If you have information about MyEx.com that you’d like to share, please contact me with a working email address or phone number:
If you have information about MyEx.com that you’d like to share, please contact me with a working email address or phone number:
Revenge porn site MyEx.com, along with Google and Yahoo!, has been sued for copyright infringement in the Federal District Court for the Eastern District of Texas. The complaint is below. ((Although the plaintiff in this action has previously sued the now-defunct website Texxxan and is publicly known, I redacted her name from the complaint because her photos continue to be accessible on MyEx.com and appear to have been posted in retaliation for having sued Texxxan.))
MyEx.com is one of few remaining websites dedicated to so-called “revenge porn,” and is likely the largest website of its kind, hosting the nude photos of upwards of 6,000 men and women. It has been the subject of increasing media attention and peripheral legal action, although the site itself has never been sued. This week, a former NFL player was sued by his ex-wife, who alleged that he posted her nude photos to MyEx.com. Previously, a teacher at a Christian school lost her job after being posted on MyEx — and was later charged with filing a false police report in connection with the posting.
MyEx is purportedly operated by “Web Solutions, B.V.,” a company in the Netherlands that does not exist. Rather, the site was created and continues to be operated by Americans in coordination with persons in the Philippines.
(This post is part of a series of investigative pieces attempting to identify the owners of “revenge porn” websites.)
WhozaCunt.com: The Revenge Porn Site Down Under
WhozaCunt.com is a revenge porn site “dedicated to helping you get even with bitches and assholes and give them what’s coming to them! [...] Make them famous – they deserve it!” Having posted the nude photos of men and women against their will, the site subjects its victims to a bizarre ‘takedown’ ritual. The site’s takedown policy requires victims themselves (and not a lawyer or family member) to provide a copy of their photo ID, another photo of the victim to prove they’re making the request, “proof” of the date the images were taken, and a “counter declaration,” without elaborating what the victim is supposed to declare.
When victims complained, the site would post their full emails, along with their photo IDs, and state opaquely that they had failed to comply with the takedown process.
Some victims of the site assert, credibly, that they were under the age of 18 in the photos featured on Whozacunt.com. For example, one victim circled some, but not all, of the nude photos in her profile, to indicate which ones were taken while she was underage. Whozacunt refused to remove the profile or any of the photos and instead re-posted the circled photos.
When challenged, the site takes an aggressive stance to increase the humiliation of its victims. One woman and her parents complained to the Illinois Attorney General’s Consumer Protection Division, alleging that Whozacunt.com was refusing to remove nude photos of somebody else (and posted under the victim’s name). The day after Whozacunt.com received a letter from the Consumer Protection Division, a new site arose using a domain consisting of the young woman’s full name, along with her nude photos.
Who could be this cruel? A guy who cares more about cruelty to pigeons than cruelty to people.
Over the past year or so, I’ve been writing a series of investigative pieces documenting who I believed was operating so-called “revenge porn” sites. It’s probably time that I explain why.((I mean, aside from the fact that it’s funny to reveal that a guy who was a professional pigeon racer now runs a revenge porn site. Seriously, professional pigeon racer. That post goes up tomorrow.))
With few exceptions, the people operating these websites go to differing lengths to obscure who is running the site. There’s a reason for that. Their friends, family, significant others, and professional associates probably wouldn’t be as supportive if they knew about their hobby of humiliation for profit. So, too, would victims, lawyers, occasionally law enforcement, and the John Q. Public like to know who runs these sites, and why they run them: is it because they’re embarrassed, because they fear lawsuits, or because they’re engaging in outright extortion?
And I would like to know, too. While there’s a debate to be had about the First Amendment implications of revenge porn, one thing is certain: more speech criticizing these sites, their practices, and their owners is protected. Exposing and criticizing owners pressures them to end their practice, deters others from starting sites, and guides law enforcement, lawyers, and victims in locating the owners.
Thus far, I’ve written about IsAnybodyDown’s Craig Brittain, Texxxan’s Hunter Taylor, YouGotPosted’s Kevin Bollaert, and WinByState’s Casey Meyering. One of these sites shut down voluntarily, two others after being sued, and two of these owners are facing extortion charges. While I would like to claim credit for taking these sites down,((There is always someone with a skill and too much time on their hands. I happen to be one of those people.)) much heavier lifting has been done by the victims who raised awareness and pressure on law enforcement to act, the law enforcement officers who did act, and the lawyers who navigated new legal territory. Perhaps I’ve had no impact at all.
