐户被某个软弱的163.com电邮控制,很容易失去帐户,让无赖广告者进去滥用你的身分。
My last genuine post to Sina Weibo was 1st November 2015. The fake posts started on 8th November and continued (often at the rate of several per day) until mid-December, when for some reason new posts were (temporarily?) stopped.
我最后的真正微博条目是2015年11月1日。伺候,虚假的条目开始,有时每天几次,12月才停止。
I discovered the problem a year later, and put up this page to try to let people know “silascambridge” isn’t me and I do not endorse anything it says. Shortly thereafter, I discovered that my UK mobile number, which I thought had failed to bind to the Weibo account (I never received the original confirmation SMS, and assumed they couldn’t send them to the UK), *had* in fact bound and could be used to get back into the account. However, I still haven’t found any option to change the 163.com email address used as a login name, so the intruder can get back in at any time. As I can’t delete the Weibo account, I deleted all posts, pictures, etc, and tried to make it obvious that the account is not “mine” anymore. (I can’t control what they add.) I’m still afraid there might be archives of the old version floating around somewhere.
一年之后我才发觉了,所以放这个网页试试让人知道那个silascambridge身分不是我而我不赞成它所说的任何话。此后,我发觉仍然能使用我的英国手机号码进的去微博帐号,但还不会改变那个163.com登录名,所以那个人能够随时再次进去。看来我无法删除这个微博帐户,所以我删除所有小文章、照片、等,试试让人清楚看这个微博不再是‘我’的。(我不会控制他们加什么。)我仍然恐怕很可能有一些档案包含了旧版本。
I also noticed that the amount of *third-party* advertising on Sina Weibo’s website was much greater in 2016 than it was in 2010 (especially for those viewing it without logging in, which was not an option in 2010), leading me to doubt the wisdom of using such a platform for anything resembling serious thought, since it’s not a particularly “peaceful” virtual environment now even if it might have been before.
我也留意了,新浪微博网站的*第三方*广告数目2016年比2010年大的多(如果没有登记特别社这样,2010年不可不登记但2016年可以不登记而接受更多广告),也令我怀疑使用这样的平台出版任何严肃的思想是不是明智的,因为虚拟环境更不安宁。
Before deleting, I copied out 210 kilobytes of posts and comments (but didn’t save the pictures); perhaps I should look through this to find what (if anything) *could* be put on the Web for a wider interest, but don’t hold your breath.
删除之前,我拷贝了210千字节的小文章和评论(但没保存照片)。也许我得看看哪个材料*可以*放在网站,但不知道什么时候这样做。
Further investigation showed the original Tsinghua scholar’s microblog had also been blanked. The other scholar was still going, as were many of the ‘followers’ she’d introduced to me—some had not posted for over a year, but others were still active—or at least their *accounts* were. (In light of what happened to mine, I’m not sure I should imply *any* account is still connected to its nominal owner, unless this is positively clear from the published content. ‘Re-tweets’ of online gossip could be done by a robot.)
The system told me the intruder(s) had connected from IP addresses in ChinaNet’s Zhejiang Taizhou network, but that information doesn’t help much. It also said their last 37 posts had somehow accumulated 79,000 impressions (called “reads” in Weibo, but I find it hard to believe everyone whose screen it appeared on actually *read* it, so I’m using the advertising-industry term “impressions”). The median was 566 but two were above 10,000—one of these had been forwarded but I’m not sure how the *other* got so much attention from my 269 followers. Perhaps it happened to show up more in searches, or perhaps it was ephemerally placed on the site’s front page when new and an unusually high number of people happened to be logging in at the time (I don’t have Sina’s traffic graphs but I wouldn’t be surprised if there are noticeable increases at television-programme changes like there are on the UK power grid). I didn’t try to ‘decode’ all the posts—presumably they were complex references to Chinese popular culture in an attempt to gain clicks.
In June 2017 it was no longer possible to check what the account is saying without logging in to Weibo (although some public accounts could still be checked without login), and my login had stopped working again. I reset the password via SMS but didn’t see it had made any new posts.
