Knotty_Curls said:
lol

Surprise Surprise, they did!

Also, why the hell do so many people have incorrect emails attached to their accounts? Don't use an email address that you plan on killing immediately, use one you can actually keep running just in case you need to reset your password for something (Not necessarily them forcing you to, but something you realize makes it a good idea).

Personally, I don't like Furry Network, and I hope these guys start realizing that InkBunny isn't only for Cub and go there, but I'll still make an account there to follow a few. I rather dislike the Tumblr layout--I use tumblr for tumblr man!

Furrin_Gok said:
Surprise Surprise, they did!

Also, why the hell do so many people have incorrect emails attached to their accounts? Don't use an email address that you plan on killing immediately, use one you can actually keep running just in case you need to reset your password for something (Not necessarily them forcing you to, but something you realize makes it a good idea).

Personally, I don't like Furry Network, and I hope these guys start realizing that InkBunny isn't only for Cub and go there, but I'll still make an account there to follow a few. I rather dislike the Tumblr layout--I use tumblr for tumblr man!

probably inactive rather than incorrect emails in some cases. like with kitsuneyoukai and xennos i linked to, they had old emails they hardly use or remember the necessary info for anymore. and for anyone who uses yahoo...why? if you don't use it often, yahoo will delete your email. then you'd be doing a recovery process for that on top of this password change for FA or setting up a new email (hopefully somewhere like gmail where they won't delete it for inactivity).

treos said:
probably inactive rather than incorrect emails in some cases. like with kitsuneyoukai and xennos i linked to, they had old emails they hardly use or remember the necessary info for anymore. and for anyone who uses yahoo...why? if you don't use it often, yahoo will delete your email. then you'd be doing a recovery process for that on top of this password change for FA or setting up a new email (hopefully somewhere like gmail where they won't delete it for inactivity).

That is why I use Thunderbird, the program will pull all emails of all providers into a central hub, thus keeping any account active.

Furrin_Gok said:
Also, why the hell do so many people have incorrect emails attached to their accounts? Don't use an email address that you plan on killing immediately, use one you can actually keep running just in case you need to reset your password for something (Not necessarily them forcing you to, but something you realize makes it a good idea).

Lots of people's accounts are really old, people forget that accounts are linked to email addresses that they no longer use.

Also I think their site broke something, so yeah, I like how you can't use a current password to change the theme to the beta theme and have it tell you the current password is invalid. Lol oh really, FA? I changed it twice in less than 24 hours, the fact I can log off and on with ease tells me that the password is anything but invalid. Nice going, FA.

Kind of silly that all that they did change mostly was putting in that stupid CAPTCHA system. Really pitiful. How is that going to protect them from future attacks?

RubisDrake said:
Kind of silly that all that they did change mostly was putting in that stupid CAPTCHA system. Really pitiful. How is that going to protect them from future attacks?

That's actually an interesting question: how do CAPTCHA systems work? I can understand that bots cannot go through, because it's an image or something like that, but your question does bring it to my curiosity.

Siral_Exan said:
That's actually an interesting question: how do CAPTCHA systems work? I can understand that bots cannot go through, because it's an image or something like that, but your question does bring it to my curiosity.

They are designed to rate limit requests by forcing the user to solve a problem a machine cannot solve, or cannot solve quickly or accurately. At best it offers a rate limit for how fast you can try to log in, but underlying rate limits per ip/session or internal to the user limits are just as effective, but less disruptive to users.

Is there really no way to blacklist certain images or artists on FA...?

KiraNoot said:
They are designed to rate limit requests by forcing the user to solve a problem a machine cannot solve, or cannot solve quickly or accurately. At best it offers a rate limit for how fast you can try to log in, but underlying rate limits per ip/session or internal to the user limits are just as effective, but less disruptive to users.

People who use bots often use multiples at the same time, so throwing a weak captcha (I hate when they throw in the heavily distorted ones, and then require you to also figure out if letters like X are upper case or lowercase) on top of a rate limit per ip/session really reduces the quantity.

Siral_Exan said:
Is there really no way to blacklist certain images or artists on FA...?