Nonetheless, I believe that public pressure — more speech — works. One site, AnonIB.com, shuttered last week after its ownership was purportedly revealed and, in its stead, issued a statement:
Apology to the girls who were posted on site against their will and especially those that had to donate to have their pictures removed. Its a warning to those that abuse others online. There are forces that work to track and expose them, and those forces WILL win in the end. There are plenty of girls and boys, women and men, who willingly want to be naked on the internet so post their pictures instead.
By my count, three dedicated revenge porn sites remain. I know who owns each of these sites and, often, the people who support them. They should and — if their sites remain online — will be criticized.
Tomorrow, another name gets added to the list.
Casey E. Meyering was arrested yesterday in Tulsa, Oklahoma in connection with his revenge porn site ‘WinByState’. Meyering faces five counts of extortion in California for requiring victims of his website to pay $250 to have nude photos removed from his website. Meyering utilized a website, “TakedownHammer.info,” to create the impression that money was being sent to an independent company, as opposed to the owner of the revenge porn site.
I exposed Meyering’s fraudulent practice in June. The Los Angeles Times reports that Meyering is resisting extradition to California. Per his arrest report, below, Meyering was found in a Tulsa hotel room and resisted arrest.
Meyering was previously known in Tulsa as the drummer of local band FM Pilots. Reached for comment, the band says:
None of us knew about his involvement in revenge porn. He was terminated for other reasons. This is all very big shock. He hasn’t been playing for quite some time.
Meyering is the second revenge porn site owner to face extortion charges in California. Kevin Bollaert, who operated YouGotPosted, was arrested on thirty-one felony counts in December and is awaiting trial. Revenge porn kingpin Hunter Moore was arrested on federal ‘hacking’ charges in January. Nobody, including Meyering, has been charged under California’s new revenge porn law, at least in part because the Communications Decency Act prohibits many state-level criminal charges against website owners.
Meyering’s arrest demonstrates that the California Attorney General’s office is serious about pursuing extortionate revenge porn site owners — Bollaert’s arrest was not a one-off. It also shows that California authorities are happy to travel across the country to seek out their targets.
A source familiar with Meyering told me over the summer:
He has seen your blog… and said any publicity is good publicity.
I guess not. Updates as this story develops. Meyering’s arrest report is below.
Hunter Moore, the so-called “revenge porn” progenitor, made his second court appearance on charges that he hired co-defendant Charles “Gary” Evens to access email accounts of five women in order to find and post their nude photos on his now-defunct website, IsAnyoneUp?
With his parents in tow, Moore was arraigned on and sheepishly plead not-guilty to fifteen counts of violations of 18 U.S.C. §§ 1030 (unauthorized access to a protected computer, popularly referred to as ‘hacking’), 18 U.S.C. § 1028A (aggravated identity theft), 18 U.S.C. § 371 (conspiracy), and 18 U.S.C. § 2 (aiding and abetting). His co-defendant, Charles Robert Evens, entered a not-guilty plea in January and was released on $60,000 bond.
In attendance at Moore’s arraignment was Dr. Charlotte Laws, widely credited with amassing the evidence and public pressure on law enforcement to act.
At his initial appearance in January, Moore was ordered to assist Federal agents in shutting down his online accounts and websites. Moore is prohibited from having access to the internet, a computer, or a cell phone. Moore was released from custody in January after posting a $100,000 unsecured appearance bond — that is, he and his parents have agreed to pay the government $100,000 if Moore skips town.
After the hearing, I waited outside for Moore, along with a camera crew from Inside Edition. When Moore spotted us, he sprinted away, holding his backwards hat down, while his lawyer laughed.
Who is Charlie “Gary” Evens?
Little is known about Moore’s co-defendant, Charlie Evens. What is known paints a picture that contrasts greatly with Moore. Where Moore welcomed his status as an internet villain, Evens is a more sympathetic defendant — although that’s not difficult.
