
In Our Inbox: Hundreds Of Confidential Twitter Documents - vaksel
http://www.techcrunch.com/2009/07/14/in-our-inbox-hundreds-of-confidential-twitter-documents/
======
bdmac97
I'm strongly of the opinion that they shouldn't post them... Just seems like
bad karma at the least or a potential legal problem at the worst.

~~~
nreece

      If we only posted things that companies gave us permission to post
      this would be a press release site and none of you would be here.
      News is stuff someone doesn’t want you to write.
      The rest is advertising.
    

\-- Michael Arrington

[http://www.techcrunch.com/2009/07/14/in-our-inbox-
hundreds-o...](http://www.techcrunch.com/2009/07/14/in-our-inbox-hundreds-of-
confidential-twitter-documents/#comment-2857013)

~~~
flipbrad
This is what's profoundly wrong with this Arrington character. What an awful,
tabloid approach to defining news. New reporting is, quite simply, doing the
legwork to bring stories to your attention. They might not have come to your
attention for any number of reasons - distance from the source (too many nodes
between you and it for it to get carried to your ears by your social network),
original source too small/obscure, information not meme/viral enough (too
complex? takeaways not clear? relevance to you is difference to relevance of
all the potential, necessary carrier nodes it would take to reach you), you
need your information filtered because you're too plugged in; privacy / legal
status of the source is just one reason why you might not get information.

Whether a news outlet should carry that last set of info to your ears or not
is up for debate; but to see his role as binary - advertising/PR newswire vs.
broadcaster of leaked private information... well, how sad.

He's not alone of course. Tabloids have been operating on basically just that
model for eons. With the occasional fabrication when they can't get enough
leaks to fill the inches.

~~~
ahoyhere
Don't forget genuine analysis, especially in the sense of placing things in
context, historically speaking.

That's something that's hugely missing from the "tech reporting" (ha) of
today. Almost no one considers the things that came before.

For example, I saw no one else comparing Google Wave to OpenDoc... or even
remarking on the old command-line tool, talk/ytalk. Both of which are
extremely relevant to Wave as a product.

Shame.

~~~
brandnewlow
....because it sounds kind of boring....and it's not news....it's analysis.
Different.

~~~
ahoyhere
Is a newspaper full of what's new, or is it news because it's in the paper?

Most of the front-page articles on HN are not news, they are recycled anti-
business school puff pieces. And yet, this is Hacker News.

If Google releases a product that looks suspiciously like Apple's failed
OpenDoc initiative from, oh, 12 years ago, that's news. If they're focusing on
a communication medium style that totally existed before, but which was
largely abandoned because it was incredibly annoying, that's news, too. Those
who don't learn, doomed repeat, etc., etc.

------
jcapote
It's official: micheal arrington is the perez hilton of the tech world.

But seriously, how is this in any way legal? I almost can't believe it, it
seems like a hoax...

~~~
vaksel
it may be somewhat unethical, but its legal. If you couldn't write about
anything "confidential" the news companies would be out of business.

~~~
barrkel
Why doesn't it count as trafficking in stolen property? The documents weren't
leaked, they were stolen. They are not "confidential", they are _stolen
property_.

~~~
lacker
There's no difference between "leaked" and "stolen". Leaked documents are just
those stolen by an employee.

------
tdedecko
Initially, I was shocked that they would post the stolen information.
Eventually I realized that this is going to be publicly available regardless
of whether Techcrunch posts it or not. The information would be released
elsewhere. As a news site, they are unable to ignore its existence.

Techcrunch has discussed this with Twitter. They have also decided not to
release private information. From this I can say that they are being fair
about this.

This does suck for Twitter. Though, it does bring to light the potential
dangers of using a web service to host your confidential documents.

 _"the original security hole seems to be Google, via Google Apps for your
Domain. Some passwords were guessed and things started to fall apart from
there. Most (or all) of these documents were downloaded from Google’s
servers."_

~~~
esonica
I would argue it brings to light the dangers of not having secure passwords,
this applies to local networks and servers, not just web services.

------
radu_floricica
I'd rather live in a world where I have to guard my private info then in one
where I send info to news outlets only to have them self-censor it. Newspapers
have a pretty clear job, and outside yelling fire in a theater I support them
doing it.

Of course, checking the validity and relevance of what they publish is
necessary, but that's a different discussion.

------
esonica
Wouldnt the unethical thing be sitting there reading through a bunch of
documents you know were illegally obtained? Then following it up by basically
bragging about it..

TechCrunch is not what it used to be :(

------
DanielBMarkham
I refuse to click this link and give TechCrunch my pageview.

This is really simple. Act in a manner that you would like everybody else in
the world to act like.

Aside from that comment, I'm not joining this circus.

~~~
trickjarrett
This is what news organizations do though. Fox, CBS, NBC, if they receive
documents they would publish them too. Why is TechCrunch different?

~~~
joezydeco
Sigh. Didn't we just go through this with the lawsuit involving Apple and the
Apple blogs?

[http://www.nytimes.com/2005/03/12/technology/12blog.html?_r=...](http://www.nytimes.com/2005/03/12/technology/12blog.html?_r=1)

"[The ruling]... focused on the notion that the published information included
trade secrets and was essentially stolen property."