Nope. You need to use an extension to add that feature.

Siral_Exan said:
Is there really no way to blacklist certain images or artists on FA...?

o_O seems part of your post got cut out. strange, not the first time i've seen this happen.

I've also had problems where links sometimes cut the message at the https part, but I can't seem to make it trigger...

Blind_Guardian said:
Nope. You need to use an extension to add that feature.

I have never seen a website of its size that is so archaic.

Siral_Exan said:
I've also had problems where links sometimes cut the message at the https part, but I can't seem to make it trigger...

that happens without fail when i quote someone who put a link in their post as plain text instead of using the "text here":link here DText.

o_O seems to be working fine when i paste a link myself but it always cuts the post off after the : when i quote such a post. or it did...strange.

treos said:
that happens without fail when i quote someone who put a link in their post as plain text instead of using the "text here":link here DText.

o_O seems to be working fine when i paste a link myself but it always cuts the post off after the : when i quote such a post. or it did...strange.

Aye. I thought it'd be for all links, but since I only edit in links with "*":, to make them shorter, I thought it "fixed" the problem when I tried it.

Has this been a known problem?

Yes, it is known.

Truly a date which will live in infamy.

Fenrick said:
Truly a date which will live in infamy.

Years from now, people will say "Where were you when FA got hacked?"

We'll respond with "On e621."

And a third artist has been claimed by the hack. Blankie has moved, at least they told us where so their followers can still see their art.

I don't think I've been gender-neutral enough in that, so: their hair, with the bear they're wearing, looks absolutely amazing! There, I said it...

Siral_Exan said:
And a third artist has been claimed by the hack. Blankie has moved, at least they told us where so their followers can still see their art.

I don't think I've been gender-neutral enough in that, so: their hair, with the bear they're wearing, looks absolutely amazing! There, I said it...

KitsuneYoukai lost it too.

Important information about the FurAffinity leak

All emails on all accounts before the FA hack have been made public in the TOR network. This also includes information of what password was used and to which account those belong.

The bad news: You need to change everything.

The good news: You can use this information to gain access to your lost account since you can just check what stupid email you used on yours.

That is all.

NotMeNotYou said:

Important information about the FurAffinity leak

All emails on all accounts before the FA hack have been made public in the TOR network. This also includes information of what password was used and to which account those belong.

The bad news: You need to change everything.

The good news: You can use this information to gain access to your lost account since you can just check what stupid email you used on yours.

That is all.

Damn, I hope whoever leaked these emails and initiated the attack gets publicly humiliated. That is all.

NotMeNotYou said:

Important information about the FurAffinity leak

All emails on all accounts before the FA hack have been made public in the TOR network. This also includes information of what password was used and to which account those belong.

The bad news: You need to change everything.

The good news: You can use this information to gain access to your lost account since you can just check what stupid email you used on yours.

That is all.

I can't get in to delete my FA account.

NotMeNotYou said:

Important information about the FurAffinity leak

All emails on all accounts before the FA hack have been made public in the TOR network. This also includes information of what password was used and to which account those belong.

The bad news: You need to change everything.

The good news: You can use this information to gain access to your lost account since you can just check what stupid email you used on yours.

That is all.

Glad I used a throwaway email who's only purpose is that account.

TruckNutz said:
I can't get in to delete my FA account.

Disabling your account wouldn't help and an outright deletion isn't possible either.

NotMeNotYou said:
Disabling your account wouldn't help and an outright deletion isn't possible either.

Anything else I may need to be aware of, other than changing passwords?

NotMeNotYou said:

Important information about the FurAffinity leak

All emails on all accounts before the FA hack have been made public in the TOR network. This also includes information of what password was used and to which account those belong.

The bad news: You need to change everything.

The good news: You can use this information to gain access to your lost account since you can just check what stupid email you used on yours.

That is all.

Glad I've never made a account, and refused to use that stupid site.

Siral_Exan said:
Anything else I may need to be aware of, other than changing passwords?