A resident of the Los Angeles area and 2006 graduate of Notre Dame High School, he was a “skipper” on Disneyland’s jungle cruise ride before working for Deluxe Entertainment Studios as a Digital Asset Manager. On the side, Evens produced and hosted a short-lived live comedy show (the creatively-named “Charlies’ Comedy Show“) featuring moderately well-known comedians.
Evens was convicted of driving under the influence in 2012 and remains on probation.
In May 2012, the Village Voice described in detail allegations that a “Gary Jones” was using social engineering tactics to access email accounts, and that Hunter Moore would post nude photos from those accounts. “Gary,” in a moment of empathy and self-pity, apologized to one victim and told her that he had just been arrested for his “3rd DUI” and was struggling with sobriety. The email address disclosed in the Village Voice article appears to match that in the indictment against Moore and Evens.
Moore, responding to allegations that the sources of his nude catalog were more than just spurned ex-lovers, told the Village Voice:
“I’ve had tons of hackers give me shit,” he told me over the phone, insisting that Section 230 of the Communications Decency Act of 1996, the same federal law that has shielded his site from prosecution all along, absolves him of legal responsibility. [...] “It always comes back on the hacker. I’m not gonna lie. I’ve paid people for content. I don’t give a fuck. You can say that. If I’ve paid for content, they have to submit the same [way] as the user. It would all fall back on the user.”
The law Moore cited in his armchair lawyering, Section 230 of the Communications Decency Act, generally protects websites and their owners from liability for content submitted by users. However, Section 230 is expressly inapplicable to Federal criminal law, and is not a license-by-virtue-of-website to commit any criminal act under the sun.
The trial of Evens is scheduled to begin on March 25 before the Hon. Dolly M. Gee. There was some confusion over the date of Moore’s trial, but was tentatively set for April 8. I plan to attend and report from the trial. Moore has retained Robert M. Holley and Evens is represented by a Federal public defender. The public documents in the case are available here and here.
According to this report from TIME Magazine’s Jessica K. Roy (who previously worked the revenge porn beat for Betabeat), revenge porn kingpin Hunter Moore has been indicted in connection with Federal hacking charges. The indictment reportedly includes 15 counts and also charges an alleged associate of Moore (Charles Evans), is reportedly in the Federal District Court for the Central District of California, in Los Angeles. (I live a few blocks from the courthouse, so I’ll be attending any hearings in the matter.)
Moore has long been the subject of an FBI investigation concerning his hacking. In previous tweets to me, Moore claimed to have been raided “6 times” in a since-deleted tweet.
The Los Angeles courthouse may be unfamiliar to Moore, but he’s previously been held in contempt by a judge there in a civil case, and owes over $300,000 in default judgments relating to his online activity.
Moore’s indictment is not yet on PACER, the public access website for federal court filings.
Update: The indictment (below) alleges that Moore told Evens, who he knew to be accessing e-mail accounts (without authorization of the owner) to acquire nude photos, to “hack more” and “hack all week for me.” Moore then paid Evens via PayPal and wire transfers, ostensibly for the photos.
The New York Times has a piece out this morning involving China’s Great Firewall, China’s instrument of controlling the online content available to its citizens, that, if true, would be hysterical. The article begins:
In one of the more bizarre twists in recent Internet memory, much of the Internet traffic in China was redirected to a small, 1,700-square-foot house in Cheyenne, Wyo., on Tuesday. [...]
[Domain name servers associated with China's Internet], which act as a switchboard for Internet traffic behind China’s Great Firewall, routed traffic from some of China’s most popular sites, including Baidu and Sina, to a block of Internet addresses registered to Sophidea Incorporated, a mysterious company housed on a residential street in Cheyenne, Wyo.
The Times provides a picture of the quaint cottage where a substantial portion of the world’s internet traffic was apparently misdirected, and describes past reports into this mysterious collection of mailboxes and corporate registrations.
And, of course, the Times‘ report took off, repeated by Slate, the Washington Post, Gizmodo, the Daily Dot, so on and so forth. It’s a funny story that lets us mock the incompetence of China’s censorship techs.
