mercy-song-ffxiv
Mercy's Song.
Yeah...This is a IC and OOC page now. Still RPing but we all know I'm not as dedicated to writing outside of RP as I'd like. Proudly on the Mateus server.
690 posts
Don't wanna be here? Send us removal request.
Last Seen Blogs
lemon4869-blog
lemon
donedeal99
Untitled
taanvan
tanvan
bmtfckinirvana
Bring me that fucking Nirvana
aetmaad
Untitled
Text
I was walking through the toy aisle at Target when I found this thing and had a VIOLENT AND IMMEDIATE FLASHBACK to when JP first came out and they had a bunch of REALLY COOL T Rex toys that I would have sold one of my scrawny small-child limbs for but my mother wouldn’t get me one because they were “too violent and also ate people” :(
514K notes
·
View notes
Video
“I was worried how my older male cat would react to the new female kitten. This is their first night together:”
(Source)
79K notes
·
View notes
Video
213K notes
·
View notes
Text
Ser Aymeric, the Discord bot, was designed to be spyware.
Some background, for those who aren’t familiar with the situation:
Lethys is the creator of a popular FFXIV-centric Discord bot called Ser Aymeric. It’s admittedly a very useful bot, and is popular because of it’s feature-set.
Lethys is well known in the community as a serial predator of gay men.
Lethys is obsessed with harassing individuals he sees as his enemies.
Lethys has leveraged the popularity of his bot to secretly surveil individuals he has grudges with in the past.
I worked on Ser Aymeric directly and had access to the code. Lethys brought me on to work on Aymeric’s dashboard administration interface.
I was asked to hold off releasing this information until after Discord did an investigation. I am uncertain whatever came of that investigation, so either it never happened, or Discord doesn’t understand the ramifications of this situation.
Lethys has two spying capabilities built into Ser Aymeric:
The first was built in Version 1 of the bot, specifically to spy on Lethys’ rival Lux and his XIV Male Mods Discord server. It’s known as the ‘secret h’ function (command ?h), and was able to dump the last 1000 lines of chat from any channel Aymeric is present in. He specifically built it to spy on XIV Male Mods’ private admin channel to see what they were saying. He was obsessed with them as a rival server to Lethys’ Gayorzea community. This function could have been used to export the text of any channel on any server that Ser Aymeric was present in, but XIV Male Mods was the only one I’m aware of it being used against.
For Version 2, much of the bot was rewritten, but rather than making things better, he grew the spyware capabilities.
It was during the V2 rewrite that Lethys brought me on to work on the administrative frontend for the rewrite, and therefor had access to the code. Despite his claims in the past, I was listed as a developer on the credits and homepage ever so briefly.
Version 2 logs every message by every user in every channel that Ser Aymeric has read permissions to. It stores them in a MongoDB (a type of database software) collection called 'messages’. These records (referred to as JSON objects) represent all message sent, across all the servers Aymeric is present in. They are plain text, unencrypted and personally identifiable. Lethys could query them on a per-server, per-channel or per-user level.
In his privacy policy he claims this logging is for the 'quotes’ feature, but it goes far beyond that. This is all messages, whether or not someone has invoked a quote command or not. Everything.
This is a look into the live production database Ser Aymeric is running off of, using MongoDB. You’ll notice a 'messages’ collection containing a large number of objects.
An example of one of the objects inside the 'messages’ collection. This represents a message someone shared. Every single message that is shared in a channel that Ser Aymeric has read access to is logged and stored, regardless of if they have been quoted, deleted, or whatever the case may be. Everything. In spite of what the author claims or states in their privacy policy.
Here is another example. This shows how easy it is to query down to a specific user, channel or server level. In this case it’s my own Discord ID. This was posted in a private administrative channel that although Aymeric had read access to, had no reason to be logging whatsoever.
Here is a live shot of that same message, inside a closed admin channel. The message ID is 617875866122190859, channel ID is 480809457056743424, server ID is 179321234046058497 and author ID is, again my own, 62310340079128576. This mirrors exactly what is in the live database on Ser Aymeric.
So, the long and short of it is, a known sexual predator with a history of harassing his victims and those he has grudges against has a wildly popular Discord bot which enables him to see what anyone is saying without their knowledge on any server, to be aware of what servers they are present in, what channels they have permissions to, and more.
Let the scale of that sink in. At the time of this writing it’s on 18,372 servers, and monitoring 1,210,120 users who are completely unaware. It’s gobbling up every message across every Discord server it’s present in, collecting private information without people’s consent or knowledge, readable by him, and no way to delete it. It is not even remotely GDPR compliant, in spite of Lethys’ being a citizen of the United Kingdom. It’s a gross invasion of privacy.
Every server that has Ser Aymeric present in it is unwittingly enabling Lethys to continue to spy and harass his victims. Do not use this bot. Do not trust Lethys with you or your friends information. You will learn, as I did, that he is not someone you should put your trust in.
-
Some have claimed it would be impossible to process every single message that Aymeric has access to. That’s simply not true. Aymeric, like all bots, *has* to process every message in a channel it has read access to. How else do you think it would know you used one of it’s commands?