If you used the same password (or a similar one) for any similarly named accounts elsewhere, change those ones too. Heck, maybe set it to a new throw-away account if you're worried about spam getting into your current throwaway. (If that happens, I'll probably make a new throwaway email myself)

Strange thing is, my primary email is the one that gets all the spam, my throw-away has always been pretty clean.

Aeruginis said:
I have never seen a website of its size that is so archaic.

Some people seem to like rustic stuff...

D4rk said:
Some people seem to like rustic stuff...

Where websites are concerned, "rustic" is virtually never desirable. Basic, yes, at times (like e6). Rustic, no. There's a difference.

Aeruginis said:
Where websites are concerned, "rustic" is virtually never desirable. Basic, yes, at times (like e6). Rustic, no. There's a difference.

That was German humor.

I was pretty much forced to make an account there; I had a friend of mine commission some artwork from Ohmuu, there was a mix up, and she had to verify that my friend had permission to commission a character from one of my old fanfics.

The publication of private information doesn't really concern me. Anyone who knows anything about me can find the email I used there. The password I used for FA was like... 40 characters of letters and symbols? Outside of FA that password wouldn't do anyone much good.

NotMeNotYou said:
That was German humor.

o.O huh?

anywho, good thing i went and changed my password over there not long after it got out of read-only mode. lengthened it a bit too.

BismuthGalaxy said:
So... how long do you think until a new site usurps the sinking FA's place?

We're working hard on it.

Heard Trunchbull and Kabier recently made the switch

NotMeNotYou said:
We're working hard on it.

I'm not liking that site so far. I would really just prefer something like Inkbunny. Taking up the entire window for the gallery and sidebar just seems a bit much to me.

NotMeNotYou said:
We're working hard on it.

how does one view an artists full gallery and not just the popular/fresh filters? looking at braeburned's gallery and it won't show all the pics.

treos said:
how does one view an artists full gallery and not just the popular/fresh filters? looking at braeburned's gallery and it won't show all the pics.

Go into the "Fresh" filter and scroll down. "Fresh" is "Newest," it still shows the entire collection if you scroll down... The lack of pages is kind of a bad decision, though. I'm gonna look around a bit to see if there's an option to enable pages.

Furrin_Gok said:
Go into the "Fresh" filter and scroll down. "Fresh" is "Newest," it still shows the entire collection if you scroll down... The lack of pages is kind of a bad decision, though. I'm gonna look around a bit to see if there's an option to enable pages.

actually, turns out it was my fault. silly me, i forgot to change the rating from general to explicit.

Is it possible to change the browsing rating without logging in?. The 'character' field in the sign up area is making me think twice about just creating an id to browse..

I like the full width design, works well with tiling WMs and my tendency to favor half-width browser windows.

Do they have access to like real names or IP addresses or anything else?

Man fuck FA, fucking trash website. Wouldn't use it if so many artists only posted stuff on there

savageorange said:
Is it possible to change the browsing rating without logging in?. The 'character' field in the sign up area is making me think twice about just creating an id to browse..

I like the full width design, works well with tiling WMs and my tendency to favor half-width browser windows.

The character is the display name, and you can have multiple, separate characters (up to 6) on your account. It's mainly thought to be used as a replacement for multiple accounts, for example to have one for posting sfw art and another for NSFW, or a dedicated one for a comic series, or commissions, or something like that. Or even to make one for different characters someone has.

It looks like somebody got into my account and changed the email address it was registered to before they did the password resets. Now the guy that stole it is the only one that can use the recovery tool. Great fucking job FA!

wagen said:
It looks like somebody got into my account and changed the email address it was registered to before they did the password resets. Now the guy that stole it is the only one that can use the recovery tool. Great fucking job FA!

You would have gotten the initial password reset email if this were linked to the recent leak. Chances are you changed the email yourself and forgot about it. Check the last page where I made that post with the large red text, then follow the link to figure out which email is set on your account.

wagen said:
It looks like somebody got into my account and changed the email address it was registered to before they did the password resets. Now the guy that stole it is the only one that can use the recovery tool. Great fucking job FA!

NotMeNotYou said:
You would have gotten the initial password reset email if this were linked to the recent leak. Chances are you changed the email yourself and forgot about it. Check the last page where I made that post with the large red text, then follow the link to figure out which email is set on your account.

