Caitlin Dewey (c) 2014, The Washington Post. It’s a late entry, and a sad one, but the trove of stolen celebrity nudes that hit Reddit like a bomb over the weekend may just qualify as the Internet story of the summer. After all, it’s the perfect Internet scandal: sex, shadowy hackers and long-reigning Internet darling Jennifer Lawrence.
And yet, the ongoing incident — which the FBI has said it’s investigating — is far more than a tawdry tabloid story. It also raises profoundly important issues about technology, security, privacy and power in the digital age. There are practical implications, as well: The leak is inspiring many inhabitants of the “cloud” — a club that, in all likelihood, you belong to — to take a second look at their security settings. Let’s parse the key questions.
Q: What happened, in a nutshell?
A: On Sunday, a large cache of nude celebrity photos were uploaded to the anarchic message-board site 4Chan. It’s not entirely clear who uploaded the photos, or how many people were involved, but the images seem to have come from a loosely affiliated network of undeniably creepy dudes.
From 4Chan, the photos spread to Reddit. From Reddit, they moved to the rest of the Internet. Celebrities including Jennifer Lawrence and Kate Upton have since confirmed that some of the photos are genuine. Which has left law enforcement, security experts and site moderators pondering what, exactly, they should do.
Q: Who did it?
A: We don’t know for sure. But on 4Chan, where this whole mess started, users refer repeatedly to a long-running network of celebrity-hackers, collectors and sellers. One post refers to it as an “underground celeb n00d-trading ring.” (“N00d” being the favored message-board slang for “nude.”)
The ring wasn’t organized — little of 4Chan is. But essentially, it appears the site hosted a kind of shady, loosely organized black market for celebrity photos. Some people would try to sell them; some would try to swap or buy; many amassed large collections that they bragged about when news of this particular cache broke.
Q: How did they get the images?
A: No one has a conclusive answer. While a handful of hackers on 4Chan bragged about exploiting a previously unknown flaw in Apple’s iCloud, the feature that syncs photos, contacts and music among a user’s Apple devices, Apple released a statement Tuesday evening that said iCloud was not to blame.
Instead, it seems more likely that hackers could have tricked the celebs into giving up their passwords by posing as, say, someone from Apple support who needed credentials for site maintenance. (This little trick is called phishing.) They also could have gained access to the celebrities’ email accounts by resetting the passwords; often, passwords can be reset with the answers to a few simple and easily researched questions, such as the account-holder’s mother’s name or the street where she grew up.
Q: Who else is vulnerable?
A: To be blunt, just about everyone. Even if you don’t take nude photos (which as many as half of Americans say they do), and even if you don’t use iCloud, you probably store profound amounts of personal data on your phone, in your e-mail, and on your social accounts.
This data appears to be private, particularly when it’s just, say, sitting on your iPhone’s camera roll. But this data doesn’t just live on your phone. It also lives in “the cloud,” a fluffy euphemism for distant corporate servers. Even when companies hire armies of programmers to keep that data secure, it’s still theoretically available to someone: the company itself, or the government, or a particularly crafty hacker.
Q: How can you protect yourself?
A: When it comes to this specific iCloud issue, Apple recommends two main things. No. 1: Use a strong, unique password that you do not also use on another account. (“Strong,” in this case, means including upper and lowercase letters, numbers and punctuation, avoiding idioms and personal information, and making the password long — at least 14 characters.)
Recommendation No. 2: Turn on two-factor authentication, a setting that forces users logging on to iCloud from new devices to enter not only a password to access the account, but also a temporary code sent to your phone. It basically means that no one will be able to access your iCloud without your phone.
Q: What is 4Chan?
A: Essentially, the site is a long-running forum that operates without the rules, standards or moderators common on other social sites. Users can post or say almost anything: a premise that, unsurprisingly, has led to some pretty distasteful things.
4Chan is, for instance, the birthplace of “pranks” like the thigh gap and #cuttingforbieber, which public health experts have accused of threatening vulnerable teens. Several of its users have been busted for trading child porn. None of that has diminished the so-called Wild West of the Web, however. It draws a monthly audience of roughly 20 million and has logged a whopping 1.6 billion posts since 2003.
Q: What does all this say about gender and the Internet?
A: It’s no coincidence that the nude photos overwhelmingly depict women, not men. And it’s also no coincidence that this (entirely nonconsensual) leak is so much buzzier than, say, the latest celebrity spread in Playboy. In short, when a woman chooses to take nude pictures, she owns her sexuality — but when those photos are taken, or taken from her, by force, then the viewer owns it. It’s humiliating. It’s victimizing. And it’s also very permanent — a photo, once leaked, cannot easily be taken back.
All this sends a clear message to women, writes the noted feminist scholar Roxane Gay: No matter who you are or what you accomplish, “your bared body can always be used as a weapon against you. Your bared body can always be used to shame and humiliate you.”
Whatever the trolls of 4Chan say, nothing is ever just “for the lulz.”