Table Of Contents
Privacy and security has always been a major reason for Anonymous’s hunt of a social network which can give a unthrottled voice to the activists and journalists. The fall in the organic reach of Facebook made it necessary for the community to have a social network which really meet their needs.
‘Minds.com’ the social Network that promises its users with a completely secure, private and unrestricted platform has been in news lately.
“We are a free and open-source platform to launch your digital brand, social network and mobile app. We are also a social network ourselves. It is a global social network of social networks,” Minds ‘About Us’ page states.
My First Impression of Minds.com
After being asked by fellow activist to give Minds a try last week, I decided to create an account with it, I used my personal email to signup however I was surprised to find my Profile picture ready showing on the site without me uploading it. A quick look made it clear that Minds was using “Gravatar” service which provides globally unique avatars to bloggers and online users.
Well I did sign up for Gravatar few years back but thats not the issue. Why will a Social Network which promises complete privacy will use a third party service like Gravatar?
Further digging into the Minds brought my attention to “ads” on the website, Minds was serving ads from Google Adsense and that meant that the user was being tracked by Google as it always does.
My first stay at Minds lasted for less than 2 minutes and I when was done, I decided to look no further, logged out and dumped my plans to write anything about Minds.
Minds in Media
Minds is backed by “Anonymous Art of Revolution”, a Facebook page operated by Anonymous dedicated to Art and Online Activism, and has more than a million followers.
Minds has gained lots of traction due to the above fact and its promise to build an alternative social network to Facebook or Twitter and was highly cited by major media groups.
Minds in Anonymous
Though Minds is supported by Anonymous Art of Revolution and several other independent journalists/activists, it is not entirely supported by “Anonymous as a whole.” Several Anonymous affiliated Facebook pages are not supporting Minds. It has not got a good response from most of the Anonymous affiliated accounts on Twitter.
YourAnonCentral, a major Anonymous affiliated group while talking to Hackread said that,
“If anyone post NSA leaks, claiming to be making something completely secure or encrypted while maintaining they are Anonymous that to me is a serve a red flag, especially if they try to appeal to anti-government activists or Anonymous.”
Two major Anonymous accounts (YourAnonNews and YourAnonCentral) have reached out Minds on Twitter with their own set of question about who in Anons were supporting the Minds.
Asked by @AnonyInfo for why will Anonymous support “Minds”, a new and uncharted social network. Minds replied that there were many Anonymous members who supported it.
Replying to YourAnonNews and YourAnonCentral, Minds said that it was ironic for both YAN and YAC had asked this question on Twitter which was neither open source nor encrypted, adding, why they have a grudge against Minds. Touché!
Anonymous on testing Mind’s Security
Following the tweet convo between YourAnonNews, YourAnonCentral and Minds, few of the Anons including VoidSec took to the task of finding bugs on Minds
A report from the team which was also forwarded to Mind’s developer suggested it had several vulnerabilities including multiple XSS bugs, ability to delete any message from any user, arbitrary file upload, ability to edit profile data of any user and several other and unauthorized controls of content.
Another report from Scott Arciszewski suggested cryptography Design flaws.
Interview with William Ottman Co-Creater of Minds
Yesterday in Anonymous member group interview with Ottman, the members were clearing the doubts they had about Minds. I thought to give it another go and joined in.
Giving a short introduction to what Minds is all about, Ottman who himself is a journalist/activist said,
“Our platform is meant to be evolved by the community and we will be releasing everything we have this year. Much is already released. We insist that ethical hackers privately report issues as opposed to publicly exposing things which could put people at risk. adding that their encryption was not cracked till date.”
He added that Minds openly welcomes the suggestions and help on any issues affecting Minds.
Replying to a question from an Anonymous member on what he has to say on the security disclosures made by VoidSec, Ottman said, “We think their practices of publishing zero day vulns without properly communicating with us is irresponsible practice. All known XSS issues are resolved and we hope future reports will be filed privately to which we will absolutely respond ASAP.”
We are also releasing a bounty program to reward that people who submit bugs before the public release, they will still be eligible for bounty,” he added.
When being asked about the other serious vulnerabilities claimed by VoidSec, Ottman dodged the question and said, “We truly are all on the same team here and should not be infighting. We all care about freedom and privacy. I appreciate the skepticism because it is healthy but that does not condone bad practice for publishing alleged vulns.”
“No. We cannot read users messages. Our uploader is an open file sharing system and people should not download files from sources they don’t trust. No different than other services,” he added.
He added that the bugs reported by VoidSec have been fixed.
Talking about how the reach algorithm works on Minds, Ottman said, “Users are rewarded with viral reach in exchange of virtual currency which they can earn for just using the mobile app of the Minds based on activities like new post, voting, commenting or uploading contents. a user or advertiser can also buy extra credits for “boosting” their content to expanded audiences. Any post that meets with the terms of the Minds can be boosted either in exchange the points with Minds for a full network boost or p2p exchange with other users.
He stated that the reward system is currently on for the mobile app only which will be added to the desktop version later.
Being asked about the use of Gravatar and Google Ads on Minds, Ottman said that they have already taken it out and it was to makeup with funds for hosting. Adding that they have now their own boost network which will help them with the cost of hosting.
I was surprised to know that the social network which guarantees users privacy and security was being hosted by a third party hosting ‘Amazon Web Services.’
Ottman replied to my query rather skeptically, “We are on AWS right now which we understand is not ideal but it was the only way we could scale. we will be building our own data center on 100% free software and free hardware asap. Ultimately we will be building a distributed data system as well.
On being asked about how anonymity can be guaranteed when they were using 3rd party hosting site, Ottman said, “We encourage people to use Tor if they want to and we also don’t allow real emails, but that could make it hard for people to reset their password if they forget it.” He added, “We also encrypt all passwords and emails of Minds users. which we don’t even force user to use.
Replying to why the privacy and terms page were not updated in last six months Ottman said that, “Many terms and privacy updates are coming according to suggestions they are getting.”
When asked about how Minds will be handling users search and browsing data or if they will be selling it to advertisers. Ottman said, “We are going to be release an advanced data policy which includes how we deal with both private and public data.” Also, we will never sell private user data, he added.