Considering they did a rollback before the password reset, that'd have to be it.

NotMeNotYou said:

Important information about the FurAffinity leak

All emails on all accounts before the FA hack have been made public in the TOR network. This also includes information of what password was used and to which account those belong.

The bad news: You need to change everything.

The good news: You can use this information to gain access to your lost account since you can just check what stupid email you used on yours.

That is all.

So what you're saying, is that they have the email used, and they also have the password, and they can link the two? fuck me.

Pendraggon said:
So what you're saying, is that they have the email used, and they also have the password, and they can link the two? fuck me.

The current email and the email you used to create your account, because for some reason they store both.

NotMeNotYou said:
The current email and the email you used to create your account, because for some reason they store both.

did they fucking encrypt their passwords and emails? I fucking hope it wasnt plaintext or some jazz like that.

Pendraggon said:
did they fucking encrypt their passwords and emails? I fucking hope it wasnt plaintext or some jazz like that.

Emails are plain text, the passwords are encrypted, but apparently only with something based on Sha-1, if FATransparency's source^{[1]] can be trusted on that.}

Pendraggon said:
So what you're saying, is that they have the email used, and they also have the password, and they can link the two? fuck me.

You may want to use different passwords in the future. I email myself riddles to hint at what each pass is for the different sites, if that's something you haven't considered but think would help

Pendraggon said:
did they fucking encrypt their passwords and emails? I fucking hope it wasnt plaintext or some jazz like that.

If I am to give you advice on passwords, use a "master passwords", quotes because in reality, it's an X that your passwords come from. Think of a game, a past event, a book, etc., and create passwords dependent on it. For instance, if you were to use Final Fantasy V, one password could be LennaChar2, because Lenna is the second character you get in the game, you can remind yourself with "who is your second character?". "What killed Gilgamesh" 's password would be GilgameshSD1, since Gilgamesh killed himself using Self Destruct (1 to replace !), etc.

In my case, I have an entire story that no one knows, 'cause it's not on paper. It'd be like using Furrin's riddle reminder, only without the riddle. I emphasis, however, that it should be something you'll easily remember, even while being vague. After all, nobody knows the difference between Excalibur and Excalipoor...

Siral_Exan said:
If I am to give you advice on passwords, use a "master passwords", quotes because in reality, it's an X that your passwords come from. Think of a game, a past event, a book, etc., and create passwords dependent on it. For instance, if you were to use Final Fantasy V, one password could be LennaChar2, because Lenna is the second character you get in the game, you can remind yourself with "who is your second character?". "What killed Gilgamesh" 's password would be GilgameshSD1, since Gilgamesh killed himself using Self Destruct (1 to replace !), etc.

That is the textbook definition for a dictionary bruteforce attack. To get around this problem you'd need to add some more symbols or numbers into random places to increase entropy and have it not be just standard words glued together.

If you want to keep that option you should at least consider using longer passwords, the recommendation would be something easy to remember with at least 20 characters, for example something like mentioned here.

Notme said...

I don't know what you mean by brute force attack. If you are talking about shooting in the dark to find passwords, then how would somebody find out when accounts (or at least the ones I made in the past) always lock out should you fail to input it too many times. Mind you, when I say that, duly note I mean past tense, back when I was young.

Siral_Exan said:
If I am to give you advice on passwords, use a "master passwords", quotes because in reality, it's an X that your passwords come from. Think of a game, a past event, a book, etc., and create passwords dependent on it. For instance, if you were to use Final Fantasy V, one password could be LennaChar2, because Lenna is the second character you get in the game, you can remind yourself with "who is your second character?". "What killed Gilgamesh" 's password would be GilgameshSD1, since Gilgamesh killed himself using Self Destruct (1 to replace !), etc.

In my case, I have an entire story that no one knows, 'cause it's not on paper. It'd be like using Furrin's riddle reminder, only without the riddle.

