This weekend, I warned of the serious danger of jumping to the wrong conclusions if the Ashley Madison user database ever becomes public, and how – because the site doesn’t properly authenticate email addresses – any such data doesn’t prove anything.
I was shocked when Graham told me that my article had been picked up by British newspaper Daily Mirror.
But there have been other developments…
A call from an Ashley Madison user
I woke up sunday morning, and received an SMS in Norwegian, shortly after breakfast. Here is my simple translation:
“Dear Per Thorsheim! Thank you for your post at grahamcluley.com. I am one of those affected by the things you wrote about, and I feel bad. We need more like you out there to adjust the perspective.”
Since then, I have exchanged many messages with this gentleman, and we have even spoken on the phone.
I don’t know his name, but he is in his fifties, has kids and is married. Not long ago, during a hard period in his life, he created an account on the Ashley Madison site.
He says he looked around, and engaged in a little “dirty chat” with some women.
But he never met anyone. He says some people drink or finds other ways to vent their frustrations in life. To him flirting on the Ashley Madison website became a short escape from reality.
He regretted his actions, he told his wife, he was forgiven and life and marriage goes on.
But now he is afraid of the leaked data eventually being released publicly, because his kids, neighbours, colleagues and others may not understand his situation at all.
Stories of suicide
I came across an American news website that published a fake story about a man committing suicide in the aftermath of the Ashley Madison security breach. They even quoted the alleged suicide note which claimed the man’s death was a direct consequence of the hack.
Why a website, purporting to contain legitimate news, would run a fake story about a man committing suicide after the Ashley Madison breach is beyond my understanding.
What I do know though, is that the press here in my home country of Norway are very careful around use of the word “suicide”. There is a danger that if we talk about such personal tragedies in such detail in the press, that others may follow.
What the howling wolves doesn’t seem to understand is what they are doing is online bullying. The kind of bullying that clearly can cause such personal tragedies.
“If they are cheating, they deserve it” the wolves reply.
While I totally disagree with that argument, let me add that their kids do not deserve to lose a parent. Their family doesn’t deserve to lose a loved one. And that also applies to friends, colleagues, neighbors and others.
If you are found to have bullied somebody into suicide however… I believe you deserve jailtime for that.
Was Ashley Madison extorting money from users?
Many articles – including the one that The Intercept published – have mentioned that Ashley Madison demands money to have accounts deleted, and have described the practice as “extortion”.
(I’m pleased to hear that Ashley Madison is now allowing users to delete their accounts for free).
I have my own experiences of what some may consider extortion.
For instance, once, at a nightclub in Berlin, I was given a small card at the entrance. The waiters would cut small marks into the card when I ordered beer and drinks, and when I left the club they counted the marks and gave me the bill.
What would happen if I lost the card? I would have to pay the maximum price before I was allowed to leave. I remember considering that as “a funny way to commit extortion”.
Another time, I acquired a free SSL certificate from one of the many certificate authorities out there. Did I read the EULA for that? Of course not! Silly me…
Because if I had I would have seen that I ever wanted or needed to revoke the certificate because my site and certificate became compromised, I would have to pay money to have it revoked. I wonder if The Intercept would consider that extortion as well?
The definition of extortion as far as I can see says that it is a criminal offence. Yet the three examples given above are all still legal as far as I know.
So don’t beat Ashley Madison up for asking for money to have accounts deleted – you may not approve of that business practice, but users should really have read the EULA when they created their accounts in the first place.
What Ashley Madison did wrong was to to make it way too easy for people to create fake accounts using other peoples names, pictures and email addresses.
Raise your hand if you always read the EULA before signing up for a service or product, and I’ll gift-wrap and send you a stone, so that you can throw the first one.Further reading:
- Ashley Madison's leaked database available for download - read this first
- Ashley Madison blackmailers now sending threats via US postal system
- Here's what an Ashley Madison blackmail letter looks like
- Now it's Ashley Madison wives who are receiving blackmail letters
- 'Bring me the head of the AC/DC-loving Ashley Madison hacker'
- Suicide and Ashley Madison
- Ashley Madison: Betting site offers odds on who will be exposed
- 'Yes. I was a member of the Ashley Madison website. But I wasn’t there to cheat on anyone'
- Ashley Madison hack could expose 37 million 'cheating dirtbags'
- No Ashley Madison, you weren't burgled by terrorists
- Ashley Madison users warned of password risk
- Cracked Ashley Madison passwords consistent with years of poor security
- Post-hack, Ashley Madison offers members full and free account deletion
- Don't judge Ashley Madison users too quickly, their accounts may be fake
- Just who is joining the Ashley Madison website?
- Fembots land Ashley Madison in hot water with the FTC
- Ashley Madison's marketing department clearly didn't get the memo
- Ashley Madison: Further thoughts on its aftermath
- Ashley Madison hack claims another victim: Its CEO
- Ashley Madison slammed with $1.6 million fine for devastating data breach