But the Times’ report conflates a physical mailing address with an internet network address. An IP address (or block of IPs, rather) is registered to a corporation. The registration (which can be found by searching a WHOIS database, such as ARIN) reports the registrant’s mailing address, not the physical location of the computer associated with the IP(s). While Sophidea, Inc. might register a block of IP addresses, the associated servers may be anywhere in the world, far from Sophidea’s corporate headquarters or, as here, mysterious post office box.
Sophidea, Inc., also provided the Wyoming Secretary of State with a mailing address elsewhere in Cheyenne, this one a small office building also used for designations of corporate agents. (A designated agent is a person or corporation which will accept legal paperwork on behalf of a corporation, so that the true owners don’t have to establish an office or, for the benefits of privacy, reveal who runs the business.).
But reporting that China accidentally sent its internet traffic to a small office building (which also didn’t happen, to be clear) doesn’t provide the same amount of bemusement as imagining that China’s internet traffic was sent to a house.
So where did China’s internet traffic really go? It’s impossible to know without knowing which specific IP addresses were the recipients of the traffic. However, taking the IP addresses from the range of IPs registered to Sophidea, Inc. (e.g., 126.96.36.199), and running a visual traceroute suggests that the final destination was somewhere in Asia, as the trace times out in Malaysia. Of course, my skills in this arena are rudimentary at best, and I invite more informed minds to offer their own analyses.
But I’m confident that the traffic never got anywhere near Wyoming.
Update, Jan. 23, 2014: Two quick updates:
1) The Atlantic and Colorado Independent have joined in countering the Times story. The Independent reached out to the upstream provider for (or, rather, apparent host of) Sophidea’s servers. An anonymous employee with Hurricane Electric confirmed that Sophidea’s servers are not in Wyoming (or, for that matter, Asia, contradicting my own post-hoc research), but are, rather, in California. Barring any unreported configurations of Sophidea’s servers, that forecloses the possibility that China’s data was redirected to Wyoming. (The Independent‘s report also correctly notes that the Times, The Atlantic and I missed the fact that the address of Sophidea’s IP registration had changed and was not simply in addition to the quaint little house in Cheyenne.)
2) The Times‘ original story was briefly ‘corrected’ to note that:
“An earlier version of this post misstated where Chinese Internet traffic was redirected. It was redirected to a building in Cheyenne, Wyo., not a house.”
Of course, that correction was also erroneous: the data was not sent to Wyoming at all, much less a specific house or office building.
The original post has now been replaced with a lengthier story that ran on the front page of the Times this morning. The new iteration is better, focusing on the mysterious circumstances of the enormous hiccup in China’s internet traffic and the (understandably) private Sophidea.
The new post provides this blithe correction to yesterday’s misleading report:
An earlier version of this post misstated where Chinese Internet traffic was redirected. The physical location of the servers receiving the traffic is not clear.
So, a correction to a correction. Of course, yesterday’s report elided this critical fact. China’s Internet was not redirected to a house in Wyoming, to an office in Wyoming, or to Wyoming at all. Yet, Times cybersecurity reporter Nicole Perlroth is sticking to her guns, contradicting the Independent‘s source (a Hurricane Electric employee who stated that the servers were in California) with this gem:
— Nicole Perlroth (@nicoleperlroth) January 23, 2014
Nonsense. A proxy server shields the identity of the sender of traffic (e.g., a computer in China), but generally doesn’t shield the identity of the recipient of the data. Moreover, if the location of the IP address couldn’t be known (because proxy!), why did the Times report that the data was going to Wyoming?
Update II (Jan. 23, 2014): The Washington Post has a more precise report, which provides the actual IP: 188.8.131.52. Running a traceroute on this IP confirms that the server is in California (and operated by Dynamic Internet Technology in a Hurricane Electric datacenter), corroborating the Independent‘s source.
In a series of moves unbecoming of an institution of higher learning, Yale this month effectively shuttered a student-designed website that allowed students to consider course evaluations when selecting their courses.
A Yale student named Sean Haufler (more on him below) writes:
In January 2012, two Yale students named Harry Yu and Peter Xu built a replacement to Yale’s official course selection website. They it called YBB+ (Yale Bluebook Plus), a “plus” version of the Yale-owned site, called Yale Bluebook. YBB+ offered different functionality from the official site, allowing students to sort courses by average rating and workload. The official Yale Bluebook, rather, showed a visual graph of the distribution of student ratings as well as a list of written student reviews. YBB+ offered a more lightweight user interface and facilitated easier comparison of course statistics. Students loved it. A significant portion of the student body started using it.