Actually, that's sort of what I meant by the riddles. I will tell myself "It's this letter" or "This number," for example, GilgameshSD1 would be the "Villain with a G and his end. Just remember: number instead of symbol"
How you phrase the hint/riddle is up to you, for the reason you stated:

I emphasis, however, that it should be something you'll easily remember, even while being vague. After all, nobody knows the difference between Excalibur and Excalipoor...

---

NotMeNotYou said:
That is the textbook definition for a dictionary bruteforce attack. To get around this problem you'd need to add some more symbols or numbers into random places to increase entropy and have it not be just standard words glued together.

If you want to keep that option you should at least consider using longer passwords, the recommendation would be something easy to remember with at least 20 characters, for example something like mentioned here.

Thing is, a computer will go through the whole lists of possible passwords, so a long, four-word password would take it a longer time, but if it's a human hacker making guesses, they would have a much easier time. If you want to make it harder on a computer, as well, just throw in a few more things. Lenna2Character-DrakeWind3 for example, throws in a hyphen (Could be an underscore instead) and has four words. It translates into "Lenna is the second character, and is connected to the Wind Drake, who happens to be the third vehicle."

(might be off topic, but~)
WELP, guess it was only a matter of time before the artists jumping ship from FA to FN started wining and complaining about the rules allowing explicit cubs...

https://support.furrynetwork.com/topics/870-remove-allowing-cub-pornography-on-the-website/#

SirBrownBear said:
(might be off topic, but~)
WELP, guess it was only a matter of time before the artists jumping ship from FA to FN started wining and complaining about the rules allowing explicit cubs...

https://support.furrynetwork.com/topics/870-remove-allowing-cub-pornography-on-the-website/#

Wow, I'm looking at the votes for the comments there. People who support banning it, whether through biases claims or through actual reasoning, get upvotes galore, and conversely, those who are against it get downvoted, even if they present good points.

Edit:

"AarkTheDragon" said:
I want FN to become a community that showcases everything that makes the Furry Fandom great, not another borderline dark-web fetish site like e621.

That was pretty much the last comment before the admins locked the thread. The guy had a pretty lengthy post that was well constructed and would have gotten an upvote from me, but with that, I'm not so sure it deserves it anymore.

The whole thing's just one big shit show, one that boils down to "I don't like this one fetish/theme in particular! I don't care if it's just as "bad" as gore, rape, snuff, etc, I don't like it, ban it! A few laws in a few countries say so, so it should be banned everywhere!"

Part of me see's FN caving under pressure and banning it. And if it does... eh :/ I probably won't bother with the site. Less because of the ban, and more the type of community that now inhabits the site. That brand of whiny, entitled, and ignorant furries is why I stay away from communities like FA, so if people are now just migrating/bandwagoning from FA to FN, it's just gonna be the same crap, but in another setting.

SirBrownBear said:
(might be off topic, but~)
WELP, guess it was only a matter of time before the artists jumping ship from FA to FN started wining and complaining about the rules allowing explicit cubs...

https://support.furrynetwork.com/topics/870-remove-allowing-cub-pornography-on-the-website/#

Ugh, that thread makes me feel like I should kill myself because I'm one of those who likes and draws explicit cub material (though I'm taking a break from such material) and those who defend explicit cub get bashed to the n'th degree.

But well, if newcomers cannot tolerate cub stuff yet the site allows it (because the newcomers are wussies and are too lazy/ignorant to use the blacklist), could they just make it so that newcomers and unregistered users would have 'cub explicit' already blacklisted by default similar to e6 where new users from certain countries would have 'young cub rating:e' already blacklisted?

I've gotta say, 'comfort' is ultimately a surprisingly strong argument. As a practical matter, people won't keep going back to a place they are not comfortable at, without significant incentive.
For example, I have a few people on my watchlist at IB, but otherwise, I don't browse IB, and I don't upload to IB, because I feel uncomfortable with the amount of cub content. I don't want to be associated with that and i don't, really, want to think about it.

Of course, comfort is also why every comment making good points that isn't 'on the right side' (eg. 'this is directly comparable to the banning of homosexual content') is being downvoted. But I just wanted to point out that the owners of a site do have to consider what will attract or repel people to their site (as well as -who- they in principle want to have there). I hope the larger question of 'If we do this, what will it result in long term?' is also considered.