~~~
eli
That was a ruling that said Apple could track down the leaker. It didn't say
the documents couldn't be published.

~~~
joezydeco
Oh, I see. I guess my interpretation of "stolen property" is different from
yours. Sorry.

------
psranga
He talks about not crossing an ethical line and then says he's going to post
the documents!

To posters drawing a comparison to newspapers like NYTimes, Wikileaks etc: ask
yourself what public interest is served by these documents being made public
(afaik none). And then ask yourself what public interest was served by the
leakers of the Pentagon Papers.

------
sriramk
The scary part is that TechCrunch isn't the only place these documents will
land up at. Other recipients of these documents won't be so scrupulous about
not posting sensitive information. I imagine Twitter is going through a lot of
hassle around resetting security codes, reaching out to interview candidates,
employees taking measures to protect identity theft, etc. Just a nightmare.

The other scary scenario is that this "hacker croll" has more documents which
he hasn't shared yet. When the original HL2 code was stolen from Valve, Gabe
Newell was contacted later with additional documents (which lead to that
person getting arrested)

------
jeremymims
Wow. This debate is incredible.

First, I love using twitter and I think the guys that built it are great.
They've created a product that means so much to people that many members on
this site are willing to stand on shaky ground saying these documents
shouldn't be published simply because they belong to a company they like.
Internal documents are leaked all the time. For instance, Arrington reported
that Microsoft's new search engine would be called Bing long before Microsoft
announced this fact. How many of you chase Apple rumors before a keynote? This
is all leaked information. Where's the outrage?

The standard for the press publishing information isn't malfeasance. Twitter
need not have done anything wrong for the press to publish information that is
of interest to its readers.

Arrington has drawn a line that companies are different than private citizens
(who he feels should have some expectation of privacy). He is not releasing
personal information that may hurt someone's career, merely information about
twitter's potential future tv projects, business models, and projections.

The fact is he has gone about this in an extremely ethical way, acting as both
reporter and ombudsman. He has censored portions which might do someone harm
and has no doubt agreed to censor certain bits of information on behalf of
twitter. However, he will publish as much of the information that is relevant
and interesting as he can. In my opinion, this strikes a good balance.

------
jacquesm
If you store your corporate documents on other peoples servers you deserve
what you get. What were they thinking ?

Confidential stuff should not leave the building, let alone be uploaded to 3rd
party data centers. Keep in mind that just about anybody with sysadmin
privileges at the company hosting your data also has access to all those
documents.

As does anybody on the wire between you and the host during up or download.

Now let's hope somebody posts some of techcrunchs' internal and confidential
documents. What goes around comes around.

~~~
ntoshev
Arrington says the vulnerability was in Google Apps for Your Domain, although
the original article about the hack says otherwise:

[http://www.pcworld.com/businesscenter/article/164182/hacker_...](http://www.pcworld.com/businesscenter/article/164182/hacker_i_broke_into_twitter.html)

    
    
      Hacker Croll claimed to have accessed Goldman's Twitter
      password by first gaining access to his Yahoo account. 
      "One of the admins has a yahoo account, i've reset the
      password by answering to the secret question. Then, in
      the mailbox, i have found her [sic] twitter password," 
      Hacker Croll said Wednesday in a posting to an online
      discussion forum. "I've used social engineering only, 
      no exploit, no xss vulnerability, no backdoor, no sql
      injection."
    

I wonder why the hacker would send the documents to Techchrunch. He could have
uploaded them somewhere and then submitted the link to Reddit.

~~~
ErrantX
> wonder why the hacker would send the documents to Techchrunch

The inference I got was they paid for them. BUT I stress that is only what I
picked up - not seen anything concrete. Could explain it though.

------
ananthrk
TC's response to reactions on this issue

[http://www.techcrunch.com/2009/07/15/our-reaction-to-your-
re...](http://www.techcrunch.com/2009/07/15/our-reaction-to-your-reactions-on-
the-twitter-confidential-documents-post/)

------
dfj225
All I can think of is Cryptonomicon and how much work Epiphyte(2) put into
securing their IP and company plans. Of course this is fiction, but it made
sense to me that the main value in a startup is in their ideas/IP so this
should be protected to a great extent.

Apparently, Twitter didn't take this approach.

------
sobriquet
ruh roh..

I know TC said names of people who interviewed for "senior level positions"
are included... wonder if the lower level positions are somewhere in there
too.

Anybody interview and don't want their current employer to find out?

~~~
nostrademons
Eh, I interviewed, but it was before I joined my current employer. Unless the
interviews are date-stamped or you've been at your job for longer than
Twitter's been funded, I don't really see much of a problem.

------
sho
If further proof was needed that secret question "backup passwords" are a
really, really bad idea, this is it. Exactly the same way Sarah Palin's
account was "hacked".

People, and companies, have to take more responsibility for their own
security. They can't just say "it wasn't my fault, Yahoo has that feature!" -
they need to active _dump_ yahoo, and anyone else offering these ludicrous
backdoors which defeat the point of even having a password.

------
TweedHeads
Next time it won't be a spit, it will be a punch in the face.

------
Ardit20
Wow, If I was Twitter, I'd feel raped.

~~~
Ardit20
Well, when someone rapes you they penetrate your most intimate parts without
your consent. I do not think there is anything more intimate for a company
than their revenue data, plans and projections. So down vote all you like,
however technically my analogy is correct.

------
rwebb
jerk

------
guicifuentes
I'm not a lawyer but this says it's going to publish entire documents which
supposedly are private, what it's illegal. This is just marketing and not true
(the entire thing).

So do they hacked the entire computer network of Twitter offices just for the
shake of sending the documents to Michael Arrington?

Are you serious?

~~~
omouse
If you were following the story you could see the computer criminal, some
script kiddie, guessed some passwords and got into the Yahoo Email or Google
Apps accounts of some Twitter employees. Typical of script kiddie computer
criminals, they were seeking fame which means seeing their handle/nickname
plastered all over the Internet.