As far as storing those messages, Lethys recently updated his privacy policy to admit that yes, he does really do that. The reason the database doesn’t swell to an unmanageable size is because he runs a process to occasionally wipe out old messages from the live database — however, old messages are still saved in backups. I do not know how often he runs this processed, but I would expect he gives it a pretty wide clearance, as once those messages are out of the live database they can’t be quoted or referenced for deletion/edit auditing features. So what, 60, 90 days? I’m not sure. In any event, even when the live database is trimmed for performance, your data is never really gone, and is conceivably retrievable by him from backups.
A 30, 60 or 90 day allowance is plenty of time for him to readily go back and read messages from people he’s taken issue with, though. I’m not sure I’d be comfortable with anyone reading a rolling 30 day history of my text messages to the people I care about, with access to more if they were really curious.
-
Also, just to get this out of the way, because people keep declaring I’m full of shit, yes, I did work on the bot:
https://discordapp.com/channels/265561352683126786/265586371178135562/618034546503581698 (although I’m sure he’ll delete it.)
-
Update: In light of my tweets, a new version of Ser Aymeric has recently been released advertising itself as “secure” because it encrypts these messages. This is literally impossible to do from a cryptography standpoint, as I explain here. Message history and quoting is impossible to do with an encrypted database. Aymeric is no more secure from Lethys’ spying than it ever has been, and I’ve nothing to indicate that Lethys has spontaneously developed a moral compass.
-
Update: People have in the past faulted me for conflating Lethys’ personal issues with the security concerns of the bot, but I strongly believe the two are inseparable.
The ‘secret h’ function outlines the developer’s state of mind: we can abuse this and use it to our advantage, and they did. The many, many stories on Twitter and elsewhere from people who have been harassed by Lethys’ speak to his character and trustworthiness. Years of personal experience seeing just how unbalanced Lethys informed my opinion on how he might use the bot.
V2′s logging functions are not inherently evil, the problem is, in the wrong hands, they can be abused. ‘secret h’ demonstrates that they HAVE abused this power in the past, so how are we to trust them now with even more power? We can’t. You shouldn’t. That is what I’m saying. You put your trust in the developer to do the right thing with your data by using their bot. And this developer is not trustworthy.
2K notes
·
View notes
Photo
Resident Evil 8 really be out here taking notes from our daydreams, huh? I mean who wouldn’t want to be chased through a rural mountain village by a Coven of Witches. Lead by a fashionable Baroness?
3 notes
·
View notes
Text
girls just wanna have
a secret identity with an elaborate masked disguise and a clever yet deeply pining nemesis to go with it
3K notes
·
View notes
Note
hi! so i've seen a few posts going around tumblr saying that the pansexual label is inherently biphobic. i thought that bi/pan was a functional difference (attraction to all vs. attraction regardless) but i'm realizing it runs deeper than that. i'm queer but not super educated on the bi/pan discourse, so i was wondering what your take on it is? thanks!
I applaud you for trying to take this issue seriously. Alas, I regret to inform you that in my opinion it doesn’t deserve it in the least.
I’m so unbelievably over bi/pan discourse. It’s been a snake eating its own tail for thirty years at this point, endlessly re-argued and never actually getting anywhere. Because AS IT TURNS OUT, being mindful about the language we use can be good and useful, but it can’t actually substitute for, like... being a good person. And trying to make the world better.
The argument goes:
1. “Pansexual��� is better than “bisexual” because “pan” means “all” and therefore encompasses more genders or lack of gender than the simple binary. Bisexuality is transphobic!
2. You fool! Bisexuality is inherently inclusive and has encompassed more than the canonical binary genders since bisexual activism has been a thing! Pansexuality is biphobic!
3. Also trans people can be binary so everyone who says these terms are transphobic are transphobic themselves!
ben-affleck-smoking.gif
I think this is a very stupid fight. So far as I’m concerned, “bisexual” and “pansexual” are functional synonyms. People use one or the other for a wide variety of reasons, whether historical, ideological, or practical. I’ve rarely met bi people who are only attracted to binary people but not nonbinary ones.
I identify as “bisexual” because it was the term available to me when I figured myself out, it’s a term I don’t have to explain to anyone, and it’s the term that got me rejected by the first real live gays and lesbians I’d ever met, and now giving it up would feel like admitting defeat. If you ask a lot of bi and pan people why they identify a certain way, you’d hear a lot of that kind of idiosyncratic arbitrariness.
Also at the end of the day, experiencing attraction isn’t activism. I’m not more enlightened or liberated or anything else because I’m attracted to nonbinary people than I would be if only strict gender conformity turned my crank. Like yes, beyond base attraction we can work to have realistic expectations of our potential partners, but... being attracted to someone is not an adequate substitute for wanting them to have full human rights. If it were, every heterosexual man would be a feminist.
And it would be really cool if we as a community could stop automatically attacking people for using words we don’t 100% vibe with.
763 notes
·
View notes
