Ask HN: Someone is harassing me online, using my personal info. What can I do?

[sumsuni]

Hi everyone,

I am the admin of a relatively large forum site, and recently had to ban one user. Without going too much into the details, the user got extremely heated and researched my personal information online, found my CV and also where I'm currently doing my PhD studies. He has also built a blog site recording all my personal info/phone numbers/family members, etc. and sending them to my supervisors with a request that I be terminated due to unethical behavior. As I'm currently in Germany, you can imagine how this might cause a lot of confusion with my superiors.

So my question is, is there anything I can do to stop this individual? I have some basic information about this guy which I can report to some authorities (list of IP addresses, email address) but as he's located in Egypt, I'm not sure there's any good that these will do. Really looking for some help in dealing with this matter, and talking to this guy directly will probably not solve anything (maybe even just make it worse since he'll think he's winning).

[jacquesm]

Problems like these can be extremely annoying and very hard to resolve. Beyond what lutusp already said (get a lawyer) you're facing an uphill battle because law enforcement in the country where your perpetrator is located (Egypt) will likely not assign a very high priority to resolving your issue.

I ban 100's of people daily on my own website and have run in on multiple occasions to people who love nothing more than to ruin other people's lives online from the relative shelter of online anonymity.

Worse still, authorities usually don't lift a finger (unless there is child pornography involved or the victim is a politician or a relative of one) and if they do move it is at a glacial pace.

If you know who he is then a letter from a lawyer might help, if you only know IP addresses and a general location then you are facing a long and hard battle.

Going back through your server log might help you to figure out more information about this person, maybe he's made multiple accounts, maybe one of his aliases shows up in google allowing you to figure out more about him. Any work you can do prior to hiring the lawyer will likely result in some acceleration or maybe even prompt resolution.

The only reason this works is because there is an information asymmetry between you and your attacker, he knows all there is to know about you and you know nothing to very little about him.

As for your superiors, if they would act on anonymous complaints sent over the internet rather than have a good laugh at it then you should probably explain that anybody with an axe to grind can attack anybody else on the net in this way for no particular reason.

Best of luck with all this.

[notahacker]

Surely German law enforcement can at least provide a crime reference number for what sounds like harassment, and enough token followup efforts to convince your supervisors that you're the victim here and the Wordpress.com team that they might wish to respond to your earlier takedown request. However limited they are in what they can actively do against harassment from overseas, it's got to be better than nothing.

I can't imagine a lawyer, billing hourly, being any more effective at persuading a probably mentally unhinged person apparently based in Egypt to shut up.

As for the Egyptian police, they're pretty busy silencing dissidents already...

[sumsuni]

Thanks for the advice. I have his original IPs, and then a second list of Proxy sites which he used to create fake accounts and also post abusive posts (I had IP-banned him). Presently, the forum is locked down to new registrations until I can find a way to stop this guy from coming back.

I don't have his physical address, so not sure how I could get a letter delivered. Perhaps some kind of tool exists to bait him into giving me his geo coordinates?

The supervisors are not too pleased with getting 10-15 emails this morning, with a PDF of my personal information and other harrassing information related to my work for the site, which takes place off-work.

[jacquesm]

One user of my website, a girl that one morning decided that it was very clever to undress on cam got a guy that kept on mailing her bosses, her family and so on. It caused no end of trouble. Your bosses are essentially blaming the victim, it's a real pity that understanding of these matters is limited until you are typically hit by it yourself.

The fact that they assign any value to this at all is certainly worrisome.

If you send me an email privately (jacques@mattheij.com) with what information you currently have on the guy then I may be able to give you a hand (no promises though).

[Throwaway823]

I run a large community as well, and had some similar issues. Occasionally threats work if you can convince them you're willing to take legal action, and you can scare them with evidence pointing to their name or IP address.

If that doesn't work, or they're based in Egypt which is going to make legal action difficult, you might be best off to ignore them completely. They're looking for a response. They want to see you upset, they want to see you in a panic, they want to see you begging them to stop, etc. If you ignore them, and never respond or talk again, they'll likely move on with their life. They're not going to maintain a blog on you forever, that takes time, and if they're getting nothing in return, they'll stop, although it might take weeks or months.

Now, work on preventing this in the first place. I had my community hosted on the same servers as my personal projects (small startup, didn't realize it was going to grow to the current size), and this allowed people to connect the dots to my name by looking up the server IP and related sites. I'm in the process of trying to separate my personal identity from my community, and to reduce the trail leading back to me. I can't recall how many people are banned from my community, but it's in the area of 5,000. I'm surprised I haven't had more personal attacks, but it's only a matter of time, so I'm trying to separate things before it occurs again. You might want to do the same if possible.

[jacquesm]

I actually did the exact opposite, I made sure that I'm very easy to connect to the community to deflect all attention from those doing the actual moderation. I'm also known as someone who will happily sue you for every penny you've got and I tend to win so the jerks and jackasses tend to tread a little more careful around me. I wished that extended to the users of the website though, who on occasion do very silly things and make themselves identifieable in many ways.

They don't usually realize the consequences (even if warned) until it is too late.

But as a website operator I'd always make sure to attach both my corporate and personal identity with the service.

Why appear like a scam when you're not?

[lutusp]

Because of the international aspect, people here aren't going to be able offer constructive help beyond sympathy. At risk of stating the obvious, you need to engage the services of a lawyer.

[dognotdog]

Posting this kind of info is probably at least against the TOS of whatever hosting he uses, and probably illegal in most countries. If you want it taken down quickly, the help of a good lawyer is probably needed. Chasing him and putting out fires is probably all you can do without venturing into illegal territory yourself.

[DanBC]

You are being stalked. Research the protections that stalkers need in your country - you might want to set up a website describing what's happening so you can point people to it. Include links to stalking information to avoid as many "it must be something you did" accusations as possible, although there will be some of those.

CLEARLY DOCUMENT EVERYTHING. At some point in the future you may want to go to the police and having everything they need neatly laid out is helpful to them.

[skidoo]

Fight fire with fire. Find an altruistic hacker to hunt him down and make his life uncomfortable.

[PeterWhittaker]

This got downvoted, and I can understand why, but I have to admit the idea has a certain dark appeal.

Well, I snorted appreciatively when I read it, at least.

(This is why I dislike downvoting. Ignore ideas you dislike, flag abuse, but downvote "honest opinions"? Hmm. Sure, that begs the question of abuse Vs honest opinions, but that is the purpose of discussion and reason: To sort the abuse from the honest opinions, to accept and improve upon the latter.)

[jacquesm]

At the risk of getting downvoted myself, we turned tables on a bunch of stalkers in the past and have gotten medium to good return on that. That said, it should be reserved only for the hardest cases and when law enforcement refuses to act even after they've been given all the relevant information.

Some people just won't give up until they get a taste of their own medicine, and on the internet it is all fun and games until your name and address are out in the open.

The fun bit is that once that happened we (usually, we do have a couple of hold-outs) could conclude those cases swiftly.

[S4M]

I just downvoted the GP, and not because I disagree with his opinion, but because I think his advice is a dangerous one to follow. For example, the stalker could be using someone else's computer, and hacking him back would only harm that other person.

[jacquesm]

Stalkers typically use their own computer and do so through a variety of layers of deception. Recall that 'push to allow people from TOR on websites' earlier today right here on HN? That's what you get for your troubles.

As for the GGP comment, he advised to get the help of a 'hacker to hunt him down' not to hack him back. That's a world of a difference.

[Jayd2014]

"Stalkers typically use their own computer and do so through a variety of layers of deception". In this specific case, the stalker is in Egypt and there is a very high chance he is using a "cybercafe" to access the internet rather than his personal PC/Internet connection.

[PeterWhittaker]

All good points!

I'm curious why you chose to downvote rather than reply and advise?

I'm not trying to bait you, just trying to understand.

(Full disclosure: I think this is another flaw in the whole downvote concept - it provides us a way to make us feel we have registered a contrary opinion without requiring that we take the time to offer - and, if necessarily, defend - the counter thought. There have been quite a few times I've started a reply only to abandon it when I realized what I was signing on for. My thoughts are not so important I feel the need to register them at any cost. Of course, there have been a few times when I have blazed along righteously only to regret a few minutes later, and have been noticeable in my absence from subsequent discussion. But those aren't quite as frequent. I hope.)

[S4M]

Well, I downvoted him after reading your comment, so I thought I might as well explain it in your response.

Now, jacquesm's reply is making me regret my downvote.

Also, I agree with what you think about downvotes. I think HN should have a detector of potentially stupid comments (e.g "u re a fag") that could be downvoted without giving a reason, and the rest (comments similar to skidoo's comment) could be downvoted only after giving an explanation.

[PeterWhittaker]

You know what's ironic? I gained downvote privileges today.

Partly as a result of this discussion.

MOi ha ha ha... uh oh.

;-P

(A quick search reveals no FF extensions to disable downvoting. I guess I could put rotate180 in user.js....)

[lutusp]

> Find an altruistic hacker to hunt him down ...

Wait, what? How does that describe an "altruistic hacker"?

[PeterWhittaker]

The OP might be distinguishing those who hunt for idealism and sport and those who hunt for profit.

He doesn't want a merc hacker, he wants one with shared ideals.

Those merc hackers are dangerous, ya know.

[tcooks]

Dox him or pay someone to do it. Once you have an address, send him a german lawyer template asking him to take down the site.

Can you get his infos from the blog?

