

Where’s my reply, OkCupid? (Prelude to a lawsuit) - instakill
http://www.avitable.com/2011/09/05/wheres-my-reply-okcupid-prelude-to-a-lawsuit/

======
DanBlake
Sorry, I completely disagree with this post, 100%

First off, I want to say this right away- Its total bullshit that some user
targeted you like this and you definitely have a right to get a subpoena for
OKC to give you the users IP and to delete the account

However I dont agree with your hate towards OKC- You cant give them shit for:

Not giving you the Account information/IP just because you asked: Giving that
info to you without a legal order just makes them liable personally. You want
the IP? You need to send legal notice. What would happen if it was some abused
woman who OKCupid gave their account info out to her abuser? Yeah- Get a legal
order if you want that info. Not OKC's fault, They are following (wise) legal
advice.

Not requiring email validation- So what? They could have done the same thing
posting your details to pastebin.com or just not used your email in the first
place. Actually, seeing as how the account is registered to you, why dont you
just login and delete it? Not requiring email validation means nothing. In
fact, Email validation is basically worthless nowadays (Similar to captchas)
and just annoys users.

Finally- Saying what you said in that post is rather stupid. Threatening to
"get ugly" and that you have a "actionable case" - If this was against a
company I was involved in, our lawyers would basically cut us off from any
communication at all. Now that you have said that, your only action is to
actually get a subpoena vs if you took a nicer tone, they might have deleted
the account for you.

Additionally- I doubt OKC is in any risk themselves for this so threatening to
sue them is silly. the CDA basically absolves them from any liability for user
content so the best result you can get from "suing" them is that you would
lose. Worst case is you pay their legal costs also.

You want the IP? Get a subpoena. Thats how its done.

Once you do get the subpoena, rake the bastard over the coals for libel :)

~~~
prawn
"Giving that info to you without a legal order just makes them liable
personally. You want the IP? You need to send legal notice."

Surely they can reply immediately and suggest he get a Pre-Action Discovery
Order or whatever it might be called in his/their area. Would take a few
seconds to do.

~~~
prawn
Sorry to reply to my own post but have got another minute to add more to this
conversation: I run a forum that receives all sorts of legal threats over
questionable/defamatory posts. I'd rather not have those dodgy posts on my
site and would be quite happy for someone to pursue the authors. When
receiving a complaint, I make the effort to reply quickly in each case
outlining the legal options. Surely OKCupid are in a similar position - they
don't want this sort of junk on their site; if they can provide a quick piece
of info and then stand out of the way while the OP pursues the perpetrator,
all's well IMO.

------
gst
"That’s my real address. Unlike my previous address, which I posted publicly
as part of my Halloween party invitation, this one was not public."

So lets summarize:

1) This guy does not want his real address to be known. 2) A small number of
people learned it through OkCupid but most likely ignored it. 3) As a result
the person in question posts his own address publicly on his blog and gives
OkCupid the fault that the address is public now.

Am I the only one to whom such a behavior appears incredibly stupid?

And by the way: Just do a whois on the domain name of the blog and you'll also
get to the same address.

~~~
mcherm
Not wanting your address public is one thing. Not wanting your address
published along with a call to break, enter, and commit rape is another.
Perhaps the former wish pales before the importance of discussing the latter.

------
jrockway
It's probably a good idea to involve the police in this case. If your problem
is that OkCupid is giving out your home address, why should they solve that
problem by giving you someone's IP address? That doesn't make sense; you could
be just as much of a whacko as the guy that posted your address. Two wrongs
don't make a right.

The correct way to address this problem is, I think, to file a police report.
Then they will give the information to trained law enforcement officials that
can act on that information in an appropriate manner. (I've been on the other
side of this before; someone on Slashdot didn't like a comment I made. Several
months later, the Secret Service is at my front door with a list of questions
they needed answered. A little scary, but the best possible outcome. I'd
rather have trained federal agents after me than some psychopath with a sawed-
off shotgun. But maybe that's just me.)

Anyway, OkCupid should absolutely take action on this, but I think it's best
if you don't take it personally. Let the professionals solve your problem.
They'll do a better job because they have access to better tools and have
better training.

