Hacker News new | past | comments | ask | show | jobs | submit login
Losing Confidence in Creative Commons (marteydodoo.com)
24 points by marteki on May 10, 2014 | hide | past | favorite | 6 comments

Looks like pointless complaints to me. You're losing confidence in CC because their process for reporting security issues is okay, but not perfect?

They did the hard thing, which was emailing users about a "breach" that may or may not have been exploited. I mean we're only talking about names/emails here but whatever.

I donated to CC a couple times and may be in that file but frankly I couldn't care any less, as long as CC does an outstanding job improving their licenses (which they do!).

OP says that CC didn't reply. At all.

If true, I think it's totally reasonable to complain about that.

You donate to an organization because you want to support them. You responsibly report a data breach because you want to support them. And in response? They can't be bothered to take 10 seconds to type "Thank you! We'll fix this ASAP." Really?

My advice to OP: Next time you're fortunate enough to be able to donate to an organization, pick another one. It's not just about supporting good causes, it's about supporting effective organizations.

Something like 'enlightened self-interest'. I like the term "effective organizations". There's little point it supporting any other kind, except perhaps for external effects - praise, reflected esteem - which is more PR than a will to benefit the public.

Now I have a way to distinguish public organizations wanting my money. And since I donate anonymously, I have no need to ever donate to the PR kind.

Hi Martey, thank you so much for alerting us to this issue, and for your other suggestions. You should have already received the email below from CC general counsel Diane Peters; I'm posting it here so that others in this thread can see it too.


Elliot Harmon / Communications manager, Creative Commons / elliot@creativecommons.org



Thanks for your help in identifying this issue and for your related suggestions. You’re welcome to post this reply as an addendum to your blog post; we’ll also be posting it on the Hacker News thread.

We regret not replying to you promptly about what we were doing to resolve the issue, and to express our gratitude. That was our error, and we apologize. Our immediate focus was on locating the file you identified, confirming that no other files with sensitive information had been inadvertently uploaded, determining what information the file contained, and identifying and contacting affected donors. Thankfully, we were able to remove the file the same day you reported the incident. That was our highest priority.

We have since learned that our rapid deletion of the file limited our ability to access statistics about its use. We will share an update if we learn more about views or possible downloads.

As to your other suggestions, they are well taken and we will do better. Both emails for the audit committee on the contact page are functional, but in order to avoid confusion, we removed one of them. We have also emphasized that audit@creativecommons.org is the most appropriate portal for sending privacy-related concerns at this time.

Thanks again for calling this to our attention, and our apologies for not more quickly replying to you individually.

Diane M. Peters / General Counsel, Creative Commons

It seems like CC did the right thing in general but the informer of the problem would have liked an email acknowledgement.

Although not as serious as the release of names and addresses, I email people and organizations all the time when I see typos on their web sites, and I don't much expect any response or acknowledgement; I am just trying to be helpful. It seems like the author of the article was similarly trying to be helpful.

Full disclosure from submitter: the writer of the blog post is my brother.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact