April 7, 2015

Anonymity not guaranteed on UChicago Crushes and Secrets

A recent change to the AnonyMonkey submissions platform for the popular UChicago Crushes and Secrets pages has left students concerned that their IP addresses and Facebook user IDs are being tracked. The changes came after a spam attack on the Crushes and Secrets pages paralyzed them both.

About a month ago, AnonyMonkey started requiring all submitters to log into the AnonyMonkey app with their Facebook profiles to submit posts on the pages using its app, which include UChicago Crushes and Secrets. AnonyMonkey is a submissions portal that is used to moderate posts on Facebook pages. Previously, users could submit posts without logging into anything.

This change was quickly posted on the popular Facebook group Overheard at UChicago. The post claimed that UChicago Crushes and Secrets were now not fully anonymous, as AnonyMonkey could be storing Facebook user IDs, access tokens, or IP addresses. IP addresses are unique identifiers for devices on the Internet, though they cannot be linked to individual people. Facebook access tokens are unique strings of characters that allow an app to identify individual users. Facebook user IDs are unique strings of characters that appear at the end of the URL of a user’s public profile.

Zihan Xu, the creator of AnonyMonkey, said that the app does not actually allow human access to posters’ personal information. “We purposefully avoid asking them to do that,” he said.

Second-year Connor Soltas, who has worked professionally in front-end coding over the past two summers, says it’s possible that AnonyMonkey has set up their service in a way that no human would have access to any personal information even if the computer system gains access to it, but that there’s no way to prove this. “They actually create the objects that would be necessary to store it,” Soltas said. “If AnonyMonkey records Facebook user IDs…then the AnonyMonkey platform obviously has access to that information. But it would definitely be possible to design a platform that makes use of those IDs, say to send notifications, without ever revealing them to humans,” he said.

It seems, however, that while by default AnonyMonkey does not report posters’ personal information, it’s possible for the app to do so. A former editor of UChicago Secrets who wished to remain anonymous showed The Maroon a Facebook chat from one of Secrets’ editors in which the editors were discussing how to discover who had sent several personally threatening submissions to the page. One of the editors wrote: “I know the guy that owns the submission form website. He says he can’t track who submitted them retroactively. But he’s saving the logs.”

When asked about this, the quoted editor wrote in an e-mail, “Web applications normally have the ability to log the IP addresses of anyone who connects to them—whoever submits a post, in this case—but don’t for a variety of reasons: the actual text file can get quite big, etc. In this case I imagine that they turned on some ‘save connection log’ feature so as to see if we could identify the person.” It is impossible to know how often AnonyMonkey turns on this feature.

Xu said the only reason that the Facebook verification system was added to AnonyMonkey was because someone had spammed UChicago Crushes and Secrets with thousands of submissions over the course of a weekend. In order to stop this bot, Xu said he put in a Facebook verification requirement.

While instituting a required Facebook login rather than using less intrusive methods such as a reCAPTCHA may seem somewhat heavy-handed, Soltas believes that there is likely no malicious intent behind the changes. “It doesn’t seem like any of the protocols that they have introduced to prevent spamming are intentionally against students’ interest as much as quick and dirty solutions to problems a lot of third-party Facebook add-on applications would be facing,” he said. “It seems like it was done in good faith after someone spammed them with thousands and thousands of posts that makes for a terrible user experience on the part of the page manager when they have to say ‘reject, reject, reject’ to every single spam post.”

Xu admitted that, as an Internet app, AnonyMonkey cannot be fully anonymous. “Here’s the thing with anonymity—nothing’s anonymous in cyberspace. Even Yik Yak claims to be fully anonymous [and] actually tracks individuals’ device IDs…. I really want to create this. It’s not an anonymous space, but a more comfortable space, because when we think about this, when people talk on Yik Yak and people are talking on Secrets and Crushes, people really just try to find a comfortable space where they can express themselves. I don’t think people care about being anonymous that much, but being comfortable, and anonymous is really a medium to help them express themselves. That’s what we’re trying to do.”

This article will be followed on April 10 by a second investigative piece covering spam attacks on UChicago Crushes and Secrets. Additional reporting by Forrest Sill and Katherine Vega.