~~~
waqf
Now I'm really curious what the content of your Slashdot comment was.

~~~
jrockway
The thread was something like, "name something you can't say on the internet"
and my reply was "i'm going to kill the president". It turns out I was right.

Anyway, the cops did not check the content of the thread before coming to my
house. After I showed them they agreed it was kind of silly that they were
called out, and they went away. I never heard any follow up, but I assume I
now have A File.

~~~
jaredsohn
...and you may have just invited a personal followup by posting a message with
that phrase in this thread. :)

------
chrischen
His blog says it's a parody blog... Is this post for real? I feel like he's
not seriously accusing OKCupid and his blog's description implies everything
is fake... Why else would he not blur out his address???

"This blog is my personal property and consists of my private opinion. This
blog is a work of fiction, the names in this blog are fictitious, and any
resemblance to persons living or dead is purely coincidental. This blog is
solely satire and parody and should be considered as such."

~~~
avitable
It's mainly a humor blog, but I write serious posts on there as well. The
disclaimer about it being fiction is a CYA for some of the humor I write. The
OkCupid post is completely serious.

------
artursapek
You should be _glad_ they have that registration flaw. Consider this scenario:

OkCupid _does_ require email validation, and the attacker still makes the
false account under your name with your photo and all the same information,
and simply emails you a link to it. Same exact thing. It doesn't even look
like your email address is visible on the page. All that OkCupid's flaw served
as here was an instant forward of the page to you _which you should actually
be grateful for_. Imagine the attacker wasn't able to use your real email and
in fact never did email you the link to it, this page would be up on OKC
unbeknownst to you because OKC wouldn't have emailed the confirmation to you.

While the attack was a pretty messed up idea, I feel you completely over-
reacted. You are way too enthusiastic, publicly, about wanting to get revenge
on OkCupid, who really didn't do anything wrong. I would rethink the
subheading with which you chose to adorn your Twitter background.

People will always misuse technology. A website can't be sued for having a
loophole in its registration system. That's just stupid. However, a person
could be sued for attempting to anonymously recruit crazy people (the only
type who would think the original post is real and go through with the
request) to break into your house.

~~~
pbreit
Ultimately the lack of email confirmation is a minor detail and not even
relevant since it had no impact on the perpetration (except notifying the
victim and enabling him to log in).

But I don't think that takes away from the complaint that OKC should have
replied to the victim.

~~~
artursapek
Yes, they should reach out, but I understand why they wouldn't want to
publicly perpetuate this incident. He should have just sent an email and not
given them bad press on Twitter and his blog.

~~~
pbreit
If OKC would have replied it most likely would have avoided the blog post
(which was totally warranted).

------
ig1
<http://www.avitable.com/about/>

"This blog is a work of fiction, the names in this blog are fictitious, and
any resemblance to persons living or dead is purely coincidental. This blog is
solely satire and parody and should be considered as such."

------
reledi
> Apparently, the link in this email could be forwarded to anyone, and they
> would be able to sign in.