(because frankly, what I see in that thread is largely short-term reactions, Lonewolf3432001's comment starting "Why? No, seriously, why? No one ever asks this question. They are either immediately yes or no and then get entrenched by motivated reasoning." near the end is a standout in that regard.)

Overall I think there is one thing there that definitely should be actioned: laws. If cub is illegal in X country, then it should be automatically hidden to a browser reporting its location as being in X country. With an option to enable it anyway, because some people like to live dangerously. But disabling it by default in cases where it is a genuine legal risk, is just sensible IMO. (EDIT: looks like MT had the same idea while I was writing this :)

savageorange said:
I've gotta say, 'comfort' is ultimately a surprisingly strong argument. As a practical matter, people won't keep going back to a place they are not comfortable at, without significant incentive.
For example, I have a few people on my watchlist at IB, but otherwise, I don't browse IB, and I don't upload to IB, because I feel uncomfortable with the amount of cub content. I don't want to be associated with that and i don't, really, want to think about it.

Of course, comfort is also why every comment making good points that isn't 'on the right side' (eg. 'this is directly comparable to the banning of homosexual content') is being downvoted. But I just wanted to point out that the owners of a site do have to consider what will attract or repel people to their site (as well as -who- they in principle want to have there). I hope the larger question of 'If we do this, what will it result in long term?' is also considered.

(because frankly, what I see in that thread is largely short-term reactions, Lonewolf3432001's comment starting "Why? No, seriously, why? No one ever asks this question. They are either immediately yes or no and then get entrenched by motivated reasoning." near the end is a standout in that regard.)

Overall I think there is one thing there that definitely should be actioned: laws. If cub is illegal in X country, then it should be automatically hidden to a browser reporting its location as being in X country. With an option to enable it anyway, because some people like to live dangerously. But disabling it by default in cases where it is a genuine legal risk, is just sensible IMO. (EDIT: looks like MT had the same idea while I was writing this :)

Furry Network is run by the Bad Dragon folks--same as eSix and F-List. They defend cub art saying "Cartoon art has been proven in the court of law to not apply to laws regarding real life pornography," thought they may just end up banning it anyways. I kind of hope they just implement the auto-blacklist feature.

They aren't the sort of folk to let people ignore the laws, though, if their banning of underaged users is any indication. It may just be a means of defending themselves, but if they give countries an option to ignore the autoblock, agents from those countries may target the site for a take down and sue the people responsible, so defending themselves by not supporting it would be understandable.

Furrin_Gok said:
Furry Network is run by the Bad Dragon folks--same as eSix and F-List. They defend cub art saying "Cartoon art has been proven in the court of law to not apply to laws regarding real life pornography,"

That's vague. In which countries/states/counties? I would be stunned if there's a precedent that is anything like universal (though of course I'm sure they have covered their ass WRT the particular location the servers are hosted in).

It may just be a means of defending themselves, but if they give countries an option to ignore the autoblock, agents from those countries may target the site for a take down and sue the people responsible, so defending themselves by not supporting it would be understandable.

Fair enough. In that case the name of the option would be 'use a proxy' ;)

savageorange said:
That's vague. In which countries/states/counties? I would be stunned if there's a precedent that is anything like universal (though of course I'm sure they have covered their ass WRT the particular location the servers are hosted in).

All I know is it's somewhere in the USA, and my memory may be incorrect at that.

NotMeNotYou said:
You would have gotten the initial password reset email if this were linked to the recent leak. Chances are you changed the email yourself and forgot about it. Check the last page where I made that post with the large red text, then follow the link to figure out which email is set on your account.

The link gives my most recent email as a completely different email to mine. I guess that means somebody completely unrelated to the attack had somehow changed it before the leak.

Have wider audience noticed that trouble tickets from the date of original password leak got released to public?

[Redacted]

Also there is a script for searching in tickets.
[Redacted]

Sweet mercy. :O

Kiira said:
Have wider audience noticed that trouble tickets from the date of original password leak got released to public?

[Redacted]

Also there is a script for searching in tickets.
[Redacted]

you're a god/goddess