Crying Fella: a students analysis on DeviantART’s deactivation system

Recently on DeviantART (dA), a series of events has happened that has caused a lot of people to lose their accounts from crackers and trolls though their deactivation system. Below is my thoughts on the whole situation.

Background – dA’s Deactivation system.

The system was developed in late 2009 to allow for users (called deviants on the site) to publicly remove themselves from the site. Many positive reasons were said for the implementation of this system, such as;

  • Allowing for deviants to move their account name,
  • Stop “attention whores” – a deviant who constantly looks for ways to get attention, the most common was to release a journal saying that “I’m leaving,” only to return the next week. This drama (or dArama as it is called on dA) has annoyed a lot of deviants in the past.
  • It allowed a quick way to discontinue with the site.

There are many others, and if you know of any, please comment below 🙂

The system removed all their artwork off dA servers, removed their front page, and allowed for that page to become unusable. It was made right from the beginning that this was final; this deviant could not reactivate his account ever again no matter the circumstances. It was also made apparent that there would be no exceptions to the rule. The system was made so that it explained to the deviant what they were doing.

While this didn’t come with great rejoice, it did help a lot of deviants between late 2009 till November 2010; mostly for people to discontinue with the site, but as well as to help change deviants usernames.

December 2010 – when the system failed.

In December 2010, an email was sent to users who were signed up with the sites newsletter, that their hired company, Silverpop Systems, Inc., was breached into and email address lists were copied. In this same weekend, Gauker also had their systems breached and lists of email addresses and passwords were copied. A lot of people were asking for people to change their passwords. At this time, it was not apparent to the Staff for this to happen.

A few days later, some deviants started new accounts proclaiming that their accounts had been compromised and deactivated by a cracker. In response, dA staff, such as chix0r (avatar name), whose role is the Director of Community Operations, to write a journal on this issue. This can be found here. On an official project undertaken by dA, deviant365, to change their passwords.

It was clear that they needed to fix something in the system. At this time dA desired to get work on a grace period to the system (originally 30 days, now 5 days.) that would allow more time for the actual deviants to explain their situation and stop this. This adjustment was implemented on the 6 Jan 2011. However, anyone who had their account compromised before that time will not get their accounts back.

On the 6 Jan, two very famous  deviants, bri-chan and GENZOMAN had their accounts compromised and deactivated. These accounts were saved from the new adjustment to the system. Bri-chan not only got her dA account compromised, but also her livejournal and hotmail account compromised too. The system isn’t perfect as GENZOMAN had lost his watchers in the process, and his email was also compromised.

For peoples information, deviant Fuhrer-Glasses did a journal where he updated who got hacked, the comments etc. this can be found here.

Recommendations to deviantART and to their deviants.

deviantART,

  • Giving back deviants accounts back which were compromised and deactivated before 6 Jan 2011 would be useless as there is no important data is no longer in the servers (data such as the deviant’s messages are still held there, but art files, descriptions and comments, favorites, journals and front page information are no longer stored in deviantART’s servers.) What dA has done since is given to the new deviants their subscriptions back, and sincere apologies.
  • dA needs to drastically rethink various security options. This may mean finding ways to get better passwords out of people, or to rethink the deactivation system. Deviants need to think if they would rather see a crying fella, or a recurring fortnight of a popular deviant to leave dA, only to return the next week.
  • This is a major issue, yes, but is being handled in my view quite well, what they need to do however is speed up this process, so that they can focus on other issues, such as Copyright and Etiquette, Fixing the site (maybe getting the reactor out?)

Deviants,

  • Deviants Need to make sure that they have a copy of all their work on their computer, or on their hard drive. You can download the works you don’t have saved somewhere else.
  • Deviants Need to make sure that their all their passwords are secure, not just on deviantART. I should note that what a lot of deviants including chix0r, have suggested http://howsecureismypassword.net/, which I highly don’t recommend. The site uses an  old algorithm that is rarely used to attack people with. This is better explained here. I would suggest http://www.passwordmeter.com/ which is what I use, or Microsoft Online Safety Password Checker.
  • Deviants can also follow what former senior SparkLum has said, by clicking here.
  • Deviants who do not understand the entire situation need to chill out for a while.

It is important that users in a whole understand how to be secure on the internet. This hopefully, will getting people to learn about how to be safe an secure on the internet as a whole.

Word count: 893 words.