This happened to my mom a few weeks ago. When you receive a message on
OkCupid, it shows the message in the email and it also includes a link to your
profile. My mom forwarded the message to some of her close contacts and later
found out they all had full access to her profile. Very embarrassing.

~~~
wisty
I love having Baby Boomer parents. They are total technophobes, and would
never put potentially embarrassing information on the web.

Our kids, on the other hand, are going to hate us.

------
gyardley
In the past this sort of stunt has led to actual rapes, which have gotten some
pretty wide coverage:

[http://www.oprah.com/oprahshow/Craigslist-Rape-
Victim/print/...](http://www.oprah.com/oprahshow/Craigslist-Rape-
Victim/print/1)

Assuming it's not fiction - hard to tell with that disclaimer on his blog - if
I were the poster, I'd take this to law enforcement immediately. Conspiracy to
commit rape is a serious criminal charge.

------
craigmc
"prelude to a lawsuit"...

When you were a kid and another kid threatened to beat you up, it was always
the case that the more they talked about the less likely it was to happen. The
ones that were a genuine threat just tended to hit first and talk second.

I've always found the same thing about legal action. The more someone makes
vague threats the less credible their claim seems.

If you haven't spoken to a lawyer, don't make reference to any sort of legal
action (and if you have spoken to a lawyer they'll tell you to keep your
powder dry on publicly announcing it too)...

On an aside, since most people manage to get through life without such an
offensive profile being created about them on a dating site, I'd respectfully
suggest that once the author has successfully found the "delete" button, he
perhaps considers if he could have done anything differently to avoid being in
a situation where someone was that p*ssed with him... (not justifying or
condoning the actions of the profile creator, just espousing my personal
preference for avoiding trivial confrontations in the first place)

------
there
if the person creating this fake profile hadn't used this guy's e-mail
address, this guy probably would have never known his home address was being
given out. seems like in this case, not having to verify the e-mail address
was beneficial to this guy so i'm not sure why he's so angry that no e-mail
verification was needed.

though, what does he expect to do with the ip address from okcupid? contact
the isp and ask for a home address? i can pretty much guarantee that the isp
won't give out any information without a subpoena, or at the very least, a
formal request coming from a proper law-enforcement agency. if he wants to do
anything other than go beat up the guy that posted his information, he should
contact the police, have them subpoena okcupid for the ip address and
timestamp information, which they will have to provide in the subpoena to the
isp.

------
gkoberger
Ironically, the fact that his real email was used actually saved him. OkCupid
doesn't show email addresses to users, so the person who created the account
could have used imtrickingyouintorapingsomeone@gmail.com and nobody on the
site would know. Even worse, he never would have known a group of men were
invited to rape him. At least this way, he knew about it almost instantly.

------
bugsy
Regarding legal liability, it's worth noting that Yahoo! has a panel you can
access that shows the ip addresses you connected from during all your recent
sign ins. It's only available to the account holder. They are a big company
with many lawyers and seem to know what they are doing. It seems to be a very
good feature that all sites with user accounts should probably have.

------
rmc
Aren't IP Addresses personal information? Companies can't just hand them over
willy-nilly.

------
jamesturn
The scary thing is that this is someone who has access to his private Facebook
profile, aka one of his Facebook "friends". And he doesn't know who it is.
There are traitors among his friends.

~~~
waitwhat
He has 1391 "friends" on Facebook. I think this is past the point you can
claim to actually know all of them, or even recognise all of them in a crowd.

This is also past the point where you can fool yourself that anything
restricted to "friends" on Facebook is actually private.

------
burgerbrain
_"filled with people looking for threesomes, married browsers looking for sex
on the side, or, occasionally, Nigerian princes who want to give you money. "_

One of these things is not like the other. Seriously, why the need to insert
unrelated bigotry?

~~~
ceejayoz
419 scammers are extremely common on dating sites.

<http://www.snopes.com/fraud/advancefee/nigeria.asp>

~~~
burgerbrain
I'm saying that comparing people looking for threesomes or other partners is
legitimate, while 419 scammers are not. The comparison is rather bigoted.

------
teknik
Whois his domain :P

------
rorrr
This has nothing to do with OKCupid. Just because somebody used them to target
you, doesn't make them liable. What if I create a public Google doc with all
your private info and some lies? Will you sue Google?

~~~
mcherm
Allowing it to be posted: not OKCupid's fault. Failing to reply in a week to a
situation that clearly presents the possibility of imminent harm and of great
psychological stress: fail. They could, for example, have responded within 24
hrs to say the posting had been removed and law enforcement would be
contacted.

~~~
philwelch
If an account is set up on your email address, it's trivial to gain control of
it and shut it down yourself.

------
drivebyacct2
I'm not one for spreading peoples' personal information, but I'm tempted to
repost this on pastebin or any other GeoCities equivalent to make a point.

I can do the same thing with Facebook. The lack of email verification has
nothing to do with the publicness or lewdness of his email. I've had people
create Facebook accounts with my email address too. I just log in and
deactivate the accounts.

This guy's "attacker" could have just as easily used a fake email address and
done the exact same thing. Even with email verification. Email verification !=
identity confirmation.

It's actually sad how easy it would be to quickly create a fake Google+
profile, Facebook profile and Twitter account to emulate this person and post
equally insidious threats. Is the only difference here that this person didn't
have a previous OkCupid! profile to prevent this name-grabbing? Or what?