In January 2018, after Cambridge University Library pointed me to an electronic resource that required a Weibo login, I once again needed a password reset and this time didn’t receive the SMS. There was now a backup option that involved scanning my UK passport and specifying the month the account was created and a couple of passwords that worked in the past (information that should also be known to the intruder(s), so it depends how closely they check passport images). It was now possible to change an “email address” setting, but the email address *used as the login name* is still unchangeable and isn’t mine. (The “Edit” button sometimes shown beside “login name” simply takes you to a “change password” screen, not to a screen that actually lets you change the login name—that’s a user-interface design mistake. A routine check in May 2020 showed this situation had not changed, although my account had not been disturbed in the meantime.)
Meanwhile I started using the 2003 British Museum image as an “avatar” on other websites (GitHub etc), seeing as it was now widely visible anyway. It could probably do with an update though.
On 3rd May 2011 I posted a screenshot of a BBC broadcast (assumed fair-use as a review quote) which featured a close-up of a member of the London Chamber Orchestra playing at the 2011 royal wedding. I did not name that musician, but somebody did in the comments. I didn’t think this would matter much, as Sina Weibo was not at that time searchable via Google etc. But it became so later, and thus made things look in retrospect like I’d contributed to a press leak when I hadn’t.
The London Chamber Orchestra agreed among themselves to have no individual publicity for their performances in the royal wedding—all credit was to go to the LCO as a group. It was OK to tell friends and family, but not the press.
A leak did occur to some local papers, which then ran stories about that trumpeter. These reports were apparently tipped off by an extended family member who had not been properly briefed about the LCO publicity agreement. Since our immediate family respected that agreement and replied “no comment” to all press enquiries, I’m not sure how the Somerset Live journalist (“Dorset trumpeter is a brass act at royal wedding”, 5th May 2011, online until 2016) ended up with a supposed quote from my father, especially *this* sentence:
“Silas plays the flute and we had no idea they’d both be professional musicians.”
The journalist was clearly under time pressure and muddled up some sources. Even if my late father *had* commented, he wouldn’t have implied we were *both* professional musicians, since our family’s definition of “professional” involves exceeding Diploma standard and getting paid for concerts. But it’s plausible that someone *else* said this and a hurried editor misattributed it.
(Similarly, they had me “currently studying for a PhD at the University of Cambridge” 7 years after I’d obtained it, but never mind. In the 1990s a similar local paper reporting on the same trumpeter had made Liverpool-bred conductor Simon Rattle an alumnus of the local school in Bridport, to the amusement of the retired teacher in our family who didn’t remember teaching him.)
At any rate, even if the local English press had been able to understand my Chinese (unlikely if they were in a rush), they shouldn’t have had my Weibo post of 3rd May 2011 and the resulting dialogue as one of their sources, since it was not generally available at the time. I didn’t know Sina developers would open it up to the search engines later.
In 2020 I was attempting to create an account on a Chinese code-hosting site called Gitee (so that people in China can still access my code in the event of Western sites becoming inaccessible there), but it asked for a mainland-China phone number and said this was for “legal requirements”—but nevertheless allowed me to create code repositories without one. I wanted to contact their support team about this, and the only advertised way to do so was a QQ discussion group. I had not logged in to QQ for many years, and when I tried to do so again, I found my QQ number *had been bound to a mobile in China* which wasn’t mine. That QQ number had a strong password on it, which presumably somebody managed to brute-force without locking out the account and then bound it to their own phone number (apparently without changing the password itself, which I assume would be necessary if they took advantage of some insecure “forgot password” arrangement with guessable answers like ‘which of these are your contacts’, or if QQ reassigns old numbers). If their purpose was to trick my old contacts into sending money or something then I hope it failed. QQ number 573087366 is a stolen number and you should not trust anything it says.
All material © Silas S. Brown unless otherwise stated. Facebook is a trademark of Facebook, Inc. GitHub is a trademark of GitHub Inc. Google is a trademark of Google LLC. WeChat is a trademark of Tencent Holdings Limited. Weibo is a trademark of Sina.Com Technology (China) Co. Ltd. Any other trademarks I mentioned without realising are trademarks of their respective holders.