[sumsuni]

Not much info about him on this blog, but tons of it on me. I'm not sure how much good a German lawyer template will do if he's operating in Middle East.

[lotsofcows]

Ignore him, he'll go away eventually. There's not much you can do so "don't feed the trolls" is the best you're going to get. Of course, some people think differently - see Maddox's page of hate mail for example.

[mnw21cam]

What country is his blog site hosted in? If it's one of the big blogging sites, you may get a good response by contacting them about his breach of their terms of service. Law enforcement are unlikely to be interested.

[sumsuni]

It's actually hosted on Wordpress.com. I've posted the URL yesterday to their abuse form requesting it to be taken down, but currently remains active. I guess they need time to process it.

[bruna597]

You'll find this helpful: https://digitaldefenders.org/digitalfirstaid/

[deodorel]

What about using the new google tool that they were forced to do by the EU to get his blog out from the search results? I think you have a pretty good case.

[ZoFreX]

Have you tried talking to him? There have been a few times where I've managed to get trolls and hackers to desist with a friendly chat.

[walterbell]

Will he take down the information if you let him back onto the site?

[robotgod]

Would you getting fired make the asshole stop? If so...

Get one of your supervisors to contact the guy and lie to him that you have been fired, take on a new username and stop posting non-anonymous stuff with it.

[onion2k]

Unban him from the forum. Then he'll (maybe) stop. Maintaining control over your life and online reputation is more important than keeping him banned.

[lutusp]

> Unban him from the forum. Then he'll (maybe) stop.

This is a very, very bad idea -- it's on a par with negotiating with terrorists.

> Maintaining control over your life and online reputation is more important than keeping him banned.

You seem not to realize that, by giving in to blackmail, one surrenders control of one's life to the next person who wants to engage in harassment. Also, what's to stop the original perpetrator from gloating about his victory over you and resuming or escalating his unacceptable behavior?

No, this is not an option.

[morb]

So, basically give in to bullying? Let the bully back into the forum, to potentially harass other users, continue doing whatever he was doing that got him banned? What's the point of having admin/mod rights if you aren't going to use them to make the forum a better place for the users?

[walterbell]

(banned person could be reading this thread)

Banning is a governance issue for any community. If the community is large enough, there may be other senior (by time and participation) community members willing to act in a leadership role. Ask for their help in formalizing the ban process.

The governance group (ideally excluding you) can engage the currently banned person in a public process on the forum, where terms of engagement are defined by the community, not lawyers or countries or emotional individuals.

If the costs (time, money, risk) of maintaining a forum become too high, other admins have closed their forum. Presumably the aggrieved party simply wants to participate in the forum, not destroy it.

[sandycheeks]

Excellent response.

There should probably be an open discussion on the forum engaging members and other moderators where the banned user can see it. Let them discuss the ban as well as the subsequent harassment and honor their decision.

I am a former admin of a large forum. I let trolls and spammers wear me down over years and regret that I did not handle some things openly.

[jacquesm]

Never ever do this. It will simply let people know that if you press buttons 'x, y and z' simultaneously that the owner of this forum will roll over and you can then kiss that forum goodbye as a venue for any kind of productive conversation.

Better to completely ignore the guy. And to tell your bosses and family about it and to tell them to ignore it too. That's the least effort for the most return.

[robin_reala]

Probably hellbanning would have been a better idea than outright banning in the first place.

[DanBC]

At this point the forum is irrelevant - the harasser does not want access to the forum but wants justice and revenge.

[jacquesm]

Justice?

[bebna]

And let the terrorists win?

[walterbell]

After centuries of thought, humanity has developed some concepts beyond dualistic black & white. Everyone is free to choose the terms of their own engagement, rather than handing that power to the first-mover.

http://plato.stanford.edu/contents.html

[lutusp]

> After centuries of thought, humanity has developed some concepts beyond dualistic black & white.

Not giving in to blackmail is not about black and white, it's about black and black. And from a logical perspective, you don't mean "dualistic", you mean "excluded-middle" or "false dilemma".

http://en.wikipedia.org/wiki/False_dilemma

[walterbell]

Thanks for the correction.

I don't have an opinion on the blackmail topic. But the blackmail was preceded by a governance decision and other communities can provide advice or useful precedent. Even when the blackmail issue with this one person is addressed, the governance issue will remain and can re-appear at any moment.

Since solving the governance issue will have to be done at some time in the future, it can be done now and offers some chance of de-escalation. The blackmail issue can still be addressed through other means, including legal. But de-escalation helps everyone, now.

[lutusp]

> But de-escalation helps everyone, now.

Not with someone who has already engaged in illegal behavior, as in this case (if the perpetrator and the victim lived in the same country, the perpetrator could be arrested for harassment). The perpetrator has already proven his rejection of civilized behavior, so dealing with him on that basis becomes foolishly one-sided.