After two years, Yale decided it no longer liked the innovative website and abruptly blocked access to it during course registration. Students were instead greeted with this screen:
Ares Rights, An Unproductive Exercise In Censorship By DMCA
In June, I wrote about Ares Rights, a Spanish firm being used by Ecuador’s government to censor dissidents by way of meritless copyright claims. Their technique is as unproductive as it is reckless: Ares Rights issues a DMCA takedown notice — utilizing an American law — targeting material that is clearly a fair use of insubstantial content created by (or related to) state-sponsored media outlets. The offending material is briefly taken offline and then made public again once the targeted dissident (and the host of the material) catches on. It’s hard to divine what goal Ares Rights (and Ecuador) think this abuse serves, leaving only the conclusion that the practice serves only to harass dissidents.
Ares Rights’ DMCA notices have targeted (among other things) Rosie Gray’s reporting on Ecuador’s spy program for Buzzfeed, a documentary critical of Ecuadorian president Rafael Correa, and photoshops accusing the father of Ecuador’s vice president of rape. ((That’s not to cherry-pick a few questionable DMCA notices from the known Ares Rights claims: I can’t find even a single reasonably legitimate copyright claims pursued by Ares Rights on behalf of Ecuador or another South American state.)) What limited success Ares Rights has achieved has been erased, and then some, as two of Ecuador’s newspapers (El Comercio and El Universo) have since criticized the practice.
The Bigger They Are, The Dumber It Is To Hit Them: Ares Meets Chevron
Now, Ares Rights is reportedly targeting Chevron ((Yes, the multinational oil conglomerate worth twice as much as the GDP of most South American nations, including Ecuador.)) over videos critical of an Ecuadorian judge’s 2011 ruling that Chevron was liable for $9 billion in damages resulting from rainforest pollution. Chevron has contested that ruling in a New York lawsuit, claiming (among other things) that the American plaintiff’s attorney who pursued the case blackmailed the Ecuadorian judge.
In the court of public opinion, Chevron has pursued a comparably aggressive approach, launching “The Amazon Post“, a blog documenting in some detail the American case and coverage of it. The corporation also provided videos on its YouTube account, “TexacoEcuador“.
According to a post on its “Amazon Post” blog, Chevron notes that readers “may have noticed that our videos on The Amazon Post are currently down” (well, no: the videos generally don’t have too many views, which makes the takedown even more dumbfounding, because now they will get more views). Chevron says that their videos were removed from YouTube at the behest of a complaint from Ares Rights in “late November.”
The notice on the dispatched YouTube videos indicates that they were removed “due to a copyright claim by Filmin”, likely referring to Spanish movie website filmin.es, a corporation Ares Rights apparently has unknown involvement with. What content, exactly, filmin.es owns that was used in Chevron’s videos is unclear, and it’s possible — perhaps likely — that filmin.es doesn’t own any content at issue, and is simply being used as a vehicle to censor a critic of Ecuador.
If Ecuador Can Censor Chevron, It Can Censor You
Some may balk at the notion that we should be worried about Chevron’s YouTube videos, and may insist — perhaps rightly — that videos produced by Chevron to bolster its public relations should be taken with a hefty grain of salt. These aren’t relevant considerations. We value the ability to speak, not whether the speaker deserves to be heard or believed, irrespective of whether the speaker is a corporate behemoth or a lone pamphleteer heralding the imminent fracking doomsday. A government abusing the law — whether its own law or that of another country — to intimidate critics of any sort is a danger to critics of every sort.
Chevron, for its part, has something many critics of Ecuador don’t: the resources to make Ares Rights pay for its censorious transgressions by pursuing a §512(f) claim for their abusive tactics. Hopefully it will exercise them: it may not be a risk Chevron faces in the future, but it would sure draw more attention to the videos Ares Rights sought to memory-hole.
I’ve reached out to Chevron and filmin.es for comment. ((And sweet, sweet crude oil, which is probably a safer investment than BitCoins.)) I’ll update this post should I receive any further information.